USDOI Goes 100% Microsoft

SatanIsHere writes: "A memo (here, here, here, and here) dated September 19th, 2002 from the Department of the Interior's Acting CIO notes the new policy of a "Department-wide standard for computer operating systems (desktop and server)" Of course the good news is that this will herald a new era in government transparancy for the Department of the Interior. SatanIsHere Continues: "On September 13, 2002, the Assistant Secretary for Policy, Management and Budget signed the attached Findings and Determination establishing Microsoft Corporation's enterprise desktop and server software as the Department-wide standard for computer operating systems (desktop and server), office automation, and asset management software.... Benefits of establishing this new Department-wide standard include:

• Lower Total Cost of Ownership for the desktop, including lower user training costs.
• Centralized and efficient security policy administration
• Greater flexibility and management functionality from products that offer a broader range of management solutions that integrate with non-Microsoft environments
• Greater productivity and reliability attributed to less downtime.
• Extended support for a large base of software applications.

Business specific application software requirements (such as Sun/Solaris, IBM, AIX, etc.) outside the established Microsoft standard may be addressed through the OCIO waiver process."

This looks to freeze out an entire Federal Department (70,000+ employees) from non-Microsoft solutions, requiring a "waiver" to use anything non-MS. One more step to complete Microsoft World Domination. This is particularly ironic considering the problems DOI has had recently regarding IT security. If this isn't leveraging a desktop monopoly into other areas I don't know what is. :-P"

gone

[(startx)]

no comments on this story and the memo has allready been pulled by geocities..... outstanding.

Re:gone

[rasjani]

Geocities/Yahoo have "Bandwidthquota" that has been used up. That quota is quite strict so its not that unfamiliar.

Re:gone

"...pulled by geocities..." implies that Geocities took some action, perhaps due to the content of the memo. In reality, Geocities has an automated process to do this whenever people hosted on it use too much bandwidth. Pretty common, even with some paid hosting services.

Annoying for it to happen so quickly after being posted though, I agree.

Re:gone

[1u3hr]

Linking a Geocities page to Slashdot? It's DOA, as everyone (inluding even Chrisd, though he can't spell "transparency" so perhaps he's not running at full throttle at the moment) should know, not guess. So no one knows the facts of the story and no one can make any rational comment. (Pause for the obvious joke.)

FP

and slashdotted!

Brilliant tactic!

[aborchers]

Now they can blame MS for their abysmal performance!

Re:Brilliant tactic!

[aborchers]

OK, since my earlier attempt at taut humor met with a troll mod, I will attempt to elaborate what I meant by "Brilliant Tactic: Now they can blame MS for their abysmal performance".

DOI has cultivated a reputation for being total mongos for decades, and since Gale Norton came on board, all pretenses of their mandate to protect US natural and cultural resources have been pretty much dropped. Their handling of Native American and environmental issues have been atrocious (so much so that they were recently called to task by a federal judge for their incompetence) and their recently publicized network security problems are just icing.

I would post links, but why /. the sites. Just google for some combination of: Department of Interior, Native American, Environment, Pollution, Oil, and - if you really want to loose the gates of heck - throw in Gale Norton by name.

In short, the DOI is largely derided as an incompetent bunch of bumbling boobs, hence my weak attempt at humor noting that installing a uniform MS environment would be an excellent diversion and scapegoat.

Re:Brilliant tactic!

[ch-chuck]

Gee, now you did it, you went and hurt his feelings !!

Re:Brilliant tactic!

[Scratch-O-Matic]

Their handling of Native American and environmental issues have been atrocious (so much so that they were recently called to task by a federal judge for their incompetence)

Just to be clear, Gale Norton was named by the judge ALONG WITH at least two of her immediate predecessors.

Re:Brilliant tactic!

[aborchers]

Well observed. I did note that their reputation has built for decades. My issues with Gale Norton are distinct from the overall DOI problems: They are incompetent, she is evil. I won't attempt to weigh the merits of these qualities.

Re:Brilliant tactic!

[Alsee]

For anyone not familiar with the DOI Indian trust fiasco, here are some quotes from various news stories.

the third Cabinet-level officer to be held in contempt

10 to 40 billion in missing funds

Some of the money was stolen or used for other federal programs... Thousands of the accounts have money but no names attached.

the government had no idea where to send the Indians' money, billions had just gone into the federal treasury, reducing the national debt

stop the government from shredding documents

agency officials failed to carry out court orders or covered up failures

The ruling ... found the two officials had "committed a fraud upon the court"

accounts have been mismanaged, the government acknowledges

Federal Judge Royce Lamberth has decried the government's "egregious misconduct

Department of Interior once hired the accounting firm of Arthur Andersen

Sue Ellen Wooldridge, deputy chief of staff for Interior Secretary Gale A. Norton, discussed her qualifications for the job... she was uniquely qualified in one respect: She was the only appointee who had ever castrated a sheep -- with her teeth.

-

Great....

...thanks to Bush and Bill, our tax dollars will now go towards his great-great-great grandchildren's education.

This page is currently unavailable...

[Zakabog]

We're sorry, but this page is currently unavailable for viewing.
If this site belongs to you, you owe us big time, one of our rack's just melted from this fatal slashdoting.

Re:This page is currently unavailable...

[haplo21112]

Moderated for the users and by the users isn't democracy wonderful...

If only US citizens lived a democratic country with government for the people and by the people...

Re:This page is currently unavailable...

If only US citizens lived a democratic country with government for the people and by the people...

Then change the Constitution! We live in, by word and act, a REPUBLIC thank you!

Please don't begin one of those Transylvania, PA whiskey rebel arguements just because (insert something) did not go your way either, or I will have to send the President and his troops to quell your ass!

Re:This page is currently unavailable...

[Publicus]

I just got amazing deja-vu reading your post. Do you or someone else say something like this every time this happens?

It's totally weird. I'm bidding on a server on ebay too, that is tying into it. I wonder if my gf put something into this coffee.

Oh yeah, to be on topic, I wanted to say that I work for gov't, and our department's CIO has declared that only MS is going to be "supported software." It doesn't mean anything. People are going to use what they want. There are plenty of Unix boxen on our network.

Of course our CIO is a joke, the DOI CIO isn't neccessarily...

Re:This page is currently unavailable...

[haplo21112]

Yeah right! If you haven't noticed changing anything that is not in the interest of the business world in the US has become impossible...we are governed by the lobbists...its impossible to get my congressmen, who are supposed to represent me....to even listen to my opinions....

Re:This page is currently unavailable...

[Arnold_Crenshaw]

Please consult this informational piece, you idiot.

Re:This page is currently unavailable...

[kasperd]

We're sorry, but this page is currently unavailable for viewing.

I got that one too. But yahoo did offer me some gay movies instead. Somehow that is just not the same.

Sorry, this site is temporarily unavailable!

The web site you are trying to access has exceeded its allocated data transfer. Visit our help area for more information.
Access to this site will be restored within an hour. Please try again later.
http://www.geocities.com/satanishere666200 2/

why is this news?

[Pave+Low]

what is is that you are implying here? that running a solution that fits their needs is bad?

should they suddenly switch to Linux or some other system that doesn't fulfill their requirements just to satisfy some zealots?

I love how some armchair quarterbacks think they know whats best for other people.

Re:why is this news?

[baldass_newbie]

I think the two things that stick out are:
1. This applies not just to desktop but to ALL servers as well. and...
2. In order to use non-MicroSoft stuff, you need a waiver (which, based on the way government works, I'm sure is easy to get.)
Sorry to state the obvious, but this seems rather closed-minded on the DOI's part. Especially when you consider MicroSoft's track record for security.

Did you even read any of the above? Or did you just go into 'Troll' mode?

Re:why is this news?

1) Was there a bid process, like all government
expenditures are supposed to have?

2) Why does the rationale read like MS sales literature, ignoring the higher TCO of Windows over even Linux (having to continually apply the latest security patch du jour increases TCO)?

Re:why is this news?

[magnum3065]

This isn't really anything new either. It may be completely official now, but this has pretty much been their policy for years. They used to have more Unix machines and such, but they weren't willing to keep good system admins around to maintain them, so the machines were left pretty much unused.

Re:why is this news?

[nathanh]

what is is that you are implying here? that running a solution that fits their needs is bad?

Which part of "everybody will use this single piece of proprietary software" allows people to choose a solution which fits their needs?

should they suddenly switch to Linux or some other system that doesn't fulfill their requirements just to satisfy some zealots?

It's more likely that they are running Linux or some other system and this decision is forcing them to change to something that doesn't suit their requirements.

NB: taking this all with a grain of salt. A geocities page with some "leaked documents" that slashdots within 5 minutes might just be a hoax.

Re:why is this news?

[dup_account]

The problem with a bid process is that, for the government, this means ONLY commerical entities. Getting Open Source into this process would be very difficult.

From my experience with the bidding process there was probably a requirement in the RFP that any software be able to 100% read MS word/excel documents. Again, very difficult to prove.

The Government RFP process makes it very difficult to factor in TCO for a purchase. They generally can only look at the lowest initial cost (that meets the requirements).

Re:why is this news?

"NB: taking this all with a grain of salt. A geocities page with some "leaked documents" that slashdots within 5 minutes might just be a hoax."

It's not much different from a Salon page with some "leaked documents" that slashdots within 5 minutes, and everyone treats those like gospel.

Re:why is this news?

[N3WBI3]

This has nothing to do with being a zealot, They can do what they like on the desktop (windows), but when it comes to my tax dollars windows does not belong on a server with information that is no to be public knowledge.

They should use *nix because its far more secure than windows (on the servers). If you lock down windows on the desktoip so that all files are stored on a NFS/Samba server than use windows on the desktop..

The crap about a learning curve is just that, crap.

Re:why is this news?

[isorox]

(which, based on the way government works, I'm sure is easy to get.)

Then theres no problem is there.

Re:why is this news?

The question to then ask is this:

Can Office XP read 100% of all Office documents?

I think not.

Re:why is this news?

[MaxVlast]

Well, that's 'cause Salon has a little credibility, being an actual news site with actual authors who have to actually defend their journalism.

Re:why is this news?

[dbrutus]

But if they did it that way, Mac would be on the approved list of vendors (as you can get MS Office for the platform). Xserves, with their unlimited license capabilities, generally blow Windows solutions out of the water for file and print (which is a large proportion of what a govt. server does). Since it can fairly easily integrate into an Active Directory infrastructure there's no reason not to include them.

Re:why is this news?

[NumberSyx]

(which, based on the way government works, I'm sure is easy to get.)

Then theres no problem is there.

Then why make the policy at all ?

Re:why is this news?

[pantropik]

1) Microsoft does really really bad things.

2) Microsoft gets called to task for doing really really bad things by the United States Government.

3) Microsoft is told sternly to stop being such a big meanie, given an affectionate pat on it's cute lil corporate head, and sent to think about how really really bad it had been. Monopolies will be monopolies, after all.

4) Microsoft promises it isn't really really bad anymore, Scout's Honor.

5) Significant portion of United States Government mandantes the use of Microsoft Software.

Does this mean I can go down to the local bar, beat the crap out of the proprietor, steal everything he owns, drive him out of business, and take over the place? Then when I get caught, I'll promise to be a good boy from now on, keep all my ill-gotten gains, and turn the place into a cop bar. Then I'll have enough money to hire some muscle and really move up in the world.

In all seriousness, however, Microsoft has made sincere strides toward policing its own actions (someone has to, right?). For example, from a recent press release:

"SEATTLE -- Microsoft Corporation is pleased to unveil, over the coming weeks, a series of strategic alliances designed to further the goals of our Trusted Computing Initiative.

Beginning next month, to ease customer transition to and acceptance of Licensing 6.0, all Microsoft End User License Agreements will be accompanied by a single-use packet of high-quality non-pretroleum-based personal lubricant. In line with our Software Choice Program, we have partnered with both AstroGlide and Wet* to provide this service to our Valued Customers.

In response to continuing customer concerns regarding the clarity of our various End User License Agreements, we have elected to move to a Unified EULA structure (patent pending) that we feel will more clearly outline the agreements attached to our Software Products. Beginning November 1, 2002, the following EULA will apply to all newly licensed Microsoft Products. Please note that present Microsoft Customers will still be able to benefit from the new EULA scheme, as we will be attaching it to all vital Software Security Updates and Hotfixes for previous Microsoft Products.

'[Product Name]

END-USER LICENSE AGREEMENT

IMPORTANT-READ CAREFULLY: This End-User
License Agreement ("EULA") is a legal agreement between you (either an individual or a single entity) and Microsoft Corporation for the Microsoft software product identified above,
which includes computer software and may include associated media, printed materials, "online" or electronic documentation, and Internet-based services ("Product"). An amendment or addendum to this EULA may accompany the Product.

YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA BY INSTALLING, COPYING, OR OTHERWISE USING THE PRODUCT (THIS INCLUDES THE ACT OF PLACING THE PRODUCT MEDIA INTO YOUR CD/DVD-ROM DRIVE).

1) ALL YOUR COMPUTER ARE BELONG TO US!'

We hope that the new Unified Eula (patent pending) system will clear up any lingering customer concerns regarding our Product Licensing.

*This promotion applies to Wet Light only. Wet Platinum is currently unavailable. Offer good in the United States and Canada only, subject to availability."

Re:why is this news?

[rseuhs]

what is is that you are implying here? that running a solution that fits their needs is bad?

A policy like this is PREVENTING them to running a solution that fits their needs best. If you think that "run whatever Microsoft gives us" is running the best solution, you are either pretty gullible or have Microsoft-stock (or both as being gullible is a prerequesite for having Microsoft-stock, just look at their P/E)

It also illustrates the incredible Microsoft double-standard. A Microsoft-only policy is great, but an open-source-only policy (which is much less restricting because it is multi-vendor) is evil, evil, evil.

I personally don't like either policy, BTW.

Re:why is this news?

[gimpboy]

i believe you missed the implied sarcsim. perhaps it should have read:

<sarcasim>
which, based on the way government works, I'm sure is easy to get.
</sarcasim>

Re:why is this news?

[cscx]

That is uninformed bullcrap. NT has ACLs. Unix doesn't (by default, and in most installations). Any OS is as secure as you make it. In fact, I'd bet a double-latte from Starbucks that I could set up an NT box that was more secure than a unix box you could setup any day. Want to take me up on the offer?

Of course you work for the DOI so you know what's best for them...

Re:why is this news?

You are such a child.

Re:why is this news?

I guess the DOI isn't a high risk target, but come on.
If the American government is going to act like they've got a pair, they should at least equip themselves with the strongest cup.

Re:why is this news?

Thats just it moron. It does NOT suite their needs. MS just told them a bunch of lies, the same lies they are telling my companies managment, btw. The requirments sheet they are using was written by MS marketers to sync with what MS sales dwarfs are spouting ( with cool PowerPoint presentations). I was told by one my Software Managers ( with a straight face!) that "Microsoft is the leader in interoperability." What is truely amasing is that even with a requirments spec direct from MS, Windows looses!

Re:why is this news?

[homer_ca]

"for the government, this means ONLY commerical entities"

You mean commercial entities like IBM and Redhat?

All-Microsoft?

[1010011010]

Okay, I expect all those people complaining about the "open source must be considered" laws to start complaining about this "nothing but Windows is allowed to be considered" administrative policy.

Go ahead. I'm waiting.

Re:All-Microsoft?

[1010011010]

Okay, I expect all those people complaining about the "open source must be considered" laws to start complaining about this "nothing but Windows is allowed to be considered" administrative policy.


Troll? Maybe. But I would expect those principled people who go on about the "freedom to innovate" to object to a strict Microsoft-only policy -- simply because they objected to other, less stringent policies, such as the "open source software must be considered" policies. These policies didn't rule out the use of commercial software. This policy rules out the use of anything but Microsoft software. Where's the "freedom to innovate?"

Re:All-Microsoft?

[nathanh]

Okay, I expect all those people complaining about the "open source must be considered" laws to start complaining about this "nothing but Windows is allowed to be considered" administrative policy.

I'd complain just as bitterly if some naive bureaucrat declared "nothing but open source is allowed to be considered". So what's your point?

Re:All-Microsoft?

[Quixote]

As a taxpayer (I assume), I sure hope your interest in this issue is more than just in making snide remarks.

As a taxpayer, I don't like the idea of my tax dollars being used to get locked into some monopoly; and I'm not talking about MS' business monopoly here. For example: all the documents created in Office2K or whatever will not readable (faithfully) by any other software, including OpenOffice.

If USDOI wants to go with MS exclusively, then they should have a plan in place to be able to use replacement software in an emergency situation. In other words, make MS release the specs for the documents created using MSOffice before finalising this deal.

I urge all the readers to contact your local congressperson and state Senator about this. Here's a list of the senators in the Interior subcommittee (the department comes under Appropriations):
Senators Byrd, Leahy, Hollings, Reid, Dorgan, Feinstein, Murray, Inouye, Burns, Stevens, Cochran, Domenici, Bennett, Gregg, Campbell.
Of these, Sen Feinstein may be the one who can be most influenced by the geeks here.

If possible, write (deadtree letter) or FAX them; an email just doesn't cut it.

Re:All-Microsoft?

[1010011010]

I'm sure Hollings will be really receptive to my concerns about locking in the DOI to Microsoft-only systems. Not.

But, as you pointed out, my interest does run deeper than making "snide remarks." I am a taxpayer. I live in Raleigh, N.C. I plan to call Senator Jesse Helms' office and ask him to review the DOI's decision to lock out non-Microsoft products in favor of those made by Microsoft -- a monopoly currently being prosecuted by the federal government. I'll point out that there are other U.S. software companies that make fine products, and it's in the government's interest to avoid single sources for their systems. I'll mention RedHat -- based in Raleigh, just like Senator Helms. I'll mention Sun and Apple. I'll mention IBM and Oracle.

Re:All-Microsoft?

FYI: All released documents will probably be released in PDF format. That is the document interchange format in the govt.

Re:All-Microsoft?

How did Microsoft and their congressional buddies let that slip by?

Re:All-Microsoft?

[cscx]

For example: all the documents created in Office2K or whatever will not readable (faithfully) by any other software, including OpenOffice.

Will YOU be reading the documents? No. So STFU.

If you are THAT upset about your tax dollars buying gvn't copies of Office XP, then, well, move to Canada.

Re:All-Microsoft?

[VolunteerForScience]

You can find DOI email addresses by looking them up in the online directory at http://momentum.doi.gov/email/doi.cfm/doi.cfm

However to help all of you out here are some relevant email addresses:

• P.Lynn Scarlett
  Assistant Secretary for Policy, Management, and Budget
  Lynn_Scarlett@ios.doi.gov
  202 208-4203
• W. Hord Tipton
  Chief Information Officer, Acting
  Hord_Tipton@ios.doi.gov
  202 208-6194
• Sue Rachlin
  Deputy Chief Information Officer
  Sue_Rachlin@ios.doi.gov
  202 208-6194
  

Hope that this helps everyone that is interested.

Re:All-Microsoft?

Lets see.

1. Windows is closed source - unmodifiable. Linux is open source and can be modified to be as small as needed to get the job done.
2. Windows is far less secure than Linux. Many experts beleive that the next major terrorist attack will be through cyberspace. Running Windows is an inivitation to disaster.
3. Windows is far more expensive than Linux.
4. Windows is produced by a company determined to be a monopoly by US courts.
5. Microsoft does not respect the government. It has blatantly ignored previous court injunctions.

Re:All-Microsoft?

[Robert+The+Coward]

Every Hear of something called the freedom of infomation act. All record for the most part must be made avaible per request by a US Citzen.

Re:All-Microsoft?

Good luck.

Senator Hollings is not up for re-election this year.

He's been around long enough to know that by the time he is, you and everyone else will have long since forgotten this issue.

He probably also gets nearly as much money from Mocrosoft as he does from Disney.

Re:All-Microsoft?

But they don't have to be in the format you want. They can be in any format they wish to offer them in.

Re:All-Microsoft?

[cyberdog6]

I live in Charlotte. My buddy works for SUN.

So?

[nuggz]

Software is cheap, a few hundred bucks, much less then paying the employee for a few days.

I use linux at home, but at work I gladly use windows & MS Office, it is the best solution, or at least a decent one for many situations.

Hopefully the waiver process isn't so difficult that people can still select the best tool for the job.

Re:So?

[abase]

You use the right tool for the right job. Linux is not the end-all be-all for everything, nothing is. I enjoy using Linux at home (Mandrake 8.1 on a K6-2/350 with a GeForce 2 card) and I also enjoy using XP at work and at home on another computer. I won't give up my Dreamweaver ;-) Enjoy and 73 -Pat

Re:So?

[beme]

Hopefully the waiver process isn't so difficult that people can still select the best tool for the job.

Hehe, that's the US Govt. yer talking about. Does the phrase "waiver process" in the context of US Govt. bring forth visions of simplicity dancing in your head? Hell, it'll probably take a committee of twelve 18 months just to come up with the waiver process form.

Re:So?

[DustMagnet]

Does the phrase "waiver process" in the context of US Govt. bring forth visions of simplicity dancing in your head?

Actually it did. I work for a state government. Sure the rules we get to "save money" cost us a fortune, but some wavers are easy to get and some hard. You can't tell from this memo, but I guessed this one would be easy.

I still think it's lame, especially after the NSA was told not the help Linux security in the name of a free market.

Re:So?

[ryepup]

<td>
<font><font></font><font>Y ou us</font>e
<font></font></font><font>Dreamwea<fon t>v er
</font></font>
</td>
</tr>
<tr><td></td></t r>
<tr><td></td></tr>
<tr><td></td></tr>
<tr><t d></td></tr>

era of transparancy

[EkiM+in+De]

Of course the good news is that this will herald a new era in government transparancy for the Department of the Interior.

With the security in Microsoft products transparency comes as an unwanted standard feature.

Thet will go to ::::

[AftanGustur]

Try this:
Go to google.com and enter "Go to hell" (With quotes)

Hit "I'm feeling lucky"

You will then find yourself on Satan's doorsteps.

Re:Thet will go to ::::

Obviously the moderator didn't try it. It is not off topic. Very clever. Deserves funny 5.

Re:Thet will go to ::::

[miffo.swe]

ROTFL!

Google you gotta love em!

I think that was the funniest any search engine has done in years for me =))

Give the post +5 funny stupid moderators!

Re:Thet will go to ::::

Those constipated moderators should take the time to follow the link and laugh. Its funny and related to the article.

Benefits??

[struppi]

> [...]
> Centralized and efficient security policy administration
> [...]
> Greater productivity and reliability attributed to less downtime.
That are the Benefits of using M$? Funny, I never knew that widooze provides these features...

Re:Benefits??

[rde]

> Centralized and efficient security policy administration
> [...]
> Greater productivity and reliability attributed to less downtime.
That are the Benefits of using M$? Funny, I never knew that widooze provides these features...

You've got to pay attention.
Centralized and efficient security policy administration
This says nothing about security; just a security policy (apply patches and hope for the best)

Greater productivity and reliability attributed to less downtime
'greater productivity' means that Spider Solitaire isn't as easy as freecell, so users will give up in disgust and do some work.
'reliability' is a truncation in the memo of "re: liability"
'less downtime' refers to the microsoft helpdesk

Re:Benefits??

[hal9000(jr)]

Your operating on old information.

Windows 2000 w/AD has some very strong policy management features that when used correctly can severly limit what users can do. It's called the Group Policy function. Check it out.

In addition, Windows 2000 is far more stalble than previous version of Windows.

Patching is a fact of life kids, I offer the latest OpenSSL bug which had patches available for something like 6 weeks before an 'sploit was running round.

Re:Benefits??

[dbrutus]

Group policies date back to at least NT 4 (and probably 3.5.1). I know I had to study them for my MCSE.

The problem is that MS is so arrogant, so slapdash, and so powerful, that you just can't trust them. When a company spends an appreciable amount of effort at suppressing security flaw reports, it's time to find another company to rely on for your IT infrastructure.

Soon another memo will come out

[ReidMaynard]

Telling about the early resignation of the author of the previous memo.

Re:Soon another memo will come out

Cause he just took a new job lobbying for MS for 5 times his government pay.

Hmm...

[d3vpsaux]

Of course, OCR'ing the images and serving HTML-only versions of a text document probably would have saved SatanIsHere some of Geoshitties' paltry bandwidth.

I'll be interested to read these, whenever someone manages to mirror them.

Benn there, done that..

[lurvdrum]

This is more or less exactly the policy implemented in my organisation five or six years ago, justified on TCO grounds. Since then, the TCO for all IT systems has increased by around a factor of ten while the amount of useful IT systems being run has perhaps doubled. Go figure. Perhaps the original TCO arguments were flawed. Smoke, mirrors, and marketing...

Re:Benn there, done that..

Yeah, of course.
Running Unix makes money, running Windows does not.
Geeks with their $2 K computers knew that all along, it is just these stupid managers with their multibillion enterprises ...
They just don't know how to run their businesses.

Re:Benn there, done that..

[kevin+lyda]

> it is just these stupid managers with their multibillion enterprises ... They just don't know how to run their businesses.

actually, if you've been watching the economy lately you'll note that they're multimillion dollar enterprises...

TRANSPARENCY...

[Alan+Partridge]

...surely?

From Dictionary.com

[Quarters]

No entry found for transparancy.

1 suggestion found:

transparency

Re:From Dictionary.com

[bmongar]

No entry found for transparancy
It's there you just can't see it because it is transparent!

One by One

[e8johan]

Ok, lets cover them one by one:

* Lower Total Cost of Ownership for the desktop, including lower user training costs.

We've got problems at my work with people thinking that they are fully fledged programmers since they can record two macros and cut'n'paste the results into a super-macro. Of course users need to be educated, otherwise they will not be able to use the applications properly. (One example is people insisting on using spaces when they try to indent text, then go to the IT department and complain about the lines not being properly aligned...)

* Centralized and efficient security policy administration.

Oh, what? Surely one can pull the TP-cable out of *nix boxes too. Even the 'central' one in the basement... Security can not be a reason to use M$ software.

* Greater flexibility and management functionality from products that offer a broader range of management solutions that integrate with non-Microsoft environments.

This is M$ key to new markets. Take a standard, implement it, expand it in your solution in order to make your app 'integrate' with others, but not the other way around. A good application should be able both to import and export data properly. (M$ Word RTFs crash my FrameMaker... portable format - not).

* Greater productivity and reliability attributed to less downtime.

Again, you do not get less downtime by buying an expensive system with big flaws. They probably pay loads of $$$ to get a guaranteed time to support arrives and press the 'reset' button. *nix usually do not fail as ofter as Win*, thus no need to advertise that support will arrive in 2.3ms. The lack of service can be because it is not needed, not because it is an ingnored flaw.

* Extended support for a large base of software applications.

Since most advertised software is commersial, and they probably do not look for software them selves (just ask for it in a formal way and have companies make offers). Just use KDE as the German government intends to do. This does not only give a better quality of the software, but also save loads of license $$$.

But since Bill payed Bush's campain, Bush has to give the money back to Bill. As he doesn't fancy paying up at few $$$, he just takes the $$$ from the tax payers. Bomb the hell out of a few arabs and the software sums looks small in the contents.

Re:One by One

Centralized and efficient security policy administration.

Oh, what? Surely one can pull the TP-cable out of *nix boxes too. Even the 'central' one in the basement... Security can not be a reason to use M$ software

As much as I loath to defend any decision to choose Microsoft, I still need to point out that the sentence you quote talks about policy administration WindowsNT security model is based on ACL's. Combine that with LDAP and you have a system which is ideal for centralized and efficient security policy administration. Currently, thats something that Unix just can't do, at least not on the same level as Windows can do it.

Re:One by One

Looks like the problems in your office are spelling ("commersial") and grammar ("We've got problems at my work...").

But since Bill payed Bush's campain, Bush has to give the money back to Bill. As he doesn't fancy paying up at few $$$, he just takes the $$$ from the tax payers. Bomb the hell out of a few arabs and the software sums looks small in the contents.

Also, flaws in logic with the use of gratioutous statements to create a gratuitous conclusion. Each may be dismissed with equal gratuity.

Re:One by One

[Rev.+Rudolf]

> Lower Total Cost of Ownership for the desktop, including lower user training costs.

"Of course users need to be educated, otherwise they will not be able to use the applications properly."

I don't see you specifically saying that you are countering the argument - are you? If so, I don't see how what you say makes any difference. The users who can't get to grips with MS Word equally won't be able to get to grips with OpenOffice.

> Centralized and efficient security policy administration.

"Security can not be a reason to use M$ software."

They said security *policy*, not actual security! ;-)

Re:One by One

[micromoog]

M$ Word RTFs crash my FrameMaker... portable format - not

I don't suppose you've considered that this might be a FrameMaker problem?

Re:One by One

"thats something that Unix just can't do, at least not on the same level as Windows can do it"

It just depends on what you want to implement. There are good options out there, including ldap, kerberos, etc.

On the other hand, Windows won't show you file permissions by default. And most users don't even know they can (and should) set those permissions (I guess lots of Windows sysadmins don't).

I never had any problems editing other people's files in my company. I used that in a productive way and with permission from the owners, but it is a security risk.

You can make your system secure either way (even using Windows). It just depends on you. This advocacy for MS products stems from fear. Windows sysadmins go for the easy road (where decisions are made in Redmond) instead of taking responsibility for developing a security policy of their own.

Just like my company: 90% of the Internet has been blocked out. For security reasons. Everybody afraid of the killer ActiveX control. But if you go to the web site, they post dozens of Excel spreadsheets and Word documents. Talk about security risk (and liability, since those documents can spread virus)!

Re:One by One

Unix persmissions clearly work; that has been demonstrated over the past 30+ years. The point is that Unix permissions are not as fine grained as ACL's. Some organisations require or prefer a more fine grained approach to security policy.

I should probably point out at this point that I am not an administrator, I am certainly not a Windows administrator, and I loath Windows with a passion. However, I don't see why my political and ideological ideals should get in the way of fact. Maybe I'm odd...

Re:One by One

[duffbeer703]

Please just make it stop!

"We've got problems at my work with people thinking that they are fully fledged programmers since they can record two macros and cut'n'paste the results into a super-macro"

That's a problem anywhere. When I was a junior sysadmin at a university Unix shop we'd have PhD candidates dropping fork bombs and other stupid Unix programmer tricks.

"Oh, what? Surely one can pull the TP-cable out of *nix boxes too. Even the 'central' one in the basement... Security can not be a reason to use M$ software."

Microsoft Security is pretty decent and granular in an all Windows 2000 / Active Directory environment. Try implementing group policy and acls in Linux or Solaris.... it can be done, but you do not know anyone who can.

IIS vulnerabilities do not count -- Apache has it's share of exploits and doesn't belong in an LDAP or NIS server. Similarly, you keep IIS where it belongs.

"Take a standard, implement it, expand it in your solution in order to make your app 'integrate' with others, but not the other way around. A good application should be able both to import and export data properly. (M$ Word RTFs crash my FrameMaker... portable format - not)."

No disagreement with you there.

"Again, you do not get less downtime by buying an expensive system with big flaws. They probably pay loads of $$$ to get a guaranteed time to support arrives and press the 'reset' button. *nix usually do not fail as ofter as Win*, thus no need to advertise that support will arrive in 2.3ms. The lack of service can be because it is not needed, not because it is an ingnored flaw."

That's really not true anymore -- busy Windows servers are nearly as reliable as Unix these days. The only real disadvantage of Windows (and Linux) vs. Commerical Unix are mass-deployment and backup tools. Comparing your Windows XP desktop computer's uptime to your Linux boxes' is not a valid comparison.

As far as your delusions about support go, you need to think a little. Our datacenter pays about $1.2M annually for 4-hour support contracts for Unix machines. (For our most important machines only) Similar contracts from Dell or Compaq for Intel hardware cost about 1/2 of a similar Unix contract.

"Since most advertised software is commersial, and they probably do not look for software them selves (just ask for it in a formal way and have companies make offers). Just use KDE as the German government intends to do. This does not only give a better quality of the software, but also save loads of license $$$."

If you have ever worked in a large IT shop with lots of custom applications, you will know that custom software sucks and costs about 5x an off-the-shelf solution. Plus, who has the budget for full-time developers to make software that is already on the market for 1/5 the cost??

Re:One by One

[Enry]

I'll bite....

Microsoft Security is pretty decent and granular in an all Windows 2000 / Active Directory environment. Try implementing group policy and acls in Linux or Solaris.... it can be done, but you do not know anyone who can.

Why would you want to? If I need to, I can fire up man pages and search google. I administer about 10 fileservers across three departments totaling a good 15-20TB and hundreds of users and have never run into a situation where ACLs are needed.

Comparing your Windows XP desktop computer's uptime to your Linux boxes' is not a valid comparison.

Why not? I use Linux on the desktop as well. The problem with Windows boxes is that mgmt. often thinks that trained monkeys can administer a box. And it's probably true. Until something fails. Then "Monkey Boy" does you no good.

Similar contracts from Dell or Compaq for Intel hardware cost about 1/2 of a similar Unix contract.

Probably. Better reason to use Linux on Intel.

If you have ever worked in a large IT shop with lots of custom applications, you will know that custom software sucks and costs about 5x an off-the-shelf solution. Plus, who has the budget for full-time developers to make software that is already on the market for 1/5 the cost??

Now you're confusing "custom software" with "non-shrinkwrapped software". There's plenty of software floating around here running everything from the web server to our ticketing system to databases, and none of it is written in house. The cost to replace them with shrinkwrapped equivalents far exceeds the cost of a few highly trained system administrators . Oh, did I mention we're often times in contact with the authors of said software, and they're usually pretty responsive to bug patches and feature requests.

Re:One by One

[Zebbers]

http://acl.bestbits.at/

It can be done, yes.
It is being done, yes.
It will continue to get better, yes.
It is based on open (almost)standards, yes.
It is free, yes.

The joys of opensource. Sure, they may be playing a lil catchup...sure it isn't in the main kernel yet but thats a Good Thing.

I'm sorry, I cannot trust anything with companies who do things as MS does it. Do you read the licenses? Do you know what you sign away? Do you really know what is going on in your spare CPU cycles. Sorry, maybe if you are a company and can afford it and need the solutions now ms might be the way to go. But it seems to me it's never really any less work, just more familiar to the masses.

Re:One by One

The point is that Unix permissions are not as fine grained as ACL's.

Uhhhh.... you know that many unices support ACLs, right?

Re:One by One

So? You could patch Linux with the NSA stuff and get ACL's. You could set up LDAP and get ACL's and LDAP. You still won't have something that makes managing security policy as easy as Windows does. Unix still needs some work in that area. I'm not saying that it will never do it, but it doesn't do it as yet.

Re:One by One

[Gaetano]

Can you explain to me how you keep your windows servers up as long as unix servers?

What I can't understand is when windows server security patch comes out and requires you to REBOOT your server how do you keep it up?

And after you install several "hot fixes" and "roll up patches" how do you keep the windows server stable? How do you experiance strange errors that require some more installation of "hot fixes" and reboots which generally follow the installation of said "hot fixes" and "roll up patches".

You do patch you windows servers and keep them secure don't you?

See we have this problem where I work. Our windows admins are pretty good but they are constantly playing wack a mole with the windows servers keeping them patched and secure.

The unix/linux servers however don't need a reboot unless the kernel needs to be patched.

Re:One by One

[pmz]

Currently, thats something that Unix just can't do, at least not on the same level as Windows can do it.

Since when? Did NIS, LDAP, Kerberos, and ACLs suddenly disappear from Solaris? UNIX vendors have been selling centralized policy administration tools for years. With a little thought and planning, they can even be efficient. Many of them have very nice GUIs, too.

There are even "trusted" versions of UNIX if you want to go crazy with military-style need-to-know setups.

Basically, Microsoft is delivering nothing new, here, except more marketing spin.

Re:One by One

[Dark+Fire]

ACLs have been proven to be considerably less secure and harder to audit than UNIX permissions.

http://www.wikipedia.com/wiki/Computer_Security

There have been several papers examining the subject. See the above article and the confused deputy problem for details.

ACLs are certainly more flexible in certain cases than UNIX permissions. But flexibility usually has a cost, as aforementioned.

I agree with you on LDAP, it is a great way to centralize security. UNIX would certainly benefit from a clean way of tying the two together (PAM is only part of the puzzle and is certainly not simple to setup in my opinion).

Kerberos? It was never designed to resist attacks in which a listener can capture packets. That pretty much means how secure active directory is depends on the physical security of your network. If someone can get onto your network you out of luck. Why? Well, because your domain controller encrypts an ascii timestamp with your password when a request is sent to it to logon as a certain user. An RC4 cipher is used and given that RC4 has been torn apart cryptographically, that you know atleast a 80% part of the ascii timestamp because the dc will happily tell you the time, you have plenty of info to crack the password.

Since MCSE's like defaults, I would imagine and as far as I have seen, most admins use the out of the box kerberos authentication as is. In there defense, Microsoft does offer the use of PKI in place of RC4 which is resistance to these particular attacks, but it generally requires a smart card reader and smart cards to deploy. There is an additional substitution option, but I cannot vouch for the strength of it either. Hopefully, microsoft will use a strong authentication protocol like SRP in the future in place of the weak mechanism included in there kerberos implementation.

Re:One by One

[mcrbids]

Linux has tcpwrappers (ACLs) and inherent permissions at the file level. Linux also works smoothly with LDAP (using a PAM module) thus granting everything on your (short) list.

If you don't know it, don't say it!

Re:One by One

[xchino]

Score:4 Informative? This guy doesn't know wtf he is talking about.. POSIX environments offer multitudes of means for "centralized and efficient security policy administration" such as NIS and Kerberos to name two. If by "Currently, thats something that Unix just can't do, at least not on the same level as Windows can do it." you mean you can't double click everything and pretend to be a SysAdmin, then you are correct.

Re:One by One

[pmz]

The only real disadvantage of Windows (and Linux) vs. Commerical Unix are mass-deployment and backup tools.

Don't forget the Registry, DLL Hell, Office File Format Lock-In, EULA-of-the-Month Club, DRM, the Upgrade Treadmill, the GUI Frontal Lobotomy, BSA Audits, Drive Letters, IE Everywhere, Competitor Aquire and Crush, False Advertising, Not Engineered for Security, Automatic Updates, #1 Virus Host, Tax Evasion, 3rd World Corruption, Congress Payroll, Embrace and Extend, and the Microsoft "we got you where we want you" XPerience.

Re:One by One

[ftobin]

What utter BS. At the NCSA, they use centralized, efficient security policy administration using Kerberos + AFS.

Jeez I hate Windows people who think they know stuff about the unix world.

Re:One by One

tcpwrappers alone are not going to give you full ACL support, sorry (You can't apply capabilities at a process level, for example). You'll need the full set of NSA patchs for that, and I don't see anyone shipping a full distro with all the NSA patchs applied.

"Smoothly" depends on how many users and boxes you're talking about, I guess.

*shrug* Maybe there are thousands of 100,000+ employee organisations out there already using Unix ACL's in combination with LDAP quite happily, and I'm imagining things.

Re:One by One

Then maybe you should call the DOI and let them in on this? See, the thing is, although Unix systems can clearly do this, people don't think "centeralised find-grained security policy administration" when they think of Unix. They thing of a coarse security model using octal permision bits, users and groups which must be administered locally at some level.

When POSIX adopts ACL's throughout as the default security model, I'm sure we can brag about it. Until then, there seem to be very few places that are doing ACL's in combination with a centeralised configuration server.

Re:One by One

[duffbeer703]

Pretty simple, actually.

You schedule downtime windows. We do up to 6 hours every 3 months or so.

Then you READ the patch documentation. If you don't need the patch, don't install it. As an example, we do not allow IIS on any server that does not explicity require it. We do not patch disabled services that are not in use.

The few servers that we run that have IIS and require frequent patching are clustered. We then upgrade the cluster one machine at a time, resulting in no downtime for our customers.

Unix needs to rebooted for security patches as well. If you install AIX or Solaris rollup patches, they require a reboot. Plenty of Linux security problems and critical bugs (ex. memory subsystem in 2.4 anyone) require kernel upgrades as well.

Re:One by One

[duffbeer703]

"Why would you want to? If I need to, I can fire up man pages and search google. I administer about 10 fileservers across three departments totaling a good 15-20TB and hundreds of users and have never run into a situation where ACLs are needed."

You have never worked with a secure application, or with a company which protects client data properly.

DoD requires that information access be compartmentalized. That means that your system admin can't read the data, either.

HIPAA requires that all patient healthcare data be secure and compartmentalized -- even amoung business units of the same company who need access to data. How do you do that without ACL's?

There's alot out there besides file servers.
Windows is hardly perfect -- but is a great choice for small to medium-sized applications.

Re:One by One

[HiThere]

I'm sorry, I cannot trust anything with companies who do things as MS does it. Do you read the licenses? Do you know what you sign away? Do you really know what is going on in your spare CPU cycles. Sorry, maybe if you are a company and can afford it and need the solutions now ms might be the way to go. But it seems to me it's never really any less work, just more familiar to the masses

Sorry. Have you read any of the recent EULAs? From the one's I've seen, a company, even more than an individual, can't afford to be that exposed. (The license(s) is(are) my original and major problem with MS.)

Then again, IANAL.

Re:One by One

[poot_rootbeer]

I agree with this bozo, the DOI should have put Solaris on every office schlep's desktop!

Homogenous systems are easier to maintain than diverse ones. If they determined that Microsoft solutions best met their needs, then the Unix community still has a lot of work to do -- either in implementation, or in public opinion, or both.

Re:One by One

[dohcvtec]

Heh, a guy at my work thinks he's a sysadmin because he's done several Windows installations (none of which even turned out particularly well) and taken "a couple of Windows classes" at one of those horrible computer education franchises. As Clint Eastwood said: "Man's got to know his limitations..."

Re:One by One

[cscx]

I'll pull one thing out of your spew of lies and damn lies:

Drive Letters

They're irrelevant in NTFS as you can mount anywhere as under Unix, in addition to drive letters.

HAND

Re:One by One

[corey_lawson]

drive letters are relevant to most Windows-based software.

Since an NT-based computer still has no concept of a "root" drive ala "/", one is left with some kludgy shortcuts for some API calls and shell script system variables to get the Windows directory, the System directory, etc.

The My Computer icon on one's desktop sort of works the same way as "/", but it's an artificial construct only for the GUI...

You cannot do a "DIR %MYCOMPUTER%", the way you can do a "ls /".

Re:One by One

[wandernotlost]

Kerberos? It was never designed to resist attacks in which a listener can capture packets.

Aroo? That's exactly what Kerberos was designed for. It was created to provide security over MIT's (physically pretty much wide open) network.

From the web site (emphasis added):

Kerberos was created by MIT as a solution to these network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server has used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.

Re:One by One

[pmz]

I'll pull one thing out of your spew of lies and damn lies:

Drive Letters

They're irrelevant in NTFS as you can mount anywhere as under Unix, in addition to drive letters.

Actually, they aren't lies but my personal list of things that annoy me about Windows and Microsoft, in general. For things like "3rd World Corruption", think Peru. For things like "Not Engineered for Security", think recent comments by Microsoft VPs. For things like "False Advertising", think about MS ads spouting "Low TCO this" or "scalability that". None of this is stretching the truth.

As for drive letters, take a look in the Registry and other config files. The drive letters are everywhere. Whoever decided what went into the Registry for software like MS Office obviously had no experience with data modeling. Most likely, the Office development team abuses the Registry out of laziness. Simple operations like moving a software application from one filesystem to another can be nearly impossible without a painful cycle of edit, see things break, edit, ad nauseum. It really is unsettling whenever I see such glimpses of Windows' underpinnings.

Re:One by One

[pmz]

I agree with this bozo, the DOI should have put Solaris on every office schlep's desktop!

I read your sarcasm. However, Solaris 8 and Solaris 9 would be very suitable for office desktops. CDE and Gnome can be site-customized by the sysadmin, and software like Mozilla, StarOffice, Evolution, etc. are really a formidable set of applications that are available for Solaris. On top of that, the Solaris kernel is bulletproof and was designed with networking and distributed management in mind from nearly the beginning.

I think picking among Solaris, Linux, and Mac OS X would be very hard to do, since each is an excellent platform trading various strengths and weaknesses. Fortunately, due to standards, these systems could exist very well in a heterogenous environment even with common logins, shared filesystems, and network printers. Uniformity is just not a strong argument to make when choosing Microsoft.

Re:One by One

[Dark+Fire]

"Designed for" and "successfully does so" are two entirely separate matters. The material you reference is a statement on the website. No reference to any cryptanalysis papers stating to the contrary. Just a statement of design intention from the creators.

Here is a paper that starts to suggest some problems with kerberos as implemented in active directory.

http://www.brd.ie/papers/w2kkrb/feasibility_of_w 2k _kerberos_attack.htm

The author of the above article references dictionary attacks. Recent developments in the cryptanalysis of rc4 and it's variants make the situation much more grim.

http://www.wisdom.weizmann.ac.il/~itsik/RC4/rc4. ht ml

It is not necessarily kerberos itself that creates the problem. It is the mechanism surround the exchange of the encrypted timestamp that poses the threat. PKI is an existing option in active directory that eliminates the issue. SRP would be a nice additional option.

Example:
Instead of the mechanism that uses rc4-hmac, PKI or SRP would be used instead.

Re:One by One

LOL. If you have any experience with the Unix admin crowd and the admin crowd, and ANY technical expertist WHATSOEVER, then you know that Unix admins are on average playing in a different league than MS admins.

Unix admins tend to know how things work. they tend to know operating systems IN GENERAL. OTOH, windows admins tend to treat the server as a black box. Monkey presses button X to do task Y.

Far and away the best MS admins I've met have a prior background in Unix (at least used it regularily for college work).

Re:One by One

[Dark+Fire]

This paper references the pluggable authentication capabilities of Kerberos and mentions one possible scenario of the problem I spoke of above.

http://www-cs-students.stanford.edu/~tjw/srp/ana ly sis.html

Re:One by One

[cascadefx]

Give me a piece... I'll bite too.

Microsoft Security is pretty decent and granular in an all Windows 2000 / Active Directory environment. Try implementing group policy and acls in Linux or Solaris.... it can be done, but you do not know anyone who can.

Why would you want to? If I need to, I can fire up man pages and search google. I administer about 10 fileservers across three departments totaling a good 15-20TB and hundreds of users and have never run into a situation where ACLs are needed.

It's funny (I agree), I have seen ACLs in practice on a number of systems and you just have to find the right combination that give you the least restrictive clause to jump out of them. The rules of inheritance on a Windows box (the default is that Everyone can see and do everything on the root account... not changed and inheritance bites you in the ass), when not understood by the user and/or admin lead to trouble. Let's not even get into the wonderful mixure that is shared AND local permission interaction.

File permissions are a lot easier for people to understand and therefore get easier for them to get right.

Comparing your Windows XP desktop computer's uptime to your Linux boxes' is not a valid comparison.

Why not? I use Linux on the desktop as well. The problem with Windows boxes is that mgmt. often thinks that trained monkeys can administer a box. And it's probably true. Until something fails. Then "Monkey Boy" does you no good.

I would agree with the original post if uptime of workstations is not an issue as well. Have you worked client support? Workstations being down raising the TCO because productivity goes in the crapper and you still have to hire someone to get, and keep, the damn things running. If it takes 1 support person per 200 Linux/Unix/Mac OS X workstations to do the job versus conservative estimates of 1 support person per 50 (ok, I'll give you 100) XP machines, you're price for simply running a more stable desktop like Linux/Unix/Mac OS X has halved your support cost (a big part of TCO).

Re:One by One

Admining a large MS network is hell with 'domains' and only slightly better with Active Directory. There are so many little quirks, and poor use of bandwidth that it just isn't funny.

Netware's NDS is the best directory for large orgs (especially if geographicly diverse). Can't beat Netware file and print services. Netware does suck for application hosting, but that is what unix is for.

Re:One by One

"10 fileservers across three departments totaling a good 15-20TB and hundreds of users"

That is a small system.

Tiny is less than 5 servers, small under 40, medium up to about 300 servers, and you're not realy big until you have over 500 servers, at least 4 OS's, maybe a mainframe for billing, and over 5 large campuses, and at least 100 small offices.

So stop bragging about being the admin at small sites.

I work with a 'medium' setup (The IT department is about 200 people, this includes clerical, HelpDesk, Admins, floor support, and management). We have about 700 servers: 120 Netware for file/print and NDS, 100 Unix (aix mainly, a few HP) for apps, 600 NT application servers. Almost all NT apps run on their own server. A few smallish apps do share servers, but that is the exception. We have 2 large campuses (over 1000 people each), 4 medium campuses (200 to 300 people), and 100 small offices (less than 100 people) spread over thousands of miles. Oh and a couple of MVS mainframes just for fun (customer billing for over a million, and associated printing of bills etc...)

Desktop is W95 (don't laugh its paid for) and slowly upgrading to w2k. Netware NDS is the file/print/authentication system. We don't use ANY NT for file or print.

Do you have any idea how much it would cost to train 5000 end users to use Linux? Do you have any idea how hard it would be to convince management that anything free is worth buying?

Linux may be on our desktop one day, but not soon. Linux may run a web or ftp server one day, but its a long ways off from running any enterprise apps.

Limiting the number of supported OS's is our long term goal. But sometime you have no choice because we pick APPLICATIONS, not OS's when buying software. And sometimes the apps you want only run on NT, or AIX, or whatever.

Re:One by One

For things like "False Advertising", think about MS ads spouting "Low TCO this" or "scalability that". None of this is stretching the truth.

Oh. At first glance, I seriously thought you meant something else.

Re:One by One

[Zeinfeld]

ACLs have been proven to be considerably less secure and harder to audit than UNIX permissions.

You cite one paper, hardly convincing. You also quote it out of context. What the paper actually says is:

Within computer systems, the two fundamental means of enforcing privilege separation are access control lists (ACLs) and capabilities?. The semantics of ACLs have been proven to be insecure in many situations (e.g., Confused Deputy Problem?). It has also been shown that ACL's promise of giving access to an object to only one person can never be guaranteed in practice. Both of these problems are resolved by capabilities.

Rather different eh? For the record UNIX does not support capabilities. Nor does NT, in fact capabilities are not supported for some very good reasons, in particular the difficulty of managing them. BTW Windows actually supports the UNIX permisions model in addition to ACLs.

Your comments on Kerberos are completely off base. In the first place Kerberos does not use RC4, parts of Windows use RC4 but not the Kerberos system. What you appear to be describing is the scheme that allows a legacy Windows box that does not support the domain login to access files. This is well known to be a bad idea.

Finaly, although RC4 has been 'broken' by Adi and co nobody has broken the cipher in the specific modes of use recommended by RSA labs. Burt et al knew that the principal weaknesses in a stream cipher were inducing the initial state of the stream generator from the initial portion of the cipher stream and related key attacks. That is why they recommended steps like throwing away the first 256 bytes of the stream and processing the key values through a one way function to minimize the probability of a related key attack.

Re:One by One

Microsoft Security is pretty decent and granular in an all Windows 2000 / Active Directory environment. Try implementing group policy and acls in Linux or Solaris.... it can be done, but you do not know anyone who can."

Didn't the head designer for Windows 2000 come out and apologize for the atrocious security of his operating system. In fact, it was something along the lines of professional embarrasment. Maybe you should talk to the people who created windows 2000, they seem to disagree with you on this one!

I'd post a link but a) I'm too lazy and b) it was posted on /. only a few days ago.

Re:One by One

"IIS vulnerabilities do not count -- Apache has it's share of exploits and doesn't belong in an LDAP or NIS server. Similarly, you keep IIS where it belongs."

Remote Apache vulnerabilities in the past 5 years: 1.

Remote IIS vulnerabilities in the past 5 years: my calculator exploded.

Re:One by One

[Dark+Fire]

The comment below explains RC4-HMACs role in the kerberos authentication process.

For ACLs as they relate to vms and nt/2k was what I was referring to and should have clarified since the material I referenced was a reference from an article about nt/2k/vms ACLs and historical difficulties with ACLs.

As for your comments on kerberos and rc4, see the paper I reference in my other post for an introductory reference.

Concerning rc4's vulnerabilities, the suggestions you gave are mentioned in the rc4 link, and also list references to cryptanalysis papers concerning rc4 and possible attack methods. The one concerning the statistical attack was the one of particular interest.

I will list more references in the future with my posts. One solid one seemed sufficient at the time.

My intention was to point out issues in active directory.

Re:One by One

[Zeinfeld]

The comment below explains RC4-HMACs role in the kerberos authentication process

What comment? Ah lets try google - from the internet draft:

The Microsoft Windows 2000 implementation of Kerberos contains new encryption and checksum types for two reasons: for export reasons early in the development process, 56 bit DES encryption could not be exported, and because upon upgrade from Windows NT 4.0 to Windows 2000, accounts will not have the appropriate DES keying material to do the standard DES encryption. Furthermore, 3DES is not available for export, and there was a desire to use a single flavor of encryption in the product for both US and international products. As a result, there are two new encryption types and one new checksum type introduced in Microsoft Windows 2000.

In other words they were proposing to use RC4 for crypto export reasons.

Given the time the decision must have been made RC4 was not subject at that time to a known weakness and certainly looked better than the DES based password encryption used in UNIX.

In fact given that most UNIX systems ship today with applications that send passwords in the clear I don't think that the comparison is in favor of UNIX.

As for your other comments on ACLS, the problem was not the number of references you gave it was the fact that the reference you gave did not support your case. Even if it did one paper does not constitute 'proof' on an issue of that sort, particularly when it is not backed by any empirical studies.

The one contribution made by Ann Coulter to the world is that she has demonstrated the importance of following up references to see if they actually support the case put forward. Yours do not support your case either.

It sounds to me as if this is not your argument but an argument made by someone else that you are repeating and misconstruing.

Re:One by One

[Gaetano]

You can't explain to me how 6 hours every 3 months works on systems that need to stay secure when a security patch is realesed once a month, unless every system is clusered.

I have unix boxes that have been up for 450 days. Many more have been up for 300 days. They are all up to date on their security patches and are working well. We have about 26 unix/linux boxes in operation.

We are a 24hour/7day shop.

We have 50 windows boxes with security patches that need to be installed once every month. These windows servers require about 4 times as much administration as the unix servers while they perform about the same amount of services for our customers as the 26 unix/linux boxes.

How it all works.

Sure, Go 100% Microsoft. It'll make the drooling MCSE's on the site titter with glee at the thought of "unifying" everything in the Microsoft way.

But you know what 100% Microsoft translates to? 100% downtime when the next "melissa" or "nimda" hits. I've BEEN there. I've worked at companies like this. Just wait--they'll get tagged by the next Outlook script and the entire site will be down for a day or two while ONE MCSE pokes at the keyboard, surrounded by one or two other MCSEs standing and staring at the guy typing--all the while pulling in huge $$$ in overtime, on top of the huge $$$ they get just for having a 4-letter Microsoft-approved title. Everything is on hold until the next virus update to "fix" the problem, since goodness knows there isn't much in terms if diagnostics and repair you can do in WinNT by itself.

There's a reason why I gave up being a sysadmin--100% Microsoft is mostly why. Can anyone else stuck in 100% Microsoft/MCSE land corrorborate the above story? I'd be surprised if the exact same song-and-dance didn't happen at every Microsoft site.

Re:How it all works.

[technix4beos]

I hear ya brother! Amen.

At work, we have a win2k server which shares our internet connection, provides a domain controller for the windows boxen, and basically serves files all day. Big deal...

Problem. DNS entries and isp continues to be flaky. Solution? reboot the win2k server..

How is that a diagnostic solution? It isn't... Which is why I am steering people to the linux world, and other alternatives.

Microsoft has been a joke in security, configuration and ease of use for YEARS. I think the masses are finally starting to sense something wrong with the herd, and moving on to a better pasture.

Hopefully.

Your comment is totally on the money, even though you ARE an AC, but I'll let that slide. ;)

Re:How it all works.

It's not just you. I saw a school district disconnect e-mail from the Internet for _10 days_ when Melissa hit a couple of years ago.

They are 100% Microsoft. E-mail, proxies, clients, backend, you name it.

I kept the screenshots of their web site saying they'd be offline "for a few days", and it got even better as those "few" days turned into ten.

The place where I work exchanges a lot of mail with them. On weekends, it's common for me to see a bunch of retries in the mail logs as sendmail tries to send them something. Naturally, they only have one MX, and it must die often, since it doesn't start moving mail again until Monday morning.

People need to understand that being on the net is not a trivial matter, and if you can't handle it, you should just go somewhere else. You don't let monkeys drive on the Interstate, so why let idiots run servers on the Internet?

Re:How it all works.

[Your_Mom]

But you know what 100% Microsoft translates to? 100% downtime when the next "melissa" or "nimda" hits.

No. No, No, No, and No again. It's not about a 100% homogenous networks, its not about MSFT or Linux, and it's not about what certifications you have. It's about competent administration. I am a NT admin, I enjoy Linux, I use it at home regularly, but NT pays the bills. We got hit by Nimda, but, we only lost 2 computers. One of which was a Developer's box who decided to be running IIS and told no one about it (Patient Zero, I think he was rooted within 5 minutes of the first onslaught of IIS exploits), the other one ran an attachment 5 minutes before we pushed out the AnitVirus updates ("But I only previewed it!" LART - Hard). I think we had spare boxes swapped out in about 1 hour and had files salvaged off the old PCs in about 3h. Did we do mop up duty for the next 2 days due to infected boxes from "trusted" people spewing .eml files onto our file server? [1] Indeedy do. Did we put in some overtime? I think all of IT did about 2 hours per person the night after the initial infection, and I put in about 2 hours watching snort logs scroll by the first night the sh*t hit the fan. under $200 OT, probably cost my department $300-$400 tops. Did my 2 IIS servers (*shudder* Yes, I hate them too) get rooted? No way. I patch those things like there is no tommorow.Did we lose the entire network to the thing? Not on your life.

Also, when everything calmed down, we all sat down over a nice glass of Guiness and figured out "What can we do better next time?" there is always room for improvement. (We initiated policies of port scanning computers in the NT domain for unauthorized services, as we were proved once again that some people can't be trusted)

That is how it all works . thank you.

Wow, that was a nice rant

[1]"Why is $luser's account disabled?"
"Because she was spewing nimda into our file server"
"But she needs to access $important_file"
"When she gets fixed and I cna inspect her computer, I will re-enable the account"

Re:How it all works.

You still don't get it do you. Do you honestly believe that noone is attempting to hack into Linux or BSD? It doesn't take thousands of black hats to come up with a good hack, it only takes a few, maybe even one. Linux-slapper was the latest and it came in with a bang and was sent home wimpering. Unlike Microsoft Operating Systems, MOST of the open source OSs are MUCH more secure by design than anything coming out of Redmond. Microsoft's inability to realize that adding thousands of features that make the users life easier end making virus, worm, production almost laughably easy and extremely destructive.

Re:How it all works.

[dpilot]

You're obviously better than the average MSCE.

Part of the problem is the attitude apparently shipped with MS products that MSCE==competent sysadmin for those systems.

I don't have the numbers on my fingertips, but I suspect that none of the major Win-exploits of the past few years used a new hole. They spread so badly because of poor administration. By that token, it would seem that a competent sysadmin could indeed run a secure Win-based business.

But a few weeks back there was a new kid in town, and this time it hit Linux - slapper. From what I understand, this was a newly discovered hole that was made into a worm in record time. Still the infection rate turned out to be minor, mostly because of competent sysadmins and the **rapid release** of a security fix.

Slapper broke new ground in several respects, between hole-to-worm time and its use of peer-to-peer. Now try running this combination against the more common (not yours obviously, though you can only deploy released patches) Windows security environment. Add to this the chilling effect of the DMCA on grey-hat activities, especially in the closed-source security arena.

Re:How it all works.

[Bake]

Oh, that's ok.
The US Government has that part covered.
They'll just declare virus writing/deploying as a terrorist act and use as an excuse to invade the Philipines or other asian countries.

Re:How it all works.

[haggar]

You are correct: a 100% Microsoft network is very vulnerable. I, let's say, am closely affiliated with this famous company that makes mobile phones, and it's a 100% pure Microsoft shop, including IIS, Exchange, Outlook and Office - Microsoft end to end. Well, when these mail viruses attack our IM people look like idiots. They perhaps are not idiots, but they look so helpless and inefficient, and network services just don't work.

And we're punished every time some schmuck writes one of these macrovirii, because of this uniform, Microsoft infrastructure.

Re:How it all works.

Can completely concur. In my commercial experience, I spent 4 years at a "Unix" orented site (ie. Solaris) and 5 years at a "Windows" oriented site.

What I can tell you is this...
- Downtime of Solaris -> 10 minutes in 4 years.
- Downtime of Microsoft -> approximately 672 hours in 5 years.

We had 3 major crashes, they each took a week or more to recover - from a BACKUP. The lesson is don't use MCSEs. Every (and I mean EVERY) MCSE i've come across has been completely incompetent. I am sure they are not all like that but i've met at least 50 in my travels. They know the text book well ;)

Re:How it all works.

"("But I only previewed it!" LART - Hard)."

Great rant. You're probably in the top 0.1% of Windows administrators, but I have to say, the quote I just pulled from your post shows a serious attitude problem.

If a user can't preview their mail without causing havoc, the problem is NOT with the user. Its either with the admin or the person who chose the ridiculously vulnerable software in the first place.

Re:How it all works.

Apache: over 60% of the web servers out there.

IIS: less than 30%.

Explain Code Red, Nimda, et al. Clearly the attackers aren't going after the largest market. One might suspect they're going after the easiest target.

The real story ...

The real story is about how government agencies are shooting themselves in the foot by NOT going with Microsoft, especially .Net. A good article on this can be found at AngryCoder.

Re:The real story ...

[Melantha_Bacchae]

An AC wrote:

> The real story is about how government agencies
> are shooting themselves in the foot by NOT going
> with Microsoft, especially .Net. A good article on
> this can be found at AngryCoder [angrycoder.com].

Read the link you posted. The waste of millions was because they changed platforms half way through the development effort. If they had started in Java and then moved to .Net, a similar waste would have occurred.

The waste would not have occurred if they decided at the *start* of the project that vendor lock in was an issue and had gone with Java.

Loathe as I am to recommend Microsoft, yes, it is better to make decisions at the start of projects, on what is best for that project and stick to your decision. Arbitrary department and company wide decisions to go with one vendor and chuck out all the existing work is a massive waste of time and money that no good manager should allow.

That being said, Microsoft's various problems with security and reliablity should put it on the bottom of the list of consideration. Their ambitions and repeated breaking of anti-trust laws should give any government agency serious concerns about doing business with them.

BTW, does anyone know if Microsoft has had the cheek to try to audit a federal government agency? I know they have gone after city governments and poor schools...

"At this moment, it has control of systems all over the world.
And...we can't do a damn thing to stop it."
Miyasaka, "Godzilla 2000 Millennium" (Japanese version)

Don't worry, Godzilla is coming to stomp it!

Microsoft *is* the choice for Dept of Interior

[tshoppa]

What the head article fails to mention is that a Federal judge ordered the Department of the Interior to shut down all internet connections last year. With no from-the-outside network attacks, the Microsoft systems might stay up for days, even.

Re:Microsoft *is* the choice for Dept of Interior

[angelo]

In other news, they changed their name to 'the department of the introverted'

Re:Microsoft *is* the choice for Dept of Interior

[Sycraft-fu]

"the Microsoft systems might stay up for days, even."

Interesting, so you're saying that MS systems connected to the internet CAN'T stay up for days? Hmm, well then I'd better check my server again because I could SWEAR it's running Windows 2000 Server.... Yep, it is. It's also been up for about 40 days straight now. Yes, that DOES mean that there are critical patches, including the NetBIOS venurability, that haven't been applied. It's not affected though. Why? I took the time to secure it in the first place. None of the venurabilities are relivant since none of the services they affect are turned on or allowed through the firewall.

Of course far more important than uptime, which is something that many Linux users seem inordinatly obsessed with, is unscheduled downtime. It is acceptable and expected that a non-critical system like a webserver will go down for scheduled matenence. Hell, most systems do. I'm a night person and from time ot time when I try and do something like pay my phone bill on the web at 3am it tells me that their finincal system is down for matenence. E-bay goes down every week for matenece at a certian time in the morning. Downtime is only a problem if it is unscheduled, ie happening because of a failure.

In the case of my 2k server it has been down precisely once: when the power failed. It has never been hacked, or crashed.

Really, the incessant ragging on MS is just unwarranted. If people would bother to take the time to learn a little about Windows server and secure them, and then keep current with patches, there wouldn't be near so many problem. The patch for code red came out long before it hit the fan and none of the servers I admin were affected. Hell, if you do a good job with securing the server, many patches you don't even have to worry about and can put off until your next scheduled matenence since the services they effect are either turned off or protected by firewall.

As the receant Linux worm showed, it's bad administrators that are the real problem, not the OS.

Re:Microsoft *is* the choice for Dept of Interior

[Red+Rocket]

It's also been up for about 40 days straight now.

Only a friend of Bill would brag about 40 days of uptime.

Re:Microsoft *is* the choice for Dept of Interior

[kin_korn_karn]

"you're either with the Linux Revolucion or You Are Against It! Viva Torvalds! Ay ay ay!"

Re:Microsoft *is* the choice for Dept of Interior

[SquadBoy]

You sir are the exception and you just prove the rule. But you do have a point. But my point, and I suspect many others will make this same point, is that it is *much* easier for a good admin to admin a *nix box well. For example my Debian servers. I can patch everything I need to except for the kernel with no reboots. But you are right. It just happens that *nix has better technology and in general better admins.

Re:Microsoft *is* the choice for Dept of Interior

I don't see what the big deal is. My win98 box has been running since July some time with no problems.

My laptop (winXP) crashes occasionally coming out of sleep mode if I left network applications like putty open when I put it to sleep. Other than that specific instance, it has never ever crashed.

My linux box (at work) has been running since sometime around December of last year (when there was an extended power outage). Several other linux boxes here have had to be rebooted (kernel panic, something about the network cards usually). They range from 12 days to 150.

Which is more stable? Linux. Does it matter to 99.999% of the world? Hell no.

The fact is, windows is fairly stable if you know what you're doing
linux is also stable if you know what you're doing

If you don't know what you're doing, you can break both. I remember when I was a total linux newbie locking up my linux box repeatedly (no telnet, nothing) trying to get DOOM to work.

Re:Microsoft *is* the choice for Dept of Interior

[megaduck]

As the receant Linux worm showed, it's bad administrators that are the real problem, not the OS.

Bullshit. That's a straw man argument. Just because Linux isn't invulnerable doesn't mean that Windows isn't a steaming pile. Here's a little experiment for you: Take two boxes, one Windows and one Linux (or OS X or BSD or...). Give them the latest and greatest patches. Run everything you can out of the box using default settings (webservers, mail, filesharing, etc.). Put them on a network like the DOI, with no further administration.

I'll bet you a shiny new nickel that the windows box gets rooted six ways to Sunday first. In fact, I would be shocked if it wasn't a crap-spewing zombie within a few months. Your *nix box, though, has a fair chance of coming through unscathed.

What's the point? The poing is that Windows requires excellent administrators to be reliable and secure. The *nix OSes are a lot more forgiving of lazy administration. I run a lot of OS X, and I am an awful administrator when it comes to my personal boxes. All services are on, patches don't get installed for a month or two, etc. Hell, I run a totally open wireless network too. I've never had a security problem either, and I'll take the Pepsi challenge against any of your uptimes.

A good administrator can make any box secure. In a massive organization like the DOI, you're going to get some not-so-good administrators. Running Windows, constant security problems will eat those people alive.

Re:Microsoft *is* the choice for Dept of Interior

[kijiki]

"None of the venurabilities are relivant since none of the services they affect are turned on or allowed through the firewall."

You have an unpleasant surprise in store when the next virus (like nimda) comes right through your firewall in an email attachment and then starts exploiting your vulnerable "firewalled" systems right and left.

I've seen that exact scenario TWICE now.

Pride, the fall, etc, etc. be careful. its a dangerous internet out there, and firewalls are just one layer in effecitve security.

World domination?

Is this really about Microsoft World domination, or rather about Microsoft Word domination?

/. Editors should know the safty tips.

[Bocaj]

Offtopic example.
Peter: "Why not cross the streams?"
Egon: "It would be bad."
Peter: "Define bad."
Egon: "Imagine all life as you know it stopping instantainiously, and every molocule in your body exploding at the speed of light."
Peter: "Ok that's bad. Important safety tip."

Ontopic example.
Hemos: "Don't post links to That server!"
chrisd: "Why?"
Hemos: "It would be bad."
chrisd: "Define bad."
Hemos: "Imagine all internet traffic as you know it stopping instantainiously, and every packet on the network bombarding the server at the speed of light." chrisd: "Ok, that's bad. Important safety tip."

I got two words for ya

Shut the -

Re:Been there, done that..

And I hear on the grape vine, that the company I contract for (a very large retailer in Australia) is thinking of moving further *away* from M$. The reasoning was something along the lines of them giving so much money to them in the past, and getting practically zippo in return.

We currently have a standard desktop environment of windows 95/98 (and some NT workstations apparently), and probably 85% NT 4 server for the servers.

Can someone explain to me...

[Per+Abrahamsen]

why is it such a terrible thing if a government office standardize on some license requirements (e.g. only buy free software) allowing any vendor to compete, but not a problem when a government office standardize on a single vendor, and accept whatever license that vendor provides?

Somehow the idea of a government office being unwilling to accept any license is soo evil that even some traditional free software advocates are against it, yet standardizing on a single vendor is so commonn that it rarely get mentioned.

Re:Can someone explain to me...

[Tikiman]

I don't know about what others think, but the fact that they are standardizing on the single most expensive solution bothers me. I am also bothered by the fact that they have either subscribed to microsoft FUD or just don't care. The vast majority of those 70,000 need word processing, web browsing, and email for which MS is a stupidly expensive solution. I would rather see them all using 5 year old hardware running a stripped down, custom Linux distro with Mozilla and an office suite.

The effective of a MS solution is not justified by its cost period - and as a taxpayer, I say its a problem.

Re:Can someone explain to me...

[warrior_on_the_edge_]

Maybe the size of the marketing budgets behind the licenses could have some influence.

Re:Can someone explain to me...

[Pig+Hogger]

why is it such a terrible thing if a government office standardize on some license requirements (e.g. only buy free software) allowing any vendor to compete, but not a problem when a government office standardize on a single vendor, and accept whatever license that vendor provides?

Think biologically: compare the evolutionary performance of organisms issued through sexual reproduction (by screwing), versus organisms issued through asexual reproduction (by budding/cloning).

Or, for you hick types, look at the general health status of normal people versus inbreds (the O'Higgins living accross the tracks, or the britshit royal family).

Re:Can someone explain to me...

[Pyrometer]

The single most expensive solution? Crap they could have settled for apple hardware ;)

And yes striped down five year-old "64Mb" systems running Mozilla?!?!? ... well at least you could also reduce costs with employees going postal and therefore not needing pay cheques :)

Re:Can someone explain to me...

[Tikiman]

And yes striped down five year-old "64Mb" systems running Mozilla?!?!? ... well at least you could also reduce costs with employees going postal and therefore not needing pay cheques :)

Hey, there was a time when 64 MB was "state-of-the-art". The question is, does today's hardware make people *so* much more productive it justifies spending thousands of dollars? Maybe, if you play games, or render 3D art, or search for extraterrestrial life. But we're talking e-mail here folks! Spell checkers really haven't improved much in 15 years. I think its funny walking into a computer store and seeing the latest/greatest boxes, but off to the side there is a 7 year old IBM terminal the interfaces with their 7 year old, perfectly functional inventory system. The whole "you should be running the latest software out there, you need the latest hardware to run the latest software" cycle is a complete racket. Just because computers *can* be made more powerful doesn't mean they *need* to be.

Re:Can someone explain to me...

[mmol_6453]

Gov't spending my tax dollars on the most expensive software available.

Maybe the EFF should do an awareness campaign to government departments?? Not bombard the poor department heads like most lobbyists. Just fax them (god, not all you slashdot people, though. <shudder!>) some Ph.D's recent report on the advantages of using open source software. Let them recognize the benefits for themselves, so we can let them argue with congress.

Don't send anything to Congress. There aren't enough of us for a grass-roots operation, and we don't have enough money to lobby them "properly."

Sending it to the department head has two advantages: First, you don't have to get through the Senators' and congressmen's screeners. Second, the legislative person will receive a copy of the report, directly, from people they respect more than your average 16-year-old writing a letter.

I'll probably make a link to this post for my sig.

waiver process?!?

[Ender+Ryan]

Why the hell should there be a waiver process at all to use the best tool for the job, just because it's not an *M$ Solution(TM).

That's the kind of sh*t that pisses me off, I don't pay taxes to have the government simply hand that money to a corp. I am morally opposed to. I wouldn't mind if they simply chose the best tool for the job and the tools they needed happened to be MS software, but this just reeks.

There is absolutely NO REASON why a waiver should be needed to use something other than M$ software, that's ludicrous and stinks of corporate pandering.

* i usually stay away from using $'s in M$, but in this case i thought it was appropriate

Re:waiver process?!?

[L1nUx+h4x0r]

That's the kind of sh*t that pisses me off, I don't pay taxes to have the government simply hand that money to a corp.

Actually, that's exactly what you do. Of course you could delude yourself into thinking that your particular share of the money was going into Condoleezza Rice's pocket, or perhaps Colin Powell's paycheck instead.

Of course, your money is probably going to TRW, Lockheed Martin, or Boeing, or perhaps all 3.

Remember, it might be neat to think about Bill Gate's money, or how much cash Microsoft has, but really. Call me when Microsoft gets awarded a multibillion dollar contract that has the potential to blow up or get shot down.

I've never seen Windows crash quite like that.

Re:waiver process?!?

[lynx_user_abroad]

I don't pay taxes to have the government simply hand that money to a corp. I am morally opposed to.

Respectfully, Sir, yes you do. But don't fret. It's your government. You should feel blessed in that you can change it if you want to.

Re:waiver process?!?

You should feel blessed in that you can change it if you want to.

Sounds good....

Re:waiver process?!?

[jspaleta]

There is a strong case to be made for conformance of systems

And I'd say take that one step further had have conformance of systems...but conformance to a published open standard...so you can have competition without conformance degration.

Once you start down the MS road and start using software that does not conform to a published standard you are locked in and the cost of switch over to any else becomes extremely high..and higher after every release cycle.

Its hard to talk about conformance when the issues at hand are vendor specific since the vendor can force change on you via updates. You can get conformance and competition if you limit yourself to an open specification that all vendors can compete for. Once you let the vendor dictate to you what features are worth using and what features you are going to get...your stuck...without paying a huge penalty to get out. But if you don't pay the huge penalty in the short term you pay a gigantic penalty in the long term after several upgrade cycles, where you have lost the power to make decisions as to what you really need and who can provide the software and the systems.

Honestly, sometimes, it makes sense to standardize

It sure does...so stop using MS...becuase MS software does not conform to OPEN standards. How standard is a standard if there isn't a neutral 3rd body overseeing conformance to that standard.
If we used a standard of length measurement only sold to us by MS, we'd have to upgrade our rulers every 2 years becuase the standard would surely change.

-jef

Re:waiver process?!?

i've been in numerous situations where a MySQL solution would have saved about $1200, and been about 5% ... why have 47 SQL Server databases and then 1 MySQL database?

if you've been in numerious situations, then you would have had more than 1 mysql database-right?

Re:waiver process?!?

From a SysAdmin standpoint, I want every desktop to have the precise same hardware, software, settings, and packages regardless of location or job function.

Of course, that is taking things a bit too far as in many shops people have their own needs. You don't need the accounting software on the developer's boxes and the programming utilities on the secretary's box. Same goes with hardware. Instead, you want to identify groups of people by their needs and give them the hardware and software that solves those needs. Standardizing on file formats and programs on a group and company basis. I use OO at home, but MS suite at work because the company standard is the MS suite. I, or anyone else, can go to any machine - log-in - and actually get things done because we know that your basic apps are there. Of course only the programming boxes have the specialized tools and hardware I need (but that just means I can go to any other programmer's box and work effectively). Open File Formats are good for end-uses, but hordes of similiarity is better for corp-types. Just imagine the nightmare of supporting five different WPs, three different SS, and six different Presentation packages that all shared formats but nothing else. The help desk and IT staff would be swamped. GC

Re:waiver process?!?

[Darby]

But don't fret. It's your government. You should feel blessed in that you can change it if you want to.

This argument is dead now.
It was once true, but the last election showed absolutely that we can no longer select our own leaders.

Re:waiver process?!?

[frank_adrian314159]

From a SysAdmin standpoint, I want every desktop to have the precise same hardware, software, settings, and packages regardless of location or job function.

And this is why, from a user standpoint, we want SysAdmins to die, die, die. The fact is that different job functions need different tools. SysAdmins too often are like industrial engineers who recommend adjustable wrenches on assembly line to "lower the costs of training and replacement" while not noticing that productivity has gone down by 20% because line workers are spending all of their time fiddling with the tools.

The bottom line is that one needs to take a multi-dimensional look at any policy before deciding to implement it and failure to do so can come around and bite you in the butt.

Re:waiver process?!?

[jspaleta]

From a SysAdmin standpoint, I want every desktop to have the precise same hardware, software, settings, and packages regardless of location or job function


It's nice to want things. Everyone wants to be lazy..but the example is very much a fantasy. As companies get larger and the reasons for using a computer usage inside the companies get more varied...you need to have some room to balance the sysadmins desire to be lazy and the users need for the right tool. It might make sense to have an all MS shop if everyone has the NEED for the MS tools specifically. And I'm not saying every sysadmin wannabe geek in the department should be allowed or encourage to run linux to be different. But if someone feels a work related NEED to use a specific tool...it shouldn't be an uphill battle to get that tool. I think the sysadmin should be the one who needs to make a case for not supporting a specific set of software...since I really doubt in most circumstances sysadmins really understand the work to be performed and are just looking to narrow the software support for convience and not on any really technical argument.

Let me assure you that having sysadmins or managers in general dictate what tools should be used is a great way to hamper how much work gets done by those people who have a real need for a specific tool especially when the work from employee to employee is highly specialized.

Having a sysadmin tell accounting which accounting software they should be using is just plain silly. A sysadmin typically does not know enough about accounting to really make a case for any specific application based on the the work being done with the application.

Now lets talk about how diverse a workspace the DOI is really. How specialized is the workforce? How diverse is the range of computer work that most be overseen by the whole DOI. If they want to standardize....stanardize and give people open published guidelines for their software to meet. Dictating MS(or any vendor solution) as the one true way is only going to hamper work when its most critical that it be performed well. Asking for permission to get the job done with the best toolset is the wrong way to set things up. Instead establish vendor neutral guidelines that software needs to meet and do a waiver system based on those vendor neutral guidelines. Locking yourself into one supplier of anything is really bad especially for governments.

-jef

Re:waiver process?!?

[lynx_user_abroad]

...we can no longer select our own leaders.

I guess I have a different definition of the term leader. To me, a leader is the person I call when I have a problem I can't fix myself, rather than the apparently more common definition of the person whom others expect you to follow. It certainly is great when that's one and the same. By my definition, we can certainly still select our own leaders, and we should continue to do so. It might even help if we vote for them, rather than just voting for the person whom others expect you to vote for.

If we have stopped thinking for ourselves, and just assume things will be better if we make the same choices others expect us to make, then we truly are lost.

Re:waiver process?!?

[corey_lawson]

...then, you have some user/dept that has evaluated a software system and it only uses Oracle or an older version of SQL Server, instead of SQL Server 2000. Let's say the Oracle-based solution is significantly better than its next-nearest competitor in the review process that runs on your system-compliant SQL Server 2000.

What do you do?

You suck it up and buy Oracle and a server or two to run the better app, because running the other software on your more compliant enterprise database would not be worth the less time required for you to maintain, because of the time and $$$ needed for the 100, 1000, whatever users to figure out how to make the lesser software work to meet their needs.

Re:waiver process?!?

[jspaleta]

Just imagine the nightmare of supporting five different WPs, three different SS, and six different Presentation packages that all shared formats but nothing else.The help desk and IT staff would be swamped.

There is an argument here about how varied an application set can be and still be officially supported. But maybe not all applications need to be officially supported by a help desk or IT staff to be useful...and usable. There should be some open guideline as to what can be used and there needs to be some leeway to allow unsupported applications to be used to meet a specific need. But as things progress there needs a way for the helpdesk to get feedback from users as to what applications are in most need of support. So if an application becomes popular then support for that application can be added while support for an unused application can be dropped. Helpdesks aren't particularly useful to most users who would know enough to NEED a specific peice of software to begin with...so in a lot of cases where you would want a waiver the point is moot.

And on the size of an organization as big and dispersed as the DOI...there isnt just one set of IT professionals...there are prob several different helpdesk staffs supporting small segments of the whole department. I see know reason why the entire DOI needs to used vendor specific solutions...when open standard file formats and protocals would work well with each small IT staff could service the specific application needs for the chunk of DOI staff they are there to support. What does it matter if someone in an office in california is using a different word processor than the person in a new york office...as long as they are using the official file format that both word processors handle. The IT staffs on either coast can support the applications needed locally.

-jef

Re:waiver process?!?

[Darby]

Fair enough.

I vote for who I believe is the best person running.
The person I voted for in the last election wasn't even close by any way of counting.

The person who was legally elected president was not allowed to take the office after the last election. That was my point.
Saying, "if you don't like it vote to change it", is no longer a valid option since you can vote all you want and it won't help at all any more.

Re:waiver process?!?

[11390036]

Give me a fucking break.

$ talks. Microsoft has a lot of $. They make large political contributions.

We don't live with a government of the people, for the people. Its of the politicians for the business interests.

Take the power back. Quite yer bitchin.

So.....

[tanveer1979]

how will it help. Geocities has been slashdotted, ,memo's been approved the harms been done.

And this time they didnt boil the frog, the put it in hot water first!

On the other hand, all is there is something by satanishere, geocities is trashed. So no proof. Is this story true? And Mr.Editors you know too well not to post links to geocities.. dont you. Better aproach would have been to download the images and then put them on slashdot.

Nobody here knows what that memo contains, what is there in it, so before this post goes to the HALL OF FAME maybe we can see the images please.

Another thing, apparently DOI has 70000 employees, are any of them on slashdot.. I really want to hear what they say about it. Or if none of them are there on /. i would presume that its very good for them to be on M$. Come to think of it.... its about improving productivity. If a 70000 workforce says that wanna work on M$ why should anyone stop them.... But I guess this wont be true, there will be numerous who are opposing this.... and in this case slashdotters cant do anything except slashdot the DOI site every second day.... Its upto those employees to get together and raise a ruckus.

Re:So.....

[JohnCub]

Regarding your first point, I find it somewhat odd that slashdot would even accept a story where the supporting documentation is on geocities at all. I would think anyone could photoshop just about anything they like and have it put up nearly anonymously there.

I'll believe this story when a better source is obtained.

blegh.

I like how everyone here seems to be skirting the issue that linux isn't ready for desktop use, and that's probably what it came down to for the board. An os can be as stable as a mountain, but if it takes four months to train people to use it..

What good does linux do you when you've got a stable operating system that gets decent uptimes (yes kids, Win2k and XP can stay on for months without a reboot.. I know, it's about f'n time.) that your mom could use with ease? No good at all. Lets see. I could use free software, or pay money for Windows licenses so that my employees don't get paid for several days while sitting on their asses taking lessons from some long haired pot smoking hippie about how great and easy to use and configure gnu/linux is.

I do like the predictability of the news article though. Perhaps instead of improving the user interface and using sound design principles in user interfaces that have been written about ad nauseum since 1991 we can all continue spreading anti-ms fud. Because, honestly, who wants to give the end user what he wants when we're all happy using our archaic geek tools that Civil Servant Joe T. Smith will never be able to comprehend.

And by the way, talking about old worms and old virii is bad karma. Especially when holes exist in open source software as well (which are being activly exploited by the same crowd). Both OSes, when patched with the latest updates are just about as secure. The problem is most corporate users don't patch either OS. If you live in a glass house don't cast stones.. or something.

Mirror

[mraymer]

Seeing as how the article was fresh, I thought I'd do everyone here a favor and mirror the images before the inevitable Slashdoting began. I'm such a nice guy.

Much to my surprise, though, all I was able to mirror for you guys is this: http://home.centurytel.net/mraymer/sorry.gif

Never underestimate the power of a Slashdoting, I guess. ;)

Re:Mirror

[Marijuana+al-Shehi]

Never underestimate the power of a Slashdoting, I guess

Never underestimate the power of an <A> tag, ergo mraymer's mirror

It's very simple to use, actually:

<A HREF="URL">Link text</A>

Just substitute URL with the actual URL, and Link Text with the actual Link Text.

Re:Mirror

[Darby]

And be sure to substitute 'A' with 'a' and 'HREF with 'href' since lowercase tags have been established as the standard for some years now.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Trancparency

[Gerry+Gleason]

Perahps someone can tell us how putting in an insecure system after having a judge tell you to disconnect improves transparency. We all know this change can't improve the situation.

Don't they have some responsibility to do something about this? Something in line with industry standard practices.

Re:transparancy?

[isorox]

What qualifications do you need to be an editor, anyway?

Mouse, hand, arse to scratch, bannana to eat.

Perhaps they should employ google's news-bots.

lets not get emotional

if you look at the stated reasons, I think that most from past experience will see the majority of them as not just flaky but bass ackwards. However, the question begs if now it is the same. Is 2000 server more reliable than NT, absolutely. Is the centralized domain control 'better' than NT, well sure. However, is it better than a *nix system as far as domain reliability and efficiency of managment? Well, that is what needs to be proven here.

The biggest joke is perhaps the part about lower costs from more reliable services. Sorry, but I don't know of anyone who has knowledge of Unix and Windows systems than can attest to better MS reliability, ever. It would seem that it would have been just as valid for the report (when naming reasons) to say, "MS has cool commercials" and "The trees around Redmond are really pretty this time of year."

Windows is definitely the solution in the case of desktops, especially with users already used to Windows. However, for backend reliability Windows has proven that it is only reliable in attracting exploiters and malicious code. This is just another example of blind bureacracy in action. The licensing costs alone will put the budget to a point that the equivelent agency that runs Linux backends would be able to buy 100's of more computers. I would like to see some detailed studies by the DOI as to backup their financial claims. However, they do have one point that is valid. If starting from scratch, it is indeed easier and cheaper to train administrators (at least to a partially competent technician level) in Windows than in any *nix. Call everyone monkeys if you wish, but the fact that a well organized GUI can be quickly adapted to by many will produce much more technicians than the unorganized mess (usually the fault of app/package and distro producers admittingly) that is *nix. Too many times, people trying to simply get the damn thing to work will ask, "where do I find out all the details on how to make X happen?" Often the answer is not there, or buried deep within a chaotic cavern of unorganized information and references. When asked about the silly redundancy (good example is Apache, where in writting to the httpd.conf you must often put certain definitions and features in multiple places) I can't answer except say, "Well I think someone just wanted it that way." (don't get me wrong, I love Apache... but that is an oft repeated question by many)

DOI ?

[__aahlyu4518]

Department Of Injustice

Notice it's the ACTING cio

[ch-chuck]

Not the real thing, and of course, the easiest solution to any computing problem is "Buy what Msft has" - and if they don't use any Win9X/ME it'll be good enough. But they're sure to run into 'issues and limitations' that'll require regular payments to Msft in the future, but by then the ACTING CIO will likely be outta there. Remember that when you go to your favorite national park and have to pay $22 to get in, a fraction of that is guarenteed Msft income, and they own the digital rights to the sunset too.

My favorite stand in govt official is "Acting Assistant Deputy Secretary" - that actually exists!

Al Qaeda

I wonder at times, if Al Qaeda, doesn't lobby with middle men for USA to move more of their archetecture to MS. Bush says that he want a secured and cheap system, yet he moves to MS. I have no doubt that some of this is a payback, but I also wonder if it is possible to trace back to a lobbying group that appears to be neutral but is backed by Al Qaeda.

Re:Al Qaeda

[Melantha_Bacchae]

An AC wrote:

> I wonder at times, if Al Qaeda, doesn't lobby with
> middle men for USA to move more of their
> archetecture to MS. Bush says that he want a
> secured and cheap system, yet he moves to MS. I
> have no doubt that some of this is a payback, but
> I also wonder if it is possible to trace back to a
> lobbying group that appears to be neutral but is
> backed by Al Qaeda.

Could we please not move any more in the direction of the McCarthy era than we already have?!?

There is no reason to assume terrorist plots. Microsoft invested three times as much as Enron in the 2000 elections. Enough to buy all the congress critters and government groupies their black hearts desire.

As for bin Laden's boys, the fate meted out to the Red Bamboo 35 years ago awaits them.

"Once we wake Godzilla, he'll take care of those guys."
Ichiro "Godzilla, Ebira, Mothra: Big Duel in the South Sea" (Japanese version)

Re:Al Qaeda

>Could we please not move any more in the direction of the McCarthy era than we already have?!?

We are already in the McCarthy Era. Can you say AG Ashcroft. Oh look, those Med Students are blowing up Miami. Oops, this chicago kid has a nuke.
Yep, welcome back to the 50's.

Re:Al Qaeda

Your parents would slap you in the face for comparing what's going on today with what went on in the 50's.

Shame on you. Do a little research before spewing crap next time.

[vt] to go [Microsoft]

[hachete]

1. To hock your complete computer infrastructure to a single company.
2. To enhance a monopoly
3. A euphemism for being less than capable of chosing and maintaining a real infrastructure i.e. "They've gone completely Microsoft!!!"
4. Giving your shareholders profits now and forever to Microsoft.
5. Allowing BillG to become your sysadmin.
6. An unreasoning fondness for virii.

Prelude to Poetic Justice?

[Marijuana+al-Shehi]

This is the cabinet agency that encompasses the Bureau of Indian Affairs, among other bureaus. How poetic would it be for the Red man to exact his revenge in this environment of computer monoculture the Department is establishing.

Anybody know any computer-savvy Natives?

Not that strange that they do this.

[miffo.swe]

Since Linux and open source in general is a grounds up movement its hard to fight for Microsoft. They target the big players instead. When the snowball starts and some big agency adopts linux and it falls out well there will be no way in h'll to stop it. Microsoft needs to fight general adoption of linux. The day linux get widespread is the day when all the other players curently developing for windows only will throw an eye onto linux too.

One thing i have hard to understand is how they can prise interoperability on one hand and not demand open standards at the same time.

Possible mitigating clause

[NoBlock]

I guess this sort of thing needn't necessarily be bad...
As long as you get Microsoft to sign a clause specifying that they will pay for migration costs should the department wish to switch to another architecture at some time in the future....

Send your comments to the DOI-CIO

Here is the contacts page from the DIO web site...
http://www.doi.gov/ocio/aboutus.html

Contains the names of the CIO and Deputy CIO.
No email contacts though....

Bidding process?

[Anonymous+Custard]

Did they go through the appropriate bidding process that is needed whenever a substantial government contract is offered?

If you used all Sun, Linux, or Apple software/hardware, you'd have the same compatibility bonuses as you do with Microsoft. Compatibility is not unique, or even native, to Microsoft. Hell, they removed from Office XP the ability to open other office suites' documents with the default install; isn't that a step BACKWARDS for compatibility?

I beg to differ with your fud

So linux is not ready for the desktop hey? Right now this very morning I have at least 100 + shop floor users running desktop linux being served from two servers. Now these guys are just your average joe blow's most who had never even operated a computer system. I would even venture to say that most are even lucky to have a high school education (not the brightest bunch). They where given a one hour instruction period covering the applications they would be using. I have never ever gotten a single problem call in the six months we have been running it. This can only mean that you run at a intelligence level close to a retard.

Waiver allows other tools

[micromoog]

This policy, by providing a waiver process, is actually less restrictive than the "100% Open Source" public policies that people have been cheerleading for here on Slashdot.

This means a Linux box will be allowed in the DOI if it's really necessary. All this really does is prevent the l337 h4x0r downstairs from running a Linux box he doesn't understand and can't make secure.

The "100% Open Source" policies would not allow anything Microsoft, even if it is the best tool (gasp!), based purely on ideological (read: impractical) reasoning.

Re:Waiver allows other tools

[ccady]

Let's rewrite that and see how it looks:

This policy, by providing a waiver process, is actually less restrictive than the "100% Microsoft" public policies that people have been cheerleading for here on Slashdot.

This means a Windows box will be allowed in the DOI if it's really necessary. All this really does is prevent the l337 h4x0r downstairs from running a Windows box he doesn't understand and can't make secure.

The "100% Microsoft" policies would not allow anything Open Source, even if it is the best tool (gasp!), based purely on ideological (read: impractical) reasoning.

That makes more sense to me.

Re:Waiver allows other tools

[micromoog]

That makes more sense to me.

Maybe so, but it's not true. A 100% Open Source policy categorically excludes all closed source software. The DOI's policy is not strictly "100%" Microsoft, despite chrisd's propaganda.

Ten Year Ban

[NumberSyx]

I personally beleive the Federal Government should be banned for ten years from buying any NEW products or services from any company which has been found guilty of being an illegal monopoly, when there are alternatives available from other companies.

Re:Ten Year Ban

[Maran]

"...found guilty of being an illegal monopoly, when there are alternatives available from other companies."

Erm, I know I'm missing something here, and I admit I'm not familiar with the legalese definition of "monopoly", but how can someone have a monopoly when there's alternatives available?

Maran

Re:Ten Year Ban

[dpilot]

Monopoly status can kick in well below 100% market share. It's more a matter of what the monopolist is capable of doing to a given market than the absolute share. Once you're big enough to twist the arms of competitors and customers, monopoly concerns begin.

Re:Ten Year Ban

I think the finding of fact was that Microsoft abused their monopoly on desktop operating systems, which was never %100 of the market, just large enough to strangle the competition. They never had a monopoly on servers.

I am so angry that our government puts up with this. They have no respect for the law.

Re:Ten Year Ban

Brave of you to ask this here, even braver of me to answer.

Because the DOJ and MS's competitors railroaded the case so that the word "Desktop" meant specifically an x86 PC. Sun workstations were removed from the definition. Apples were removed, Beos, Amiga (Yes those were still around) and virtually every possible thing was removed from the specification of the term "Desktop OS" specifically so that MSs "share" would be as large as possible to make the "Monopoly" tag stick. If it had been possible to exclude Linux from the lineup, they would have done that too and gotten it to 100%

Not brave enough...

we knew MS would win

[rppp01]

I mean, think about it, we have a president, who doesn't give a rats ass about anything except corporations and the military. Look at the economy, it has to be every one else's fault but the administration's. Yell at Congress to lower spending, so we can raise military spending, and then keep pointing to Iraq as doing what they do, drawing attention away from the economy and from Isreal basically doing what Bush moans that Iraq might do in the future. What utter nonsense!
But we knew this would happen. With a pro-corp prez in place, MS would get off, and now it is being espoused by the government. Nice going, morons. We don't want to punish MS for being a monopoly, no, we want to have them continue to publish wonderless software, and we'll even use them!

If I could convince my gf and my ex (for the kids), I'd move to Canada already, or even Europe. Sure, freedoms and technology are not the same, but so what. These areas of the world are getting it (except Blair, what's he gonna get for his support?). Some Superpower....what's that saying? Power corrupts, and absolute power corrupts absolutely. Thanks Bushki!

Re:we knew MS would win

Do you realize that Democrats have been saying the same stupid shit about Republicans only being interested in corporations and the military, since around 1908. As a perfect example of the hypocrisy lets take a field trip to the Northeast. How about we start off in Boston. Have you heard of the public works (i mean transportation)project going on there. Its called the BIG DIG. When first proposed the Republican mayor was beaten over the head with a Democrat stick for attempting to divvy out work to the 'special interests'.
This republican mayor got drummed out of office and they put the Dumocrats in charge who proceeded to come up with an idea that was just incredibly more expensive than the original plan. WHO made off like a bandit?
SPECIAL INTERESTS -- the corporations. And mostly on the government dime.
What is different from the Republican plan? Now instead of having evil Republican special interests you have wonderful politically correct, special interests all looking out for the WELFARE of the little people.
;

Re:we knew MS would win

please leave, please move. As fast as you can. Take your buddies in Hollywood with you.

Of course you won't. You won't have the balls too.

Chicken.

Besides, if she really loved you for who you really are, she'd move with you.

Re:we knew MS would win

If I could convince my gf and my ex (for the kids), I'd move to Canada already,

Funny, I say the same thing about moving to the states from Canada!

Canada has a one party political system, Immigrants & refugees have more rights than life long citizens, the voters, especially in Eastern Canada, are mindless sheep that keep voting the same party in no matter how corrupt they are.

Try makeing a formal complaint about the police, government, politicians and see how far it gets you-it'll get dropped then the table will be turned and they will investigate YOU!

Canada is one level up from Cuba in terms of rights and freedoms. Be glad you live in the US!

Re:we knew MS would win

[bnenning]

Look at the economy, it has to be every one else's fault but the administration's.

You mean the economy that started tanking well before the 2000 election and which was further damaged by revalations of criminal acts which occurred during the previous administration? Yes, that's clearly Bush's fault. Come on.

Isreal basically doing what Bush moans that Iraq might do in the future

I must have missed the stories about Israel using weapons of mass destruction on civilians. Or for that matter, the stories of Israeli suicide bombers deliberately targeting Palestinian women and children.

Re:we knew MS would win

If I could convince my gf and my ex (for the kids), I'd move to Canada already, or even Europe.

Can you take Alec Baldwin with you? He promised the same if Bush was elected, but is appparently having some problem getting out of the country now.

as a DOI employee

[briancnorton]

I work first hand with DOI IT, and I can tell you that there will be waivers flying every direction. Everything is UNIX now, and there are not enough qualified people to migrate. They spent MILLIONS replacing 3000 mail servers with 32 Domino servers, and they arent changing that anytime soon.

All specialized applications are UNIX, and will be waived.

The major problem is with administrators. There arent enough qualified people here to run a multimode environment. They cant pay enough to get qualified Americans to work for them, and they cant contract out to H1Bs.

in short, I dont think this will have much of an effect.

Re:as a DOI employee

[Remus+Shepherd]

I'll second this. I'm a DOI subcontractor, and all our systems are DOI-owned. We have Linux, Unix, Irix, and SunOs all over the place, plus a Mac here and there. Most of these systems are running custom applications and their OS cannot be replaced by Windows. This will have little if any effect.

Re:as a DOI employee

[Andrew+Gilmore]

And as a fellow DOI employee, my take on this is they did no scoping or internal comment or ANYTHING to base this decision on. I do not think it is going to fly, in the long term.

My entire IT office is up in arms about this. With NO comments from the rank and file, many people are upset.

Re:as a DOI employee

[killmenow]

I dont think this will have much of an effect.

It may not have much effect in the DoI, but I submit it will have the following effect:

• New (note I said NEW) contractors looking to work with the DoI will see this as an indicator that NEW stuff will be done on a Microsoft platform.
• MILLIONS will be spent by vendors, contractors, etc. in training and otherwise getting up to speed on said Microsoft platforms
• A lot of CIOs will take their cue from this and do the same thing
• Microsoft will market the S%*t out of this, using it as an argument against other government departments (not just US ones) who are pro-OSS
• Other US departments will follow suit...and it will all repeat

Now, I'm not saying OSS is dead in the DoI. But I am betting OSS will be slowly phased out if this policy stands, as any NEW projects will be hard pressed to justify those waivers.

But I admit: I could be wrong.

Re:as a DOI employee

[Skapare]

There are currently thousands of highly qualified people available now who will work for half or even a third of the salary as average. This is why the government conspired with wall street to bust the big bubble, because no one would work for the government anymore (no stock options). And unlike H-1Bs, who have to be paid what the average person makes, you can legally pay Americans way under average. So now there are plenty of admins available ... and programmers, too. Just post the openings here and watch the geeks resumes come flooding in.

Re:as a DOI employee

[spencerogden]

And how exactly does one conspire with the non-existing entity called wall street? I'm that a huge bear market is just what all of the brokers on Wall Street wanted...

Re:as a DOI employee

[Pig+Hogger]

I work first hand with DOI IT, and I can tell you that there will be waivers flying every direction. Everything is UNIX now, and there are not enough qualified people to migrate. They spent MILLIONS replacing 3000 mail servers with 32 Domino servers, and they arent changing that anytime soon.

Note to CowboyNeal: add a "phew!" moderation type.

Re:as a DOI employee

Isn't it wonderful! You wake up one morning and the world you knew has been taken away all because some PHB got snookered by a salesman.

Re:as a DOI employee

[Azghoul]

Offtopic, but your sig makes me absolutely sick, and I even voted for another guy in the last election.

So, you'd rather have a murderous coward who takes civilian life as a standard operating procedure instead of reasoned debate and diplomacy?

That's quite possibly the most disgusting thing I've ever seen on screen.

Re:as a DOI employee

Why are you bringing bin Laden into this?

Re:as a DOI employee

[scoove]

MILLIONS will be spent by vendors, contractors, etc. in training and otherwise getting up to speed on said Microsoft platforms

Isn't it interesting that in an era of budget cutbacks, lack of funds, etc., the DoI has millions to blow buying new toys?

Oh wait a second, here's a few spare billion lying around in a DoI file cabinet. Might as well spend it - hell, as Bruce Babbit would say, you give it back to the indians and they'll just blow it on booze.

*sigh*

scoove

Re:as a DOI employee

[greenrd]

Your post is a bit hard to make sense out of. Government/market conspiracy to burst the bubble, to raise unemployment? Now that's a bit way out there. I'm well aware that interest rates etc. are used as a tool to increase unemployment - but I don't think they would intentionally set out to create a recession, which is what you seem to be implying. Anyways, downturns are part of the business cycle, and no matter what any arrogant politician says (like the UK's chancellor Gordon Brown in the late '90s) the business cycle ain't going away anytime soon.

And your link is encouraging people to spam Slashdot - I'm sure you just forgot to fill in the href.

Re:as a DOI employee

[greenrd]

Hmmm... I can't help suspecting something dodgy here. If there was no consulation done, on what grounds is this being done? Believing MS's flashy marketing efforts? Those in charge of IT being clueless? Or some kind of dodgy deal in a smoke-filled room?

MS has a lot to gain by snagging an entire department (it does have real effects in terms of future projects, no matter how many waivers existing projects get), and I wouldn't put it past Microsoft to use unethical inducements.

Re:as a DOI employee

[Darby]

I'm a DOI subcontractor, and all our systems are DOI-owned. We have Linux, Unix, Irix, and SunOs all over the place, ....This will have little if any effect.

Well, except that we (the taxpayers) will be paying MS every year for licenses for their complete software library for each and every one of those Sun, SGI, Apple etc. machines even though they can't run any of it. Don't forget, that's how MS licensing works.

Re:as a DOI employee

[Darby]

So, you'd rather have a murderous coward who takes civilian life as a standard operating procedure instead of reasoned debate and diplomacy?

Well, I'm not him, but I would rather have someone who you at least knows where he stands.
9/11 happened because Bush allowed it to happen.
That's why the Deputy Director of the FBI resigned in protest *BEFORE* the attacks complaining that Bush *ordered* the FBI to stop investigating the bin Laden family.

So we have a murderous coward in office who is only there because he cheated.

That's quite possibly the most disgusting thing I've ever seen on screen.

What about your blatant ignorance of the most basic facts about the Bush administration.? That's pretty disgusting to see in a citizen of a democracy. If you can't be bothered to inform yourself, then your ignorance affects me too. Please stop it.

Re:as a DOI employee

So how about posting a link where I can my resume?

Re:as a DOI employee

[ewhac]

There arent enough qualified people here to run a multimode environment. They cant pay enough to get qualified Americans to work for them, [ ... ]

Really? I'm an American out of work right now. What are they paying?

Schwab

Re:as a DOI employee

[Azghoul]

Bush allowed it to happen? Interesting mix of abject leftism and conspiracy theory.

"So we have a murderous coward in office who is only there because he cheated."

Hmm, interesting theory you have there. I hardly support everything President Bush does (and I did, in fact, vote for Harry Browne). However, I see little reason to belittle him, even when I do disagree with his policies, and I certainly don't cry sour grapes about the outcome of a political fiasco that neither side deserved to win.

As for your "blatant ignorance" comment, it's ad hominem and essentially turns the rest of your point (whatever it might have been) to mush.

Re:as a DOI employee

why dont they hire and train some of the Native Americans whose money they stole/lost.

Re:as a DOI employee

[Darby]

Bush allowed it to happen? Interesting mix of abject leftism and conspiracy theory.

It is, in fact, neither leftist nor a conspiracy theory.
It is something that you would know as well if you could be bothered to take an active role in informing yourself. You, completely ignored the well-documented fact I stated about the deputy director of the FBI. Couple this with the fact that many foreign governments informed our government about the attacks, including names dates and places before hand, and it is perfectly clear that Bush knew about the attacks beforehand.
Now, it is a fact and a matter of public record that he knew what was being planned, and that he ordered the FBI to stop investigating the people responsible.
Just because CNN or Fox news, or whoever you get your news from doesn't see a way to increase profits by telling you this, doesn't absolve you of your responsibility as a citizen of a democracy to inform yourself.

Hmm, interesting theory you have there. I hardly support everything President Bush does (and I did, in fact, vote for Harry Browne). However, I see little reason to belittle him, even when I do disagree with his policies, and I certainly don't cry sour grapes about the outcome of a political fiasco that neither side deserved to win.

Again, you clearly haven't bothered to inform yourself about what happened.
In the first place, Bush lost the election. That is a well documented fact. When they recounted the entire state of Florida, it was determined absolutely, with no doubt whatsoever in the mind of anybody involved with the process. This is not under any dispute by anybody.
Now, this did come out after Bush was already sworn in, and far be it from me to argue that Gore wasn't a complete fuckwad about the whole issue.
But the fact remains that if Bush had a shred of integrity he would have stepped down when this became public.

This isn't even the important part of the issue though. The important part is that the election would not have even been close enough for this to have mattered if Bush hadn't cheated beforehand.
The manner in which it was done shows quite clearly that Bush has nothing but hatred and contempt for everything this country stands for.
You do know that Jeb Bush, George's brother is the governor of Florida don't you? You do also know that he had his secretary of state throw about 80,000 citizens of Florida off of the voter rolls don't you? You also know that these people were all registered democrats, and mostly black don't you? You are also aware that they are being sued for this aren't you?

If any of these things are news to you, which they clearly are otherwise you wouldn't have made that post proclaiming your ignorance, then you are ignorant (look it up) of this issue

Now, this is not an ad hominem attack, nor was the "blatant ignorance" comment previously.

If you are a white man and I call you a white man, that is a statement of fact, not an attack on your person.
Similarly if I call you left-handed and you are.

So when you demonstrate quite clearly and publicly that you are ignorant of an issue which it is your duty to be informed of, then you are in fact blatantly ignorant of that issue.
This isn't an insult. It is a simple statement of fact. Ignorance is a state of mind which you can change. I am ignorant of many things such as the current temperature in Somalia, the price of tea in China, and many other things.

If you would actually do some research, you would no longer be ignorant on these issues, but it seems that you would rather blame me for pointing it out than actually fix the problem.

That, my friend, is the way too prevalent attitude in this country that allows fiascos like this to go on.

.

I know it's OT but...

[Theatetus]

...this fake distinction really bugs me.

Then change the Constitution! We live in, by word and act, a REPUBLIC thank you!

Democracy and Republic are orthogonal descriptions. There are democratic republics and non-democratic republics. Ours is democratic.

Paid source

[Marc2k]

That site makes me even angrier. The banner says "Click here for the .NET source code!" ...after clicking, you get dumped on a storefront that says "Sure you can view the source...for US$25!"

Jeez. I can understand paying for a website engine, maybe...but at $25, it's quite obviously just for you to view (you could use it, but enterprise code would seemingly be a lot more than $25). Also, do they really think their e-zine could compete with Slash, Everything, LiveJournal, Blog, etc? Come on. And THOSE are all free.

Sometimes a standard just is a standard...

I contracted for the Texas Dept of Human Services, they, like most government shops, had a policy standardizing on MS products. What the higher ups quietly ignore is their critical WAN infrastructure is mostly linux. A small insular group of network guys set it up (the DNS server had a 9 month uptime and was still running a 2.0 kernel). Most of them were not experts, just guys who had setup Linux early and then kicked back and relaxed (not an ideal system from a security standpoint).

Email went down for three days while they blamed the Exchange box, I had explain MX records to them and prove that it was disk overload on their primary MX (sendmail +Redhat 5.2). They couldn't even remember who had the root password.

What I discovered was that government is still the last big company around. The place where no one ever gets fired, or laid off. Where the new technology approval board is run entirely by people whose only IT training is in Cobol and Unisys 2200. The few really smart people are full of great ideas, but they are rendered inert by the great mass of "lifers".

In Texas, most of the real IT work gets done by big name consulting firms, at extraordinary costs and questionable quality.

Re:Sometimes a standard just is a standard...

1)The problem with SendMail and Exchange is not disk overload. It is a shorter timeout in exchange that has to move mail to anything that is not exchange. While you can improve performance on the sendmail side, it is easier (and better) to simply increase the timeout of exchange.
2) It is easy to reaquire root on a box that you have physical access to(reboot, going into single mode - set the passwd). I suspect that either they were not sysad or that your story is not quit true.

Re:Sometimes a standard just is a standard...

[ruineraz]

I work at a bank, and we have the exact same problem where. There's just a vast number of lifers who have been with the bank for 20 or so years, and do not understand new technologies.

Re:nothing to worry about.

Yes but this doesnt just concern linux, it concerns every other system or vendor out there. As stated in the memo nothing but MS is allowed.

Since there are other OS than MS and linux that has the potential to become big any policys like this is ludicrus and just stops up development. Today all development in the OS market is pretty much in a coma. Think about it for a second, if the only viable competitor to Windows is a free OS that is much better in some areas how well is that market really?

Today there arent anyone that seriously even considers making a new better OS from grounds up because of MS. Linux can perhaps take enough market to open up the competition again and i think thats what many would like to see.

Requirements are the loophole in bids...

[zerofoo]

I'm a sys-admin for a small school, and I'm familiar with the restrictions of a bidding process. Most likely the DOI will go through the appropriate bidding process by producing an RFP specifying a Microsoft solution, and then various vendors will bid on a systems solution centered on a Microsoft product.

By narrowing the systems specifications right down to the software vendor, a CIO can pretty much get what he/she wants. Sure, there are lots of MCSE's selling MS solutions, but if the RFP specifically requests a Microsoft product, that effectively excludes all other systems vendors.

-ted

Re:Requirements are the loophole in bids...

By narrowing the systems specifications right down to the software vendor, a CIO can pretty much get what he/she wants.

Most County and State Software Project bids require that the proposal for hardware and software conform to "IT Standards". The IT standards are usually in the back of the Bid document. Some of the Virginian Counties will have a choice between Wintel systems and Unix systems. The Wintel stuff has been recently Win2K on Dell and the Unix stuff has been either Sun Software on Solaris or IBM software on AIX. For a reasonably complex server based solution, choosing Sun or IBM can add another $100,000 to $200,000 to the proposal's cost. If the lobor total is $500,000 there is the danger of the proposal being uncompetitive.

Ideally a Unix based solution on Intel architecture would be the best trade off in cost/performance/security etc. But the county standards wont allow it. In a Proposal I wrote recently for a local county I included a second cost structure for Linux software on Dell hardware. It came in under the Sun/IBM solution and was cheaper than the Wintel solution as well. A 25 client license for Win2K can add cost to a proposal quickly.

IMO the Linux (Red Hat) on Dell gives the best cost savings in hardware and software, with all the benefits of the Linux platform that Wintel nor Unix has. Which was why i included it in the Proposal even though it was outside of their county IT standards.

omico--

Purchasing policy

[pubjames]

I find it amazing that a government department should have an official policy of only purchasing from one particular vendor. I would have thought a fundamental factor in defining a purchasing policy in any large organisation would be making sure that there is competition amongst your suppliers. It's basic business sense, isn't it?

well at first you made sense

then you had to dig up the partisanship crap and make it into a republican conspiracy out to murder innocent arabs to cover shady business deals.

DOI IT Spending

I know for a fact the contract with Microsoft is for $17 million dollars if they get both Active directory, desktop OS and Exchange. I have been fighting for Open Source Alternative for over three years. The Acting CIO is Hord Tipton so email him and his friend Billie Clark at US Office of Surface Mining. Tell them Why 100% Microsoft is a bad idea.

Government IT Worker

For Crying Out Loud!!!

[voodoopriestess]

When a government department adopts a Unix-based solution, it's because they're far sighted and everyone gets a pat on the back.

When a government department adopts an MS-based solution, it's because Microsoft is in league with the Devil and are trying to take over the world.

How about some sense prevails and people realise that for some things, Microsoft may actually be better!

Re:For Crying Out Loud!!!

Yeah!

I switched from Linux to Windows recently, and it's so nice to have that nice, soothing blue screen back every few hours... And the time to go get coffee while I reboot. Yeah!

Re:For Crying Out Loud!!!

No government department has selected any kind of Unix EXCLUSIVELY as it so often happens with Windows. For some wierd reason Windows programmers have hard time understanding this?...

win2k/xp doesn't fix reboot problem

[alienmole]

yes kids, Win2k and XP can stay on for months without a reboot..

That's true if the machines aren't connected to the Internet, and if they're not heavily utilized workstations, etc.

In practice, a connected server needs to be rebooted more often than that, if only to apply the latest security patches.

Heavily utilized WinNT/2K/XP workstations need to be rebooted regularly to overcome kernel memory leaks and the like.

If you'd like to see this for yourself, try this test: load enough copies of IE that you run out of kernel memory or other resources. You'll know you've reached that point because it will silently refuse to open another window. Now close all the windows you've just opened. Carry on using the machine and see how long it is before you find that new applications can't be run, that menus don't drop down, etc. To get some sense of what's happening, monitor the numbers on the performance tab of the task manager while you're doing all this, particularly kernel memory - it goes up, but mostly doesn't come down. That might be fine if it was reusing the allocated memory, except that it doesn't - it ultimately cripples the machine.

The bottom line is that Win2K/XP is fine for light-duty use and applications not connected to the Internet. For serious computing, though, you need a real operating system.

Re:win2k/xp doesn't fix reboot problem

[Telastyn]

What bullshit. win2k at least will run happily until the next SP. I've found that the multiple IE issues aren't a problem with kernel memory allocation as much as issues coming from explorer and IE being tied in with each other. A good kill and restart of explorer makes the machine nice and responsive again. I've had machines doing heavy heavy mem allocation and processing (distributed processing application for university) and the win2k machines ran well. Did they run as well as the BSD machines? no, of course not, but they ran at around 87% as well.

Re:win2k/xp doesn't fix reboot problem

[alienmole]

What bullshit. ...

Did they run as well as the BSD machines? no, of course not, but they ran at around 87% as well.

You're contradicting yourself, and making my case. Maybe you're happy with 87% (and I would push that percentage down a bit once you factor in the various TCO-type issues), but what is the point of compromising? Let me see, Microsoft is more expensive, lower quality, less secure, less stable... I must be missing something here. Oh yeah, it's got a point and click GUI for amateur adminstrators.

Re:win2k/xp doesn't fix reboot problem

[Telastyn]

wtf? they *aren't* less stable, that was the entire point of the message, and since when does cost of ownership have anything to do with performance benchmarks?!?

Is it more expensive? yes.
Is it lower quality? debatable. In some places yes, in some places no.
Is it less secure? depends on the situation, but usually.
Is it less stable? no. In my experience win2k has been just as stable and reliable as solaris and bsd machines.
Does it have a lameass point and click gui for lameass MCSE's? unfortunately...

win2k has disadvantages aplenty over bsd or linux or solaris or osx or pretty much anything, but to say it isn't stable and can't do "real" computing is just a fallacy.

Re:win2k/xp doesn't fix reboot problem

[alienmole]

wtf? they *aren't* less stable

Having to do the kills and restarts of explorer, which you mentioned, based on normal, but long-term use, doesn't qualify as "stable" in my book. Besides, killing explorer doesn't fix the issue I'm talking about, which has to do with kernel memory. There's an MS KB related to this, which I'll dig up if you like.

Cost of ownership has nothing to do with performance benchmarks, but I was talking about reliability, stability, and the need to reboot. A big part of the cost of ownership is the amount of time that has to be put into maintaining a machine. Rebooting, patching, and dealing with problems all adds to that time. In that sense, reliability and TCO are very closely related.

it isn't stable and can't do "real" computing is just a fallacy.

No, it's a matter of opinion. You can make excuses for Microsoft all you want, but in the end they're just excuses. My experience, based on supporting clients running all kinds of boxes, is that the Windows boxes are regularly and conspicuously a bigger PITA, and call attention to themselves in one way or another, much more often. The original issue I responded on, that they require reboots more often, is still true in practice and could probably be demonstrated via Netcraft etc.

ideals vs. facts

I agree with you, in fact it probably would be better to say, "I formulate political and ideological ideals from analyzing facts"

Comment removed

[account_deleted]

Comment removed based on user account deletion

not too surprising...

[budalite]

Actually, the announcement is probably going to be blatantly ignored by all the DOI Bureaus/Empires. They are all their own little fiefdoms. I retired from the DOI Office of the Secretary IT network/web team team about 3 years ago. At that time, the DOI "Webmaster" did not know HTML, much less CGI or anything else; he used Front Page to build a little office home-page. It had animation bouncy things on it. He had no *nix nor any web experience of any kind when he was hired. ?? The Office of the Secretary Webmaster (my boss) needed to spend most of his day developing and maintaining a COBOL-based personnel administration application. He did not know any *nix nor did he care to learn it. (To be fair, he didn't have the time.) Each of the Bureaus headquartered in the DOI Headquarters building in DC had (has?) a seperate LAN/WAN system and seperate Internet access points. The DOI web site was funded by the Public Affairs office, which was/is not really sure what to do with the web. After working at GSA and FEMA, two orgs. with outstanding IT teams, the DOI lack of interest in IT, lack of qualified IT leadership, and the resulting mediocrity was very disappointing. However, the idea to "invest" in M$ is not very surprising. They had already begun to move that way, years ago. It's what the contractors use. It's what the contractors told them to use. Their lack of IT expertise means they must trust the contractors to provide their IT leadersthip. Apparently, they picked the wrong contractors and are just getting ate up. I could go on and on (and probably already have). Don't place too much emphasis on this "announcement". The Bureaus won't. It's just a way for that office to get its name in lights for a little while. Sad, but true.

pfS.

[Ironically, when the DOI web site was heavily attacked by the Chinese after we accidentally blew up their embassy in Bosnia, our Unix-based Apache web site, a left-over from a previous webmaster (bless his unix-loving butt), administered by a new-to-unix admin.(me), faired pretty well while the Park Service's M$ IIS4-based web site was hammered through an anonymous ftp account and was down for weeks. (Everything was secure but the gifs. I thought I had everything buttoned up, but for some reason, when I uploaded files to the server via Hummingbird, the gifs (& only the gifs) permissions were set to 'w' for everyone. So we had little Chinese flags all over DOI Home page for about 12 hours. Coulda been worse. Oddly, the Chinese sent tons of XXX-rated mail to the webmaster email address. Ow, ow. ]

Re:not too surprising...

> At that time, the DOI "Webmaster" did not know HTML, much less CGI or anything else; he used Front Page to build a little office home-page.

How depressing, and I can't get a job if I offered to work for free. Perhaps the key is not in my skills but in my ability to be a complete moron and come off as a genius. *sigh*

Re:not too surprising...

[budalite]

Actually, it's all about marketing. At the department level, they hire for general management and marketing experience, not technical expertise. (Which is a shame.) Actually, you probably can get a job with the Fed. Govt, but you gotta be real patient, which is a problem if cash flow is low or non-existent. It usually takes 3-6 months. Check out www.usajobs.opm.gov. The career field codes you are probably interested in are (334 - Computer Specialist), (854 - Computer Scientist or Computer Engineer), or (2210 - Information Technology Specialist). There are hundreds, if not thousands, of CS openings around the USA. There are also a bunch of technician openings nationwide. (856 - ET, is one.)(part of the much larger TCO of M$) The job announcements at opm.gov use "keywords". Use those keywords in your resume, if you have that experience, or no interview. OPM also has an IT applicant db. Don't know if they use it, but it could not hurt to be on it if you are job hunting. Good luck.

Im so happy

The government is adopting the most advanced OS on this planet. hey who coyuld be happier Im so glad microsoft is still ahead even after this recent witchhunt by the US DOJ and funded by Microsofts competition.

Linux/Solaris using DOI employee says...

[Andrew+Gilmore]

The rumor is that this was actually caused by someone blaming lack of standard email servers (Lotus Domino and Groupwise) for screwing up a email greeting/distribution from the Secretary. This problem was probably actually caused by network connectivity problems, rather than standardization issues. I got it fine from my Groupwise POP server.

Thus this unfunded mandate to move to some standard platform.

Given that there is no money behind it, and we're talking 40+ mill in LICENCES ALONE!!!

I don't see this happening anytime soon.

On the other hand, it is almost easier for Linux to interoperate with MS stuff than Novell, except Exchange/Outlook, which does have a non-free solution (Evolution).

Further, we have several pieces of Unix only software, and I don't see those being ported soon.

BOLLOCKS - Win2k/XP do and can work!

[voodoopriestess]

BOLLOCKS

I use to run the web servers amongst others for Heriot-Watt University Students Association. On this box we run:

Windows 2000 Server SP2
Apache 2.0.36
Bind 9.2.1

It has now been up for 4 and a half months and the last reboot was to install SP2. No version of *NIX can upgrade its core software (i.e. kernel) without rebooting. I do NOT to that it is fair to say that Microsoft software will only work on under-used workstations and when not connected to the Internet. This web server serves out > 410,000 hits a month on a P2-300 with 128 MB Ram. Please, people check your facts before you start accusing Microsoft software of being completely useless.

Re:BOLLOCKS - Win2k/XP do and can work!

[fredan]

probably. But: I'm running on a pentium 166 with 48Mb/ram and evey once in while I'm posting thing's what people can download from me. On slashdot. I don't think you normaly should do this on such low hardware, but then again, my software allows me to do this.

Come on, how many of you would say that you can download UT-2003-Linux-Demo and mozilla (it was the 1.0 release) on this box? I do that, because I know it works.

Oh, and speaking of website, I do run some of them too, like: *.se.linuxfromscratch.org

Not surprised, don't care, sucks to be them.

[mesozoic]

"Centralized security control"? Sure, Microsoft can do that. Until one of your domain servers gets 0wned.

Frankly, this doesn't come as a shock. Government agencies like the USDOI have always been of the attitude that if they pay more, and do less, it's better in the long run. But if they plan on running their entire networks on Microsoft servers, I plan on watching the news for hack reports.

Aww, CRAP!!!

[killmenow]

Greater productivity and reliability attributed to less downtime.

Stupid soda makes my keyboard sticky...

I gotta remember not to drink pop when reading /.

Re:Aww, CRAP!!!

Oh... "pop"=="soda" for you regular folks.

DOI turned off web in 2001

[peter303]

The DOI is he same agency that was forced off the web by a court ruling in 2001 because it was easy to hack Indian royalty accounts. This turned off National Park Web site, earthquake data sites, etc. also in the DOI. What a mess at the time.

This is Great News!!!

[sdjunky]

We don't need the Freedom of Information Act anymore... and I was worrying about our rights being taken away ... whew

But what about Palladium and DRM?

[Quixadhal]

What happens when a government organizaton decides to use Microsoft products and has to shut down all operations for N days because:

a) The authentication server at MS crashes or screws up so all the Windows XP desktops can't phone home to get Bill's permission to run?

b) One of those lovely IIS virii starts sending sensitive documents out to every pr0n vendor in anyone's mail spool?

c) The DRM system determines that a critical bit of multimedia presentation, which might decide the creation of a policy, can't be shown since it hasn't been authorized and therefore MIGHT be a violation of someone's copyright?

If you thought your Government was lazy before... man!

please move away then

your last paragraph says it all, you would move somewhere else yet they have less freedoms and technology. Hmmm, I wonder if there is a causative relationship there. You are a monkey that has learned to parrot rhetoric. Or perhaps you are one of those entertaining programs that would randomly paste news tidbits together in a nonsensical manner to form highly humorous headlines.

Here is a clue for you. The US constitution grants three powers to the federal government. Military is on there... social services and economic wrestling are not. While this is undoubtedly a bad decision for the DOI to make and their stated reasons are a bit ironic, it does not change the fact that we have yet to slip into a socialist state. However with the help of sheep like you, that is happening slowly over time.

Any economist (of any political spectrum) can prove that top down economic changes take several years to begin to show in the actual economy. Grassroots, which is very difficult to control can be instantanious. An example of a grassroots (or bottom up) issue would be if people (justified or not) began to believe that normal computers and monitors actually caused illness in 90% of humans. If people stopped wanting to use, trust or be near computers after that our economy would collapse very soon. Here it would be the duty of the government to first gather and present the relevant facts, then in the case that computers really were that bad, help organize (but not run) people together to work around the problem and reroute the economic shift (imagine how good paper companies would do for a short while).

If you realized how pathetic people like you sound, and how much people like you lend credibility to arguments that not everyone should be able to vote... it is people like you that put monsters like Hitler and Stalin into power. Microsoft got to where it is because of stupid sheep like you. I have a feeling that this reason alone is the major cause for animosity towards MS by meat puppets such as yourself. (clue: you see yourself in both MS and their supporters) If you want to help squash MS, then please start helping organize alternatives. There are plenty of hackers out there, what we need now are more engineers. We need more people that can organize information so as to make it very easy (yes I said easy, not just easier) for a newbie to pick up linux and start using it... not a hacker picking it apart and programming his own scripts and apps, but just Joe Enduser. The arrogance that has prevented this is exactly what is causing the problem. Stop depending on the government to fix your problems and carry you around. Our country was founded under the principle that mankind can govern and take care of themselves. If you go against that, then you are saying that people cannot survive without being told what to do and are unreliable for their own lives... that then justifies the grey hairs to control aspects of your life that you will not like too much. "When we seek to control our neighbors, we seek to empower them to control us"

Re:please move away then

>it is people like you that put monsters like Hitler and Stalin into power.

"I will balance the budget, decrease taxes and build up the military"
Who said those words? Raygun AND hitler. Both were voted in. Stalin took power, no vote. ppl need to quit re-writing history. It would be better if they would simply learn from the past.

Great points about the economy. MS is moving forward and buying their way in, but it is slow going and easy to tear down when it is mandated from above.

Netcraft Link ?

[Martin+S.]

Interesting, so you're saying that MS systems connected to the internet CAN'T stay up for days?

In the interests of transparency and to prove you are not just another MS Astroturfer perhaps you could prove this rather than just claiming it by supplying a Netcraft link.

Microsoft supports Software Choice

[xyzzy-ladder]

As long as you choose Microsoft!

Err...

[Jezza]

So did they put the document there (where it instantly got slashdotted out of existance) on purpose? They can say: "hey we're open" but actually we can't read it and can't properly make comments?

Just a thought. Of course trying to figure out what someone who'll standardise on Windows will do is probably rather hard (random stupidity is hard to track).

Oh well I suppose Bill needs to sell it to someone, as fewer and fewer of us in Europe are buying it!

Another on bytes the dust...

yet another /.ed site... Has anyone considered setting up temp pages with basic text for links posted, particularly when the links are to an obvious personal page site?

I swear, I think there are more 'bandwidth exceeded' notices here than there are content M$ users total.

Open Source as a requirement not unfair...

[bubbha]

When I was a young SW Engineer working on military systems, I frequently had "great" ideas involving hardware "shot-down" (pun intended) because the system requirements from the gvt. demanded components that had a "second source." This prevented the system from being dependent upon a sole provider of a component. So even if more technically advanced hardware was available, that did not matter because a single supplier placed the whole system at risk... the risk that we may not be able to replace that component in the future - rendering the whole system useless based upon the unavailability of one component.

I believe open source needs to be looked at the same way...and, in fact, many gvt's around the world are doing just that.

Stop saying that requiring open source EXCLUDES MS. It does NOT. The problem is that MS does not have any products which meet the customer's system requirement for multiple sources for system components.

MS (the company) is not excluded, their closed-source products are. If they wish to compete for systems that require multiply-sourced components,they should make products for that market.

Conformance != All Microsoft

[TheConfusedOne]

There is a strong case to be made for conformance of systems.

One problem, conformance of systems usually means that you have to use older systems to ensure conformance. To get conformance right now you'd have to throw out most of your current PC's and buy/upgrade all of the desktops to the latest version of Windows XP. Additionally, you'd have to migrate all of your servers to Windows 2000. With that accomplished you would now have a conformant layout.

Then, you'd have to avoid making any upgrades to the systems. All you could do is patch and make sure every box had all the patches. Sounds great. So, this whole process gets completed somewhere around Q3 2003 (being generous time-wise).

Windows .NET Server 2003 comes out then. What do you do? You either have to upgrade all of your servers (and probably patch your desktops) or stay with a now old server OS.

BTW, this part hasn't even started to go into the actual applications being run on the desktops and servers let alone the hardware being used by them.

Basically, "conformance" is impossible. Hardware changes too quickly. Software changes too quickly. You'll either need to freeze everyone in time or just deal with the fact that everyone will be running different OS's.

Finally, considering the DoI's current track record with security (couldn't even put the Indian records into a DB) I find it very hard to believe they would be able to stay up with the patch-wave that is MS.

Re:Conformance != All Microsoft

[TheConfusedOne]

So, first you still have to get all of your machines up to Win 2K/XP. Then you have to have a sufficient number of test machines to test those patches against. (2K SP 3 breaks Office 2000 install. NT 4 SP 6 disabled Notes. NT 4 SP 2 completely hosed NTFS machines when installed over the network.)

Now, let's look at a modern WAN. You've got regional offices scatterred all across the US. Do you need local servers to redistribute those patches down to? Maybe you want the 5 XP machines in the little RI office to completely flood their 128K frame relay connection back to the main office pulling down the latest Microsoft VM patch? How about that travelling guy with a laptop and a dial-in connection?

Now, how about provisioning that new box in the RI office? Are you going to be constantly updating a stream-lining patch set so that they don't have to download 20 seperate patches and reboot after many of them?

It takes a hell of a lot more time than your 5-10 minutes *per week*.

Re:Conformance != All Microsoft

[TheConfusedOne]

1.5 hrs to test and deploy SP3?!?

Wow, what did you test? How many different software configurations did you test against? What problems did you encounter? Did you hit that Office 2000 issue?

Again, I continue to find your time estimates unbelievable.

Re:Conformance != All Microsoft

[TheConfusedOne]

First off, I'll point out that your list of steps is much longer than that 1.5 hours figure you threw out to begin with.

Second, how many boxes are you running on this setup? How long did it take to get all of the boxes up to Win 2K and convert all of your servers to Win 2K and get Active Directory going?

Sure once you get your entire infrastructure up to a level like this it becomes much easier to administer (and you could even do it easier using something like Novell's ZenWorks). The problem is getting to a point like that. Given the DoI's current track record with technology I don't see them ever reaching this point.

GAO anyone?

What opinion has General Accounting Office about that policy? (One of GAO duties is to oversee money usage of other federal agencies). If they don't know - somebody point to GAO about that...

Why should we stop them

[Gerry+Gleason]

If a 70000 workforce says that wanna work on M$ why should anyone stop them.... But I guess this wont be true, there will be numerous who are opposing this.... and in this case slashdotters cant do anything except slashdot the DOI site every second day.... Its upto those employees to get together and raise a ruckus.

Beside the fact that the employees probably had almost nothing to do with the decision, it is objectively bad for the government to lock up our information in a propriatary format.

The real tragedy of this will come down the road, when not even current MS crap (if they survive) will be able to read the obsolete Word2002 formats stored in the archive. Even today, I expect that you would have some problems reading at least some old windows document formats in the most current editions.

MS development processes are so ad-hoc and market driven that they cannot even keep track of all the external representation formats that they have created. They just don't get it. The reason that experienced and skilled software architects and designers insist on supporting mature standards is because otherwise it turns into an unmanagable mess. Stability is way more important than wiz bang features. Note that this is also the source of many of their security problems, at least the ones that aren't due to allowing program fragments to run from untrusted sources, but I digress.

This is also why the Linux platform is so much better. Even though it is not yet at a maturity and stability level that satisfies us, it is still completely usable because it doesn't just abandon standards in an attempt to gain market dominance. Once a standard is established and has become stable, you can be certain that it will be widely adopted. In this environment, any number of projects can implement that standard, and users have a choice to stay with the old reliable tool, or upgrade to get more features and functionality. Or even use both situationally.

Can't upgrade a kernel w/o rebooting - So?

[Andy+Dodd]

Go to Windows Update for a freshly installed Win2k box... How many of those updates say, "This update must be installed seperately from all others"? At least 3-4, even after installing SP3.

How many of those aforementioned updates require a reboot?

All of em'.

When a *web browser* patch requires a reboot, there is something fundamentally WRONG WITH THE SYSTEM.

At worst case under Linux, a web browser patch to Tux will require unloading and reloading a kernal modules. If you're using any other web server, you can do an upgrade, and restart the webserver. Total downtime? Restarting Apache takes a fraction of a second.

This is the difference between Unix and Windows - Unix requires a reboot only for the most major upgrade of all, the kernel. Anything else doesn't require a reboot. Windows, on the other hand, needs an update for damn near any system update you'd like to make, and a significant number of system changes require an update too. You need to reboot to change *font scaling* for chrissakes. (Let's not get into the fact that there is no need whatsoever for any server machine to be running a GUI at all times because it's an unnecessary waste of resources - A true server should be 100% administratable without even a video card and just a serial console for worst-case scenarios when the network goes wonky.)

Re:Can't upgrade a kernel w/o rebooting - So?

[NineNine]

What's wrong with rebooting a web server? Very rarely are web servers mission critical. Hell, the biggest web servers go down for longer than an occasional reboot takes to do. Hell, Slashdot probably only has like 95% uptime, and that's supposedly managed by the super-ultra-mega Apache gurus. A web server reboot takes like a minute. The chances of that being a serious problem are slim. If it is a problem, don't use W2K. IF you can live with it, W2K works just fine.

Re:Can't upgrade a kernel w/o rebooting - So?

[IkeTo]

Why need software to be fault tolerant, when the people are fault tolerant to the highest extent?

Re:Can't upgrade a kernel w/o rebooting - So?

[TFloore]

Blockquoteth the poster

What's wrong with rebooting a web server?

Absolutely nothing.

If service availability (*not* uptime) is a serious concern, you don't use a single machine anyway.

You can get systems with 99.999% availability guarantees form various major manufacturers. IBM loves these things, they price them so only major corps can afford them.

The interesting thing... These aren't single computers. Read more about them. Every system sold as "99.999% availability guarantee" is a system cluster with failover. One goes down, the other picks up within some specified timeout period.

If your web server needs a good uptime, use a server farm and a load-balancing switch. Even just 2 web servers behind a round-robin switch. When a web server needs a reboot, take it out of the pool at the switch, reboot it, put it back in the pool.

This has been common practice for years with systems that need service availabilility guarantees.

Uptime is for bragging. Service availability is for people that actually need to get work done.

DOI are mostly idiots

I worked for USGS for awhile and their management is
a joke, just like most other gov agencies, only worse. They treat most of their computer people like
crap and wonder why they can't get any good ones.
There are some good people there, just not many.
The earlier post about the web master that was hired
without anything close to good qualifications is
typical.

DOI?

[vogon+jeltz]

So MS equips The Department of InFeriors with its Software?
Good match if you ask me.
Oh well, couldn't resist ...

Fraud, waste and abuse hotline 1 (800) 647-8733

[SgtChaireBourne]

The management at the previous place I worked made the Microsoft Mistake (tm). Their IT dept. put in probably 1000-2000 man-hours per month with Exchange Win2000 and other experimental products and still couldn't manage a week of uptime nor go two months without getting "0wn3d". Their solution was to buy extra licenses, hire extra consultants, and repeat the mantra "it'll work after the next upgrade/servicepack", pay for an upgrade, rinse, repeat.

Contrast that with the high availability for non-experimental products like Netware for file sharing or Exim,Postifix, or Sendmail for mail.

Sounds like the government's Fraud, Waste, and Abuse hotline, 1 (800) 647-8733 is going to be ringing off the hook.

Re:Fraud, waste and abuse hotline 1 (800) 647-8733

[SN74S181]

or Sendmail for mail

*whoop whoop whoop*

I hear an alarm going off...

Re:Fraud, waste and abuse hotline 1 (800) 647-8733

[cscx]

Wow, sounds like your sysadmins were a bunch of know-nothing retards. If you've ever seen a properly run NT network, you'd be amazed.

Re:Fraud, waste and abuse hotline 1 (800) 647-8733

[lhand]

If you've ever seen a properly run NT network, you'd be amazed.

<troll> Yes, I would. </troll>

I suppose the problem is that there are few properly run NT networks.

I'm a DOI contractor ..

[cje]

.. and this whole thing is basically nonsense. As briancnorton said in his post, expect waivers to fly like snowflakes in a blizzard (if they even bother to try to enforce this at all.)

At the installation where I work, we've got dozens of legacy systems running on UNIX boxes as far as the eye can see. Some of these are processor-hungry image processing applications that run on high-end boxes from SGI and Sun. These systems are not going away anytime soon, regardless of what some tech-clueless bureaucrat at the top of the chain would like to think.

I'm posting this from an SGI O2, sitting on my desk next to a PC that dual boots Win2K and Linux. All of the developers in the cube farm outside my office door are doing UNIX development on Linux PCs. In the past couple of years, we have started to shun more expensive solutions in favor of software like Apache, PHP, PostgreSQL/MySQL. There are currently several efforts underway to port existing systems from proprietary UNIX (i.e., IRIX or Solaris) to Linux so that we can leverage inexpensive, commodity hardware platforms and get away from paying exorbitant maintenance fees.

We're moving pretty aggressively towards open standards and free software, and I would guess that this memo will have exactly zilch effect on that.

Re:I'm a DOI contractor ..

What you will find is that if there is a M$ solution regardless of cost or funstionality, you will be required to use that. I have run into this before and logic does not play a role.

Re:I'm a DOI contractor ..

[cje]

What you will find is that if there is a M$ solution regardless of cost or funstionality, you will be required to use that. I have run into this before and logic does not play a role.

Doubtful. The relationship between contractors and many government agencies is changing. We're moving away from old models where government personnel were actively involved in technical aspects of day-to-day work and into a new model called PBC (Performance-Based Contracting.) In that model, the government serves more of an oversight role (in terms of things like budget and schedule) and assumes a more hands-off role when it comes to how the work is actually done.

This is, of course, how it should be.

Re:I'm a DOI contractor ..

As a contractor I do much of the work in selecting new tools but I can't actually buy any equipment or services. It all runs through purchasing. I have tried to buy other equipment but was forced into a M$ solution at the cost of 6 months recoding some custom apps.

Like I said, light loads and low uptime

[alienmole]

Your experiences are based on having low traffic, and running Apache instead of IIS, and still you give examples of the exact problems I was referring to:

It has now been up for 4 and a half months and the last reboot was to install SP2.

Contrast that with the most recently rebooted Linux server I deal with - 300 days uptime, rebooted because of a power failure due to storms, which outlasted backup power.

You say you installed SP2 - what about the post-SP2 hotfixes, or SP3? The countdown to your next reboot has begun... Luckily, you may not have to worry about those as much in your case, because some of the security problems affect IIS, and you're running Apache. So yes, by staying away from Microsoft server products, you do achieve greater uptimes, which is my whole point.

Your 410,000 hits a month is very low traffic. Some of the servers I work with routinely serve that much in a day, and they're not the busiest by any means. But ability to handle load is not really the issue at this point - since about Win2K, Windows has done much better at this (NT4/IIS4 was pretty pathetic at that, also due to memory leaks).

I'm not saying longer uptimes can't possibly be done, but compared to real operating systems, Windows requires more reboots in practice, because of the number of mainly Internet-related security problems it's had over the past few years.

I work with both Windows and Unix machines doing software development and consulting on administration issues, so I have plenty of direct experience with administering Windows boxes. I've worked with WindowsNT/2K/XP since the betas of NT 3.1 in around '91. In my experience, there's just no comparison between the two in terms of security, stability, and ability to run for truly long periods without reboots. If you think otherwise, my guess is it's just because you haven't had much experience with Unix.

Why do they do this?

[FJ]

Is it me, or are CIO's who issue this completely clueless? Has anyone anywhere on any mid to large size company ever "standardized" on a single server platform? There are always sneeky people who slip in a Linux or Apple or some other non-standard platform.

All biases aside, there are some things which just naturaly perform better on different servers. As much as I like Linux, there are some problems that Linux isn't the best solution for. Windows is fine, but there are some thinks it doesn't do well.

Choose a solution based on a problem. Don't choose a solution based on a policy.

Great!

[Herkum01]

new era in government transparancy for the Department of the Interior

Great! Now all Hackers will be able to access their network to see what they are working on. Another great day for open network systems!

Conformance of systems

[dachshund]

There is a strong case to be made for conformance of systems. Using a "standard" tool, even if its not the absolute best for the job, often saves money in the long run, simply by its conformance.

If the gov't had created a policy requiring the department to settle on the most widely used and standardized systems available, that would have acheived the desired end.

As I understand this policy (and I really don't, because all of the links are dead), I'm required to purchase a Microsoft product even if it a) doesn't integrate well with other Microsoft products, b) is completely non-standard, and c) is not the package generally used for that purpose.

One policy is at least vaguely justifiable. The one they've chosen is just a blank check to Microsoft.

A definition of expense

[streak]

Many comments are about the "expense" of these M$ products. However, "expense" doesn't refer to just the cost of buying the software.
It also has to factor in maintenance, compatibility with existing systems, and worker usability.

I bet one of the main problems for the DOI going to *nix is that no one wanted to spend the time and money teaching these govt. employees a *nix, since most likely 95% of them use some form of Windows at home.

I dunno about you, but would you like to have the job of teaching a disgruntled govt. employee *nix?

Re:A definition of expense

I wouldn't want to have to teach a disgruntled govt. employee anything. I learned unix from a
govt. employee who I still respect as one of the
most amazing unix users (not admin) I'll ever meet. A disgruntled employee is all but useless.

I don't believe it costs more to train an enterprise ready windows sysadmin than it does to train a similarly experienced unix admin. I'm not talking about Joe's Bait Shop with four 'servers' in back. I'm talking about honest to god "we've got 1000's of users and 1000's of machines" type admins. Sure, the skills you learn at home may help you at Joe's but they really don't apply in the enterprise. I see this all the time when I get resumes for "Linux Network Administrators". Somebody puts up a couple of linux machines at home, or even at some colo, and think's they are Linus Freakin' Torvalds. Only in an enterprise setting will you get enterprise experience. It costs roughly the same to send a person to a week of solaris training as it does for a week of windows training. I'm going to pay a qualified senior windows admin more or less the same as I pay a senior solaris admin (the deciding factors not being the platform but the productivity and experience). I've heard it said that windows admins are cheaper. That's not true - inexperienced admins are cheaper, and the mcse programs are making sure there are a glut of inexperienced admins out there. How many of those grow up to be good senior admins is yet to be seen - as is the effect on wages. BTW, mcse means nothing w/o experience. BTW2, rhce means nothing w/o experience. BTW3, is it mcse or msce? Oh well.

Re:A definition of expense

I have found *nix to be quite easy to learn, especially if there is little to no prevoius experience. It would be as bad or worse to teach windows to disgruntled govt. employee.

Sad

5 years ago the DOI was almost 100% unix. I guess the point and clickers have taken over.

Now someone might find that $40B

[haapi]

Well, good! Now perhaps some altruistic hackers
can take a peek inside and find the $40 Billion of
Indian land trust money this department has lost.

Up for 40 days???

[nortcele]

Then you aren't properly patched. What is your IP address?.... Just want to check something.

The DOI isn't 100% Microsoft yet...

[philg8]

I don't know about the rest of the DOI, but at my office, we still use Lotus Notes for email. I don't know of any plans to switch to Exchange/Outlook, either.

I do know that our word processing standard has changed from Corel WordPerfect 8 to MS Office, which as much as I hate office, I consider this a definite improvement. Try to collaborate with anyone with WP8, or better yet try to get your WP8 install to play nicely with your bloated OS.

Another thing to consider as well is the overall technical expertise at the DOI. Many of these people (including myself) are not really total computer people by nature. Sure I can install software (I even got Gentoo to run on an old 400MHz PC), but I am lost when it comes to directory services and the like.

I just wish Mozilla was approved as a standard browser (and they can uninstall it from my work machine when they pry my cold, dead hands from my keyboard!)

Cheers,
phil

Spelling!

Transparency. I know you have the ability to now fix this misspelling. Why don't you?

I know that a thing called a spellcheck exists and can be used on a computer. Why don't you use one before you post? The articles are generally one paragraph long. This is not a huge undertaking.

I mean, I know you Slashdot editors are annoyed by people who nitpick about your shoddy grammar and spelling. So why don't you at least spellcheck? Seriously. Is it some sort of ironic pride thing?

"If we check over our spelling and grammar, the language trolls win!"

Who knows what the reason is, but I know people would take you more seriously if these kinds of painfully obvious errors were eliminated.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

h4x0r

[AlgUSF]

I can just see it now, some little script kiddie will buy half of Yosemite Park for $.01.

IRS - Keep that refund!

[nortcele]

All of the developers in the cube farm outside my office door are doing UNIX development on Linux PCs.

I just can't feel bad about paying taxes after reading about that development direction. (I'm sure the good feeling will go away, but for now...). Maybe the IRS can put a checkbox on the 1040 that will allow us to donate $1 to a Unix/Linux party campaign. I'm sure if Bill the Cat were still around, Linux would be part of his platform.

Lower Cost of Ownership, including training

[gmuslera]

I assume that will be zero for the DOJ after they agree that MS is not a monopoly

M$ means BRAIN DEAD.

I don't think anyone in the Microsoft camp knows anything. Period. The whole thing is about not thinking. Not innovating. Not knowing what is possible. Not admitting that other solutions exist. Not being technically competant or having the curiosity to ever achieve any competance.

That being said, it's not enough to just say they are LAME. THEY ARE DANGEROUSLY LAME!

Now you might think this is a rant, but it's nothing compared to the insideious compulsion of "burro-crats" to stick their heads up someones bum, and "play it safe." The burro force is with them!

Think about all these dim-wits who build their own system and load Microsoft Windows on it. It's like building a diving board over a sess pool!

I don't care what anyone knows about M$. I hate it and will never write software for it. No good engineer ever would.

WP

sendmail

[SgtChaireBourne]

Alarm, yes, but it still beats MS-Exchange for security and ease of configuration. ;)

The admin, not the OS

[TFloore]

A good sysadmin, who is familiar with the OS being run, using proper security procedures, and working in a reasonable corporate environment, can keep a system stable and working properly for reasonable periods of time.

A bad sysadmin, who is not familiar with the OS being run, and does not follow proper security procedures, will not have a stable secure system, regardless of the system being run.

This is much more an issue of having good people following proper guidelines. I might accept that some OSes require fewer patches than others. Maybe.

But most of this "my system is better than yours" is coming from people who know one OS and not the other. This is not informed comparisons. This is trying to validate your personal choice by saying any other choice is stupid.

Doesn't matter if you are a Windows admin trying out Linux, or a Linux admin trying out Windows. How much time did you invest in the OS you know now? Spend that long working on the competition, and then you can make an informed comparison.

Re:The admin, not the OS

I spent about 12 hours learning FreeBSD before I decided it kicked windows ass -- this after trying to get windows to work the way I wanted since I migrated from dos 5.0.
Windows is harder to work with period. I know windows, and I know FreeBSD, and somethings worh better on one than the other, but in general FreeBSD has just been a major life saver in terms of headaches. When something goes wrong I know it isn't just because I didn't delete a temporary file between installing driver versions (a problem I ran into with certain ATI graphic drivers). I don't want an OS that assumes I can barely handle clicking a mouse. I want one that doesn't know how much I know and tries it's best to work with what I have.
Although I do know that I could just as easily live with linux and learn how to use it better, I was just pointing out I went from 10 years of working with DOS/Windows to a mere 2 weeks of FreeBSD and I didn't want to go back, ever. I hate everytime I install windows, I hate trying to make things work. I hate the lockups the spontaneous reboots, and yes these still exist in XP, I've had three of three XP systems all experience blue screens once I re-enabled the ability to show a Blue screen. In comparision I haven't seen kernel panics on every FreeBSD system, all were related to issues in Xfree, so simply not running a gui clears up any possiblities on a system that needs 24/7 availability.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Wasting Money

[BitGeek]

Ok, I'm going to ignore the justifications given (as I'm sure everyone here knows they are false.)

Am I the only one here that sees this, especially given microsoft's current licensing practices, as a huge waste of money?

And whose money is being wasted? Taxpayers. If our government is flippantly blowing out cash in even the department of the interior then clearly they are getting too much money. Its time to cut taxes and stop letting the leeches live high on the hog.

MS Windows? Office? My god. What obscene spending!

We must cut taxes until our money is spent responsibly.

What what what!

[hendridm]

> They spent MILLIONS replacing 3000 mail servers with 32 Domino servers

Seems to me their biggest problem isn't switching to 100% Windows, it's running Domino as their mail server (for all your database needs! w00t!). Whoever thought of that brilliant idea should be shot. Then again, IBM seems to have some good salesmen and women. GOD HOW I MISS NOTES' INTUITIVE USER-FREIDNLY INTERFACE.

-- ex-Lotus Admin and Flamebait since 1978

Malt

The cited reasons for making this move are all rather interesting and generally interestingly flawed.

• Lower Total Cost of Ownership for the desktop, including lower user training costs.
  I'm interested in how they determine total cost of ownership, but even so "lower user training costs" is a fun one. Translates to "All our users already know windows, so give it to them ". Seems reasonable, but if this becomes normal in the government, then everyone will need a Windows UI because no users will ever know anything else. Self fulfilling prophecy (profitcy?) anyone?
  I guess they're getting Windows for free too as getting a linux distribution for the entire DOI would have cost (just for the software) essentially nothing. (If they're getting it cheaply enough, one must wonder if the consumer isn't subsidizing the government - including consumers in (say) Peru.)
  Then too, while it would take a bit of training, I expect I could, with only a few (however radical) changes change the total cost of using most of their tools down by probably 80%. The learning curve would be steep and the users would scream their heads off. In the long runthough, I believe they'd save enough that it would far overcome the training costs.
  I don't know to what extent windows boxes can be set up as remote GUI servers (such as Xterms) but I'd bet that with the number of seats they need, that a good deal could be found for minimal UI boxes and with an openMosix like system behind them. I suspect this would lower the total cost of hardware by 50% or more since most of the time most of the computers on someone's desk are running screensavers while the user is drinking coffee or on the phone.
• Centralized and efficient security policy administration
  Unix has allowed this for years. Long before microsoft even invented networking.
• Greater flexibility and management functionality from products that offer a broader range of management solutions that integrate with non-Microsoft environments
  This is a wonderfully fun one - since Microsoft has said from time to time that it is their policy to not "integrate" with any system they don't approve of - especially open source systems.
• Greater productivity and reliability attributed to less downtime.
  It does seem to be true that windows 2000 is doing well for staying up for long periods of time - but I've had linux boxes that (several years back) stayed up for a year or so without problems. This at a time when one person I knew -- a true Windows NT fanatic -- reinstalled everything every two weeks because he claimed the system wasn't stable if he didn't do that.
• Extended support for a large base of software applications. Applications almost entirely written by Microsoft?

I can't find this on the DOI site but I do note that the front page (on mozilla) has the search entry/button going right across the eyes of the presidents on Mt Rushmore.

Do they also have a policy of writing their web pages for only IE? (Assuming it works on IE) (I don't remember which, but at least one other US government web site only works right with IE and the webmaster told me that they were "considering" using the standards, but that it would be a lot of work and I should not expect it quickly.)

obmisquote "Malt does more than anyone can To justify the government's ways to Man"

Huh?

[PotatoMan]

The meaning of 'transparancy' is completely opaque to me. Your 'parants' should be ashamed.

40 NT's vs. 1 SUN?

yup, i would let you have 40 NT servers, and i'd only need one sun (at say, 1/2 the cost of the 40NT boxen- not to mention the 1/10 cost of maintainence) and i'd blow you out of the water. give me one os x box for the ldap acl's, and you can have 80 nT boxen. and lets talk security- ONE patch vs. ONE FOR EVERY SERVER RUNNING A SERVICE. lets talk remote reboots (not really necessary on a sun, but available nonetheless, for that one time every few years you NEEd to reboot.) lets talk uptime- no lets not i dont even feel like wasting my breath on a company that claims 'scheduled downtimes do not count towards 5-9's, because it is scheduled.' we could go on and on, but you already know all there is to know- the microsoft marketing reps told you! i would call you a moron, but i think you a 'less-on'.

Had to spend all that Indian money

[egg+troll]

Apparently Gale Norton decided she'd better spend all the money the DoI has kept from Native American tribes. Ah, free software: damned if you're free, damned if you're not....

Re:Had to spend all that Indian money

Please mod the parent up. The on-going theft of billions from Native Americans by the Department of Interior needs to be highlighted whenever possible. Oh how we have screwed those people over and just keep doing it and doing it..

40 Days uptime...Wow!

[Brendan+Byrd]

Seriously, what's up with people who are amazed at uptimes over a month? I've only seen the Windows side of things do that, as my Linux box has been up for over six months. I've seen boxes up for as much as a year, and it was only down to upgrade the kernel.

Re:40 Days uptime...Wow!

[Sycraft-fu]

It never ceases to amaze me how people on /. can so totally miss the point. I am not amazed about 40 days uptime, it's nothing remarkable, just a point that indeed Windows boxes can adn so stay up more than a couple days just fine.

My other real point was that uptime is just NOT RELIVANT when discussing system stability. the real issue is of the time a system is down, how much is scheduled and howmuch is unscheduled. Hell, the BSD box where I have some of my web stuff has only been up for 19 days currently. Does this mean that BSD is less stable than Windows? No, they took it down for matenece 19 days ago, it was planned and announced. I don't measure the quality of their service based on them trying to have huge uptime numbers (something I have never understood the obession with), I measure it based on their ability to keep their servers up except for when they specifically announce, and plan for, downtime.

I fail to understand this hard-on that some people get form huge uptime numbers. So what? I have routers with years of uptime, it doesn't mean anything. The question is, is your service available when it is supposed to be?

Any color, so long as it's black...

"You can paint it any color, so long as it's black." - Henry Ford

EXACTLY

Re:era of transparancy

Oh, I see: this is an LCD sit-com kind of show:

Someone tells a joke: no laughs.
Someone else explains the joke: Loud Canned Bwahahahaha and modded +3

I thought Slashdot was meant to be at the level of "Sienfeld" rather than "Married..." but I guess the Editors' dumbing-down is starting to take effect.

Another point: Everyone else knows that a story hosted on geocities will not be viewable by first-post time, *so why do the Editors keep putting them up* ?

The Ultimate NT Lie

[Loundry]

It's about competent administration.

Your story is yet another of the scores of examples which contradict the long-touted "feature" of (NT|2k|XP) that it is "easy to administer." If it was truly easy to administer, then the administration would not need to be done by competent administration; i.e., anyone should be able to do it.

I maintain that (NT|2k|XP) is equally difficult to administer as *nix and has always been. One may be better than the other for certain tasks, but effective administration for both has been and still is difficult and requires highly skilled professionals to do it right.

I think that my biggest problems with NT systems was the outright deceit which pervaded the marketing surrounding said systems. (See also: "NT Workstation and NT Server are completely different operating systems. Really. I mean it. Pay no attention to the identical kernels.")

Re:The Ultimate NT Lie

[bmajik]

The differentiation that started in NT4 between Workstation and Server SKUs continued with W2k and continues with XP and the XP-based server SKUs.

While the binaries may be the same, the run time operation is not. several scheduler and worker threads defaults are sku-specific.

In the XP server timeframe, the server will be a differentiated enough offering that the average warez kid that always runs whatever the "most expensive sku" pirated copy of windows is, will NOT want to run it on their home machine. It simply wont be any fun for them to use as a desktop machine (unless they just want to look at logs and perf counters from their server-class apps)

You're right though. It's currently too difficult to be a good NT administrator. That is an ongoing goal for MS - to lower the bar to proper administration for being an NT admin.

The reality of the situation is this. IT is a cost center. Lowering that cost by making the software "run it self" or easier to manage when intervention is required is the entire goal of MS. Paying any sum of money for a windows server license is a paltry sum compared to paying $40k for a junior unix admin to run a free OS. If windows could self administer, ask yourself how many windows boxes you could afford with what you're paying for that one junior admin ?

Slashdot is perhaps a skewed market segment, but ask yourself - of all the businesses that use computers, and have an IT department, is that businesses primary focus IT, or something else ?
Should my insurance company be spending money supporing their email system, or should they be lowering my premiums because they can afford to do so and still cover their costs and be profitable ?

Naturally, the IT and system administrator "guilds" abhor the idea that they'll be replaced by a click-through Wizard at some point in the future.

The Guilds have got it coming. Evolve or drown. That's how it works in the job market, and the tech sector is not ${DEITY}'s chosen profession - the .com crash showed us all that.

As a former FWS employee...

[krinsh]

they already were 98% MS, 2% Novell. They had a big requirement that you needed to be Novell certified to support their MS systems. On the other hand; you also couldn't get a government job doing actual support work; you had to be a contractor. Only management got the cushy government tech jobs - at least as far as the department-level was concerned. Not all sure about the Secretary (as in Cabinet Secretary) level positions.

More flamebait

[boredagain]

What is actually printed on the /. article and what the actual memo says are 2 completely different things. Have any of you actually seen the memo???? It does not "lock" anyone into anything. If sun provides the best solution with an oracle backend for a DB, guess what, they will procure that. All this does is provide DOI with a standard "desktop" and the appropriate licensing. I have seen the actual memo (note: work for gov't within DOI). 60% of DOI is already MS, all this does is force the issue. It removes Novell from contention more then anything else. Blah blah blah

North Carolina Tech

IBM has branches in Cary, Chapel Hill, Charlotte, Durham, Goldsboro, Greensboro, Hickory, Mcleansville, Morrisville, Raleigh, Research Triangle, Research Triangle Park, and Winston-Salem. Apple has offices in Raleigh, Greensboro, and a few other North Carolina cities. Oracle has offices in Raleigh and Charlotte. But Sun doesn't seem to have offices anywhere near North Carolina.

By the way, Microsoft also has offices in Charlotte and Raleigh.

Keep 'em safe by using them standalone

[seppy]

Isn't this the same department, that is court ordered not to connect to the internet, because hackers have immediate access to billions in Native American funds held in trust.

The most recent order included the judge indicating he's never seen more gross negligence in fixing the problems the've been ordered to fix...

In that light, this is downright hilarious...

You're missing the point.

[danaris]

I happen to agree with you; I have yet to see a Linux distro that will really work sensibly right out of the box (though I admit I haven't been looking too hard). However, the issue at hand here isn't purely "Linux vs M$", though many people on both sides are trying to make it so. The real issue is that the DoI has removed the choice to use Linux--or a Mac, if they want to use a Mac (I'm using one, and I love it), or whatever other OS they want. I fully understand the support issues involved in dealing with multiple OSes; I've worked closely with people who have to deal with that. However, it is my firm belief that it is better to allow people to use what fits their needs best than to lock everyone into one thing just because it's M$--or, for that matter, Linux, or anything else.
Of course, what really hinders this is the interoperability issue, and that is at the heart of why M$ is such a bad choice--and why they make themselves appear to be such a good one. They make their software all integrate very well, and accept any format from other software, thus making it easy to switch to Microsoft--but only the plain text format is any good at exporting to other software, making it very painful and difficult to switch to anything else once you're locked in. And then, of course, they can do whatever they want, since it is at least apparently more expensive to switch to anything else than to stick to Microsoft's "solutions."
The real problem comes when, someday, the government decides that Microsoft is, in fact, an illegal monopoly (oh, wait...they already did), and to actually really do something about it, like mandate government boycotts of their software, and maybe make them play nice with other companies, and maybe even the *gasp* public. At that point, they will find that it takes vast resources to convert all their old Microsoft-format documents into formats that other software can reasonably read (and I'm not just talking Word, here; what about databases and spreadsheets and such?).

Thus, the issue is really one of choice, and of having to worry about the future, when no software that exists will be able to read a Word or Access document created today--but documents with open formats will be easy to read. However, someday, Linux will be ready for the desktop, and then it wouldn't be terribly unreasonable to mandate, if not an all-Linux department, then at least an all-open department (with the choice of any open OS).

Dan Aris

Offtopic corrections

[ywl]

[Ironically, when the DOI web site was heavily attacked by the Chinese after we accidentally blew up their embassy in *Bosnia* ]

It was not Bosnia. It was Yugoslavia. You can't remember that where it was. Do you also forget that three people were killed?

Email and Contact Information for DOI

[VolunteerForScience]

You can find DOI email addresses by looking them up in the online directory at http://momentum.doi.gov/email/doi.cfm/doi.cfm

However to help all of you out here are some relevant email addresses:

• P.Lynn Scarlett
  Assistant Secretary for Policy, Management, and Budget
  Lynn_Scarlett@ios.doi.gov
  202 208-4203
• W. Hord Tipton
  Chief Information Officer, Acting
  Hord_Tipton@ios.doi.gov
  202 208-6194
• Sue Rachlin
  Deputy Chief Information Officer
  Sue_Rachlin@ios.doi.gov
  202 208-6194
  

Hope that this helps everyone that is interested.
(Sorry about the double posting... I'm new at posting things on slashdot)

DOI IT - IDIOT

[starling]

'Nuff said.

DOI, Please wait while we reboot to patch..

[TheCeltic]

I have a friend that works for a Govt. agency, he is always bragging about how stable his windows servers are and how he has "major uptime". I asked him.. "So, are you not patching them? Or just not rebooting to have the patches applied properly?".

Comment removed

[account_deleted]

Comment removed based on user account deletion

MS KB on kernel memory limitations

[alienmole]

I mentioned kernel memory problems with Win2K. For anyone interested, here's a Microsoft KB which relates to this issue: "Windows Reports Out of Resources Error When Memory Is Available "

What the KB doesn't say is that you can trigger this out-of-resources situation in a long-running session, just by running and exiting many applications over time, with IE being particularly guilty. Once you hit the limit, even quitting everything and yes, killing the desktop-controlling Windows Explorer process doesn't completely resolve the problem - it returns much quicker, once a few applications have been loaded. Because of this, there's a limit to how long a Win2K workstation can remain running before needing a reboot.

Since many people turn their machines off daily, it isn't a problem for them in practice. Others have experienced this without knowing the cause - since it usually silently prevents new applications from being loaded, or may prevent e.g. menus from being selected or dropped down, people simply shrug and reboot.

The KB claims that this essentially arises as a consequence of 32-bit addressing, but you can run the same test side by side on a 32-bit Linux box without a problem.

DOI forced standards

When I worked for DOI in the late 80's and early 90's, they tried to force everyone to only use "standard" software. Wordperfect, DOS, (no Windows or any GUI). When I pointed out, on a DOI mailing list, that the software then "required" for submitting travel vouchers was bloated, cost a fortune, was so poorly designed that it was crashing PC's, AND that there was a much more efficient program available at a fraction of the cost, I was severly chastized that I was NOT AUTHORIZED to inform other government employees that there was a better alternative that would be more efficient and would save the government money!!! The managers "responsible" for making decisions about software acquisitions nearly had a cow that someone not of their ilk and "authority" would have the audacity of providing such information to others. The competing software vendor felt that a decision had been made to only authorize the use of software from a vendor who had a political inside track.

HHS used other formats (was Re:All-Microsoft?)

As a former employee of the Dept. of Health and Human Services (HHS) our MS tools (Word) were set to default save to Word Perfect format so others could still read them.

CIOs are Pollitical Appointments

[lemkebeth]

So, you guys know.

CIOs in the Federal government tend to be political appointments with absolutely no background in IT at all (with a few exceptions)

So, this should be no surprise.

In other words most Fed CIOs are not qualified for the job they are in.

Comment removed

[account_deleted]

Comment removed based on user account deletion

fools

[geckosan]

Funny how America is doing such things, while the rest of political world go to some brand of open source.

Memo was a typo

What they meant to say was they were going Mandrake not Microsoft. Then all the reasons listed apply!

Microsoft is no standard at all

[ebyrob]

Not even defacto. Things might be reasonable when it comes to SQL server, but have you ever tried supporting version 5-6 of IE or versions 97/2000/XP of office all for one website or set of documents? The hot fixes and bug patches alone can throw everything you've got into chaos, even when everyone's on the same revision!

Now that is comedy.

[SimpleSphere]

Images for Slashdot posted on GEOCITIES. Funny guy...

The real funny part

[schroet]

The real funny part is that the entire staff of the OCIO (Office of the Chief Intelligence Officer) has already been exempted from the M$ requirement so they can keep running the various unixes their network support folks won't give up. It's basically the same way in the very large government agency I work for also. The inside joke is that the DOJ gave us to M$ as a part of the settlement.

Apache has it's share of exploits

[ebyrob]

Give me a break. You go count the number of "root" exploits in Apache, then you go count the number of exploits in IIS that allow "arbitrary code execution". (Especially the number of days versions with such exploits remained current after disclosure)

When you're done come back and try to say that again with a strait face!

Not putting Apache on an LDAP server is simply a good practice that is easy and "default" so it's generally done that way. IIS on the other hand comes default installed and fully exploitable on MS server OS. Why should I have to be un-installing/disabling ISS on every new server install (or sometimes system update)??!!

Re:Apache has it's share of exploits

[duffbeer703]

Why are you manually installing Windows 2000 Server?

Don't you have a sysprep image of a default server base for your site?

Who has 1-2 hours to spare fiddling with server installs?

Re:Apache has it's share of exploits

[ebyrob]

Being a programmer rather than a sys admin I don't install a new system more than about one or two times a month, and that's at busy times. Also, the systems I do install are often on very different hardware, especially when provided by the customer.

Guess I could give sysprep a try, but I'm not sure how it'll handle the variances in hardware.

Course I'm not sure how sysprep is going to help when installing SP3 on existing machines and IIS (and who knows what else) gets re-enabled...

Gross Distortion of the Public record

[Badanov]

The Indian Trust fiasco dates back to the turn of the century but the recent court action those quotes came from was from a lawsuit against the previous Interior Department run by Clinton. Please get your facts straight...

Re:Gross Distortion of the Public record

[Alsee]

The Indian Trust fiasco dates back to the turn of the century but the recent court action those quotes came from was from a lawsuit against the previous Interior Department run by Clinton. Please get your facts straight...

My post intened to give a quick general idea of the situation. I didn't think an 18 page post running back to 1887 was appropriate.

Most of thoses quotes WERE from stories about the lawsuit against the current Interior Department under Bush. Many of my snippets happened to come from parts where they discussed the relevant recent history demonstrating it as big, on-going problem. My appologies if too many of my quotes refferenced the Clinton era. Perhaps these quotes will help, all restricted to the Interior Department run by Bush:

"After seven months of deliberations, a federal judge this week finally delivered his decision on the Bush administration's trust fund contempt trial.
It was a big one.
U.S. District Judge Royce Lamberth held Secretary of Interior Gale Norton and Indian affairs aide Neal McCaleb in civil contempt for providing misleading information about efforts to fix the broken Indian trust. A 267-page ruling blasted the pair for committing a fraud on the court for actions that occurred under their watch and that of their predecessors. The decision found misconduct on behalf of attorneys handling the case too."

Bush officials made "fraudulent" claims of progress, the ruling noted

In a scathing decision largely directed at the controversial Bush appointee, U.S. District Judge Royce Lamberth recited a laundry list of behaviors that bordered on misconduct. Griles omitted key facts, stretched the truth and violated legal ethics principles by going public with the Bush administration's disdain for court oversight, the 18-page ruling stated.

there's no indication that the Bush administration is backing down. "The government is going to fight this no matter what, even if it's morally, legally or ethically in the wrong,"

Better?

-

Re:Gross Distortion of the Public record

Better?

Not quite.

The problems with DOI were ongoing. Norton was lambasted by a frustrated ass of a judge, who noted that "progress" was not accurate. But the VAST majority of the problems were with prior administrations, starting with that piece of garbage Bruce Rabbit, and working backwards.

DOI's behavior under Bruce Rabbit, and previous administrators has been atrocious. One example is of one guy in his 80's or 90's who held mining rights for gypsum if memory serves correct, for over 50 years, and was prevented for over 50 years of exercising those mining rights, or being compensated for same. Repeated court decisions ordering DOI to allow for those rights to be exercised for dozens of years were ignored by DOI. Only when a federal judge ruled that the administrators, and lawyers/officials for DOI could be held PERSONALLY liable for failure to comply, did anything move forward.

Basically, DOI tried running the clock for over 50 years on one man. As they've tried running the clock on Indian claims. Blaming Norton for the Indian issue is the same as accepting Clinton's definition of "is".

Re:Gross Distortion of the Public record

[Alsee]

The problems with DOI were ongoing.

Yes, ongoing for around 115 years, but the topic was the current situation.

Norton was lambasted by a frustrated ass of a judge

Calling the judge a "frustrated ass" without any statements to support it is not +1 informative, +1 insightful, or +1 interesting. It is -1 flamebait or -1 troll, though if you're lucky a 12 year old moderator might give you +1 funny.

The judge's ruling clearly places Norton's and the other official's current behavior in the wrong, and every story I've come across has apparently agreed with the judge. Inheriting a bad situation does not excuse current misconduct.

-

Better patch those servers, boys

[Badanov]

With all the MS products coming on line the amount of Code Red probes are about to go through the roof. Maybe you could consider the DOI's decision as the first Unix/Linux SysAdmins Full Employment act.. in about six months with all the downtime and fried servers and work stations.

yes, I can explain that.

[Erris]

why is it such a terrible thing if a government office standardize on some license requirements (e.g. only buy free software) allowing any vendor to compete, but not a problem when a government office standardize on a single vendor, and accept whatever license that vendor provides?

That is the scandal, the sole source requirement. There's only one company that makes M$ OS, and it's proven inferior. So, my government is spending my money to purchase inferior software without bids. There are many providers of free software and the lowest bidder mandate that government is supposed to live by would always pick one of them.

Single vendor bids ordinarilly are seen as a sign of fraud. Here, it looks like incompetence.

pfS. ?

[solferino]

post facto scriptum ?

i like it

Greater interoperability?!?!?

[samdu]

"# Greater flexibility and management functionality from products that offer a broader range of management solutions that integrate with non-Microsoft environments"

Um, wouldn't using the non-Microsoft environments foster greater flexibility and functionality with the non-M$ environment?!?!?

EULA

[samdu]

Does this mean that the DOI will be subject to the same EULAs that Joe Consumer is re M$ software. To wit, can M$ now alter DOI computer systems at whim?

You keep missing the point

[TheConfusedOne]

The issue isn't whether maintaining a nice homogenous system is easier. Of course it is.

The issue is that you can never get to that homogenous system. Tell me how long you think it would take to upgrade 50,000 machines so that they're all running 2K or XP? Additionally, you have to upgrade all of the servers as well.

Throw in migrating the domain and user structure (if you have that) to Active Directory. Also, any applications currently running on non-MS platforms that won't get a waiver...

If you're starting from square one then standardizing on one OS might be useful. As for a retrofit of a country-wide organization? It'll never happen.

Re:You keep missing the point

[TheConfusedOne]

And its not that hard. I can install 50,000 Win2k machines in about 10% more time than I can install 10

Bull! Unless you take a REAL long time to install 10 machines. Just getting those other 49,990 machines out of boxes and set up on peoples' desks takes a huge amount of time. Not to mention ordering them in the first place, receiving them, inventorying them...

How about those servers? Migrating the user's data from the old box to the new one?

Re:You keep missing the point

[TheConfusedOne]

Yeah! You now have 50,000 machines (assuming you have approximately 50,000 network connections and appropriate electrical supply) configured and ready to go.

So the whole reboxing them, shipping them, getting them unboxed, and users migrated to them is merely a "worker drones" task to you?

Well guess what, those tasks take time. Significant amounts of time. That's the problem. You need to get all of the resources together to buy, receive, configure, ship, AND deploy those boxes before you'll get ANY benefits from "conformance".

That was my whole point. The time involved to get to that point is too prohibitive for a going concern. By mindlessly standardizing on one OS and claiming the benefits of "conformance" they're making a justification that just won't pan out in the real world.

In other words, the claimed benefit will not materialize and they will have accepted the cost anyway.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Then I guess you'd better whip up the DoI a quote.

[TheConfusedOne]

Here's some information from the DoI site concerning physical resources/inventory: http://www.doiu.nbc.gov/orientation/physical.cfm

Give that a good read over. Then tell me how you would go about creating a "conformance system" for a group that widely varied.

Interesting points to know:
1) The DoI includes the US Geological Survey. They'll be a fun group to migrate. (The U.S. Geological Survey rents 4.4 million square feet of space in about 220 GSA buildings nationwide; owns 35 installations with Power plant in Big Thompson Canyon, part of the Colorado Big Thompson Project.1.2 million square feet of space in 287 buildings. In addition, the USGS maintains and operates an earthquake monitoring network comprising a global seismographic network of 120 stations located worldwide and national and regional networks located throughout states and territories, 14 geomagnetic observatories, one landslide network, one volcano hazards network to monitor 44 U.S. volcanoes, 17 science centers and associated field stations, a center for biological informatics, and 7,000 streamgauges.)
2) The Bureau of Reclamation administers or operates 348 reservoirs, 58 hydroelectric power plants, and more than 308 recreation sites. Don't forget all those control and monitoring systems at the reservoirs.

So, where's the cost savings in this project?

so much for homeland security!

[pair-a-noyd]

With winBLOWS in place we are only a few minutes
away from total K.A.O.S.

Even the dumb ass Al Queda terrorists can hack this trash..

>:(

Exchange comes next

Next up? Big Departmental CIO meeting on Oct 17 to discuss migrating from Lotus Notes (50,000 users out of the 58,000 in the department currently) to MS Exchange? One fantasy is that they will be able to do server consolidation down to a dozen or so servers. How? Good question! There ain't enough bandwidth and you can't build an exchange server big enough to handle thousands of users reliably. Nevermind the fact that most bureaus have all kinds of Lotus applications, Sametime (IM), Quickplace (e-teamrooms), LDAP directory services, backend MS or Oracle. Someone in the legislative branch should make an inquiry or two.

Last Post!

[alpg]

THE LESSER-KNOWN PROGRAMMING LANGUAGES #14 -- VALGOL

VALGOL is enjoying a dramatic surge of popularity across the
industry. VALGOL commands include REALLY, LIKE, WELL, and Y*KNOW.
Variables are assigned with the =LIKE and =TOTALLY operators. Other
operators include the "California booleans", AX and NOWAY. Loops are
accomplished with the FOR SURE construct. A simple example:

LIKE, Y*KNOW(I MEAN)START
IF PIZZA =LIKE BITCHEN AND
GUY =LIKE TUBULAR AND
VALLEY GIRL =LIKE GRODY**MAX(FERSURE)**2
THEN
FOR I =LIKE 1 TO OH*MAYBE 100
DO*WAH - (DITTY**2); BARF(I)=TOTALLY GROSS(OUT)
SURE
LIKE, BAG THIS PROGRAM; REALLY; LIKE TOTALLY(Y*KNOW); IM*SURE
GOTO THE MALL

VALGOL is also characterized by its unfriendly error messages. For
example, when the user makes a syntax error, the interpreter displays the
message GAG ME WITH A SPOON! A successful compile may be termed MAXIMALLY
AWESOME!

- this post brought to you by the Automated Last Post Generator...