Slashdot Mirror
Linux the Tortoise to Microsoft's Hare?
LukePieStalker writes "TheStreet.com is running a story by Ronna Abramson that makes a case for Linux cutting into Microsoft's server business and forcing Redmond to trim margins. A particular vulnerability is seen in overseas markets, but the heat should be turned up everywhere once Unix replacements are pretty far along by then end of next year. A quote from one CTO: [Linux is] "going to force Microsoft to spend more time on security and stability, and less time on adding new features.""
"Slow and steady wins the race"?
Sheesh. Don't people read Aesop any more?
Dlugar
Computer Go: Writing Software to Play the Ancient Game of Go
This is a good start
Haryana(State in India) signs pact with Sun Microsystems
The Haryana government has signed a memorandum of understanding (MoU) with Sun Microsystems to adopt open source office productivity tool, the StarOffice 7, for departments and educational institutions.
Linux may carve out bigger niche in desktop PC market
On Feb. 4, it announced the sale of 10,000 copies of its StarOffice desktop suite to United India Insurance, one of India's largest insurers. StarOffice can run on Windows or Linux desktop PCs. Sun aims next to persuade United India to replace 10,000 Windows PCs with Linux-based Java Desktop PCs.
The funny thing is, it really annoyed me. Not the being asked part, the being asked three times thing. But then I reminded myself that the alternative is insecurity.
So whereas Linux, et al, has focused on security, Microsoft focused on adding new features. MS is now in the dominant position (always was, really) and now will drag the consumer into security. Linux meanwhile wrestles with TCO, which is a result of Windows dominance, again due to lack of security.
Schnapple
I've always been a Microsoft guy, but last year when I had to standardize on a single OS for our applications, I went with Linux. Not because it was better, but because it was free. It is that kind of decision made over and over again that is hurting Microsoft.
I think everyone confused about the title should go read the following fable: The The Tortoise and the Hare.
Tsunami -- You can't bring a good wave down!
I thought this paragraph was most telling, the 1st one on the last page:
Taylor also said the company is countering Linux's unbeatable price tag by commissioning studies that show the total cost of ownership over the life of the software is higher with Linux than Windows.
Taylor is Martin Taylor, Microsoft's general manager of platform strategy.
Basically, they are admitting to paying for studies that show the results they want.
I'd love a direct quotation of his answer -- it'd be a great rebuttal when MS publishes another "Windows costs less" study.
You're kidding right? There are people putting Linux on their desktops that would never have even known about it three years ago. While it's true that there isn't a Linux steamroller crushing Microsoft in front of your face, it's a lot more out in the open now, which by itself is a huge success.
I don't remember seeing any ads for Linux 3 superbowls ago.
http://www.rustyrazorblade.com
This is a common misconception. Linux is more secure than Windows because it's a lot easier to micromanage your system. But it also places a lot more of the responsibility for security on the administrator's head, which means if you have a Linux admin who doesn't know how to properly secure a box *and maintain that security*, it'll probably be more insecure than a Windows machine. Most hacks for Windows aren't widely exploited until after a patch is released anyway, whereas on Linux it's often in reverse (though the patches are usually available within hours.) Linux just better allows you to micromanage things than Windows, which can either be a good or a bad thing depending on the skill of the admin.
There's a chart at the bottom of the article that shows Market share and sales....
I don't know how accurate it is, but if you look at the asterisk note, you'll see they say the statistics are based on sales for those years.
Can you really count sales when talking about Linux? What about all the people who download the software for free and implement it? I'm sure SuSE and Red Hat didn't count how many ISO downloads they had each year. Granted, most enterprises pay for their Linux distributions, but the fact of the matter is that many smaller organizations might not. And that's the market that's going to be most critical for Linux and Microsoft. That's where the growth is and that's where the trench fight will occur. You can't count $$ sales when talking about Linux. That's the hardest part for Microsoft to deal with. It can't actually measure the extent to which Linux has spread at this point, or at any point for that matter.
Do they even sell servors?
No, but they do sell servers!
Clearly you have never run a larger scale software project. I would love LOVE MS to do that. Why? Because that project would be one enormous sink hole of MS resources and focus. You cannot throw 20,000 engineers at something and have it work. Read the Mythical Man Month for a great example of how throwing more resources at a project can cause it to run off track. . Keep in mind that would represent roughly 1/3 of MS's workforce. MS already has a server OS, it's called Windows XP. MS wants to have a single OS so that they don't have to support the multiple OSes they do now.
Thalasar
Oh, you're referring to the article that basically excluded data that referred to Windows breaches?
Yeah--the one that excluded user-run executables, as it should have.
I'm afraid you're missing the point of the folks who are complaining that the study is biased.
On Windows, it is possible to write a user-run, user-mode executable that can function effectively as a rootkit; hide its own processes and files, open network connections to send itself to other targets, access your mail, address book and documents, and even run its own SMTP server.
On Linux, because of the large number of different kernel configurations and application distributions (distros) that people run, this kind of exploit must be tailored to each specific target. So Linux systems, by the very nature of their diversity, are not vulnerable to this kind of exploit.
That is why excluding user-run executables biases the study in favor of Microsoft products. Because it excludes a whole class of non-tailored viruses and trojans where Linux systems have significantly less vulnerability than Windows systems.
For what it's worth, removing the username:password parsing from URL's, brings Windows in line with published RFC standards. It was never intended to be used as an authentication mechanism for HTTP URL's.
Section 3.3 of RFC 1738, which defines the format of HTTP URL's, explicitly states, "No user name or password is allowed."
Let me repeat that, in capital letters with bold, so that it is crystal-clear:
THE STANDARD STATES THAT NO USER NAME OR PASSWORD IS ALLOWED IN HTTP URL'S.
This what the standard says, and Microsoft is now adhering to it, at the cost of breaking sites that didn't follow the standard. Microsoft *fixed* Windows by removing this ability from HTTP URL's. Note that FTP URL's still support this feature.
Why was this modded up? Just mindless MS bashing with no facts to back it up.
.net (which is pretty much Microsoft's take on Java/JSP/Servlets). I've been using .net since the beta days and I can guarantee you, while I haven't been using MS stuff as long as you, it DOES provide half of what they claim it can do for Web Applications; it does MORE than enough and then some.
.net is a step in the right direction. While c# isn't as good as traditional c++, it's sure as hell way more powerful than VB, *almost* as powerful as c++, and way easier to program in. The downside.. not cross platform, but when you design applications for MICROSOFT solutions, it's excellent.
Look, I dislike Microsoft as much as the next person, but the argument you used with SOAP is just way off. I'm not even sure what you're trying to say. SOAP is as insecure as the developer allows it to be. It wasn't DESIGNED to bypass firewalls. It was designed to provide a standard format in remote computing. It's no more insecure as requesting an XML feed or a web page. If you want it secure, then pass along a user & password to validate each function via SSL.
I know it's popular opinion to bash MS, but if you're ASP/PHP designer, then you know the benefits of
Like it or not,
Now, if I were to design a Linux-based solution, that's a different story.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
Nice try but that doesn't work unless you change ownership too.
you know, i was almost ready to agree with the previous poster that the linux penguin mascot was an obstacle to linux being taken seriously. working in a stiff corporate environment myself, i can understand the poster's point.
but your post, reminded me of the Munich's linux migration project; how they would give out stuff penguins and stuff to encourage users to migrate.
oh, i found the article:
http://news.com.com/2100-7344-5157571.html
it's true that the people up top would probably be more receptive to something serious, but in the end, it's the people who implement and use it that will need to be won over. and perhaps something cute like a penguin would be more appealing to the end users.
THE STANDARD STATES THAT NO USER NAME OR PASSWORD IS ALLOWED IN HTTP URL'S.
Ooh look, he's shouting, he MUST be informative. Seriously, I'm trying to hold back the flames here, because I wholeheartedly think you deserve them as a representative sample of "loud, smug, abrasive and uninformed" that seems to dominate every time discussion of standards comes up. Oh, I guess I did flame, my bad.
RFC1738 is obsolete. In fact, it's obsolete by at least a couple revisions. Read RFC2616, then come back.
I've finally had it: until slashdot gets article moderation, I am not coming back.
you're comparing MS OS's to a multi-platform http server you moron.
Oh, and what about the millions of other servers in the world that aren't on the internet and don't run web servers that are Windows?
People were writing these stories 3 years ago. Nothing has changed.
Three years ago, nobody serious even tried to measure sales of linux systems. Last quarter, IDC reported that linux server sales were almost $1B, that's right 1 BILLION US DOLLARS worth of server computers were shipped with Linux instead of a proprietary unix or a microsoft product.
I'd say that enabling 4 billion dollars worth of computer hardware per annum is a huge change from three years ago. Wouldn't you?
Not true at all.
Every CS major in college knows what Linux is now by the end of his/her sophmore year. My dad has heard of Linux and is enthusiastic about it, and this is a guy who thinks you can get a virus from an email just sitting in your inbox. How many Linux ads did you see in the economist 3 years ago? Now they're in every issue. All of America saw Linux during the superbowl ads, even if most of them have no idea what it's about, it's a hell of a lot better off than OS/2 or any other Windows competitor you can name, and still growing.
The major flaw in this article is failure to acknowlege that the Linux revolution is in full swing RIGHT NOW!
If I said "what product brand is Penguin" to almost anyone in the UK, they would say "a chocolate biscuit" (they used to have a massive ad campaign with the slogan "P-P-Pick up a Penguin"). I think very few people would name the book publisher, if only because Penguin Books don't advertise nearly as much as McVities/United Biscuits do.
You don't look like you are a Microsoft sysadmin, or you would know
* to use MSDN and Technet for documentation, with microsoft.* newsgroups on groups.google.com for the hard stuff,
* to use SUS for patching,
* to use NTBackup for backups,
* that no MS application requires you to have administrative rights to use it,
* to use Task manager to kill hung tasks. Yes, including explorer.exe. It's a bit like kill in Linux/unix. Give it a try.
Evidently since you need to have multiple users using consoles simultaneously (note, not processes running as different users, or users accessing the server under their own credentials) you have very specific needs, and I expect you are probably running a VAX with VT100 terminals.
And no, the tight coupling between the browser and the OS has very little to do with most security holes. They are just holes, with local code execution, and would be just as bad if the browser was not so integrated.
NO ID: BEING FREE MEANS NOT HAVING TO PROVE IT
McAffee runs at high priority. Applications running at high priority are *supposed* to hog the CPU. How else can you ensure that critical applications can always run? McAffee needs to run at High to ensure it scans the files as soon as possible. There is nothing immature about this. I suspect you just don't have an on-access scanner on your Linux boxes, or you would discover that the problem is that on-access scanners are really invasive and CPU intensive, and is not to do with Windows.
If you want your builds in the background, drop the priority of DevStudio. Look for "start" in the help for how to do this when it runs, or use Task Manager to reduce it to BELOW_NORMAL.
"Because most of the applications we deal with have a GUI for configuration, we either need to do the equivilent of setting a DISPLAY variable or a remote desktop "
Since it is a server application, you could just separate out the configuration application from the server application. Like I do. Like MS does (Ever noticed how all the tools have a "Connect to Computer..." option?). Like everybody who knows what they are doing does. Invisible service with separate configuration application is The Microsoft Way. This is very easy to do.
Here are some strategies:
* If it's a DB application, you can just have your application connect to the DB remotely, and edit the configuration there.
* If the config is in files, any user with admin priveleges can access the files through the default shares \\$, which have access to local admin only. If you want other users to be able to administer the application, you can create a share for this purpose. ACLs can be used to secure the files and the share itself.
* If configuration is in the registry, you can use the registry functions to access the remote registry. The user will be accessing the registry with their own credentials, so the Registry ACLs will only give them the same access they would have when logged on locally.
* If you have a combination of the above configuration, use a combination of the strategies.
* And of course you can use RPC or DCOM to provide a remote administration API, and connect to that. Just ensure you secure the object with the appropriate ACL. (No-one has access by default).
NO ID: BEING FREE MEANS NOT HAVING TO PROVE IT