Slashdot Mirror
An Open Letter from Darl McBride
canfirman writes "Well, it seems Darl is changing tactics as he's now published an open letter proclaiming the benefits of UNIX over any other operating system. However, most of his letter involves comparing SCO Unix to Linux from not only a business acceptance point of view, but from a technical point of view, too. Darl throws in a bunch of stats in there, too: 'In a study
conducted only seven months ago they found that overall, the most
vulnerable operating system for manual hacker attacks was Linux,
accounting for 65.64% of all hacker breaches reported.' I'd love for somebody who has more technical knowledge than me to look at his points and see if what he says is true or not -- assuming anything coming out of Darl's mouth is true."
It's roughly accurate, yet not Linux's fault though. Shitty administrators running even shittier PHP webapps are the leading cause of website defacements today, and the vast majority of these PHP apps are hosted on Linux servers.
Of course, if SCO was the majority hosting solution for PHP webapps, these same shitty applications would be leading to similar numbers of exploited sites (especially since all it takes to find vulnerable sites is to look on google, if the admin isn't smart enough to use robots.txt, they're probably not smart enough to keep their webapps up to date either)
He says that when he came to the company they decided to focus on the area that was most profitable. He then goes on to say that this focus was not on litigation. It would seem that history will not bear him out on this.
When it comes down to it, is it productive anymore to even worry about this guy? At one time, I think it was, but now, I'm not sure. If he's still a danger to the idea of OSS, then I'm all for taking him apart bit by bit until he cries. But if he's just a harmless troll now, I'm ready to move on.
Has anyone started a betting pool for the final day of SCO's existence? It can't really be that far away, can it?
Finally, one more serious question: He says that they are proud of and focused on their own for-sale version of UNIX. What advantages are there to going with a closed, expensive version of UNIX over either an open, expensive version of Linux or an open, free version of Linux? I really don't know and am very curious.
Yeah, I'm as old as my UID would suggest.
That ain't the body part he talks with...
One should also note the weasel word being used, "manual hacker attatcks". Apparently for some OS's (which shall remain nameless), hacker attacks are automatic.
Of course there are more attacks against linux than against SCO Unix. I'd imagine there are somewhere around, 300 to 400 trillion more instances of linux running than instances of SCO Unix. So it's not strange that there are more attacks against them. This is just an instance of failing to take into account the base rate.
Of course, I'm having some fun with numbers myself here, so don't take my word for it.
Religion Politics Operating Systems
Be sure to remember the Programmers Prayer
This means only one thing: that hackers have to dedicate their time at manually hacking a linux server, while for a Windows machine a quick 5-minute script will do the entire job for them.
If, on the other hand, your time does have value, Linux is generally cheaper than the alternatives.
Oceania has always been at war with Eastasia.
Yes, because you don't have to spend any of your valuable time supporting paid-for operating systems.
I thank the F/OSS community's policy of full disclosure of vulnerabilities so they can be fixed sooner/faster. This is as opposed to other OS manufacturers' policy of concealment and FUD so said vulnerabilities and breaches DON'T get reported and a "patch" is released in their own sweet time.
As I assume you know, the "free" comment refers to the support/maint cost of linux, and not the actual purchase price of the software.
Oh give it up. I suppose you want a pony too? Well tough luck, even if I gave you a pony, you'd still have to feed it and take care of it. So you'll just have to suck up and make do with the freely modifiable, open standards based, non-vendor-locked-in, free-as-in-beer linux kernel and associated operating system, utilities, office suites and other freebies thrown in. Feel free to go sit in a corner and pout if you want. Then go and call SCOX to give you some free software, free support, and a pony. I doubt they'll come through, given that they already want to charge you $699 for something that's free.
SCO employee? Check out the bounty
"Well, boss, we're having problems with Linux at our datacenter, but don't worry, I can go on IRC and ask someone to help me."
Terribly different from "Well, boss we're having problems with Linux at our datacenter, but don't worry, I can go to Red Hat's support and ask someone to help me."
Specially when going to Red Hat's support is GUARANTEED you will be talking with a first tier support drone, at least on the begining while chances are, if you know your work, that you can talk to the problematic program's AUTHOR, LIVE, on the proper IRC channel.
That PHBs don't like "free support" doesn't make it less valuable regarding its technical foundations.
You may have a fundamental point there, but Darl lacks two very important things that Steve has - a very large marketing budget, and a pop icon which is pushing the otherwise measly profits from digital music sales into a huge media coup. And both of these make me at least respect Steve more - it's one thing to talk in PR-speak and such all the time, but when you have product, legions of fans, and billions in sales to back it up, at least you're getting somewhere. Ask the man on the street about an iPod, and he'll know exactly what you are talkin about. Ask the man on the street about UNIX (or even Linux *ducks*), and chances are he'll stare at you blankly.
Said as a joke, but one that speaks the truth. The primary target of most of the lawsuits has been people who have used SCO UNIX and decided to use some other operating system instead/as well.
What Darl does not seem to understand is that people do not simply buy (exuse me, license) software, they buy the company as well.
The behavior of SCO toward their own clients is not exactly one that encourages people to buy in. Irrespective of everything else, and positing that SCO had the best operating system in the world (stop laughing and just humor me for the sake of the argument)I wouldn't go near them with somebody else's ten foot pole.
It isn't worth the aggrivation of vendor lock in by legal intimidation.
KFG
Yes it is. http://www.linux.org/dist/
More importantly, Yes, it is.
multifariam.net -- yet another nerd blog
web site defacement, active entry = manual hacker attack
viruses,scripts,malware,browser exploits,etc != manual hacker attack
i imagine linux has the most sites hosted?
Linux sites probably have less security minded ppl than someone that paid big $$ for thier system.
Could be true, not that it means anything. They probably hacked some poor linux server with 100 sites that nobody has been to. That could generate said statistic since i hear so little about 'manual hacker attack' lately, hehe.
Those without security know-how are a greater security risk, duh.
The parent didn't mention one word about Windows. Just because he thinks Linux isn't free does not mean he's claiming that Windows is free or even cheaper.
You may be trying to show that Linux is cheaper than Windows, and you may be right, but that still does not address the original point which the parent made about Linux not being completely free.
Then again, this is /. and you get moderated +5 Insightful
No, just the opposite.
There are four potential categories of machines here. Unmaintained Windows, Maintained Windows, Unmaintained Linux, Maintained Linux. Of these, UW is so easy to target that it can be done automatically. UL is hackable, too, but there's enough variation that it generally needs to be done manually. I would further say that ML is more secure than MW.
Linux, having existed in a kinder environment, is like the boy-in-the-bubble stepping out into the world for the first time.
Unix (which Linux inherits much from, and in software aquired traits can be inherited :-> ) has been in a much nastier environment than Windows for much longer. Recall that the Morris Worm targeted Unix and Vax systems...
PHEM - party like it's 1997-2003!
Come on, Darl, if you want anybody with a scientific or techinical disposition to take your letter seriously, you have to quote your sources and analyze the results! Look:
The initial attraction to Linux was a price tag of zero cost. Yet, they typically charge customers from $349 to $2,499 every single year.
Who is "they?" Why is this "typical?" Where do you get your numbers from?
SCO Has a Superior Kernel
By what metric? What studies show this? The only support you mention is that Linux is younger than UNIX. This is not a metric of quality in the technolgy fronteer, as new technologies superceed old ones continuously.
In a study conducted only seven months ago they found that overall, the most vulnerable operating system for manual hacker attacks was Linux, accounting for 65.64% of all hacker breaches reported.
What percentage of hacker attacks are manual, and what percentage are automated worms? What does a "hacker breach" constitute, and what kind of systems are affected by them? Are we talking about personal web servers hosting one or two files, or CIA databases?
Linux development plans and schedules are generally as unknown as they are unpredictable.
Describe the development process for the reader. How is it different from the SCO model? Is predictability in product evolution something beneficial to the world of technology, or should programmers go with the flow, developing and releasing new software versions as the technology develops?
Linux will likely continue to face challenges about its development methodologies and roadmaps as long as it continues to be a loosely organized set of volunteers who develop what they want, when they want.
What is the organization structure of Linux development? Is it really as loosely organized as you make it out to be? Where does this information come from?
When a new upgrade of Linux is required, software vendors and end users most likely have to upgrade their application as well.
How often is a complete upgrade of the Linux kernel required? What does "most likely" mean? Are there any numbers to back up this claim?
I don't think I have to continue any further. Mr. McBride, you cannot use vague terms like "most likely" and "typical" in an open letter aimed at a technologically savvy audience, and you most certainly cannot make claims without logical arguments to back them. Also, consider revising your letter to include more analysis of the stated statistics.
C-
See me after class.
/*No comment*/ #No comment
99.99% of web site defacements have nothing to do with the OS. It's the web app that is compromised by a SQL injection attack or password workaround.
One of the problems is that there are a ton of badly written PHP apps that get installed on Linux mass hosting servers so some script kiddie just googles a string to find the vulnerable sites and uses their script to deface them.
The global economy is a great thing until you feel it locally.
Or maybe he was trying to show that all operating systems have associated costs, using the most commonly available target to construct a rather tongue-in-cheek post?
Harping on Linux because there are administrative costs is just plain silly.
Interestingly, one significant cost of adopting any given OS is the ability to hire people that already know the technology. Something tells me qualified Linux people are easier to find than qualified SCO people. Probably cheaper to hire, too.
--S
-- sigs cause cancer.
My time has much value, thank you very much, and wasting it removing viruses, spyware, and downloading endless updates to repatch a system so that it is only less vulnerable than before is not appreciated.
This is the same tired old Microsoft argument: You'll have to train folks to use Linux, so it'll cost you more.
Remind me again how much I had to spend training my folks to use Windows? Last I looked, those MCSEs were not free. Even now, a quick comparison shows me that a LPI certification costs around $100 while an average MCSE cert is running about $1000 minimum (figures for a self-taught student, buying their own books - the figures are much higher for a course-based cert.).
A better question might be who has the better technical skills once they are certified. I've known more than a few MCSEs who think that things like DNS views are virtually impossible. I know of no LPIs suffering the same confusion, but, I'm willing to concede there may be a few out there - I just haven't seen 'em yet.
I'm not tense. I'm just terribly, terribly, alert.
Indeed, PHP is severely damaging the reputation of Linux. While the developers of PHP are well-intentioned, that is for sure, their creation has suffered from far too many security problems as of late. Of course, they cannot be blamed for the flaws of hastily written PHP scripts.
Nevertheless, the numerous insecurities found in PHP and scripts written in PHP are tarnishing the image of Linux. Hopefully the PHP developers put more effort into creating a web development platform that isn't as susceptible to scripts written by non-professionals. Just as Intel and AMD have moved to prevent stack overflow exploits via hardware improvements, it is time for PHP to do the same. They must make it so that insecure scripts do not run at all.
Cyric Zndovzny at your service.
You can never completely take your Windows machine on your hands as you can do with Linux. You can never patch a system vulnerabilty, you have to wait MS security advisories for two weeks old vulnerabilies. That's not the case for Linux. You can patch it. You don't even need to wait developers of the kernel, because you can patch it yourself, if you know what you are doing. Even though you're master of Windows, you can't patch anything yourself. (Unless you know reading opcodes and patch binaries with your reverse enginerring skills. Not to mention that's possible in very rare situation anyways.)
One place where natural selection has helped is Windows Update.
I've had to reinstall Windows a number of tymes and one thing I found out quickly was to turn off automatic updates in Windows. This happened after I ran update after doing a compleat install and then running update only to have it break something. I went through this three tymes within a week. Install then run update, something gets broken so rerun install then update. Broke again so reinstall and this tyme not run update. No problems then. After reading MS's end user licenses required to run update, I know most don't read them but I did, got to be scary too.
FalconShould there be a Law?
What about:
Me: "Well, boss, we're having problems with Linux at our datacenter, but don't
worry, I already found the answer on one of the newsgroups."
or
Me: "Well, boss, we're having problems with Linux at our datacenter, but don't
worry, I dug into the source code and found the issue."
or
Me: "Well, boss, we're having problems with Linux at our datacenter, but don't
worry, I messaged one of the original developers on IRC and worked out what the
problem was."
Not every shop has the in-house expertise to deal without support, but there are plenty of us out here that do it. Frankly, most vendor support is shit anyways. We have support contracts for some of the software we run, and I usually don't bother; it's quicker to figure it out myself.
Sure, you can patch it - if you know how. Not everyone is a C programmer.