Windows vs. Linux Study Author Replies

Last week you submitted questions for Dr. Herb Thompson, author of the latest Microsoft-sponsored Windows vs. Linux study. Here are his answers. Please feel free to ask follow-up questions. Dr. Thompson says he'll respond to as many as he can. He's registered a new Slashdot username, FFE4, specifically to participate in this discussion. All others claiming to be him are imposters. So read, post, ask, and enjoy. 1- A better way of putting it:
by einhverfr

It seems that your study attempted to simulate the growth of an internet startup firm on Windows or Linux. One thing I did not see in the study was a good description of assumptions you made. What assumptions were made in both the design of the requirements and the analysis of the data? What limitations can we place on the conclusions as a result of these assumptions?

Dr. Thompson

This is a really important question. I think there are two sections of the study: the assessment methodology and then the experiment we undertook to illustrate how to apply that methodology. I'll answer the assumption question for both parts:

Methodology - For the methodology, we wanted to provide a tool that organizations could use and apply their own assumptions. Maintaining a system is all about context; some environments favor Linux, others Windows. The question is, how do you know what's likely to be the most reliable (which includes manageable, secure and supportable) solution for your environment? We proposed a methodology a recipe - that looks at a solution in its entirety instead of just individual components. Policies like configuration control vary from organization to organization and to get something that's truly meaningful in your environment, the methodology needs to be carried out in your context. Enterprise customers can and should do this when they are about to trust their critical business processes to a platform. That said, the basic assumptions of the methodology are that patches are applied at 1 month intervals and that business needs evolve over time. How those business needs evolve depends on the scenario you're looking at (in our experiment we looked at ecommerce for example). The methodology doesn't cover steady state reliability, meaning the uptime of a system that is completely static. While this is important, our conversations with CIOs, CTOs, CSOs and IT folks lead us to believe that this was a smaller contributor to pain in a dynamic environment. In an appliance for example, though, steady state reliability is king, and I think an important limitation of this methodology is that we don't capture that well, and I think it's amazingly difficult quality to measure in a time-lapse way.

The purpose of the experiment was to illustrate how to apply the methodology and to begin to get some insights into some of the key model differences between two platforms. For the experiment we picked the ecommerce scenario, for no other reason than there has been a clear shift in how ecommerce sites have serviced their customers in recent years moving from static sites to personalized content. Some specific assumptions were:

* The transition from a basic purchasing site to a personalized portal based on order/browsing history takes place over a one year period.

* The period we looked at was July 1st, 2004 to June 30th, 2005 (the most recent full year at the time of the study).

* A configuration control policy exists that mandates OS version but not much else meaning administrators had fairly free rein to meet business requirements.

* All patches marked as critical or important supplied by the vendor are applied.

* We assume the system to be functioning if the original ecommerce application is running and meets some basic acceptance tests (same for both platforms see Appendix 1 of the report) and the new installed components are also running.

* To add new capabilities, we use leading 3rd party components as opposed to building custom code in-house.

* The business migrates operating system versions at the end of the one year period to the latest versions of the platform.

* The administrators that participated in the experiment reflect the average Linux (specifically SuSE) and Windows administrators in skill, capability and knowledge. While this was strived for, it's important to recognize the small sample size in drawing any conclusions from the data.

As far as limitations, the experiment looks at one specific case with a total of six administrators. I'd love to have done it with a hundred admins on each side on a wide range of business requirement scenarios and my hope is that others will do that and publish their results. Our experiment, however, shows that for this particular, clearly documented scenario, experienced Linux Admins had conflicts between meeting business needs and a recommended best practice like not introducing out-of-distribution components. If one is aware of potential conflicts and challenges upfront, I think you can put controls in place to make reasonable tradeoffs. In the linux case, a precise and specific configuration control policy may have prohibited the problematic upgrade of one of the components that the 3rd party solutions required. This would have likely reduced the number of failures but would have put some hefty constraints on 3rd party solutions. To understand the implications for your environment you really need to run through the methodology with the assumptions and restrictions of your organization and I hope that this study either prompts or provokes people to do that.

************************

2 - Meta-credibility?
by Tackhead

Where I come from (non-management, grunt-level techie), appearing in any of these analysts' journals *costs* an author more credibility than it gains him or her. For example, if $RAG says that $CORP has the best customer support, I immediately assume that $CORP has such horrid customer support that they had to pay someone to make up some research that proves otherwise.

To be sarcastic, I'd ask "who the heck actually takes these studies seriously?", but obviously *somebody* does. Who are these people, and why do these people take these industry analyst firms/journals/reports seriously? Are they right or wrong to do so? This isn't an attack (or endorsement :) of your research -- I'm talking about the credibility gap in industry research, and my observation that it's an industry-wide problem.

The meta-credibility question is this: Given the amount of shoddy pay-for-play research out there, does being published in an analyst journal tend to cost (a researcher, his consulting company, his financial backers) more credibility than it can gains him/her/them? If not, why not -- and more importantly, if so, is there any way to reverse the trend?

Dr. Thompson

This is a really interesting question because it cuts to the heart of what a real research study should provide to the reader. It should provide a baseline and I think research should always be questioned, scrutinized and debated because one can always find reasons for bias. Particularly, if a subject of the study (vendor for example) is behind its funding, whether directly (as in this study) or indirectly (meaning that they are big clients) I think it's critical that the study not provide just a baked cake for readers but the recipe as well. The recipe has to be inherently fair and simple, meaning that it has to map directly to a the quality or pain one is trying to measure without taking into account how the subjects try and provide that service or mitigate that pain. I think slanted opinion pieces, with no backup for those opinions, seriously hurts credibility, at least in my book. If you're presenting facts though and encouraging others to question them then I think that actually helps credibility, even if the search for those facts was paid for.

I agree though that one is tempted to dismiss research a priori though because of funding or some vendor tie. I think a good way to reverse the trend is to open the process up to public scrutiny; that's probably the main reason I came on Slashdot. To use this specific study as an example, some folks disagreed with several points in the experiment from counting patches, to reasons for upgrading key components, to the ecommerce scenario we used. For me, the study's key value is the methodology. Could different applications/scenarios have been chosen: absolutely!

The value I think that this study gives to the practitioner is arming them with a tool to help measure in their own environment. By applying the methodology, the results should take into account things like administrators skillsets, support policies, configuration control policies and the tradeoffs between customizability, maintainability, visibility, security and usability. It's only by looking at this stuff in context can one make a sound judgment; and a true research paper, especially one where funding is in question, needs to fully disclose the method and the funding source. In our case, the methodology has been vetted by industry analysts, IT organizations and several academics. That doesn't mean much, though, if you don't find the methodology meaningful for the questions you want answered. One reason I've come on Slashdot is to get the thoughts, opinions and assessments of the methodology itself from administrators in the trenches. I'm really pleased with the great questions and comments amidst the inevitable flames and I'm looking forward to this being posted so that others can weigh-in with their feedback and I can jump into the threads to get some discussion going.

If the research helps give real insight, and the methodology makes sense, I think there's real value no matter who paid the bill. At the end of the day, you need to decide whether or not you can extract any value from the information presented to you. In the case of this study, my hope is that it will leave you thinking hmmm.... maybe we should actually run through a process like this and check out how this works for ourselves. My more ambitious hope is that you'll implement it and tell me what challenges you faces on Windows, Linux, OSX, BSD, whatever platform you choose to compare. It may not even venture into the perennial Windows versus Linux battle; maybe you're a linux shop trying to decide between multiple distributions for example. Either way, if it's got people thinking about the topic and asking questions, well, that's all any researcher can really hope for.

************************

3 - Weak setup
by 0xABADC0DA

If I understand the study correctly, the windows side had to do nothing but set up a server to do a few different tasks over time and run windows update. The linux side had to have multiple incompatible versions of their database server running simultaneously on a single system and had to run unsupported versions of software to do it.

Why wasn't the windows side required to run multiple versions of IIS or SQL server simultaneously? In real life if you need to run multiple database versions you use virtualization or multiple systems, especially if one requires untested software. You don't run some hokie unstable branch on the same system as everything else. Why was a linux solution picked that required this level of work? My other related question is, did any of the unix administrators question why there were being asked to do such a thing? For example, did they come back and say they need a license for vmware? If they did not they do not seem like very competent administrators in my opinion.

Dr. Thompson

The Windows Admins and Linux admins were given the exact same set of business requirements which doesn't necessarily translate into the same tasks as they went about fulfilling them. The 3rd party components installed were chosen solely based on their market leadership position and any upgrades of OS were unknown at the time of selection. That said, on the Windows side, it turned out that no upgrades of IIS were needed (except for patches) and SQL Server was upgraded to SP4 as part of patch application. On the Linux side, at a high-level there were two main classes of upgrades: MySQL and GLIBC and they were both prompted by the installed components. After the experiment, the administrators were asked on both sides if this kind of evolution of systems met with their real-world experience. They said yes, with the caveat of if they were asked to install a component that required an upgrade of GLIBC that they would likely upgrade the operating system as long as their configuration control policy allowed it.

You make a great point about installing components on some sort of staging system (which is almost always done) as opposed to live running systems. That still means that the problems that the administrators had equal real IT pain. If something weird had to be done to get the system running but it does run and it's then put into production it's like a fuse that gets set on a bomb. A careful configuration control policy would almost certainly help and thats why I think it's so important to conduct this kind of experiment in your own environment with your own policies.

As far as selection of the Linux administrators go, they all had at least 5 years of enterprise administration experience, and two years of experience on SuSE specifically. With three people there's certainly likely to be a lot of variability and to get some conclusive results, I'd love to get a huge group of administrators across the spectrum in terms of experience. I'd also love to do it across multiple scenarios, beyond the ecommerce study. For this experiment, basically the bottom line is that we Illustrate one clearly documented scenario with six highly qualified admins that we selected based on experience. We cant ensure equal competency levels, but there was nothing in our screening that would lead us to believe there were gaps in knowledge on either side. When it comes down to it though, the really meaningful results are the ones you get when you perform the evaluation in your environment. Hopefully this study provides a starting point for asking the right questions when you do that.

************************

4- Who determined the metrics
by Infonaut

Did Microsoft come to you with a specific set of metrics, or did you work with them to develop the metrics, or did you determine them completely on your own?

Kudos to you for braving the inevitable flames to answer people's questions here on Slashdot.

Dr. Thompson

Great question! The metrics and the methodology were developed completely on our own and independent of Microsoft. They were created with the help and feedback of enterprise CIOs as well as industry analysts. I think that this relates to a couple of other questions on Slashdot with the gist of if Microsoft is funding the study aren't you incentivized for them to come out ahead. Besides the standard we would never do that and that would put our credibility at risk which is our primary commodity which are both very true, let me explain a little more about how our research engagements work.

Company X (in this case Microsoft) comes to us and says can you help us measure quality Y (in this case Reliability) to get some insight into how product Z stacks up. We say, sure, BUT we have complete creation and control of the methodology, it will be reviewed and vetted by the community (end users and independent analysts) and must strictly follow scientific principles. The response will either be: great, we want to know whats really going on or um, heres some things to focus on and I think you should set it up this way. In the first case we proceed, in the second case we inform that company that we don't do that kind of research. We are also not in the opinion business, so we present a methodology to follow and illustrate how that methodology is applied with the hope that people will take the methodology and apply it in their own environment.

All of our studies are written as if they will be released publicly BUT it is up to the sponsor if the study is publicly released. The vendor knows that they're taking a risk. They pay for the research either way but only have control over whether it is published, not over content. So if their intent is to use it as an outward facing piece, they may end up with something they don't like. Either way, I think it's of high value to them. If there are aspects of the results that favor the sponsor's product, in my experience, it goes to the marketing department and gets released publicly; if it favors the competitors product it goes off to the engineering folks as a tool to understand their product, their competitor's product, and the problem more clearly. Either way, we maintain complete editorial control over the study and there is no financial incentive for us if it becomes a public study or is used as an internal market analysis piece. The methodology has to be as objective as possible to be of any real value in either case.

************************

5 - ATMs vs. Voting Machines
by digitaldc

How is it that Diebold can make ATM machines that will account for every last penny in a banking system, but they can't make secure electronic voting machines?

Also, does the flame-resistant suit come with its own matching tinfoil hat? (don't answer that one)

Dr. Thompson

This is a question that has passed through my mind more than once. The voting world is very interesting. I don't have experience with the inner workings of Diebolds ATM machines but I can say that the versions of their tabulation software that Ive seen have some major security challenges (see this Washington post documentary for some of the gory details). I'd say I'm concerned about the e-voting systems Ive seen but that would be a serious understatement.

I question whether the economic incentive is there for them to make their voting systems more secure. Take an ATM for example. Imagine the ATM has a flaw and if you do something to it, you can make it give you more money than is actually deducted from your account. Anything involving money gets audited and sometimes audited multiple times and chances are good that the bank is going to figure out that they're loosing money. On the flip side, if there was a flaw in the ATM in the banks favor, someone balancing their checkbook is going to notice a discrepancy. The point is that there's always traceability and there's always someone keeping score. If you think about voting tabulators though we've got this mysterious box that vote data gets fed into and then, in many states, only a fraction of these votes are audited. That means we don't really know what the bank balance is other than what the machine tells us it is. If the system is highly vulnerable and its vulnerability is known by the manufacturer *but* it's going to be expensive to fix it and shore up defenses, there seems to be no huge incentive to fix the problems. I think the only way to get some decent software that counts votes that people can have confidence in is to allow security experts to actually test the systems, highlight potential vulnerabilities, and put some proper checks and balances in place. That would give the general public some visibility into a critical infrastructure system that we usually aren't in the habit of questioning and will hold voting manufacturers directly accountable to voters.

As for the tin foil hat to go with the flame resistant suit; it hasn't been shipped to me yet - apparently the manufacturing company is still filling backorders from SCO :).

************************

6 - Why are the requirements different?
by altoz

Looking at your research report's appendices, it seems that the requirements for Windows Administrators were somewhat different than the Linux Administrators. For instance, you ask for 4-5 years sys admin experience minimum for Windows, whereas it's 3-4 years sys admin experience minimum for Linux.

Why wasn't it equal for both? And doesn't this sort of slight Windows favoring undermine your credibility?

Dr. Thompson

Short answer: Typo. Long answer: We originally were looking for 4 years of general administration experience for both Linux and Windows which is what is reflected in the desired responses to the General Background questionnaire for Linux. We then raised it to 5 years for both Linux and Windows which is reflected in the General Background of the Windows questionnaire. The difference in the two was just a failure to update the response criteria on that shared section of one of the questionnaires. On page 5 though we've got the actual administrator experience laid out:

Each SuSE Linux administrator had at least 5 years experience administering Linux in an enterprise setting. We also required 2 years minimum experience administering SuSE Linux distributions and at least 1 year administering SuSE Linux Enterprise Server 8 and half a year administering SLES 9 (released in late 2004). Windows administrators all had at least 5 years experience administering Windows servers in an enterprise environment. These administrators also had at least 2 years experience administering Windows Server 2000 and at least 1 year administration experience with Windows Server 2003.

************************

7 - Scalability of Results?
by hahiss

You tested six people on two different systems; how is that supposed to yield any substantial insight into the underlying OSes themselves?

[At best, your study seems to show that the GNU/Linux distribution you selected was not particularly good at this task. But why does that show that the ``monolithic" style of Windows is better per se than the ``modular" style of GNU/Linux distributions?]

Dr. Thompson

First, let's look at what we did. We followed a methodology for evaluating reliability with three Windows admins and three Linux admins. This is small sample set and it looked at one scenario: ecommerce. Is this enough to make sweeping claims about the reliability of Linux/Windows? No way. I do however think the results raise some interesting questions about the modularity vs. integration tradeoffs that come with operating systems. I don't think that either the Windows or Linux models are better in a general sense but they *are* different; the question is which is likely to cause less pain and provide more value for your particular business need in your specific environment. Hopefully these are the questions that people will ask after reading this study, and with any luck it will prompt others to carry out their own analysis within their own IT environment, building on what we started here. I think the methodology in this paper has provided a good starting point to help people answer those questions in context.

************************

8 - Convenience vs. security
by Sheetrock

Lately, I've felt that Microsoft is emphasizing greater trust in their control over your system as a means of increasing your security. This is suggested by the difficulty of obtaining individual or bulk security patches from their website as opposed to simply loading Internet Explorer and using their Windows Update service, the encouragement in Service Pack 2 of allowing Automatic Update to run in the background, and the introduction of Genuine Advantage requiring the user to authenticate his system before obtaining critical updates such as DirectX.

In addition, Digital Rights Management or other copy protection schemes are becoming increasingly demanding and insidious, whether by uniquely identifying and reporting on user activity, intentionally restricting functionality, and even introducing new security issues (the most recent flap involves copy protection software on Sony CDs that not only hides content from the user but permits viruses to take advantage of this feature.)

I would like to know how you feel about the shift of control over the personal computer from the person to the software manufacturers -- is it right, and do we gain more than we're losing in privacy and security?

Dr. Thompson

This is an interesting problem because manufacturers have to deal with a wide range of users. If there was real visibility and education for users on the security implications of doing A, B or C then we'd be ok. It's scary though when that line gets crossed. Sony's DRM rootkit is a good example. But if you think about it, we are essentially passively accepting things like this all the time. Every time we install a new piece of software,especially something that reads untrusted data like a browser plugin,we tacitly accept that this software is likely to contain security flaws and can be an entryway into your system; NOW are you sure you want to install it? The visceral immediate reaction is no but then you balance tradeoffs of the features you get versus potential risks. Increasingly, were not even given that choice, and components that are intended to help us (or help the vendor) are installed with out our knowledge. This also brings up the question of visibility; how do we know what security state were really in with a system? Again, there are tradeoffs, some of this installed software may actually increase usability or maintainability but it's abstracting away what's happening on the metal. So far, it seems as though the market has tended towards the usability, maintainability, integration that favors bundling on both the Linux and Windows sides. It's kind of a disturbing trend though.

As another example, think about how much trustaverage programmers put into their compiler these days. Whenever I teach classes on computer security and then go off into x86 op codes or even assembly, it seems to be a totally foreign concept and skillset. We've created a culture of building applications rapidly in super high-level languages which does get the job done, but at the same time seems to have sacrificed knowledge of (or even the desire to know) what's happening on the metal. This places a heavy burden on platform developers, compiler writers and even IDE manufacturers because we are shifting the cloud of security responsibility over to them in big way. Under the right conditions it can be good because the average programmer knows little about security, but we need to make sure that the components we depend on and trust are written with security in mind, analyzed by folks that have a clue, and are tested and verified with security in mind. This means asking vendors the tough questions about their development processes and making sure they've got pretty good answers. Here's what I think is a good start. If that fails, theres always BSD. :).

************************

9 - Apache versus IIS
by 00_NOP

Simple one: of course I accept that Windows and Linux are a priori equally vulnerable - C programmers make mistakes. The question is which model is most likely to deliver a fix fastest. Given that the one area where Linux is probably in the lead over Microsoft's software is in the realm of the webserver - why are my server logs filled with artifacts of hacked IIS boxes but apache seems to remain pretty safe?

Dr. Thompson

You bring up a couple of interesting points. The first is patch delivery. It's true that on Linux if there's a high profile vulnerability you're likely to be able to find a patch out on the net from somebody in a few hours. Sometimes the fix is simple, a one-liner, and other times it may be more complex. Either way, there could be unintended side effects of the patch which is why there's usually a significant lag between these first responder patches and a blessed patch released from the distribution vendor. Most enterprises I know wait for the distribution patch as a matter of policy, and even then, they go through a fairly rigorous testing and compatibility verification process before the patch gets deployed widely. In the Windows world, one doesn't get the alpha or beta patches, just the blessed finished product. So the question is which solution is likely to provide a patch that fixes the problem and doesn't create any more problems the fastest. That's a tough one to answer. I think theres something to be learned by looking historically and that in general theres a big discrepancy between perception and reality. Here's a (pdf) link to a study we did earlier this year based on 2004 data that I think provides a good starting point for answering that question.

As far as why you've got so many attempts on your Windows/IIS box, I think there are two distinct issues: vulnerability and threat profile. In the past, I would argue that the path of least resistance was through Windows because desktop systems were often left unprotected by the home computer user. Bang-for-the-packet favored creating tools that exploited these problems and some of the attacks actually worked on poorly configured servers as well. Then there's the targeted vs. broad attacks. Theres no question that the high-profile worms and viruses in the last several years have favored Windows as a target. The issue gets even more complicated when you look at targeted attacks. These targeted attacks are much harder to measure, even anecdotally, because either an organization gets compromised and doesn't disclose it (unless they're compelled to by law) or the attack goes undetected because it doesn't leave any of the standard footprints, in which case no pain is felt immediately. That may help to explain it but the truth is that there's a lot of conflicting data out there. I remember reading this on Slashdot last year which claims Apache was more attacked than IIS but I've also read reports to the contrary. The reality is that any target of value is going to get attacked frequently. If there is an indiscriminant mass attack like a worm or virus, that's pretty bad and can be really painful. What's scarier though is the attack that just targets you.

************************

10 - Do you agree with Windows Local Workflow
by MosesJones

Microsoft and Linux distros have had a policy for some time of including more and more functionality in the base operating system, the latest example is the inclusion of "Local Workflow" in Windows Vista.

As a security expert do you think that bundling more and more increases or decreases the risks, and should both Windows and Linux distros be doing more to create reduced platforms that just act as good operating systems?

Dr. Thompson

Three years ago I bought my mother a combination TV, VCR and DVD player. It was great; she didn't have to worry about cables or the notorious multi-remote control problem. She didn't even really need the VCR because she hardly ever watches Video tapes, but I thought, why not. It worked great for two years, mom watched her DVDs, and on a blue moon a video tape from a family vacation would find its way into the VCR. All was well at the Thompson household. This past year, tragedy struck. The VCR devoured a videotape, completely entangling it in the machine. This not only knocked out the VCR but the television too (it thought it was constantly at the end of a tape and needing to rewind it). So here's the issue: mom probably only needed a TV and a separate DVD player. I probably could have gotten better quality components individually too, and with some ebay-savvy shopping, the group may have been cheaper. For my mom though, the integration and ease of operation of the three were key assets. The flipside of that is that the whole is only as strong as the weakest of its constituent parts, and by the manufacturer throwing some questionable VCR components into the mix, it caused the whole thing to fail. The meta-question: did I make the right choice, going for the kitchen-sink approach versus individual components? I think for mom I made the right call. For me, my willingness to program a universal remote and my love of tweaking the system would have lead me down a different route.

In operating systems, it depends what you're looking for and what the risk vs. reward equation is for you, and I would argue that the answer varies from user to user. The ideal would be something that gave you integration, ease of use, visibility, manageability and the ability to truly customize and minimize functionality and maintenance requirements. No operating system I've ever seen strikes that balance optimally and for every user. As far as bundling functionality with the distribution, I think it's a question of market demand. There's no question though that from a simple mathematical perspective, the less code processing untrusted data the better. That means if I need a system to perform one specific function, and that function was constant over time, then from a security perspective I only want the stuff on that box that does what I need to serve that goal. For example, I don't ever want X Windows on my linux file server. I just want the minimal code base there because as long as the code itself is reliable, I'll only have to mess with the box to apply patches (and much fewer patches if I strip the system down). That's true of my home fileserver. If I have an army of systems to manage though, my decision is going to come down to which platform is reliable and extends me the most tools to manage it efficiently and effectively. That's a question that can only be answered in context. I can tell you what I run at home though. File server: Red Hat EL 4 (no X windows). Laptop: Windows XP SP2. Desktop: Windows Server 2003 with virtual machines of everything under the sun from Win 9x to SuSE, Red Hat and Debian.

~FFE4

[GillBates0]

UID: FFE4 (932849). What a n00b. He must be new here.

Kidding!

Re:~FFE4

[GogglesPisano]

I'm not sure if this is what he's referring to, but back in the day $FFE4 was the address for the "get whatever key is being pressed" routine in the 8-bit Commodore kernal (e.g., the C64).

As in:

WAITKEY: JSR $FFE4 ; Check for a keypress
BEQ WAITKEY ; If no key pressed, a zero is in the accumulator, so loop back

Re:~FFE4

He's not a noob: His Nickname is his Userid written in base 39.280903113838373926155006346373. How the hell did he do that?

Re:~FFE4

[FFE4]

FFE4 = JMP ESP on x86 (one of my favorite instructions for certain contexts - buffer overflows in particular :)). It's one I created just for this interview and thus got a UID heading towards infinity!

Re:~FFE4

[LnxAddct]

I must say, you are a true geek through and through. Thanks for an unbiased study and being brave enough to respond to slashdot. Geeks around the world thank you. (As you can see from my username, I am slightly biased towards the competition :) but still found your study to be excellent)
Regards,
Steve

Re:~FFE4

FFE4.

Re:~FFE4

[DeBeuk]

I admire your courage, welcome to slashdot.

Re:~FFE4

[terevos]

No offense to Dr. Thompson - but even if the study was completely unbiased, with only a set of 3 admins for each side, the results are basically meaningless. Since it did not meet the proper amount of replications, the chances that this study would be repeatable in another environment are simply unknowable.

If you've taken a statistics class, you know that a total of 3 tests for each side is simply not enough to determine anything worth while. It's a wonder that Dr. Thompson is actually publishing these results as anything other than a sample, which will have a true test to come later. Reporting the results to a large audience just seems disingenuous.

Again - no offense to you personally, Dr. Thompson. It's done all the time in statistics.

Re:~FFE4

[morcego]

As Dr. Thompson pointed out, his study is not conclusive (and never tried to be) on the Linux vs. Windows war. He was simply doing a case study. Even small changes on the way it happened to wield different results. Choosing Redhat or Slackware instead of SuSE.

The problem is not the study, but what the outside parties will do with it. It provides with a set of data that can be used to many different marketing campaings: "Windows is better than Linux", "SuSE sucks, buy RedHat", "XXXX e-commerce solution is crap" and so on and so forth. One can even question the competence of the sysadmins (both Windows and Linux ones).

That is the problem with studies of this kind. It is very easy to pervert it to "prove" anyone's opinion on the subject.

Re:~FFE4

[mojotoad]

And here I thought it meant 'Full Width Broken Bar' :)

http://www.fileformat.info/info/unicode/char/ffe4/ index.htm

Cheers,
Matt

Re:~FFE4

[terevos]

Yeah - if it's a case study, then you can't really compare one product against another. Case studies are typically meant for doing an indepth look at one particular person or thing. A case study is just that. A study of a particular case.

You can study how people in an environment with Linux performed and how people in an environment with Windows performed, but you cannot make any statements like "In the experiment, we found that such flexibility also leads to ambiguity for administrators in terms of paths to follow when resolving conflicts." To me, that statement sounds pretty general. And from case studies, you cannot make generic statements.

Re:~FFE4

What about answering the real questions ?

Don't forget

[sucker_muts]

People on slashdot can get pretty upset about the studies Microsft shows the world, and these mostly say Microsoft is the king on the hill. But don't ever forget they don't show ALL of their studies. It could well be that 60% of them does not favor Microsoft good enough or not at all.

Of course I realise they try to use situations that are more likely to favor for them as for [insert competitor].

No if just once a bunch of other studies leaked we could get a real view over what MS is doing with their researches all the time...

Re:Don't forget

[Loether]

Good point. Several studies with a small enough sample size virtually guarantees some positive and some negative results. While MS may not be able to directly influence the sample size they can indirectly by giving only enough money for a small sample. Then just hand the bad ones to the dev/QA team and the good ones to the public.

Re:Don't forget

[Maria+Winslow]

See this article on how Microsoft's "Get the Facts" campaign uses studies that are misleading:

http://www.linuxplanet.com/linuxplanet/reports/607 8/1/

Getting the Real Facts: How Industry Analyst Reports Can Trick Readers

Microsoft's "Get the Facts" advertising campaign makes the claim that Windows offers a lower total cost of ownership (TCO) than Linux, and backs it up with reports from well-known industry analyst firms. But Linux advocates claim that the TCO of Linux is lower, and some other studies back them up. How can you separate the fact from the fiction?

This is based on my book, The Practical Manager's Guide to Open Source: http://windows-linux.com/practicalOpenSource, which analyzes several of the studies in detail.

Re:Don't forget

[ozmanjusri]

Then just hand the bad ones to the dev/QA team and the good ones to the public.

Interesting. Maybe FFE4 can tell us;

Was the distro to be used pre-selected by Microsoft?
Was he aware of similar studies involving other major distros (ie, Redhat, Debian etc)?
What were the disclosure agreements with MS - could they have suppressed findings which showed Linux in a positive light?

Re:Don't forget

[vsprintf]

The other unanswered question was about funding having a relationship to the results. The position was that the results were independent of the funding, but how many organizations that produce unfavorable results continue to get funding for new "studies"? That selection process would eventually produce results favorable to the sponsoring company with the money.

Re:Don't forget

[Loether]

That is a good point too. I was just trying to give the benifit of the doubt to the research team.

Re:Don't forget

[Loether]

I believe FFE4 answered the question about suppressed findings in the original article. He said that the findings were independently produced as free of bias as possible but it was up to MS to publish or use internally as they see fit.

Sense of Humor

[sconeu]

At least the guy has a sense of humor.

See his comment on the Flameproof suit/Tinfoil hat question.

Re:Sense of Humor

[Foerstner]

If he didn't, would he have even decided to do a Slashdot interview? The flameproof suit only goes so far...you have to be able to laugh at the burns.

Re:Sense of Humor

See his comment on the Flameproof suit/Tinfoil hat question.

Link?

Re:Sense of Humor

[vsprintf]

See his comment on the Flameproof suit/Tinfoil hat question.

Link?

http://interviews.slashdot.org/article.pl?sid=05/1 1/28/1245256&tid=109&tid=11&tid=106

MySQL

[Shawn+is+an+Asshole]

Okay, so they needed a certain version of MySQL which required a newer version of Glibc. Still, though, any Unix admin should know that upgrading glibc is risky at best (I've broken many systems due to upgrading glibc).

Here's my question: Why didn't they just rebuild the source RPM and install the resulting binaries? This way the binary would be built with the same glibc as everything else on the system. I've done that on many system with no adverse effects. They didn't have to rebuild in on the server, just any machine running the same distro would do fine.

Re:MySQL

[exa]

See, the only way to guarantee the intended result in these studies is to have a linux admin that is literally dumb as fuck.

What use is a linux admin who does not know how to build a damn rpm?

Re:MySQL

[IdleTime]

Most likely because the new MySQL version used a glibc function not existing in the previous version, hence rebuilding with the old glibc would error out.

I know that the database I work with on a daily basis have a minimum requirement for glibc versions and when we release a new version, that requirement normally have bumped the release of the mninimum required glibc version, hence a glibc upgrade may be necessary.

Re:MySQL

[ajs]

They did not just rebuild source RPMS because that would have violated business constraints, which were the basis for comparison.

He did comment that thre admins provided feedback saying that they would have considered a distribution upgrade over the glibc upgrade if they were allowed to. That would seem to me to be a more likely path for a business to have taken. Still, for the constraints posed, this was a fairly valid test (and remember that the constraints were posed on both sides).

Re:MySQL

[FFE4]

It was actually one of the 3rd party components that required the GLIBC upgrade and not MySQL. If it had been MySQL and they had the SRPMs I'd agree with you (although that may lead to some wierd patching problems down the road). Many 3rd party commercial vendors only provide the binary RPMs and that was the case here too. Again, let me say that we chose components based on market share without knowing that these issues would crop up. That's why I think it's critical to apply this methodology in your own environment because you get the added benefit of any configuration control policies you may have in place, and going through the exercise may, in addition to helping you select a platform, help you select the 3rd party components that minimize pain too. Most of this kind of stuff just ain't documented in the install/release notes.

Re:MySQL

[molarmass192]

Most likely because the new MySQL version used a glibc function not existing in the previous version

I find that EXCEEDINGLY hard to believe considering that the req was:

"In the Linux case, the component required an upgrade of the MySQL database component from version 3.23 to version 4.1"

and MySQL 4.1 works fine when compiled against GLIBC 2.2 which is what SLES 8 ships with. Truth be told, the study admins choose to hunt down precompiled RPMs for MySQL 4.1 rather than download the sources and do a simple configure/make install. If they REALLY wanted RPMs, they could even have grabbed the SRPM from SuSE, ran it through alien,subbed in the new tgz, and rebuild a fresh RPM. Thus, my long standing position that there is no such thing as a "good" admin who hasn't also done some development work.

Re:MySQL

[jallen02]

The thing that strikes me about all of this is that the test is obviously rigged towards bigger businesses. Integrating systems into a big corporate environment that will make CIOs happy is all fun and good. Yet.. things like upgrading glibc and all of this policy change control is just slanting things towards a company that aims to cater to these, sometimes senseless, business requirements.

Many of the points are good. Yet.. in a small to medium sized environment you have MANY luxuries and things you just don't worry about. Change control? If something is broke I fix it. I take every best effort to not have any downtime. I make sure I am not affecting my users. So operating from those constraints: minimal downtime, don't interrupt users I go. Life is generally good. XYZ startup set out to change the world (Google) really don't give a rats ass about blessed binaries. As long as it doesn't break anything and you can stably apply it to your environment without disrupting your users who cares? Often you have to recompile your critical applications with new options anyway such that you aren't running on a vendor supplied binary. I just don't see how this test reflects how Linux is really used. In other words I think there are variablies for Linux that simply can't be included in the test because Windows can't even do it (for better or worse). These ,untestable, harder to quantify items are what keep me using Linux based operating systems.

For certain critical things it can be good to ensure that a fix doesn't break more than it solves. Yet the fix is out there and you can evaluate it then and there. That is something you just can't do in Windows. There is a total openness about the process of the patch. In MS who knows what dark magic happens between vulnerability and a "blessed" patch. In some ways they are different worlds. I can achieve my goals. Tens of thousands of other people believe in free operating systems to power their business. As long as all of this is the case the model sustains itself. So who really cares about these studies that are focusing on how Linux does with big business constraints. What does Linux really gain being inside of big business so deeply other than corporate dollars? Open software and your average american corporation have completely different ideologies. I don't know why people are so concerned about what a Microsoft study says about Linux playing in an environment rigged to favor MS.

Jeremy

Re:MySQL

What were these 3rd party components that you chose? And did your administrators have any power to veto or propose alternatives to these choices?

Re:MySQL

[rihteri]

Considering Windows gets OS upgrades much less frequently than most Linux distributions, this constraint was unfair. Even more so if the Linux upgrades may be acquired for free.

Re:MySQL

[ookaze]

Most likely because the new MySQL version used a glibc function not existing in the previous version, hence rebuilding with the old glibc would error out.

Stop the BS please.
They upgraded from MySQL 3 to MySQL 4, and no MySQL requires any specific version of GLIBC.
Look at the report, they just reacted like no Linux admin would : they recompiled (and replaced instead of adding a new version of !!!) glibc instead of recompiling MySQL.

I know that the database I work with on a daily basis have a minimum requirement for glibc versions and when we release a new version, that requirement normally have bumped the release of the mninimum required glibc version, hence a glibc upgrade may be necessary.

Stop saying such stupid things please.
Saying this, you just show that you are not an experienced Linux admin.
The minimum glibc version you would require would be 2.x, which is available in any distro since years.
Even 2.3.x are available since years.
No database requires a new glibc version, as I doubt they need the latest TLS things.
The only problem is with closed source databases, and if you have problems, that means you use a version unsupported by your platform.

Re:MySQL

[budgenator]

I would agree, and futher I found the studies use of "required by 3rd party software" a bit ambigious in one context it could mean X-windows or MySQL is 3rd party to Linux, in another it could be some php scripts function that would never be used was listed by a developer that just never bothered to test against the 3.23 version of MySQL.

I've tried to find the PDF and couldn't, but I don't remember a list of what the 3rd party software was, just an appendix of corps using the software.

Re:MySQL

[ookaze]

It was actually one of the 3rd party components that required the GLIBC upgrade and not MySQL

Which is not what is written in the report. In either case, sth is very wrong, because that only means your 3rd party WAS NOT supported by the platform, and yet, it has most market share on Linux ?
So Suse, that was chosen, was not the platform with the most market share, not enough to be supported by this 3rd party. And yes, that would apply to Suse 8, as the 3rd party had most market share before your study, during which SLES 9 became available.

Again, let me say that we chose components based on market share without knowing that these issues would crop up

How come ? Every 3rd party tells you which platform they support !!!
A Linux admin that does not know that is not even an admin.

Most of this kind of stuff just ain't documented in the install/release notes

Of course it is. It says SLES 8 supported or it doesn't, and then you ask.
This is nonsense otherwise, and nonsense happened in this study.

Re:MySQL

[Tharkban]

Why is it you keep sounding almost apologetic and saying that companies should do this study for themselves.
Since results may be different depending on circumstances?

It sounds like your study supports Windows because of a quirk in setup, but that you don't.

Let the flaming begin.

Re:MySQL

[BeBoxer]

Many 3rd party commercial vendors only provide the binary RPMs and that was the case here too. Again, let me say that we chose components based on market share without knowing that these issues would crop up.

Let's be honest here. You should have known that those issues might crop up. Binary incompatability is a well known problem with closed-source software, and not just on Linux. It's one of the major advantages of open-source software over closed-source. Having the source means I can rebuild the software for my system to avoid exactly this issue. Or more commonly, my distro can rebuild the software and provide me with an easy to use and fully compatable binary package.

Any project which goes out and chooses what software to use exclusively based on "market share" deserves any problems they run into. That should be the conclusion of your study. When I go looking for applications to use, compatability is primary consideration. Having a maintained version included in my distro of choice (Debian for me) is a huge plus. If I do have to use closed-source, putting it into it's own isolated OS will probably end up a requirement as well since that's the easiest and most direct way of avoiding binary compatability issues.

To compare Windows and Linux by forcing one of the biggest weaknesses of closed-source software onto the open-source solution is quite disingenous I think. It may be that the closed-source software is well and truely required and has no open-source competetor. But you never actually name the software, so no one can come along and say "hey, why not use GNU Mailman to handle the mailing" for example. Both mailing lists and search have many many open source options. Data mining has perhaps not so many, but in all liklihood that application can run on an indepenent server and connect to MySQL over the network. That would eliminate all the GBLIC problems.

Really, not to sound snide, but the strongest conclusion I can make from this study is that I should not hire you to design my IT infrastructure. I can't say if it was ignorace or malice, but it sounds like you pretty much set the Linux side up for failure.

Re:MySQL

[Master+of+Transhuman]

"Again, let me say that we chose components based on market share without knowing that these issues would crop up. That's why I think it's critical to apply this methodology in your own environment..."

Well, that answers some of my questions - you made a mistake in the setup which favored Windows; and IT environment controls many of the issues purportedly examined in this study, which was my point (stated elsewhere here) in questioning the value of studies of this sort.

Just as an aside, this problem in the study also indicates the problems caused by relying on proprietary software from third party vendors: "Many 3rd party commercial vendors only provide the binary RPMs".

BINGO! Or perhaps, "DUH!"

Re:MySQL

[Master+of+Transhuman]

"In other words I think there are variablies for Linux that simply can't be included in the test because Windows can't even do it (for better or worse). These untestable, harder to quantify items are what keep me using Linux based operating systems."

Excellent point and better expressed than I did in my comment elsewhere, I think.

"Open software and your average american corporation have completely different ideologies."

It's not just ideology, too. More importantly, a Windows shop and a Linux shop are two totally different animals in almost all respects from an IT standpoint. Trying to compare the two from a functional standpoint using any sort of "standard" scenario is almost guaranteed to be an "apples and oranges" comparison. Much better is to compare cost/benefits from companies that HAVE switched, or those that are mixed shops - and here every report I've seen has favored Linux.

Re:MySQL

[benjamindees]

So, the admins were free to use any tools they wanted, and this was supposed to be a test of Linux, yet you dictated components, (proprietary, binary-only components that you refuse to disclose, and that apparently weren't even supported on the Linux OS used,) based on market share. And Linux failed because, in order to comply with these requirements, your genuis admins performed a glibc upgrade that broke the system???

Why am I supposed to take this seriously again?

Re:MySQL

[ajs]

You may consider the constraint unfair, but it's a perfectly practical and realistic business constraint that Linux has to cope with on a daily basis.

In fact, that's one of my overriding complaints about Linux software. There's this sort of loose assumption that backward compatibility isn't required because you can just download the source for something new. But, when you work in an environment where you have 10 applications, each with its own realease cycle, you have to adopt a platform from hardware all the way up to OS and tools for those applications to target. You can't just upgrade at the drop of a hat without chaning the deadlines for half a dozen of your projects.

So when you discover that project A's new widget will require a security update to the software it depends on, and that will require a new version of libc, you're totally screwed. It's nice to live in the "it's my machine, and I'll upgrade when I like," world, but if you're going to compare OSes for the enterprise, you're talking about a very different ball of wax.

Re:MySQL

[burnin1965]

Hello Dr. Thompson,

I appreciate your answering questions on the report, it takes some courage to face a hostile community.

Anyhow to the question, perhaps I should go back and read more, but what I would like to see are more specific details on the third party applications you were using, the issues they created, and how they were resolved.

I'm curious because it appears that some initial rules and choices that were made for the study were a recipe for disaster. Its like telling two teams they will be in a race to navigate a course as fast as possible and they must choose their vehicle without knowing what the course will be and they are stuck with whatever vehicle they chose. One team chooses an Formula 1 race car while the other picks a nice luxury yacht. The race course turns out to be from the Florida Keys to Jamaica and back. The Formula 1 guys are forced to make their car work as a boat because the rules say you already chose so your stuck with it.

Okay, so thats a bit extreme and perhaps I'm reading too much into your specifications for the model. For all I know the linux guys doomed themselves. But it sounds like the third party add-ons you were using are not properly supported on SuSE linux. If your results were typical of maintaining a linux e-commerce website then I doubt much of anyone would be using linux.

This scenario seems to be a common occurrence when windows and linux are benchmarked and reported in a Microsoft funded study, note the following url:

http://www.kegel.com/nt-linux-benchmarks.html

When the grueling details are scrutinized there are some real issues that need to be resolved and the comparisons and details provide a benefit to the linux community and to Microsoft. What is not beneficial is touting the superiority of one OS over another based on some finding which is sqewed by picking a weak point which could be easily overcome by picking the correct software, hardware, and configuration.

So how about some grueling details? ;)

burnin

Re:MySQL

[Master+Bait]

These studies are for making sure that all the dumbest admins stay with Windows.

Re:MySQL

[grahammm]

I suppose it also needs to be asked why they started off with such an old version of glibc. In July 2004, glibc 2.3.2 was the latest version and that been released for 15 months. Would it not have been reasonable to start the trial with at least semi-up-to-date software?

Re:MySQL

Just stop trying to rationalize!

Facts:

Thomson's methodology was correct.
Linux lost, and lost convincingly.

Suck it up Linux bitches. You lose and will continue to lose, just so long as you continue to tilt at windmills and imagine anyone still cares.

Re:MySQL

[CableModemSniper]

Maybe we should have had an interview with the admins instead of the guy running the study.

Re:MySQL

[PsychoSid]

Solaris (whilst not closed source these days) retains binary compatibility and has done sine 2.6 > 10.

You can patch it upgrade the OS and re-import/introduce your application/data volumes and just start things up.

It's one of the advantages over Linux - not that there are that many...

Re:MySQL

[BeBoxer]

You are only talking about compatability of older software on newer OS versions. Linux supports this, as does Windows, and pretty much every major OS in existence. But this study was trying to get compatability in the other direction. They were trying to run something which required a new GLIBC under an old OS. This would be like trying to run a binary compiled for Solaris 8 under Solaris 7. You might be able to make it work, but depending on the application it might be quite difficult. And it would certainly not be supported by Sun.

Re:MySQL

[Serveert]

Sorry, but if you run into glibc problems then you have failed as an admin. You should know this is a problem much like Windows has problems, and you avoid them from the beginning.

Don't use binary RPMs without source, or simply wait for the new recompiled binary before upgrading glibc. The great thing with open source is source is constantly being updated with new and evolving source code, which gives advantage over propietary closed source environments ala Windows. By limiting yourself to binary RPMs you are now back to the level of Windows so if you encounter glibc problems, it is your fault, period.

Re:MySQL

[Krach42]

It was actually one of the 3rd party components that required the GLIBC upgrade and not MySQL.

Why were the SLES admins not allow to say basically that this 3rd party component is sufficiently incapable of working with their systems as is. Then, either go to the company that makes the 3rd party component, or "we'll take our business elsewhere."

Was this something you would have possibly allowed them to do? Because if you were to run into this same sort of problem with Windows, one would have only the choice to upgrade the OS, or pick another product.

Namely, if this same situation were to occur on Windows (they're using say, Windows 2003, and the SP1 comes out, and the 3rd party component won't work unless one has SP1) there would be no choice but to either upgrade to the newer version of Windows, pick another component supplier, or badger the component supplier for a compatible version.

I don't think it fair to say that the Linux people had a hassle because they were able to take the option of getting it working on the older version. If anything this shows a greater flexibility of Linux at the cost of hassle, than Windows. And to force Linux to use this flexibility at the cost of easy of administration could be said to be entirely contrary to the entire purpose of the study.

Re:MySQL

[cryptoz]

See, the only way to guarantee the intended result in these studies is to have a linux admin that is literally dumb as fuck.

So fuck is actually very, very dumb? I don't understand your use of the word "literally" here, as it seems misused.

Re:MySQL

[zippthorne]

Ironically, the word "literally" is seldom meant in a literal sense.

Re:MySQL

Again, let me say that we chose components based on market share without knowing that these issues would crop up.

  Uh huh, right, didn't know. So how much did Bill pay you?

Re:MySQL

[IamTheRealMike]

Uh, you're assuming admins understand the baroque and unique API versioning system glibc uses, in which a binary can require a new version of glibc yet also somehow not require it when rebuilt from the sources.

This system is incredibly unintuitive, extremely silly and I am not surprised that admins do not understand it given that most Linux users don't either.

Re:MySQL

[IamTheRealMike]

Whether it's supported by Sun or not is mostly irrelevant, Windows does allow for this sort of thing. Binary compatibility certainly isn't an issue which mostly affects closed source software, the exact opposite is true, binary compatibility problems are worst in an open source system like Linux (because developers have dumb attitudes towards binaries).

Re:MySQL

[rholtzjr]

Of course he did. That was the whole point of this study. When would a Windows system do better than a Linux system with respect to upgrading components while putting constraints on what they can do. In my opinion, this study has no merit execept that is exhibits what NOT to do when requirements for an application are not met.

Here is what convinced me that this study is totally bogus.

From his assumption:

* The business migrates operating system versions at the end of the one year period to the latest versions of the platform.

Since SLES9 was released around Aug 2004 (approx.), this would probably mean that since they upgrade their OS at the end of year, then more than likely they would be setting this environment up in their test/development environment within the next couple of months( say Oct at latest ) . Now, MySQL 4.1 went GA around Oct 2004( aprox.) so technically 4.1 was not available until around that time frame.

When was the decision to go to 4.1 made? Was the upgrade so important that is must bypass the development/test phase and preempt the OS upgrade that was hapening in two month?

I see this scenario as nothing more than what conditions can be created to ensure that one system fails and the other does not.

I do not look as this scenario as a failure/benefit for any OS. I look at this scenario as a failure in the Software Engineering process that was used. The sequence of events that formulated the conclusion(s) are fictitious and do not reflect a real world scenario in respect to the real world application life cycle.

This is also an example of failed requirements gathering in the analysis phase and instead of redoing the requirements based upon their glibc version incompatibility findings, they proceeded down the wrong upgrade path and thus causing a catastrophic (at the extreme) system failure or an unsupported system by the vendor. In this scenario the requirements would not be met once a single application that would make a Commercially support OS/Application no longer under contract support.

Would I hire this person to design my IT infrastucture? Sure! If he comes up with a plan that I agree with :)

Re:MySQL

[Darth]

When designing the test, shouldn't it have been part of the design criteria that the third party application actually be built for the versions of the operating systems being tested? It seems to be the fundamental disconnect people have issue with is that the vendor app was built for windows xp and for either a later version of SuSE or for distributions that include a newer version of glibc.

Since glibc upgrades are generally part of a complete os upgrade, wouldn't it have been more fair to use a distribution that includes the required glibc version, or use a product that doesnt require that glibc version?

Isnt this test almost akin to asking the windows administrators to install a software application built for vista onto a windows xp box?

It seems to me that what the study really says is that you shouldnt install software built for SuSE Enterprise 9 on a box running SuSe Enterprise 8 without upgrading the operating system.

I would be concerned for the CTO's sanity if the he mandated we had to use a certain vendor app, mandated that we couldn't upgrade the operating system to one that supports the system requirements of that app, and demanded we backport massively invasive changes that could destroy the server to get it to work.

Re:MySQL

[mrball_cb]

We have found that the rpms that are built by the MySQL group work best compared to vendor supplied rpms. We get the version that is built to match the glibc version and walk away. These admins seem to have wanted to use a built by Suse only version and didn't trust anything else. It's their choice I guess.

Re:MySQL

[Shawn+is+an+Asshole]

Or even easier, they could do like I did to get a 64 bit binary of MySQL 5 for OpenSUSE. Download the source rpm directly off of MySQL's website and do a "rpmbuild --rebuild".

Re:MySQL

[exa]

Well, I have never seen an intelligent fuck myself :)

Re:MySQL

[Spoing]

Whether it's supported by Sun or not is mostly irrelevant, Windows does allow for this sort of thing. Binary compatibility certainly isn't an issue which mostly affects closed source software, the exact opposite is true, binary compatibility problems are worst in an open source system like Linux (because developers have dumb attitudes towards binaries).

I get the feeling that you really believe all that.

Re:MySQL

[Fallingcow]

This system is incredibly unintuitive, extremely silly and I am not surprised that admins do not understand it given that most Linux users don't either.

This is so important and basic that any Linux admin who does not understand it would better be called an "admin in training". Maybe "low-level power user". Certainly not suited to running an enterprise Linux setup without close supervision by someone who does know basic stuff like this.

Of course, the 5 years' experience for these guys may have been using Webmin (or SuSE's admin tools or whatever) to add new web sites and users to an Apache setup on a box that someone else installed and configured. Sure, that's "Linux admin experience". Right. Just like adding new sites in IIS' GUI is Windows admin experience.

Judging by the blatant dumbfuckery of some of the things they did, I'm going to say that this is probably the case. They're "Linux admins" just like all those people who popped out of the woodwork during the .com boom were "webmasters".

Re:MySQL

I didn't know I could run the newest version of Office, Microsoft Exchange or any other software on that Windows 3.11 for worgroups license I have laying around. The problem in this case was running new binary applications on an old O/S.

Re:MySQL

[Ambassador+Kosh]

So far in my business I have not ONCE ran into this problem and I have been doing this for about 6 years. One of the early rules we adopted is that closed source is NEVER allowed to be used for anything important. So you can have a closed source browser to do some testing or a closed source pdf reader to check how it renders something but if those apps should break for any reason then all you lose is a compatibility test and no work of any kind.

Actually we try to use python as much as possible and failing that we tend to use things that are done in c that are well supported enough that I can just recompile them however that has not been an issue.

When you install software that your business relies on you have to think about the consequences of doing so. If you rely on something closed source and it goes away or dictates that you have to change in a certain way then you don't have many choices. By the same arguement if you use a free software project and the project goes away etc you have to deal with that also.

Re:MySQL

>Since SLES9 was released around Aug 2004 (approx.), this would probably mean that since they upgrade their OS at the end of year...

You have got to be kidding me. General IT practice in large shops I've seen in is not to upgrade if you can help it, certainly not before the product has been out for a year or two so that the bugs can be worked out and a re-validation of the system with the new version can be scheduled.

Re:MySQL

[terrapin44]

Why the fsck would any IT manager/sysadmin choose a third party application without even looking at the system requirements? Maybe I should do a study saying I can't get three Windows admins to install MS IIS to run on my Plan 9 install so it is no good. It might be an exaggeration but that is the same type of thing you did here.

Re:MySQL

[Ashley+Bowers]

Great name :-( Would have been glad to answer your question but am offended by your name so I will just tell you that I know and am glad that you don't know!

Re:MySQL

[kscguru]

Windows DOES NOT allow for that sort of thing. Yes, if you restrict yourself to just the API that's backwards compatable you'll be fine... but have you read the Win32 API docs? Notice how many of them behave differently on previous versions of windows - or simply aren't implemented there? Any non-trivial application (read: any real-word application) will have some of those version-dependent API calls, whether due to use by the program itself or by support libraries. Most server-class apps are written with a W2K or lower API target, regardless of what platform they actually run on, just to avoid these issues.

Supported configurations are a Big Deal. The real flaw of this study was that it studied supported configurations under Windows, but included unsupported configurations under Linux. Choosing products by market share is not a justification for such blatant administrative stupidity. An unsupported configuration means potentially more work; that is all this study proves, and we knew that already.

Re:MySQL

[rholtzjr]

You are correct. I came from a large IT shop. Approx. 1800 people. What I was trying to point out that the scenario was totally bogus and not a real world scenario in regards the requirements he was providing. I was following HIS assumption, not mine.

Re:MySQL

[Weedlekin]

Baloney. Ever heard of "DLL hell?" It refers to Windows applications installing new (or is some cases old) versions of dynamic link libraries that break other applications, including Windows itself. It was so problematic at one time that sysadmins had to adopt a policy of reformatting every machine after a certain period of time had elapsed (6 months was common), and reinstalling the OS and all applications software to prevent repeated system crashes, slow responses, and many of the things we now more commonly associate with bots etc.

The good news is that things improved with Windows-XP. But there is also bad news, like for example service packs that break a raft of applications (including Microsoft's own ones), the rather large collection of commercial applications that require administrator mode to run, all those that (for example) will only work on Windows-XP Pro or Server-2003, plus many written for prior systems that won't run at all or run poorly under XP no matter how much you tweak the compatibility wizard (and I'm not talking about DOS software here).

Extremely dumb attitudes towards binaries are therefore alive and well in the proprietary Windows world, and have been for many years. Note though that I do not claim that this excuses open source developers, who should aim to be better than the Windows world rather than merely no worse.

Re:MySQL

[tuomoks]

I would even go a little further -
"Thus, my long standing position that there is no such thing as a "good" admin who hasn't also done some development work."
- not even admin, they used to be called operators but what do I know, we were called systems programmers not admins managing large installations.. have a nice day.

Re:MySQL

[ajs]

Good for you! I'm actually very glad that this has not come up for you. I'm sure there are many types of business where controling the platform isn't neccessary, but they're in the vast minority, and testing should account for the majority, I would think.

Well

[flyinwhitey]

When this study was originally posted, many of you slashbots rushed to dismiss it solely on the basis of funding.

When I brought it to your attention that doing so is fallacious, I was modded down into oblivion.

Inevitably the same people will post again, with the same fallacious arguments, claiming that this guy is a shill for MS.

I'll be interested to hear the excuses that are made this time, and I can guarantee that several people will attack this man personally for no reason other than the results of his study.

So how about, instead of relying on old prejudices, we instad attempt to actually examine the research and gauge it on it's own merits.

Re:Well

So how about, instead of relying on old prejudices, we instad attempt to actually examine the research and gauge it on it's own merits.

because this is slashdot. the word "reason" does not exist around these parts. the only proper response for this type of article is "M$ iz teh suX0r!", regardless of it's content.

Re:Well

[nharmon]

Just because he says he's not a shill does not mean he is not.

I wonder if we would get the same results if we repeated the experiment, and not have it funded by Microsoft.

Re:Well

Nah, now that this guy has spoken in person I'm predicting a largely positive response from the slashbots. His responses have a soothingly open and reasonable vibe.

Re:Well

[MSFanBoi2]

If said experiment was repeated, funded by say RedHat and they found the same results, do you think they would have the acument to publish them?

Re:Well

[flyinwhitey]

"Just because he says he's not a shill does not mean he is not."

If you think he's lying, then be a man and say it, don't hide behind the "MS funded it" fallacy.

Re:Well

[HolyCrapSCOsux]

Preach on brother!!!

I only use Windows 'cuz I cant reliably run Eve Online on Linux.

Other than that, I think that for me, they are close enough.

Re:Well

[nazh]

Sure they would.And then said that Red Hat beats both ms and suse ;)

Re:Well

[slavemowgli]

I think you're wrong. Dismissing a study based solely on who commissioned it (which is different from just funding it) is not fallacious, it's common sense. Think about it for a moment.

If you can't see why it is, consider this analogy from sports: if an athlete gets doped prior to an important event, they'll get disqualified. That is common sense, too, and arguments like "he would've won even if he hadn't taken anything" or "the substance he took didn't actually do anything" would be laughed at. It's obvious that doping is a no-no, and that when a competition involves doping, there is no level playing field on which to compete anymore, so the only thing that really can be done is to categorically disqualify anyone who uses doping, period.

The same thing is true here. It might well be that windows is a better server OS than Linux, but the fact that Microsoft commissioned this study makes it worthless *no matter* which conclusion it comes to. And it's not even necessary to look at the study's findings or how it was done to know that, just like it's not necessary to check a doped athlete's time / points / ... to know whether they should be disqualified or not. Sportspeople who use doping are always disqualified, and studies that are commissioned by a certain party to examine that party's product and its competitors are always worthless.

It really is that easy.

Re:Well

[cmacb]

I can't remember ever hearing a shill say "Hey, I'm a shill!", and more importantly, many who act as shills do so without knowing it. As addressed in other parts of the discussion here, there were problems with the study not covered by any of the questions. The researcher may be a nice guy, and his research may have been done in earnest, and it could still be fatally flawed.

I agree that the readership of Slashdot may not be typical. But I still bet that most Slashdot readers are Windows users, not Linux users. If there is a tendency to question such studies here I think it has a lot more to do with the fact that the results defy common sense, and they defy our own experiences.

If I show you a study that demonstrates that SUVs get better gas mileage than small economy cars you are likely to have questions (unless you are extremely gullible). Answering the first round of questions about such a study isn't likely to assuage most peoples skepticism either.

Pardon me for wondering why, if Windows is so secure and easy to maintain, so many, if not all, of the exploits that make the news concern Windows systems. With the exception of physical machines being lost or stolen, and eliminating cases where some careless administrator forgot to set meaningful passwords, almost all occurrences of data being stolen or compromised involve Windows systems.

If the study is flawed, it is a legitimate question as to whether the funding of the study was an influence. Don't expect the recipient of the money to be too useful in figuring this one out. If the study was not flawed (that is, the results match reality) then one has to ask how are users of non-Microsoft systems accomplishing this brilliant cover-up.

Re:Well

[nharmon]

I'm not saying he is lying because I have not repeated the experiment. He could be right. I think this study is highly suspect because Security Innovation seems to be Microsoft-biased. In all three reports that Security Innovation has performed for Microsoft, they have concluded "Microsoft SQL Server 2000 on Windows Server 2003 had fewer security vulnerabilities and fewer days of risk compared to the MySQL and Oracle solutions[...]", or something similiar.

So, let's not pretend that SI is some independant company that was called on to do this study one day by Microsoft. They had delivered before for Microsoft.

Re:Well

[nharmon]

I'm sure you meant Novell, and not Red Hat. Either way, I would have a problem with the study. Security Innovation has never released a study showing Linux to be superior to Windows in anything. If I were choosing a company to do a study on something like this, I do not think I would choose a company that has 100% consistently reported Microsoft products as being superior...unless I was Microsoft.

Re:Well

[rolfwind]

So how about, instead of relying on old prejudices, we instad attempt to actually examine the research and gauge it on it's own merits.

The problem with this suggestion is that MS has already thrown so many bad studies at us in the past, it should no longer be the default to take them seriously. The burden of proof is on them, and better yet, if MS is serious, set up the study to be double-blind (perhaps funded in half by Redhat or whatnot), etcetera, publish the results whatever they may be. Follow all scientific procedures. Or better yet, a challenge between a linux team and a MS team on something like making a server that can survive the most hits - where both teams have equal motivation to tweak their machines and whatnot.

It should not be, pay some guy/group to do a linux/MS, publish results if the results are good otherwise they don't see the light of day. MS did this so many times, they should be laughed at and not looked at. People's time is too limited for that.

It be like if Bush came with another proposal for a war. The burden is on the other side. They lost their credibility, they should be the ones working hard to get it back. Not us.

, it's not our problem anymore to examine them

Re:Well

[lifebouy]

I find it particularly funny that creationists are bashed mercilessly on Slashdot for their blind faith, while Slashbots act in very much the same manner when it comes to Windows versus Linux.

You bring up a great point. Let me tell you why this happens. Slashdot, for the most part, is the IT community, and, for the most part, composed of highly intelligent people who actually do read studies and question things.
Here's an anecdote to show what's really going on: Imagine some scientist writes up a study, and concludes that Everest is the tallest mountain on Earth. He or she will be battered by other scientists, who know that Everest is merely the tallest mountain on land, and that there are a great number of taller mountains along the ocean floors.
The IT community, much of which composes Slashdot, knows from experience that in nearly every server situation Microsoft products are the poorest choice. Sometimes it's because of security concerns, other times it's because of potential vendor lock, or performance issues, etc., but there's always a better choice than windows for servers. Now, there are areas where MS Windows kicks butt, such as some forms of multimedia development (Flash, Director)...Okay, well, that's all that comes to mind. My point is, trying to sell "Microsoft is better" FUD to the IT community is like trying to sell Everest as the tallest mountain to the geological community. They just know better. And aside from personal views on creationism, let's look at the arguements. Every Intelligent Design arguement I've seen is based on classic con-artist tactics. As is most religious dogma. A Slashdotter, by now, should be able to smell bullshit a mile away, and they can. The reason ID get attacked so fiercely is exactly that. ID people make intelligent people want to scream, "Dumbass! You've been sold a half-baked con! Don't spread that shit around, you might infect others."
And as a final thought, this is Slashdot. You will get flamed, whether you are right or wrong. If you want to have a serious conversation on a given topic, this is not the place.

Re:Well

[mpcooke3]

I wonder if we would get the same results if we repeated the experiment, and not have it funded by Microsoft.

It's traditional to fund 10 independant studies and publish the ones that came down on your side.

Re:Well

[ninjaz]

I didn't comment on the two previous stories, but I think the concerns over reputation are valid.

As the researcher has stated, this study doesn't really say anything that can be applied in a general manner between the operating systems, yet it should have been obvious that Microsoft would treat any positive results as "proof" that Windows is more maintainable than Linux. And, that's exactly what they proceeded to do.

This is what smells funny to me:

We can never have a verifiable answer to the following questions:

1) How many studies did Microsoft commission from this researcher or his company?

2) Was there an extra fee demanded for rights to publish the results? (If so, there is an inherent incentive to select for cases which would favor Microsoft)

3) Might we imagine that Microsoft would be more likely to give him repeat business if favorable results were given?

Regarding the glibc issue, common business requirements are that one uses a certified application stack from the software vendor. Anything that would be 'certified' on a Frankenstein system with the system glibc torn out and replaced is a bit of a stretch. One would also expect that Novell would not support such a configuration - getting into that sort of situation is generally a big no-no in an enterprise environment. Speaking as a system administrator, the fact that something this took place removes any credibility this study may have had.

Of course, these studies can sometimes lead to positive change, but often at the expense of the reputation of researcher or company lending its efforts to the Microsoft marketing machine.

In the case of shoe-horning an application into an unsupported distro, however, the only thing it really says is: Don't create business processes that require pounding a square peg into a round hole.

We will never know the true story about what happened between the researcher and Microsoft, but, I personally have trouble accepting any Microsoft-sponsored research concerning the competition based simply on their long history of backroom deals aimed at gaining some sort of tactical advantage.

As for your 'slashbot' remark - Humankind in general has been judging people by the company they keep for quite some time now.

Re:Well

[flyinwhitey]

"So, let's not pretend that SI is some independant company that was called on to do this study one day by Microsoft."

So, you're asking that you be allowed to judge this information based on your biases, and not on its merits?

Why is that necessary, when the methods of evaluating the research without bias are better?

See, that's what you miss. The methods of evaluating research that exist are perfect for detecting flaws. You're just adding excuses for MS to use.

Re:Well

[flyinwhitey]

"it is a legitimate question as to whether the funding of the study was an influence."

No, it isn't. You think it is, and that's why I posted.

"A Circumstantial ad Hominem is a fallacy in which one attempts to attack a claim by asserting that the person making the claim is making it simply out of self interest. In some cases, this fallacy involves substituting an attack on a person's circumstances (such as the person's religion, political affiliation, ethnic background, etc.). The fallacy has the following forms:

      1. Person A makes claim X.
      2. Person B asserts that A makes claim X because it is in A's interest to claim X.
      3. Therefore claim X is false.

      1. Person A makes claim X.
      2. Person B makes an attack on A's circumstances.
      3. Therefore X is false.

A Circumstantial ad Hominem is a fallacy because a person's interests and circumstances have no bearing on the truth or falsity of the claim being made. While a person's interests will provide them with motives to support certain claims, the claims stand or fall on their own. It is also the case that a person's circumstances (religion, political affiliation, etc.) do not affect the truth or falsity of the claim. This is made quite clear by the following example: "Bill claims that 1+1=2. But he is a Republican, so his claim is false."

How many different ways can I post this? How many ways do I have to refute you? Why can't you simply read the definiton, accept you didn't know something, and correct your error?

Re:Well

[nharmon]

Again...the problem is that we have to take the researcher's word for it in a lot of cases. For example, how do we know the Linux techs were not just people like me, who had many years of Linux and SuSE experience (10 with Linux, 6 with SUSE), but still didn't know very much about what was being done here.

Re:Well

[flyinwhitey]

How does that involve MS?

You see, any problem you claim is related to MS will ALSO be a flaw in the design of the study, and will damage the study's credibility.

Or, do you not understand how research is done? In all honesty, I assumed you did
but I suppose I could have been jumping to conclusions.

Is that the problem? You're ignorant to how research is conducted?

Re:Well

[carlos_benj]

If said experiment was repeated, funded by say RedHat and they found the same results, do you think they would have the acument to publish them?

I don't know what 'acument' is, so I really can't answer your question.

Re:Well

[nharmon]

It only involves MS in so that they are the ones choosing who to pay to do this research. They're much more likely to choose someone who has a track record for pro-MS conclusions.

As for my ignorance of how research is done--you might be right. My research experience is in criminalogy, not computer technology. But my bitch still is valid...you simply cannot trust the objectivity of this study. You seem to be arguing that this is simply how research is done, ergo, its not something to be complained about. I disagree.

Re:Well

[carlos_benj]

My research experience is in criminalogy....

So. In criminology one should always question the validity of the data being presented by the cops and the prosecution since their purpose is 'conviction' rather than justice? Or is it better to dispense with that and allow the evidence to speak for itself?

Re:Well

[burnin1965]

"attempt to actually examine the research and gauge it on it's own merits"

Actually I see lots of valid examination going on in several threads, but there is one major issue which makes it impossible to verify the merits of the study. The third party binary only application that created so much difficulty for the linux guys, and upon which damn near the entire discrediting of linux is based, is not revealed.

If you read the threads which question the methods the linux admins used to resolve the issues you'll see that it seems something we are not shown was preventing them from properly adminstering the system, perhaps intentionally. But we'll never know because the doc will not tell us what this mysterious third party app was that caused all the problems.

So the study remains suspect.

burnin

Re:Well

[beeplet]

1. Person A makes claim X.
2. Person B asserts that A makes claim X because it is in A's interest to claim X.
3. Therefore claim X is false.

However, it is perfectly reasonable to substitute
3. Therefore claim X is suspect
which is what most people are arguing.

Re:Well

[black+mariah]

Why can't you simply read the definiton, accept you didn't know something, and correct your error?

Because this is Slashdot, where everyone knows everything and nobody else knows anything.

Re:Well

[Fulcrum+of+Evil]

I think you're wrong. Dismissing a study based solely on who commissioned it (which is different from just funding it) is not fallacious, it's common sense. Think about it for a moment.

We haven't done that. Instead, we are examining it closely because of the funder's past record of biased studies, then rejecting it on the basis of its flawed premises.

Re:Well

[nharmon]

I'm not going to the play the comparison game. SI is not as independant as Microsoft wants you to believe, and who they choose as lab technicians is in question. Ignoring that Microsoft paid for the study, those two alone should be enough to question the validity of the study's conclusions.

Re:Well

[MrCopilot]

When this study was originally posted, many of you slashbots rushed to dismiss it solely on the basis of funding.

When I brought it to your attention that doing so is fallacious, I was modded down into oblivion.

You were appropriately modded -1 Troll.According to the all knowing WIKIPEDIA :
In Internet terminology, a troll is a person who posts inflammatory messages on the internet, such as on online discussion forums, to disrupt discussion or to upset its participants. It can also be used as a verb, meaning to post such messages, and "trolling" (the gerund) is also commonly used to describe the activity.

Yep that pretty much sums it up, go back and read the entire discussion instead of just your posts.

We made no excuses last time, we make none now. The criticism of his methodology is warranted. The specifics are laid bare in this thread and the last one.

The question is: Do you agree with his findings? Why or why not?

You attacking us for disagreeing is the very thing you started complaining about.

You certainly got more bites this time Troll.

Re:Well

[carlos_benj]

It's not a game. Either the study is flawed or it's not. If all you can see are the players you'll never arrive at a logical conclusion, just an emotional one. Even a stopped watch is right twice a day..... Sometimes liars tell the truth and some times honest people tell falsehoods.

Re:Well

[flyinwhitey]

Suspect is a weasel word which means "it's wrong, but we're too afriad to say it outright".

"However, it is perfectly reasonable to substitute
3. Therefore claim X is suspect"

Nope, wrong, incorrect. It's the same fallacy, cloaked in slightly more weasly words.

Nice try though, maybe you'll get smarter and come back for another round.

Re:Well

[beeplet]

Suspect is a weasel word which means "it's wrong, but we're too afriad to say it outright".

Talk about logical fallacies... if you're going to change the definition of words to suit your purpose then no argument is ever going to convince you. Why don't I define calling something a "weasel word" to be a way of escaping from a otherwise sound logical conclusion you don't happen to agree with?

In any case, your position still makes no sense, either from a logical or a scientific standpoint. Every study has the potential to be skewed by bias, and every possible source of bias should be considered when weighing the results. Bias doesn't invalidate the conclusions; it informs them. By insisting that people ignore the motivations of the people behind the study, you make it harder to interpret the results.

Re:Well

[honkycat]

Wow, just wow.

If we're talking about theorems, then the source doesn't matter, at least in principle. There, truths are true, falsehoods are false, at least until you start questioning your axioms or pushing the boundaries of incomplete logic a la Goedel. However, you still find people checking each other's work and the source still does make a difference for the credibility of a claim.

Here, we're talking about a study grounded in a far from a mathematically perfect domain. The results have as much to do with the methodology as they do with the system being examined. The results are not "true" or "false." Furthermore, there are enormous external pressures -- political and financial -- that may taint the work. These are present in any such study, but when competitor A funds a study comparing its product to one from competitor B, the output of that study is damn well suspect.

From the OED:
suspect: A. adj. Suspected; regarded with suspicion or distrust; that is an object of suspicion; in early use also, exciting or deserving suspicion, suspicious.

As you will note, this does not mean "false." What it means is that one would be a fool to take the study on its face because there is reason to suspect it may not have been independent. However, you need not simply disregard the study -- further scrutiny is in order. More scrutiny than would be needed if there were not such a clear path for influence.

Anyway, it seems you have spent so much time memorizing definitions from your undergraduate logic textbooks that you've lost sight of how they connect to the real world.

Re:Well

[cyphercell]

Good work! Why not have Red Hat Certified Engineers vs. Microsoft Certified Engineers maintain two systems granted normal control over their environment and an equal server load. For realism both servers could be linked from slashdot (mirroring latest results) from time to time. Also, he already said M$ would get the results if they were unfavorable. We need someone to pony up some dough, so, they own the results. I think if he were a shill he wouldn't be here, it seems to me his candidness about ownership of research data speaks for itself.

I don't think this guy avoided any questions...

[MSFanBoi2]

Looks like a bunch of honest and detailed answers with no dodging...

Don't forget-Lies, damn lies, and Linux.

"No if just once a bunch of other studies leaked we could get a real view over what MS is doing with their researches all the time..."

And why doesn't Linux sponser some (factual) studies? Complaining about a competitors studies not proving your product is better is simply stupid.

Re:Don't forget-Lies, damn lies, and Linux.

[Mind+Booster+Noori]

Because first you have to find "who is Linux", and then, someone would have to care about this kind of competition. Once again, Linux isn't about competing against Windows.

Re:Don't forget-Lies, damn lies, and Linux.

[Teresh]

Because Linux isn't a company, let alone a monopolistic one. Linux is better because it is Free. I am led to believe that most people think freedom is better than being controlled.

Windows is control. Linux is freedom. Do you want me to sponsor a study on why freedom is better than control or should I just refer you to the Declaration of Independence and let that document speak for itself?

Re:Don't forget-Lies, damn lies, and Linux.

"I am led to believe that most people think freedom is better than being controlled."

Uh... while I feel the pretense of the comment is correct. If you're being led somewhere, aren't they in control?

Re:Don't forget-Lies, damn lies, and Linux.

[Commander+Trollco]

WHOOSH!

You made an interesting observation

[plover]

You said above "I agree though that one is tempted to dismiss research a priori though because of funding or some vendor tie. I think a good way to reverse the trend is to open the process up to public scrutiny; thats probably the main reason I came on Slashdot."

You obviously see the value of public scrutiny in what you do. So do we, we're obviously paying attention to your studies, and are pleased to see the "inner workings." It certainly helps lend credibility to your points. But it also begs the question: why doesn't Microsoft extend that same logic to operating systems or applications?

Re:You made an interesting observation

[AceJohnny]

hy doesn't Microsoft extend that same logic to operating systems or applications?
Similarly, why doesn't Jane do as Bob does? That's an easy one, even I can answer that.

Because they're completely different entities, with different motivations, interests, and constraints.

Besides, you're comparing apples to oranges: being open about the way you conducted a study and being open about your OS or apps are two completely different things!

Re:You made an interesting observation

[plover]

The point I made was "being open means being believed, and even Microsoft sees the truth in it."

The motivations, profits, or whatever are irrelevant to that point, but gave rise to my question. Rephrased, it can be asked "what are those stumbling blocks that prevent you from following this path with your other products? And can you remove them?"

Re:You made an interesting observation

[heatdeath]

But it also begs the question: why doesn't Microsoft extend that same logic to operating systems or applications?

Well, they are pretty open about the APIs and formats now - they're opening up the office 12, and they have extensive documentation of all external APIs. If you're talking about source code, it's obviously not a logical exension at all.

Re:You made an interesting observation

But it also begs the question: why doesn't Microsoft extend that same logic to operating systems or applications?

If you really don't understand why MS doesn't want to open source their entire product line, you have to be some piece of work. Sorry, but really... c'mon.

Meta-credibility?

[spazmonkey]

Not to sound like a troll, but meta-credibility does also work the opposite way;

        anti-$ rag says that grassroots anti-$ os/app/whatever is "the best" and you will have an immediate knee-jerk reaction from the community defending it to the death and proudly installing it on thier boxes just to say they did, even if it takes several dozen man-hours to get it to do anything even marginally useful.

        Dogma is probably even more dangerous and counterproductive than putting blind trust in some $corps marketing stooges, as hard as that is to comprehend.

        Sorry, just watched six guys on laptops code and tweak for two hours failing to get the newest, hippest OS du jour to even recognize basic hardware.

Re:Meta-credibility?

[geomon]

Sorry, just watched six guys on laptops code and tweak for two hours failing to get the newest, hippest OS du jour to even recognize basic hardware.

No need for apologies. Apple users were watching Windows users perform the same frustration-filled dance for nearly two decades.

It took the XP release for Microsoft to get right what Apple did in the 1980's.

I think that Linux has made some marvelous achievements with a fraction of the financial resouces of Apple and Microsoft. To compare Linux to Microsoft and declare Microsoft the winner is like declaring Dilophosaurus the best and final winner of evolution 190 million years ago.

Linux's primary achievement has been to keep the operating system market competative and alive. By constantly nipping at the heels of Microsoft, open source products like Linux have kept Microsoft working hard to develop new products. By showing that open source software (e.g., BSD) is a viable platform for developing high-end user interfaces (OSX), Apple has benefitted as well.

Anyone who dismisses the real lessons of what Linux has achieved in the last 16 years is fated to be stuck in the Jurrasic with the other dinosaurs.

Re:Meta-credibility?

[kurokaze]

I think that Linux has made some marvelous achievements with a fraction of the financial resouces of Apple and Microsoft.

Well, to be fair, if you had to pay the linux contributors the same hourly rate that you would pay the average programmer at Microsoft or Apple, I'd be interested in seeing which OS actually costs more. And add on top of that, Linus dictating which features needed to go in and when. That's something I'd really be interested in seeing.

Re:Meta-credibility?

[geomon]

Well, to be fair, if you had to pay the linux contributors the same hourly rate that you would pay the average programmer at Microsoft or Apple, I'd be interested in seeing which OS actually costs more. And add on top of that, Linus dictating which features needed to go in and when. That's something I'd really be interested in seeing.

Good point, if the economics were comparable. It would be interesting, for instance, to calculate how much money would have been spent by local farmers if they had hired a contractor to build their barn rather than by paying it forward by helping raise their neighbors barn.

Or how much money would have been spent if soup kitchens had to pay for their food rather than relying on donations. Or how much each Habitat for Humanity house would cost if it had paid for the volunteer labor.

That is the problem with comparing a commercial venture with a volunteer effort. The economics aren't the same. My point was considering the vast amount of capital that Microsoft and Apple have at their disposal, why is Linux so close in quality that these arguments over which is better are even possible?

Re:Meta-credibility?

[Nintendork]

"It took the XP release for Microsoft to get right what Apple did in the 1980's."

And I'm sure if microsoft only had to make their software work on a limited set of hardware, they could do it to.

-Lucas

what I really wanted to see answered:

[ananke]

From a purely technical point of view, I was mostly interested in seeing the following question [and thread] addressed:

http://interviews.slashdot.org/comments.pl?sid=168 949&cid=14084692

Re:what I really wanted to see answered:

[FFE4]

In response to the question you referred to about fairness, here's why I think the study was fair, and here's what I think the limitations are. If I'm a business that needs to deploy some solution I know what I need in terms of business requirements. There are a lot of ways I could technically implement a solution to those business problems. We tried to come up with a methodology to give people insight into the challenges they might run into before they do an enterprise deployment. In the experiment, you've got the assumptions we started with, and the administrators were given fairly free reign. As far as patches, the Linux guys ended up going to different places at Novell for the majority of components and then to MySQL for updates for newer versions they installed. Similarly, the Windows admins had to go to the Windows Update site for patches but also had to check for patches to SQL Server. At a high level, giving some folks business requirements and seeing how they implement them with a particular technology base is fair. The limitations though are the small sample size, the lack of a detailed configuration control policy and the high potential variability of the small group. I think that it's great to question the paths that the admins followed. I think that there are a million ways that they could have approached things, and I guess the key takeaway for me is that given three experienced linux admins we got three really different results. I do think that if that's recognized as a challenge then we can put procedures in to minimize the risk of some of the problems encountered here. You may be prepared to assume that responsibility and in some situations it might even be in your best interest to do so (possibly highly customized environments, embedded, ...). I hope that this study will put Company X be in a better position to do their own evaluation.

Re:what I really wanted to see answered:

[ananke]

I think we need to clarify something, because it seems that majority of the geek slashdot users have the same baffled look on their faces as I do:

1) 3 individual linux administrators were put to a test. Each one had 5 years of experience.
2) Each one of them decided to upgrade glibc:

2a) one decided to do it from scratch, "from GNU site" [I assume that meant compiling it]
2b) second went to upgrade using packages for a new version of suse, and only that
2c) third did something similar to the second one.

Now, call me crazy, but somehow points #1 and 2a/b/c do not match up. Nobody with that much experience should ever consider the solutions taken by those three people. Especially 2a - nobody in their right mind would ever consider that. It's just way too risky. That's why I'm wondering - were they asked to go that route? Where they given instructions to go beyond of what the vendor supports?

Considering that it is mentioned that a new version of suse was available, why nobody decided to upgrade the entire distribution?

You may be right, the ability to perfom #2a is something that wouldn't be possible in the windows world, thus eliminating the possible problems it may cause. However, something still doesn't add up. Those admins should have never attempted those routes.

other than that, interesting paper.

Re:what I really wanted to see answered:

If I'm a business that needs to deploy some solution I know what I need in terms of business requirements. There are a lot of ways I could technically implement a solution to those business problems.

And that's why your study is flawed. Because in a real production environment, you would never simply 'upgrade' glibc. As other posters have pointed out, that would be like replacing kernel.dll or some other core component on Windows and expecting all the other componentry on Windows to work fine. Any Windows Sys Admin who knows his/her stuff (or is a MSVP or what not, like you) would know that is insane, you simply would not do that in production environment - and that's why you pay Microsoft, SuSE, Red Hat, etc to *make* sure everything works together. To put this in simple terms, by replacing glibc, you essentially voided the warranty, you're on your own.

Kudos to you and your team for devising a scenario where the 'requirements' are such that one needs to upgrade to glibc, rather than going to the newer version of SuSE, and Kudos also for finding Linux folks that would do that. Were they certified Linux admins, by the way?). Exactly, only Linux hackers would attempt that, and that definitely is one of the cool things about Linux - you can't even compare with Windows because it simply isn't possible, but on the other hand, no Linux sys admin in their right mind would attempt such a thing on a *production* system. Flawed requirements - flawed study - flawed conclusions.

Re:what I really wanted to see answered:

[dtfinch]

I still think this was unfair, but I'll accept that all unfairness was entirely unintended and accidental. Maybe the admins thought they had to stick with Suse 8. Had the results favored Linux, the study would not have been published.

Too bad about all the negative press. Did Microsoft comission this study directly? Or did they go through a third party for anonymity?

Re:what I really wanted to see answered:

[exa]

What do you think has happened?

What kind of a dumb fuck would not think of upgrading the system??? What good are all those package managers?

Re:what I really wanted to see answered:

[Fritzed]

I believe this situation illustrates the main flaw I see in your study. Everyone seems to be in agreement that the glibc update is what caused a lot of the skewed results. While I don't believe this was planned for in the study it still happened. You said that the application and distribution versions were chosen based on what was available at time the study started, which is essentially a random variable. In order to make a valid study, it seems you would have to do multiple tries starting at different times. Had you started a study directly after a new windows release, would you have used the new windows version? If not, would you have required the newest IIS version that would no doubt only run on the newest windows? If you required a newer IIS version than windows version, the update would not only skew the results, it would likely end the test, as such a thing is not possible. Yet this is the situation you ended up putting the linux systems in with the conditions you set. I'll say again, it seems any valid study would run any test like this more than once before saying it had any kind of conclusive results, I'd like to know why your study should given any value by an administrator taking this into account. I ask because it seems to me, that new systems will not be started using the newest software from July 2004.

A more personal problem I have is that I find it hard to believe 3 competant linux server administrators would choose Suse for this purpose. It's a great desktop system, but I'd never use it as a server, nor do I know anyone else who uses it as a real server.

-> Fritz

Re:what I really wanted to see answered:

[dschl]

It appears that your Milestone 2 search engine is Verity Ultraseek. Their list of customers overlaps quite well with those listed in Appendix 5 of your "report". Verity claims the following system requirements in their brochures:

Databases: Oracle, Sybase, MS SQL on Solaris and Linux, any ODBC compliant database on Windows. Support for binary large objects (BLOBs)

The lack of proofreading by Verity is rather amusing, as I was not aware that MS SQL was available on either Linux or Solaris, but I digress. I'm not sure which version you used, but Version 5.3 (June 2004) does not appear to use an external DB, and 5.4 (released June 2005) also does not appear to require an external DB, and does not appear to support MySQL out of the box. The documentation from Verity recommends that

"In general, database collections are more difficult to set up than an HTTP spider collection. When possible, we recommend that you use an HTTP spider collection rather than a database collection to serve content to your users."

Furthermore, even the current version only requires glibc 2.2.4 according to the brochure, and from what I can find, Suse 8 shipped with glibc 2.2.5.So why the need to do something stupid like upgrade to bleeding edge glibc at Milestone 2, when the product does not require it?

The sole options for downloading Ultraseek versions 5.3 or 5.4 included a .tar.gz or a RedHat rpm. Without a Suse RPM, I wonder how well they really "support" Suse in the first place.

As other posters have more eloquently noted, the support time for Linux was skewed by the third party software. You claim that

"The specific 3rd party vendors are not disclosed because the focus of the study is the methodology and not a specific component."

I call bullshit. You cannot expect the same level of support for a third party solution on such different platforms as Windows and Linux, and I would question the sanity and quality of any vendor that required bleeding edge versions of MySQL and glibc, as your report appears to indicate. In addition, what compelling reason is there to do an component upgrade which breaks a system - did your "leading" third party vendor drop support for a year old enterprise distribution? Many enterprise admins didn't apply SP2 on Windows for a year, so why would you do an equivalent upgrade on Linux just because of a component upgrade? The entire point of enterprise level distributions is that they are NOT moving targets. You're doing the equivalent of expecting the stability of Debian Woody, while running Sid.

A key premise in the scienctific method is that research be reproducible. Your work is not reproducible without a full listing of all software, all patches applied, all data used, and so on. Overall, while your study may appear to be valid, on a superficial basis (you have some good methodology), it is about as scientific as homeopathy or "zero point" drivel.

Darren

Re:what I really wanted to see answered:

[dtfinch]

but I'll accept that all unfairness was entirely unintended and accidental

On second thought, this isn't your first misleading Windows vs Linux study to be published.

Re:what I really wanted to see answered:

[virtual_mps]

We tried to come up with a methodology to give people insight into the challenges they might run into before they do an enterprise deployment. In the experiment, you've got the assumptions we started with

In another followup I already explained why your constraints were fundamentally flawed. I guess there's some value in knowing your methodology & assumptions, but since they were poorly chosen there's not all that much value. For all that you want to talk about the importance of methodology the reality is that "a methodology" is insufficient--the methodology must be reasonable.

I guess the key takeaway for me is that given three experienced linux admins we got three really different results.

The takeaway for me is that if you artificially remove the simple and obvious solution (upgrading the OS to a coherent, supported level) you'll get a lot of oddball suboptimal solutions. That's not all that revelatory, in my opinion. Really, what kind of results do you think you'd get from three windows admins told "run this longhorn program on windows xp, and don't even think about upgrading windows (though you can copy files from this longhorn cd)". Is there a chance that you'd get three really different results? Is there a chance that endstate isn't correlated to OS so much as to insane preconditions?

Re:Riiiiiight

[MSFanBoi2]

Mostly, becuase unlike ESR, he doesn't seem to have an agenda... Unlike ESR the Dr. doesn't work for Microsoft or any OSS org...

Re:Riiiiiight

[plover]

And I find this guy to be more credible than, say ESR, why, exactly?

Because he's not a stark raving lunatic?

Credibility is a fickle mistress

I really thought the answer Dr Thompsons answer to Tackheads question was sincerely put, and I liked the way Tackhead built that question up with such polite delivery. What makes me sad, having done a bit of 'research consulting' is that the honorable intents of the man to conduct a scientific study will still have to go up through the mighty MS spin machine for some heavy editing. What I'm saying is while I think Doc Thompson is genuinely trying his best as an honest empirical researcher he might not be entirely satisfied with the way the company interprets and publishes his results. I think that was what Tackhead was really alluding to, that good men can be tarnished by no fault of their own by keeping the wrong company, and he didn't really answer that. So either he knows exactly how his work is going to be framed, or MS are paying him so much money he doesn't care what people end up thinking of him after MS have doctored his results to suit them (because we all know they always do)

Riiiiiight-Brainlinks to /dev/null.

"And I find this guy to be more credible than, say ESR, why, exactly?"

Because you used that jumbo brain of yours, and years of schooling in deductive, and inductive thinking, plus hours of research to make a factual conclusion on weither the author is indeed credible. Or maybe you took the easy way out and simply read "MS Shill" then proceeded to shut down all higher brain functions.

Re:Riiiiiight

[MSFanBoi2]

PLEASE tell me he isn't a gun rights type. He cannot even hold a pistol safely...

And the ones they do show are usually flawed.

[khasim]

In the original test, no non-Microsoft patches were applied on the Windows boxes.

Yet the Linux sysadmins were downloading mysql code from the mysql site and attempting to backport patches from SLES 9 to SLES 8.

From TFA today:

After the experiment, the administrators were asked on both sides if this kind of evolution of systems met with their real-world experience. They said yes, with the caveat of if they were asked to install a component that required an upgrade of GLIBC that they would likely upgrade the operating system as long as their configuration control policy allowed it.

In every one of these "studies" there is always something that the "study" requires that no intelligent person would do.

I don't care WHO the "researcher" is. Once they participate in one of those "studies", I have no respect for them anymore.

Re:And the ones they do show are usually flawed.

In all of my years as an administrator I have "upgraded" operating systems exactly twice on systems that are not FreeBSD. The reason? Upgrades break stuff. Random binaries don't work or some configuration file is in the wrong place or two copies exist. Something is wrong. It is usually faster to make a final backup, and install the new version and then start the system fresh from the latest backups, providing any tweaks required. Legacy components left around for years come back to bite you in the ass, 'tis a proven fact.

Re:And the ones they do show are usually flawed.

[drinkypoo]

Recording your data and config files, reloading the system with a new version of the OS, and then reloading your data is upgrading. You have just failed your reading comprehension test. Thanks for playing, though.

Re:And the ones they do show are usually flawed.

[Cylix]

Yeah,

That's all rather goofy.

If you you need X, but Y conditions don't allow X... you goto the bastards and tell them to to change Y.

Granted, change management organizations can be a bit of a bitch at times. I will also admit I haven't looked at the test in too much depth, but it honestly sounds like they were doing things really oddly.

I've also been in situations where I needed something to work and it says it required database version X. (Turns out getting to version X requires a few things that would be a pain) I still managed to get things going without a massive update.

Anyhow, there are a series of flaws I didn't like about this study and all this guy said was... "It's good you pointed that out! It's good to ask those questions! Thats how they did it and its important we look at those bunnies over there!"

Re:And the ones they do show are usually flawed.

# apt-get update
# apt-get dist-upgrade

Hmm... that wasn't so hard. I guess you fail the "competent sysadmin" test.

Re:And the ones they do show are usually flawed.

[drinkypoo]

# apt-get update # apt-get dist-upgrade Hmm... that wasn't so hard. I guess you fail the "competent sysadmin" test.

Actually, I usually use gentoo on my systems, or RHEL or SUSE for commercial systems. I don't manage them with apt.

And, if you actually had any experience, you would know that upgrades even of Unix systems including Linux often go badly awry and the in-place upgrade method may fail spectacularly. I've had upgrades of plebian in particular both work, and not work.

Re:And the ones they do show are usually flawed.

[carlos_benj]

Did you mean "upgrades of Debian" or were you just talking about plebeian upgrades?

Re:And the ones they do show are usually flawed.

[drinkypoo]

I meant debian, it seems to be the only distro where people are always saying "you just do this!" any more (since all the gentoo zealots, myself included, stopped proselytizing on behalf of portage.) Unfortunately I can't spell plebeian.

Re:And the ones they do show are usually flawed.

[carlos_benj]

I use Suse here at work and, up until a few months ago, RedHat/Fedora at home (as well as Knoppix and other live CD's). After having repeated difficulties tracking down dependencies of dependencies ad infinitum and having redcarpet hose my systems and partial installs break things that had been running fine, I decided to give debian a try since I kept hearing all the same zealots. I tried yum for awhile and it does a pretty good job of resolving dependencies but it stopped working and I wasn't able to get it running again. Since the switch I've not had any partial installs that broke other things, the packages that are in the repositories install and upgrade flawlessly, and those packages that aren't in the repositories I've been able to run alien against RPM's I download and those too seem to work just fine and resolve all dependencies. I have no complaints after several months of usage.

I'm not much of a zealot. I'm more apt to sound off when I get cranky about something that doesn't work than to evangelize for some distro (although there are things that I will extol, my OS of choice is generally not one of them).

Integrated VCR DVD story is insightful

[nuggz]

I like it, I find it very difficult to deal with the multi remote problem at someones house.

Surround sound, Satellite, DVD, VHS, cable, PS2 all plugged in. For many peoples house I just give up trying to watch TV or even change channels/volume.

Why didn't they upgrade the OS?

[khasim]

The OS upgrade was already part of the "evaluation".

Why not allow the sysadmins to upgrade from SLES 8 to SLES 9 instead of REQUIRING them to backport the glibc patches from 9 to 8?

Re:Why didn't they upgrade the OS?

[Zathrus]

Why not allow the sysadmins to upgrade from SLES 8 to SLES 9

He answered this -- the configuration control system that was in place did not allow for the upgrading of the OS.

This is not unusual -- if you know everything works with OS Y version X, then you simply do not upgrade just because X+1 comes out without doing massive testing.

He also said that after the test was done the Linux admins said that the test followed their real world experience pretty well, except that they would've upgraded the OS instead of backporting glibc. The configuration control didn't allow for that -- which is almost certainly a problem with the configuration control. If your admins say "well, we can upgrade to X+1 and certify that everything works in Z days, or we can try to backport the changes which will take W days with the understanding that it may all blow up anyway" then most businesses will go with the first route -- even if Z is bigger than W because that "blow up anyway" bit should scare the crap out of any CTO that's worth employing.

Yes, they should've allowed for the upgrading. The configuration control was overly stringent and caused undue breakage. There are certainly parallels in the Windows world where installing a patch breaks other systems. And there you're down one option -- you can either deal with the broken software, you can go back to a vulnerable/unpatched state, but you cannot port the patch backwards in most cases. Not that I recommend the latter option in almost any case -- fixing the broken apps is likely to cause far less pain.

Re:Why didn't they upgrade the OS?

[electroniceric]

Excellent point. In fact, I'd be awfully surprised if some of these experienced Linux admins didn't point that out. Even if there hadn't been these glibc issues, I'd be awfully tempted to upgrade to a newer OS to avoid the potential for having that same problem with other components. Nor are such compatibility traps between a particular platform (e.g. OS + database) and an application particularly specific to Linux, in fact SAP and Peoplesoft installations are legendary for this sort of cross-application compatibility trap. I'd be very curious to hear what the admins' reaction to the scenario was.

This study covers an area where Microsoft has invested substantial effort in making a specific set of migration pathways. Microsoft's design method has always been to streamline certain task pathways, and (by design and/or side effect) make work outside those pathways much more difficult. For example, trying to get data out of Exchange and into any database other than SQL server requires a very complex set of programming with CDO and other objects. The effort to get data out of a mail-storage system on Linux would pale in comparison, regardless of the RDBMS used. Another example in the migration area is legacy OSes. If a Microsoft operating system reaches its end of life, not only are there no further patches or upgrades issued by the vendor, but it cannot be patched by anyone outside of Microsoft. So how about a test of modifying an application on an NT4 server versus RedHat 6?

The findings of this study do seem legitimate, and its credibility is certainly enhanced by the author's willingness to open its methodology to scrutiny. And unsurprisingly, Microsoft asked for a study in an area where they already thought their product was better. I'd call it one state of a large ensemble.

Re:Why didn't they upgrade the OS?

>>He also said that after the test was done the Linux admins said that the test followed their real world experience pretty well, except that they would've upgraded the OS instead of backporting glibc. The configuration control didn't allow for that -- which is almost certainly a problem with the configuration control.

was the configuration control typical of the "real world?"

if not, the whole study is bogus and slanted.

if it was "real world," then why did the linux admins say it was contrary to their 25+ years of combined linux admin experience?

this walks like a rat, smells like a rat and looks like a rat.

why do these PAID studies always have some "gotcha" in them and this "gotcha" is ALWAYS in microsoft's favor - 100% of the time?

at least in the reports they don't hide from the press.

Re:Why didn't they upgrade the OS?

I work in a MS shop, not ecommerce but..

As soon as we can (depends on our apps and our licenses), we upgrade our Windows servers. Or upgrade consists of building a similar machine with the new OS and migrating over the old data/server/config over to the new machine. We have NEVER actually "upgraded" and existing running server without doing a complete reinstall. I thought that was normal, is it not?

Re:Why didn't they upgrade the OS?

[electroniceric]

This is not unusual -- if you know everything works with OS Y version X, then you simply do not upgrade just because X+1 comes out without doing massive testing.

That's very true, and I'd add a caveat. Tthe amount of testing and overall rate of change from X to X+1 should be proportional to how critical the resource is that the server provides. If it's some kind of departmental database where being down for a day doesn't really affect too much (as one might guess on a single-proc SLES box running MySQL), then one can upgrade with some basic testing. If, on the other hand, the server runs the organization's primary customer-facing resource, then it needs to be tested "massively" as you say. And that brings the "criticality of patches" issue back into focus - if patches really are critical, then the protocols for testing patches should be in line with the initial OS testing, and the rate of critical patch releases doesn't particularly Microsoft at the moment - at present it seems like kind of a problem for both OSes, and can be a compelling case for going with something like Solaris (depending on its patch release rate, of course).

All that is basically to say I agree with your assessment that it comes down to the merits of the configuration control policy. There are some cases where that the particular policy used makes sense, and plenty where it's overly rigid.

Re:Why didn't they upgrade the OS?

[Fulcrum+of+Evil]

This study covers an area where Microsoft has invested substantial effort in making a specific set of migration pathways. Microsoft's design method has always been to streamline certain task pathways, and (by design and/or side effect) make work outside those pathways much more difficult.

It's odd that you'd mention this (and it may even be accurate) because, apparently nobody upgrades MS OSes

Re:Why didn't they upgrade the OS?

This is not unusual -- if you know everything works with OS Y version X, then you simply do not upgrade just because X+1 comes out without doing massive testing.

Then WHY would they upgrade glibc MANUALLY fer cryin' out loud, without ANY testing? That's just asking for trouble. With the new system, you know all its parts work together.

The reason to upgrade was because they upgraded something ELSE that depended on it. When that happens, you test SuSE 9 on a separate, non-production server and see if everything still works right. Alternatively, set your env for just the one program to use the new glibc.

Re:Why didn't they upgrade the OS?

[Ambassador+Kosh]

If you replace glibc then you have upgraded the os for all intents and purposes. However you have upgraded it to a version that no vendor on the planet will support without a very large sum to do it. You are running a completely custom os that is just not out there anywhere else.

If you get to the point of needing to update glibc and you are not running debian or gentoo based distributions then you just upgrade to a newer version of the dist after testing it of course.

Re:Why didn't they upgrade the OS?

[dbIII]

So how about a test of modifying an application on an NT4 server versus RedHat 6?

You don't have to modify the application from RedHat 6, you just have to make sure you have the old libraries available and that the application can see them - then you can run the binary. You may try the same thing with the NT4 application - apart from the problem that the old libraries will have the same name as the new ones but will not always be compatible so a lot of things break (DLL hell). If you have the source it will not be much of a problem on linux - consider "xv", the current version was written in 1992 and it compiles and runs on linux systems today.

platform choices

[Keruo]

Suse is great distribution, but I'd rather place it on desktop instead servers.
I'd like to dare the author to replicate this experiment using Debian stable as linux side server OS.

Re:platform choices

[rg3]

It would have faced the same problems. The study started on June 2004 and the latest stable Debian version is from June 2005. By using Debian stable as you suggest, they would have gone with Debian Woody. The couldn't have installed the required MySQL version from official stable packages, etc. The GLIBC would have also been too old. I think that wouln't have changed many things. Besides, remember that the Suse version they used was the Enterprise Server edition. I don't think it's a bad choice at all.

Re:platform choices

[tchuladdiass]

Personally, I'd prefer the study to be done using RedHat Enterprise. I know this may leave a bad taste in your mouth, but I've found that it is more stable (in terms of least disruptive patches). Also, especially since they moved to a model of releasing quarterly updates, it is much easier to properly baseline your systems. My policy is to update all of our systems based on the quarterly ISO's, so that you don't have too many variations within the orginization.
And, if you don't want to shell out for a Redhat subscription, then you can always use one of the rebuild projects, such as CentOS or Scientific Linux (which tracks the exact same package versions)

Re:platform choices

[chainsaw1]

This is very true. I have a PPC that was hosting services that were public acessable. A recent apt-get update/upgrade blew the system, as it literally updated everything (including glibc, gcc, g++...apparently if the list of changes are over a certain length they don't always come up in the verification dialog). As a result, some very critical things broke (one being dselect/dpkg after it uninstalled apache, the other being gzip so that further updates cannot be retreived). Before, debian had been very very stable. Now, I can't tell what the hell is going on, except that most of the services are down

Re:platform choices

[Nato_Uno]

I'm betting that would be a non-starter, since Debian (deliberately) raises the bar for using proprietary solutions. The primary source of pain on the Linux side of this study seems to come from a GLIBC dependency that *seems* to come from MySQL, but more likely comes from the anonymous third-party "data mining" application itself, since MySQL has no documented GLIBC requirements that would seem to be relevant here.

My guess is that this "data mining" application has no support on the Debian platform, so Debian would be an unacceptable choice given the study constraints.

Amazing what you can achieve by making careful choices, eh? Soon we'll see the study that shows that Windows is much better at playing video than Linux is if you require the use of Media Player 9...

Re:Very detailed

[ZachPruckowski]

Only on Slashdot. Not only did you not RTFA, you admit it, then have the gall to ask someone else to read the whole monster and summarize it for you. And you'll probably get a up-mod or two somehow.

Just Kidding. I was actually going to ask the same thing, and you beat me there, so now I vent. :)

I love /. :)

Personnal variaty makes study useless

[cyberlotnet]

You could go out and pick 6 new admins and get totally diffrent results, this study is a joke!. Maybe the windows group had dealt with similiar projects before and the linux people had not?

You are not judging any measurable value, instead your study did nothing but judge the performance of the people you picked to do the study.

"Diffrent strokes for diffrent folks"

You are trying to qualify 2 seperate tasks which can both be completed X number of ways into a single conclusion. You can not do that when Y ( people invovled ) is variable. You can not possibly do that with such a small group of people.

For this study to even be close to valid it would have to be approached from a similar direction drug companys use to test there products.. A BROAD range of people ( not just 6 ) would of have to been brought together and your tests would of had to be run multiple times with seperate groups before any formation of a conclusion could come about!

Even then it does not mean your conclusion is fact! ( Every year how many drugs are found unsafe even after going through this type of testing ).

Re:Personnal variaty makes study useless

[LaughingCoder]

You could go out and pick 6 new admins and get totally diffrent results, this study is a joke!.

I agree that the people chosen to configure/administer the systems have a big effect on the results of this study. I would hasten to point out, however, *that* in and of itself is valuable information. It seems to me that with Windows, given that Microsoft has "made many of the decisions for you", and built easy-to-use wizards to aid the less-experienced admin, a company can be less dependent on the particular admin staff who sets up their systems.

An analogy might be, which is the better car - a Porsche or a Hyundai? Well, who is driving it? What is the car being used for? If you are looking for basic, reliable and safe transportation for a family of 4, the Hyundai probably wins because it's ability to deliver that is much less dependent upon who drives. If you are trying to win a road race, the Hyundai might *still* win -- a poor or inexperienced driver is more likely to lose control of a Porsche and crash.

I agree that a broader-based study would produce more accurate results. And probably we would find a much wider standard deviation in the Linux world than we would find in the Windows world. As to where the mean ends up -- well that depends on how many of the Linux admins are top-notch, now doesn't it?

Then tell us where he failed

[everphilski]

He told you his process. He told you how Microsoft approached his company. He gave you his methodology. Show us where he f*ed up.

I'm waiting... come on... all talk now? yeah...

-everphilski-

Re:Then tell us where he failed

[ookaze]

The f*cked up part is still there and well.

To sum up :
- Despite what is said, the Linux admins just do not look like experienced Linux or Suse admins
- I still don't know what is this search package (the one which required new MySQL and glibc)
- I have to question why the search package chosen was not supported by the distro, as sure enough, no sane Linux admin would have chosen it

The big question is still there : how come they ended up updating glibc ?
Glibc for god's sake !!
Sth is still very fishy here. We're talking about 5 years experience Linux admin yes ? With 2 years experience with Suse right ?
So sth does not compute here. Sure enough, I have less than 2 years experience with Suse (but 6 years of experience with Linux at the time of my story that follows). In fact, I was confronted with Suse only once, on a project, where we used the same old Suse 8 version.
I had to install lots of more complicated things : IDE RAID drivers unsupported by the Linux version provided (for Proliant servers), teaming for the Gigabit ethernet cards, LVS, ...
I had to recreate RPM for most of these things. I managed to create RPMs for all the unsupported packages, taking the source RPMS as guide. That is the only path a decent Linux admin with experience would take IMHO, if the route chosen is to use unsupported packages on a production platform (which is the case in this study). I grasped Suse in less than 1 day, knowing other binary distro.
A Suse admin with 2 years experience should know that putting a package for a newer distro will invite lots of update. He should know how dependancies work, these admins obviously did not.
What is fishy for me ? An experienced Linux and Suse admin :
- would never have gone the "source distro" route and "make install" things like that in the system
- would have created RPM for his distro
- would never have recompiled glibc, but would have recompiled MySQL instead
- even if foolish enough for recompiling glibc, would not have wiped out the old version, but made his package to install next to the old one

These supposed Linux admins behaved like they don't know how Linux OS work, or even how Suse works.

Re:Then tell us where he failed

[nharmon]

I have 6 years of general experience in SuSE administration (my primary speciality is in Cisco networking and security), and would not consider myself experienced enough to perform the tasks that this study found to be necessary. Quality of experience has as much (if not more) importance to qualification as quantity of experience.

Perhaps the Windows admins choosen were highly qualified MCSEs, and the Linux admins were people like me, who had used SuSE for a few years but never really had to do anything difficult with it.

This wouldn't be the first time that Security Innovation did something idiotic that skewed the results. For example, recently they compared the security of MySQL to MS SQL 2000, and used the QUANTITY of vulnerability reports as the basis for determining which was more secure.

Re:Then tell us where he failed

[arevos]

The dubious points of the study have been pointed out several times. The problems stems from third-party software that was incompatible with the Linux system they used. All the study shows is that an unnamed third party piece of software doesn't work with a specific version of Linux. From this sample space of 1, the study infers that server administrators can implement business targets more easily in Windows than in Linux. The study simply isn't nearly comprehensive enough to come to any valid conclusion.

Re:Then tell us where he failed

[Master+of+Transhuman]

Hell, no sys admin - Windows or Linux - should have upgraded anything as significant as the compiler or libraries without backing up the system first so he could back out the changes if something broke!

The statement that "the RPM was broken so they couldn't undo their changes" right there tells you something was wrong with these guys!

At the very least, they were probably pissed that they had to use a 3rd party proprietary system that used binary RPMs only!

Re:Then tell us where he failed

ask and ye shall receive.

Re:Then tell us where he failed

[JPriest]

The problems stems from third-party software that was incompatible with the Linux system they used

So? I get stuck with compatibility problems all the time on my Linux stuff, could it be that there is an actual cost to messing around trying to get stuff working? If there is one thing Windows is good for, it is backwards compatibility.

Re:Then tell us where he failed

[Master+of+Transhuman]

Excellent summary in one paragraph.

Now, some people will say, "Well, this is what happens in a real corporate environment - you have to do what management wants you to do. And the issue is how well can you do it in one OS or the other?"

But this is just begging the question. Worse, it's justifying piss-poor IT management decisions in the name of "reality", just biasing in favor of Windows and against OSS on the face of it. But you could easily find just as many bad decisions that result in Windows being screwed up than Linux. The point is that overall IT management policies and procedures have more to do with this study than either OS do. Which makes the study worthless as a comparison.

The study also does nothing to examine how Linux and OSS in general have great flexibility in meeting business application needs compared to proprietary solutions. In fact, the study, by requiring closed source binary RPMS for an application, demonstrates the opposite.

Re:Then tell us where he failed

[Master+of+Transhuman]

Tell it to Office 97 vs Office 2003 users.

We're not talking about "compatibility", let alone backwards compatibility, here. We're talking about closed source vs open source and how that limits your ability to deal with issues such as those raised by this particular incident.

The fact that the application is question was not compatible with the specific OS version in use was not the real issue - the real issue was being unable to deal with it without upgrading a critical part of the OS. Under Windows, an incompatibility is a SHOW STOPPER without a total OS upgrade. In Linux, there are ways around it. The method chosen in the study was either forced on the sys admins in question by the constraints of the study, OR was incorrectly chosen by sys admins who didn't know better.

This says nothing about the quality of Linux or OSS, and even more nothing about Linux vs Windows - except possibly to prove that using proprietary closed-source applications is the source of problems.

Re:Then tell us where he failed

[arevos]

So? I get stuck with compatibility problems all the time on my Linux stuff, could it be that there is an actual cost to messing around trying to get stuff working? If there is one thing Windows is good for, it is backwards compatibility.

Whether or not Linux has compability issues is not the point; rather, the point is whether you can come to a valid conclusion with a sample space of one.

The conclusions the study draws are dubious, because the study simply isn't comprehensive enough. If I see an toddler in London, would it be a valid conclusion to assume from this, that the majority of London's population consists of toddlers? Clearly not, yet the study in question does almost exactly that.

Re:Then tell us where he failed

[JPriest]

Point taken, but a slightly better example would be if you compare AMD to Intel in only one benchmark and the AMD proc won, would it be safe to assume they have the fastest overall processor? No, not really.

Re:Then tell us where he failed

[everphilski]

The problems stems from third-party software that was incompatible with the Linux system they used. All the study shows is that an unnamed third party piece of software doesn't work with a specific version of Linux.

But these are legitimate problems we HAVE to deal with. These aren't issues really in the Microsoft world; but they are in the Linux world. This study brings it to light.

The study simply isn't nearly comprehensive enough to come to any valid conclusion.

And the author admits that too. But without more cash he can't do much more.

-everphilski-

Re:Then tell us where he failed

[arevos]

The study simply isn't nearly comprehensive enough to come to any valid conclusion.

And the author admits that too. But without more cash he can't do much more.

Then why publish the report at all, if it draws no valid conclusion?

Re:Then tell us where he failed

[flyinwhitey]

Because the point of research is to find new knowledge, not draw conclusions.

You knew that, I hope.

Re:Then tell us where he failed

[doomicon]

No need to wait, I don't understand how your response is rated "Insightful", as if you took the time to actually read the responses that you say "I'm waiting... come on".

It's obvious you already had your response in mind, and no intention of reading any other than your own. Your only mistake was not being able to type quick enough to get this a first or second post.

I think it's pretty clear that mistakes were made, I think it's pretty clear where they screwed up, and the responses for the most part have been intelligent and to the point. ./doomicon

Re:Then tell us where he failed

[nharmon]

Pray tell, what new knowledge did this study find?

Re:Then tell us where he failed

The most interesting part: we learned that Microsoft had the option of burying this research -- they got to decide whether or not to go public with it. I'm impressed by the apparent objectivity of Dr. Thompson, even if his experiment has generalizability issues, both in statistical terms (small sample) and in applicability to other situations (it was a very specific use-case).

Having said that, how many studies does Microsoft commission that don't come out in their favor, and therefore don't get published?

Re:Then tell us where he failed

[carlos_benj]

Quality of experience has as much (if not more) importance to qualification as quantity of experience.

Bingo. Where was this experience garnered? What kind of sysadmin were they? Adding users and fiddling with permissions could be considered a sysadmin position in some places. Saw a resume from a sysadmin for the military and that's all he knew how to do. Did they work in e-commerce before? What were their duties? Did they work for smaller companies where they ran the show or larger companies where they had dealt with corporate constraints and knew how to work their way through the quagmire of corporate liability fears and how to couch their arguments to convey the problems in a way that's meaningful to bean counters?

Re:Then tell us where he failed

[jmorris42]

> But these are legitimate problems we HAVE to deal with. These aren't issues really in the
> Microsoft world; but they are in the Linux world. This study brings it to light.

Oh really. Most of the problems came from an artificial and highly contrived requirement that an unspecified 3rd party binary only package be run on Suse 8 instead of Suse 9, which it was designed for. So are you saying that any Windows software will run on any version of Windows? Well then I guess that pretty much wraps it up for Shorthorn since nobody needs to upgrade to it!

Get a grip here people. If you buy a package and the box says "Requires Windows Server 2003" you don't expect the IT peeps to pull a rabbit out of a hat and make it run on the XP servers you standardized on a couple of years ago. Same thing here. When the unspecified third party binary said it needed services only available on Suse 9 a decision needed to be made. A) get with the vendor and get a version built and supported on Suse 8, B) Upgrade the server it is to run on to Suse 9 or C) pick a different vendor.

It is pretty obvious Microsoft designed the test as a no-win scenario.

Re:Then tell us where he failed

[burnin1965]

"He told you his process"

Yes, but what he wont tell is what the third party application was that caused all the problems for the linux guys. Its like looking at skid marks on a highway after the wreckage has been removed and trying to determine what happened. Without that one key piece, the troublesome third party app, nobody will ever piece together the puzzle or ever reproduce the study.

In the mean time millions of linux systems are administered every day without the problems these guys had so it appears the study is flawed, perhaps intentionally.

So if we are to determine "where he f*ed up" then I'd say first the doc needs to put up or shut up.

burnin

Re:Then tell us where he failed

[sj88]

How is this modded insightful? Have Microsoft employees infiltrated the Slashdot ranks?

Re:Then tell us where he failed

Precisely...what utter drivel...to compare FIVE admins to the what, tens if not hundreds of THOUSANDS of admins out there?

It would seem that the author is not even remotely aware of the very basics of elementary statistics regarding extrapolating from extremely small sample sizes, etc.

This "study" is just another M$ shrill piece of crap.

Re:Then tell us where he failed

Ah, you didn't get the memo. All Microsoft employees are now required to peruse Slashdot daily for any references to Microsoft, and then madly type in Anti-Linux statements. In fact they are working on software that automatically generates posts of mumbo-jumbo stuff like 'this is just anti-microsoft bias! I've used Microsoft and never had any problems!' & the like

Re:Then tell us where he failed

the question is begged... did the linux admins work for microsoft?

i also find it odd that this "market leading" software that screwed up the meaning of this exercise is being kept quite... perhaps it was selected for other reasons and it is now time to play "hush, hush."

Re:Then tell us where he failed

[grcumb]

"But these are legitimate problems we HAVE to deal with. These aren't issues really in the Microsoft world; but they are in the Linux world."

Sorry, what exactly are 'these issues' that you refer to? My understanding is that the problem arose from sysadmins being forced to upgrade glibc, a binary integral to the system.

If that's correct, then suggesting that Windows is somehow free from the upgrade treadmill is either terribly disingenuous or completely blind. The number of times I've been told by software manufacturers that my only option for fixing a fundamental problem is an OS or application upgrade is... well plenty.

This is actually one of the reasons that I stopped working with Windows servers altogether. The painful dependancy on someone else's development (or worse, product) cycle was enough to drive me crazy. While dependancy issues are no less common in Linux, they are infinitely more workable.

The fact that the Linux admins in this one scenario took the most ill-advised approach is demonstrative only of the fact that people are sometimes stupid - whether you believe it's by choice or circumstance depends on whether you trust the study or not.

Re:Then tell us where he failed

[terrapin44]

So? I get stuck with compatibility problems all the time on my Linux stuff, could it be that there is an actual cost to messing around trying to get stuff working? If there is one thing Windows is good for, it is backwards compatibility.

The problem isn't backward compatibility, it is forward compatibility. Windows doesn't offer that (in most cases). Can I put the newest version of Exchange server on Windows NT? I doubt it. That is the type of thing they were trying to do here with the unnamed 3rd party app. This study shows that you can do it in FLOSS. You couldn't do it no matter what in the Microsoft world if you hit this issue with the stupid requirements of this study.

Re:Then tell us where he failed

[router]

Uh, exactly. If we are going to call this a realistic corporate scenario, you would only use vendor-supported versions of software. If that meant you had to upgrade the OS you do, or you use (gasp!) previous/later versions of your application software. This kind of review is usually accomplished at the architect stage, not done on the fly in production. Does Sun Cluster x.x support Oracle x.x.x.x? No. Does Win2k3 support fill-in-the-blank x.x? My cordless phone doesn't support bitcomet either, I wouldn't get out the soldering iron to fix it. Geez....

andy

Re:Then tell us where he failed

[JPriest]

"The problem isn't backward compatibility, it is forward compatibility. Windows doesn't offer that (in most cases)."

Actually that is not true, I used to use NT4 at work and I used a ton of software that was built for 98/2K/XP etc. Additionally, almost any software I was able to use on Win98 I am also able to install to XP. 98 -> XP is not just a version upgrade, it is an entirely different operating system. I break Linux stuff with point releases

Listen, it isn't news that Linux has poor backward/forward compatibility compared to Windows. If believing Linux has a lower TCO requires I drink the cool-aid and subscribe to the idea that this is not the case them I am going to have to side with MS on this one. I can see not liking MS, but not to the point of refusting to see the obvious just becasue they came out ahead in something.

Re:Then tell us where he failed

The study also does nothing to examine how Linux and OSS in general have great flexibility in meeting business application needs compared to proprietary solutions. In fact, the study, by requiring closed source binary RPMS for an application, demonstrates the opposite.

Unfortunately, for a business that is solely interested in results, the flexibility offered by both platforms is actually greater in the case of Windows - simply because there are more products to choose from.

eg. In this case, Linux needed a closed 3rd party app. Now, its easy to say 'well thats not fair and shouldn't be allowed', but I see quite a few closed source drivers and other connectivity applications in the linux world, and if you have a 3rd party product you need to connect to, you will *have* to use the close source app that comes with it.
In this case, Windows, with better supported products means you have greater flexibility in using the stuff you want (or, in a business, have) to use!

IFWM

Please note, that the OP is actually ifwm. He got modded down for being more troll than having an intelligent thing to say. If you check through his handiwork, you will find that he really does NOT have anything to say. Now the real question is, how did he get modded up, without checking his statements, unless the mod point came from IFWM himself. Editors/Meta-modders, you hearing this? IFWM/Flyingwhitey should be baned from here.

Re:IFWM

[flyinwhitey]

I've never made it a secret I have two logins. Apart from being another fallacious argument, what was your point?

More importantly, does it make my statement any less valid?

Re:IFWM

[cbreaker]

You notice how he's responding to everyone here with more crap? He wouldn't feel as though he needed to defend himself if he didn't feel just a little bit like a retard.

Re:IFWM

At the initial report, there were many questions concerning the study. Yeah, some knocked it straight out for being from MS (and considering their past history of studies, I would say it is fair to question any study from MS). After all, MS has a long history of being a liar, so they are likely to be a liar again. So yes, without all the facts and evidence out, posters here have the right (and responsibility) to call it for it is.

I have perused Thompson's current talkback and it sounds like he is at least straight forward, but I will be looking closer over it. IOW, I do not fully trust it; Far too easy to rig things.

But you whine in your original posts about how you got modded down without showing what your original posts (they were no under FW). You are modded up, which rarely happens unless somebody shows things. That makes me think that IFWM (i.e. you) has mod points and you are simply using them. In addition, without any evidence to back you up, others mod you up. Ridiculus. If you were modded down originally, it is because most of your posts are trolls with half truths and inuendoes (rarely backed up by anything), and almost always followed by some slam on the poster.

Re:IFWM

[flyinwhitey]

You didn't answer the question. Does anything you claim in any way invalidate my point?

The answer of course is no, which is why you had to engage in the ad hominem attack in the first place.

Re:IFWM

[flyinwhitey]

"You notice how he's responding to everyone here with more crap? He wouldn't feel as though he needed to defend himself if he didn't feel just a little bit like a retard."

Hmm, why don't you post some of this "crap". Shouldn't be too hard with all the replying you've done.

That being said, why is it that the best reply you can come up with is to call me a retard?

Is that the height of your rhetorical acumen?

Re:IFWM

[carlos_benj]

You are modded up, which rarely happens unless somebody shows things. That makes me think that IFWM (i.e. you) has mod points and you are simply using them. In addition, without any evidence to back you up, others mod you up.

I rarely pay attention to which user ID is associated with which comments. I look at the comments and determine if they're valid or not. Most of the time I post stuff that gets modded "funny" or is simply ignored. At other times I post stuff that's germaine to the discussion. I really don't care if the dude has fourteen ID's and thirteen are blatant trolls. The comments I've seen made here are valid. In fact, your argument lends itself to his case. As I read your comments you don't address the validity of the statements being made.

I think, as do others, that there are problems with the study that may or may not have been dealt with in the real world given a different set of constraints and/or a different set of admins and/or, etc, etc.....

Attacking the study based on who funded it does nothing to expose the problems, but uses FUD alone to 'refute' the findings. A critical examination of the assumptions, methodology, etc goes a lot farther in convincing the undecided than simply preaching to the choir. In this case I'd say that flyin-whatsis is adding more substance than his detractors. He's not saying the study is right, he actually seems to be encouraging the slashdot community to rise above trollish, preachin' to the choir reactionary commentary.

Re:Riiiiiight

[plover]

Oh yeah, he's been a serious gun advocate for as long as he's been a public figure. Some of his writings are just way, way out there.

He's an ardent libertarian, I'll give him that. But like most libertarians, he doesn't understand that it takes all of us to make a society. If it were up to him, we'd all still be living in home-made shacks in the woods, because there wouldn't be enough of a society functioning to have paved roads upon which to deliver us construction materials. Or if there were, they'd be toll roads up to your driveway.

Re:Very detailed

http://reading.uoregon.edu/scope/trial_scope_index .php http://www.worldnetdaily.com/news/article.asp?ARTI CLE_ID=23709 http://www.educationnext.org/20061/23.html

5 - ATMs vs. Voting Machines

[TubeSteak]

5. I'd just like to mention that Diebold ATMs are not amazingly secure machines.
DECEMBER 03, 2003

Last week's revelation by Diebold Inc. that its automated teller machines operated by two financial services customers were struck by the W32/Nachi worm raises the specter of even wider disruptions from virus and worm outbreaks and highlights a growing security concern that cash machines running Windows XP and interacting with other Windows systems are vulnerable to attack. ...
The security problems on ATM networks come as many banks worldwide are migrating off of an older generation of machines using IBM's OS/2 operating system to new systems running Windows.

And that was just the first news story google turned up for atm+diebold+flaws

There is a lot of crap that goes on in the banking industry which is not reported. Mostly because there are no laws requiring it to be reported.

Re:5 - ATMs vs. Voting Machines

[tspauld98]

In addition to your point, the other thing that folks outside the consumer banking industry don't know is that the banks' research and development teams are ultimately responsible for rolling out the ATM systems and they have ultimate say into the features and testing of the machines that get rolled out. In this case, Diebold is more like an "OEM" vendor than a systems shop. I would imagine that governments don't have the same kind of ownership of the voting systems since they typically are much more reliant on 100% outsourcing of systems development and deployment.

Having been involved in a few ATM development projects myself at a bank, there's no way our management would have ceded control of the product to a vendor and I'm pretty sure that most of the financial services industry is like that. Of course, that said, you still can't assume that ATMs are secure or reliable.

Later,

tims

King of The Desktop perhaps

[Foofoobar]

King of the Desktop perhaps but not King of servers. Sure they show more REVENUE but as for deployment, Linux still dominates and has been squeezing Microsoft more and more out of server space. While Linux eats into UNIX market share, they also are eating into Windows market share as well.

Don't believe it? Look at what the most widely used Web server is. Look at what the most widely used DB is. look at the most popular scripting languages. And now keep in mind that they all come installed by default on almost all Linux distros.

They can keep putting money into trying to convince people that Microsoft Clusterfuck Edition can replace Linux clusters. That's cool. Just another money pit for them and a great way to divert resources into a nowhere scheme. And sure they have loads of funds but they still have to answer to shareholders and they are not pleased that the stock has stagnated for so long and they won't be pleased when didvidends stop getting payed and products not being sold or delivered on time do to them focusing on a product that will go nowhere.

The entire open source world and all companies supporting open source (IBM, Google, Sun, Amazon, etc.) are all starting a bait and switch where Microsoft throws mony into duplicating anything that it thinks may be a threat. This is turn causes them to waste funds and resources on red herrings when the actual threat is something else entirely.

These past 5 years have seen Linux and open source go from obscurity to mainstream in the business market. The next five years will see it go from obscurity to mainstream in the consumer market.

Re:King of The Desktop perhaps

[aesiamun]

Isn't the most widely used DB server Oracle? Or is it MSSQL?

It isn't MySQL, where did you get that?

Re:King of The Desktop perhaps

[Karzz1]

Ummmmm....... according to Google, MySQL is the most widely used database in the world -- have you got something to show otherwise?

Re:King of The Desktop perhaps

[Foofoobar]

Nope. MySQL passed Oracle ever so recently. SQL Server was passed a LONG time ago.

Re:King of The Desktop perhaps

Actually, Oracle is the #1 on an enterprise level. MySQL is #1 for personal use and small business.

Re:King of The Desktop perhaps

[Foofoobar]

Actually, MySQL is #1 for being deployed on more servers than any other. No other stats are available as to who is more commonly used by enterprise customers. If you know of a recent study that says what database is used by more 'enterprise' level companies, please let me know.

Re:King of The Desktop perhaps

[Quantam]

I've heard people say that Linux has a higher deployment base than Windows, before. While I don't particularly have a reason to doubt that's true, frankly I've never seen any serious evidence one way or another (only things like revenue comparisons, which are obviously of questionable value). Care to provide me with some?

Re:King of The Desktop perhaps

Here you go. http://www.wintercorp.com/VLDB/2005_TopTen_Survey/ 2005TopTenWinners.pdf If you ever find mysql anywhere in that survey, even as a typo, that will be a day of celebration for the halfwits who make it.

Re:King of The Desktop perhaps

"If you ever find mysql anywhere in that survey, even as a typo, that will be a day of celebration for the halfwits who make it."

Let alone the quarterwits who use it.

Re:King of The Desktop perhaps

[Foofoobar]

I'm sorry but you seem to have mixed up a simple rating with most widely deployed. A RATING says NOTHING about deployment. It is merely someones arbitrary system of judging. I said it before and will say it again... let me know when you find a chart for deployment of DB's in enterprise level businesses.

When you can tell the difference between a rating system and actual deployment numbers, THAT will be a day of celebration for the halfwits.

Re:King of The Desktop perhaps

[Foofoobar]

So go back to using Access, you no-wit.

Re:King of The Desktop perhaps

I'm sorry but you seem to have mixed up a survey of enterprise deployments with "a simple rating". A SURVEY says LOTS about deployment.

"I said it before and will say it again... let me know when you find a chart for deployment of DB's in enterprise level businesses."
You can say that again and agin. I'm not sure you understand English well enough to know what it means.

When you can tell the difference between a survey of the world's largest database deployments and a rating system, THAT will be a day of celebration for halfwits such as yourself.

Re:King of The Desktop perhaps

[Foofoobar]

Oh surveys say alot about deployment?? Well in that case, according to Slashdot surveys, 95% of the world is running Linux!! Go back to third grade before you get hurt.

Re:King of The Desktop perhaps

You're stupid. Where do you prefer to get figures for the largest database deployments? Out of your ass?

Re:King of The Desktop perhaps

[Foofoobar]

Evams Data Corp, retard. If you are literate beyond a third grade level, I suggest looking it up.

Re:King of The Desktop perhaps

You're stupid. Guess where Evans Data Corp. gets their figures. If you guessed anything other than surveys, you'd be wrong again (understandable due to your poor English skills). As I recalll, you don't put much stock in surveys.

Regardless, Winter Corp. runs the standard survey for large database deployments that the industry watches, and MySQL has never made it onto a Winter Corp. survey. If you find a survey for large databases from EDC, post it.

Re:King of The Desktop perhaps

[Foofoobar]

Yes... 100% of their data is from surveys. You must be right cause you said so. Andf considering the fact that you more than likely didn't even try to find the data to see whether it WAS based on a survey or not, that must make you even MORE right.

Stop huffing exhaust fumes, you're getting dumber by the second.

Re:King of The Desktop perhaps

I can always count on you to write something stupid. Where do you think EDC gets their market data from if not from surveys? Out of your ass? Look at their services in the sidebar -- they do focus groups, surveys, and survey analysis.

I didn't even claim EDC had an enterprise database deployments survey. That was your claim. I've been pointing to the WinterCorp survey the whole time. How did you confuse yourself with me? Here's an easy way to tell us apart, so you won't repeat that mistake: I understand the English language, and you do not.

Re:King of The Desktop perhaps

where can i get my hands on the microsoft clusterfuck edition?

Re:King of The Desktop perhaps

[Foofoobar]

This may come as a shock to you but some companies make money off of collecting statistics. GASP! And then they resell those statistics. GASP GASP! And what are those statistics based on? Not surveys.

In your world, in order to release a report all someone has to do is ask 10 people what they think and the do a writeup to the scientific community. I'm beginning to think you REALLY ARE in the third grade if you can't understand scientific method.

Re:King of The Desktop perhaps

Wow. You're dumber than I thought. You think EDC actually visits all the big database deployments and measures the sizes of the databases themselves? I'd explain why that is infeasible, but I don't think you even understand what "infeasible" means.

Re:King of The Desktop perhaps

[Foofoobar]

Wow. I even point you to a place that resells their statistical data and you can't even put two and two together?? Exactly how many paint chips HAVE you eaten today?

Re:King of The Desktop perhaps

Learn to read. The place you pointed to gets their "statistical data" from surveys and focus groups. Not by magic and not out of your ass. You still haven't told me how you expect to find the sizes of deployed databases to find out which DBMS powers the largest ones. The only way to do it is by surveys, and I pointed you to one. Ask your teacher what a survey is when you're at kindergarten tomorrow.

Re:King of The Desktop perhaps

[Foofoobar]

From the mouth of the man who has figured out how all reports are made. Truly astounding

A very telling remark

[lightyear4]

Maintaining a system is all about context; some environments favor Linux, others Windows.

I've built many many systems for many people; servers, desktops, multimedia backends, you name it. I personally use linux/unix, but the OS installed upon each of the machines I build is by no means limited by my personal preference. Dr. Thompson makes a wonderful point here. In computing as in life, different situations merit different approaches.

I really wish all of the microsoft-, bsd-, and linux-zealots would realize this. To each, his own.

Re:A very telling remark

I really wish all of the microsoft-, bsd-, and linux-zealots would realize this. To each, his own.

You could parallel this same situation to religious fanatics. When it comes right down to it, if someone is passionate to the point of fanaticism about one thing or another, even just getting them to realize that the other choice is valid is hard to do. Arguing with someone who has that kind of mindset is slightly louder but just as pointless as arguing with a brick wall.

Satisfied with the responses

[0xABADC0DA]

From the responses it sounds like he did an honest attempt at this study. I think the conclusion however should be that stupid admins cost a lot, so taking away things they could mess up is the key to lowering costs. If it turned out that the windows admins had to actually do anything, I bet the results would have been just as bad or worse for Windows.

Re:Satisfied with the responses

[phasm42]

Maybe that was one of the conclusions of the study -- the Windows admins didn't have to do as much. This is a real-world concern.

Re:Satisfied with the responses

[Master+of+Transhuman]

Maybe the Windows admins CAN'T do as much.

THIS is a real world concern that has been expressed many times.

microsoft patches

[jonastullus]

In the Windows world, one doesn't get the alpha or beta patches, just the blessed finished product

yeah, right!
i won't even mention IE's security holes for the last 8 or so years (active x, ...) or outlook's bad record of keeping spam from executing malicious code (mostly through the IE engine).

but boldly stating how much due diligence is exacted upon the microsoft patches before final release is ridiculous in face of them frequently backfiring and leaving old or new vulnerabilities in their wake:

http://www.hideaway.net/home/public_html/article.p hp?story=20020924094345962
http://www.infoworld.com/article/03/09/08/HNhacker sjump_1.html
http://www.eweek.com/article2/0,1895,1753511,00.as p
http://www.vnunet.com/vnunet/news/2120864/doubts-r aised-microsoft-patches

jethr0

Re:microsoft patches

Except that he didn't say anything about the due diligence that goes into a Windows patch you dumbass, he was talking about Linux. The line that you quoted meant exactly what it said; Microsoft doesn't release beta patches whereas the various Linux developers do. It says nothing at all about the quality of said patches and in fact, the very next line after the one you quote acknowledges the importance of a new patch fixing something while not breaking anything else.

Re:microsoft patches

[jdgeorge]

In the Windows world, one doesn't get the alpha or beta patches, just the blessed finished product

yeah, right!
i won't even mention IE's security holes for the last 8 or so years (active x, ...) or outlook's bad record of keeping spam from executing malicious code (mostly through the IE engine).

Dr. Thompson didn't say the code was perfect. He was saying that Microsoft does not provide pre-official-release versions of their patches.

but boldly stating how much due diligence is exacted upon the microsoft patches before final release is ridiculous in face of them frequently backfiring and leaving old or new vulnerabilities in their wake:

Thompson didn't state anything about the extent of Microsoft's "due diligence". The only thing he said about how Microsoft approaches patch release was "In the Windows world, one doesn't get the alpha or beta patches, just the blessed finished product."

Re:microsoft patches

[Master+of+Transhuman]

This is a red herring. I truly doubt that if you look at the "first responder" patches issued for a problem compared to the "blessed" distro patches released later that you'd see any significant difference. This is the assumption in the good doctor's comment - that the early patches are poor compared to either the "final" or Microsoft patches - and I see no evidence presented to back it up.

If for no other reason than I suspect the distros do a lousy job of actually testing ALL the patches for EVERY software product in their distro, for reasons of lack of time if nothing else, it is unlikely that you'll find any difference in patch quality. That would be assuming that the first responders are idiots in the first place. Most patches are issued for specific problems in specific products on specific releases of specific distros in the first place - the ones that aren't presumably are going to be the same in every distro anyway.

And there's a difference between a "patch" and ripping out the compiler and the libraries, for heaven's sakes.

Finally, given how often the "blessed" Microsoft patch breaks something, obviously being "blessed" by Bill isn't as valuable as it might appear.

Re:microsoft patches

[jonastullus]

Dr. Thompson didn't say the code was perfect. He was saying that Microsoft does not provide pre-official-release versions of their patches.

noone "provides" pre-release versions of their patches. the moment they are "provided" they are "released". the fact that "official" is a question of definition in the open-source-world might make the whole thing less reliable from a legal standpoint and maybe less consistent across applications but is certainly no measure of patch quality!

Thompson didn't state anything about the extent of Microsoft's "due diligence". The only thing he said about how Microsoft approaches patch release was "In the Windows world, one doesn't get the alpha or beta patches, just the blessed finished product."

well, EXCUSE ME for calling this process of getting from alpha to beta to official "due diligence". all i was saying is that their "blessed" patches cause a hell of a ruckus from time to time. i am not denying that open source patches had problems in the past, and i am certainly a proponent of a more stringent process for software quality assurance in OSS, BUT i wouldn't take microsoft as a prime example of solid patches.
and anyone stating how much effort they spend in assuring their patches reliability doesn't change the fact that IE for example is basically as unsafe now as it was 6 years and hundreds of patches ago.

jethr0

Re:Riiiiiight

[CoolVibe]

You might wanna check out his home page then

Let me get this straight...

[Shaman]

...these were highly experienced Linux admins.

- which chose an ancient linux distribution
- which tried to use bleeding-edge software on an old OS software platform
- which didn't know that glibc updates can break things
- which apparently didn't upgrade the system first if that's what they had in mind
- which took more than an afternoon to set up a linux system
- which were stymied by basic systems administration
- which appeared to be unaware of the tools available such as webmin

Wow. That's why I hire kids fresh out of highschool. They're so much more advanced than "experienced professionals" available to this guy.

Re:Let me get this straight...

This is the cat ,
THAT caught the bird,
THAT ate the spider,
THAT swallowed the fly..

WHICH generally initiates a question.

love n peas n mash
Uberoffizier der Grammatik.

Re:Let me get this straight...

[FFE4]

Responses inline:

...these were highly experienced Linux admins.

- which chose an ancient linux distribution

Answer: SLES 8 was the most recent at the beginning of the study time period - July 1, 2004

- which tried to use bleeding-edge software on an old OS software platform

Answer: All the components used were available in the time-correct period of the study. For example, if they installed a component in the simulated September 2004 time period then that version was available in September 2004.

- which didn't know that glibc updates can break things

Answer: They did know that GLIBC could break things and tries to minimize the breakages (see study)

- which apparently didn't upgrade the system first if that's what they had in mind

Answer: Good point! The only configuration control issue was that the enterprise wouldn't upgrade the OS version until July 1, 2005. This is mainly based on our experience with companies that don't move to the latest OS version until it has had time to "bake" in the community. At that time, SLES 9 was hot off the compiler.

- which took more than an afternoon to set up a linux system
- which were stymied by basic systems administration

Answer: Not sure there's anything to respond to here...

- which appeared to be unaware of the tools available such as webmin

Answer: Hmmm...not really sure how using webmin would have helped in this situation. They were free to use any tools they wanted though.

Re:Let me get this straight...

[unapersson]

- which apparently didn't upgrade the system first if that's what they had in mind

Answer: Good point! The only configuration control issue was that the enterprise wouldn't upgrade the OS version until July 1, 2005. This is mainly based on our experience with companies that don't move to the latest OS version until it has had time to "bake" in the community. At that time, SLES 9 was hot off the compiler.

Is it really a realistic situation though to have someone try something that could fundamentally break a running server rather than recommend an upgrade to the later version that is compatible with the software you want to run? Stepping completely outside the supported set-up of the server. I can see the response from any support outfit when you say you've done an unsupported change as fundamental as this.

Re:Let me get this straight...

[Shaman]

> Answer: SLES 8 was the most recent at the beginning of the study time period -
> July 1, 2004

True. But a second point would be to mention that SUSE is not a server distribution. Meaning that its packages, etc. are not set up for gentle updates. Which you found out. RedHat, Debian, Libranet would have been better choices.

I have over 20 Linux servers, I didn't run into these issues. Coincidentally I've just had my first ever issue with updating GlibC (because I went from 32 to 64 bits when I did).

I usually do a kernel upgrade when glibc is upgraded, and reboot the system. That gives me a fresh environment.

>Answer: All the components used were available in the time-correct period of the
>study. For example, if they installed a component in the simulated September 2004
>time period then that version was available in September 2004.

Interesting. Was this possible with Windows?

> Answer: They did know that GLIBC could break things and tries to minimize the
> breakages (see study)

I read the study. To me, they looked like bumbling newbies. :)

> At that time, SLES 9 was hot off the compiler.

*nix systems almost always upgrade incrementally. It's highly doubtful that SLES 9 would be more buggy than SLES 8. The case could be made for the opposite, and you can be sure that most of SLES 9 was venerable packages going through minor point revisions. This is just the *nix way.

> Answer: Not sure there's anything to respond to here...

Ah but there is. I recently resurrected an Ultra 10 SPARC box (see above GlibC issue), which is just about as non-standard as it gets for a Linux install. I was able to install it in one afternoon, which included building a custom kernel with only the components I wanted, and updating over 600 packages to their most current versions from our Debian APT-proxy (which wasn't populated with SPARC packages, sadly). I also installed a Jabber server, Apache2 with PHP/PEAR, MySQL 5.x, DJBDNS, Courier-IMAP and compiled a few packages which aren't usually in Debian, and had it operating. I also mirrored the boot drives. All in one afternoon.

And several "experienced" Linux admins had trouble making MySQL work on SUSE?

Re:Let me get this straight...

[Svartalf]

"And several 'experienced' Linux admins had trouble making MySQL work on SUSE?"

To play devil's advocate for a moment, how do we know you're past just "experienced" and on deep into the Wizard or Guru realm of administration or programming? (I know, I know, but he's going to flip that one out all the same... I'd be legitimately tarred with that brush in his response... >:-))

Realistically, though, you're right- I have issues with all of this. They picked distros that would most likely have issues with things. They picked rules that required a lot of patching on the Linux side, but only had the normal set of updates on the Windows side- a lot of patching that simply wasn't needed and didn't have an analog in the Windows world. They picked a stilted set of conditions that honestly would have mandated a distribution version update- in any shop for any OS you could name in the real world.

I have trouble buying into this- and it's to the point that I'm being forced to re-work my own stuff for my startup because I was referring to other papers by them; I can't trust the data here as far as I could pick the Doctor up and throw him, so everything from this consultancy firm is now suspect.

Re:Let me get this straight...

Now add in having a high-level Government clearance and you see the problems in the contracting world.... I can't hire a fresh-out w/o clearance, but have to get someone older but often with LESS experience in the areas for which I need help. BTW, I know of open requisitions for Linux folks with clearances....

Re:Let me get this straight...

[Cylix]

It's easy to make something fail if you pick just the right circumstances.

I'm sure it took several attempts to find the right mix, but hot damn they got it in the end.

Re:Let me get this straight...

[Master+of+Transhuman]

You forgot one:

- Who didn't back up the system before ripping out GLIBC and then ended up with a broken RPM that they couldn't undo.

I mean, even a WINDOWS sys admin would know better.

Re:Let me get this straight...

[Zak3056]

True. But a second point would be to mention that SUSE is not a server distribution.

SLES (i.e. Suse Linux Enterprise Server) is a server distribution--or at least that's how Novell bills it. Suse Professional::Fedora as SLES::RHEL.

Re:Let me get this straight...

[ninjaz]

- which tried to use bleeding-edge software on an old OS software platform

Answer: All the components used were available in the time-correct period of the study. For example, if they installed a component in the simulated September 2004 time period then that version was available in September 2004.

- which apparently didn't upgrade the system first if that's what they had in mind

Answer: Good point! The only configuration control issue was that the enterprise wouldn't upgrade the OS version until July 1, 2005. This is mainly based on our experience with companies that don't move to the latest OS version until it has had time to "bake" in the community. At that time, SLES 9 was hot off the compiler.

How about your experience with companies which generally don't like modify their operating systems to the point of breaking any operating system support contract that could reseaonbly be expected to exist?

Since you've chosen rapid deployment of a new version vendor application as a target, that implies that the application had been identified as a critical project, and therefore vendor support of the components would be a requirement - trumping any general guidelines as to operating system deployment schedules.

What you've ended up doing is setting up a scenario where the company is choosing what amounts to in-house distro with no external support instead the new version of a distro which would would have ongoing support from the vendor.

Since you've solicited feedback, I'd say this is a glaring error in the study. Would you create a study that involved replacing critical core OS componets from Windows Server 2003 and putting them onto Windows 2000? With your stated requirements for Linux, the only alternatives would appear to be giving up, saying that the application couldn't be upgraded, or documenting the vain efforts of the Windows administrators breaking Windows in the same way you required the Linux admins to break Linux.

Re:Let me get this straight...

[Shaman]

Well, fair enough but I honestly would not have recommended anything less than SLES v9 to anyone. SUSE went through a transition period around that time and its roots have always been DEEP into the desktop side of things.

Re:Let me get this straight...

They did know that GLIBC could break things

That's just dumb. How can you expect us to take this seriously?

Re:Let me get this straight...

[dwandy]

I know that our ERP won't upgrade to a new version of anything until all the critical components are listed by the vendors as being supported.

I'll admit I haven't read the report, but I'm (personally) left with the impression that a really clever person was hired by MS to design and create a test that linux would either outright fail, or at least appear weak ... if the end-goal is to make any product look poor, it's pretty easy to design the test.
Sorry Doc Thompson -- as other people here have stated: The fact that MS paid the bill and came out shining makes the sales pitch a little suspect (always+no-matter-who!) ... but the apparent difficulties imposed on the linux side appear to back up these suspicions.

Re:Let me get this straight...

[Fulcrum+of+Evil]

Answer: They did know that GLIBC could break things and tries to minimize the breakages (see study)

By installing the patched version of glibc from an rpm alongside the existing library? Well no, they didn't.

Re:Let me get this straight...

[burnin1965]

"Answer: All the components used were available in the time-correct period of the study. For example, if they installed a component in the simulated September 2004 time period then that version was available in September 2004."

"The only configuration control issue was that the enterprise wouldn't upgrade the OS version until July 1, 2005. This is mainly based on our experience with companies that don't move to the latest OS version until it has had time to "bake" in the community. At that time, SLES 9 was hot off the compiler."

In other words the linux admins were intentionally asked to install a third party binary only component on an incompatible verion of a platform by attempting to patch together old versions and new versions of various interdependant packages all while the known compatible, and possibly certified and supported, version of the platform was currently available for the desired third party component.

With all due respect, I admire your willingness to take the heat from the slashdot community but this sure sounds like an intentional setup for disaster.

Since we are talking business decisions here where is the risk assessment, contingency plan, and cost justification for making such a foolish system decision? It may be statistically true that companies will avoid fresh software releases until they have time to prove themselves but businesses don't outright make that type of decision knowing full well the risk of extended down time trying to attempt such a feat. Case in point are patches for critical security flaws, you don't wait until you've been exploited and then patch.

So company A used Windows and outperformed company B which used linux, but they were both out done by company C which never made it into the study because they made real business decisions based on known good practices.

burnin

Re:Let me get this straight...

[Chemicalscum]

It seems to me that these "experienced Linux administrators" paid for by the MS financed study were instructed to cause the system to fail. They were told to install a new version of MySQL that was not compatible with the version of SLES they had installed. Then they were told that they were not allowed to upgrade the SLES version so that they then had to install a new version of glibc on an incompatible kernel (ugh!) which they went along with :P. Experienced yeah!

Looks to me like this situation was deliberately set up.

Re:Let me get this straight...

[h4ck7h3p14n37]

I've been using UNIX systems for about fifteen years and have been doing administration for about ten (NeXTSTEP, Solaris, Irix, OpenBSD and FreeBSD). I'm sorry, but five years of experience on a single UNIX-like system does not make you highly experienced.

I understand that Linux was chosen because it's all the rage these days (Lord knows why considering the GPL is _more_ restrictive than a BSD license), but I have to wonder how things would have been different if a real UNIX system, like FreeBSD or Solaris, had been used instead of a Linux distribution.

Re:Let me get this straight...

[Fallingcow]

Unless you're taking advantage of Red Hat or SuSE's enterprise-level support (paying for it), I think it'd be silly to use them for the kind of setup that these guys had.

Debian stable would be the way to go in that case. Maybe Slackware, though from the sound of it these guys probably couldn't even *install* a Slackware system (not that it's hard, these admins just appear to be especially braindead; god forbid they ever see Gentoo, they'd probably all die of fright).

In almost any case where the extras in Red Hat or SuSE enterprise would matter to you, you'd be paying for the support anyway, as they're geared toward larger operations. Small shops should stick to Debian or similar.

Re:Let me get this straight...

[BuildGate]

I recently resurrected an Ultra 10 SPARC box (see above GlibC issue), which is blah blah... All in one afternoon.

OK, you definitely haven't visited /. that day. Otherwise you couldn't finish all those in one afternoon.

Re:Let me get this straight...

[virtual_mps]

Answer: Good point! The only configuration control issue was that the enterprise wouldn't upgrade the OS version until July 1, 2005. This is mainly based on our experience with companies that don't move to the latest OS version until it has had time to "bake" in the community. At that time, SLES 9 was hot off the compiler.

This is really where you lose all credibility. You set a ridiculous conditition: "run this software without upgrading the OS to a version that it will run on". As much as you try to wrap it in important-sounding ideas of "enterprise configuration control" (should the word "enterprise" make the idea more sacrosanct or something?) the fact remains that it was a stupid, unreasonable condition. You'd run into the exact same problem on a windows machine if you had a piece of software that required windows XP but your "enterprise configuration control" mandated windows 2000. You'll get further on linux by upgrading glibc than you would trying to pick pieces out of XP to upgrade 2000, but the bottom line is that you're trying to do an upgrade without calling it an upgrade. It would be more effective (and no more duplicitous from a configuration-control perspective) to upgrade to suse 9 and change the login banner to make the system claim to be running suse 8. Once you've started ripping out fundamental system libraries you've already destroyed your "enterprise configuration control" and to claim otherwise as a rationalization for rejecting a technically competent solution is intellectually dishonest.

Re:Let me get this straight...

[dbIII]

how do we know you're past just "experienced" and on deep into the Wizard or Guru realm of administration

Considering how I once heard a self proclaimed "guru" answer a question about placing simple images in MS Word by saying that was only for "power-users" I suspect the bar can be pretty low sometimes. Breadth of experience also matters - it takes some time to get up to steam with complex software you haven't even heard of before.

IS this really necessary?

[Korexz]

How long will this argument go on? Apples and Oranges I say. More marketing propaganda to buffer the bottom line. Technology will only move forward when we stop arguing over what is better and start working towards a common goal.

Re:IS this really necessary?

[Iriel]

Not only that, but the vast majority of these 'studies' are usually coming a company that supports or is supported by one of the elements to be tested. I don't read reports that Linux is better than Windows for the same reason:

- Windows marketing has something to sell
- Linux zealots have something to prove

I know this is not always the case (so please don't 'correct' me with a torch), but MS is always trying to say "See! We really are secure!" and we all laugh. But on the other side of the coin, I've heard Linux proponents claim that the Linux desktop is really easy to use. I swallowed my pride a while back, so I laugh at that as well.

I have one home computer with Linux, and another with Windows, and each has thier jobs that they perform well at. I'll use what works before picking a technological dogma.

Re:IS this really necessary?

[mopslik]

Apples and Oranges I say.

Hey now, let's not start another flamefest by dragging the Mac fanboys in here!

Re:Integrated VCR DVD story is insightful

[plover]

I've taken to recommending the Harmony remotes (now from Logitech) for anyone who has a home theater setup that they have a hard time controlling. Even non-techies can set them up fairly easily. Their only drawback is the remotes literally cost more than the TV/DVD/VCR combo box he mentioned above. (The Harmony 880 is $250 at Best Buy.)

You are half right...

[everphilski]

He said (if you would have read the whole thing) that he wanted a larger sample size, but he didn't have the budget for it. The other point is that it **isnt** "Diffrent strokes for diffrent folks". The constraint was upgrading MySQL and that required an upgrade of glibc. Theres only so many ways to upgrade glibc...

And the distinct difference between drug testing and computers are humans. Computers do the same thing every time. Its their nature. Each human has a unique response to drugs. For example, I'm on a migraine mediacation that has no known interaction with alchohol. Except for me - if I have even a sip of wine, I will have an instant migraine and be incapacitated for the rest of the day. The uniqueness of the human body really can't be compared the the repeititve nature of a computer.

-everphilski-

Re:You are half right...

[theAtomicFireball]

The uniqueness of the human body really can't be compared the the repeititve nature of a computer.

Sure, it can. Absolutely, and without question, as long as you are not including an emotional or intellectual response in what you are measuring. Physiological processes are predictable - they are just an order of magnitude more complex than any computer we've yet built. Your example doesn't show that that the results can't be predicted, it simply illustrates the fact that we haven't mapped all the variables. Yet.

Re:You are half right...

I don't have the budget to do the test properly but I am going to do it anyway?

Re:You are half right...

[everphilski]

Physiological processes are predictable - they are just an order of magnitude more complex than any computer we've yet built. Your example doesn't show that that the results can't be predicted, it simply illustrates the fact that we haven't mapped all the variables. Yet.

It showed he used a piss poor example. That's all.

-everphilski-

Here's a free clue.

[khasim]

If you think he's lying, then be a man and say it, don't hide behind the "MS funded it" fallacy.

He doesn't have to be lying. The fact that Microsoft funded the "study" means that you MUST look at the assumptions and process.

In the "study" in question, the Linux sysadmins were, for some reason, backporting patches from SLES 9 to SLES 8 due to the requirements of this "study".

So, no lies required, but because of the criteria chosen, Linux is far more difficult to maintain than ever in my experience.

Re:Here's a free clue.

[drinkypoo]

It's pretty ironic that you constantly have to upgrade windows to make things work (a lot of programs don't work properly if you don't upgrade to SP2 for example) but they wouldn't allow the Linux admins to make an OS upgrade. They also deliberately chose an older version of SUSE, probably because they already knew that this issue would crop up. This study is crap, period.

Re:Here's a free clue.

[Watts+Martin]

With all due respect, welcome to enterprise-level IT. In several big companies I've been at, including the one I'm at now, corporate policy dictates what software you're using, particularly operating systems. And without getting into specifics, we'll just say that any OS version, regardless of vendor, that hasn't been around for at least a year isn't very likely to be running in such a place.

The most unrealistic part of this study when it comes to deviance from "real world applications" is that, upon finding this problem, the study's authors didn't adequately simulate the series of e-mail messages, telephone conferences and face-to-face meetings between at least three departments, that would happen as people tried to find a solution everyone would bless. The solution the admins actually came up with, backporting from a more recent release to the officially-sanctioned one, is not at all unusual.

Sure, there are companies out there that don't have enforced IT policies, but I haven't been to or worked with one bigger than a few hundred people that didn't have one. And once you have an IT department, they tend to try and clamp down on sysadmins doing their own thing, because consistency in management becomes more important to them than individual efficiency. (This isn't entirely bureaucratic nonsense, either, since if your unapproved software becomes important to the company and then breaks in a way you can't fix, it becomes their problem.) The study described here may not be perfect, but forcing the admins to work under arbitrary restrictions isn't a flaw.

Re:Here's a free clue.

[carlos_benj]

And once you have an IT department, they tend to try and clamp down on sysadmins doing their own thing, because consistency in management becomes more important to them than individual efficiency.

Yep.

The study described here may not be perfect, but forcing the admins to work under arbitrary restrictions isn't a flaw.

No. But the important part is the give and take that tries to find "a solution everyone would bless". That doesn't appear to have been a factor in the study. In the real world, competent sysadmins bring up the potential problems of a given course of action and may recommend alternatives. That would likely include the admins stating that they'd be more comfortable betting their jobs on a different course of action and allowing management to override their documented suggestions (the bureaucratic hoo-ha can sometimes be your friend). ...we'll just say that any OS version, regardless of vendor, that hasn't been around for at least a year isn't very likely to be running in such a place.

Nope. If you work closely with your vendor you may upgrade select systems shortly after the new versions come out. Most folks tend to wait a little while for early adopters to shake out any major bugs, but not an entire year (at least not on the *nix side of the house - I know our Windows admins wait awhile longer).

Re:Here's a free clue.

[Watts+Martin]

My "any OS version that hasn't been around for a year" comment was based on the observed practices of four companies I've worked at. Granted, that was mostly Windows, but the place I'm at currently -- a very big company -- is just testing a new version of their IT-approved Linux based around Red Hat Enteprise Linux 4. Most of the Linux machines in the company are still on RHEL 3.

Re:Here's a free clue.

[carlos_benj]

Both the company I'm at now and the previous one make plans to upgrade as soon as the new versions are available. Of course, this is AIX and you can do the upgrade without committing the changes so you can easily roll back to the previous version. Like I said and you confirmed, that ain't the way it works with Windows. Maybe the Linux path at your company is patterned after the Windows strategy.

Re:Riiiiiight

[MSFanBoi2]

don't get me wrong, I'm a gun person myself, but one of the first things I learned to follow to the letter was to keep my DAMN FINGER OFF THE TRIGGER UNTIL READY TO FIRE the weapon.

8 - Convenience vs. security

[TubeSteak]

Every time we install a new piece of software, ... ,we tacitly accept that this software is likely to contain security flaws and can be an entryway into your system; NOW are you sure you want to install it?

Except I'd expect higher quality programming out of a company designing security software.

Like your average anti-virus vendor for example. I find it a little rediculous that virus writers eventually just started targeting buffer overflows, etc. in anti-virus software.

I think what we're seeing is the overall move from reactive (patching) to proactive security... and unfortunately, MS and Co. are taking the opportunity to inject DRM into what could be exclusively security related technological advances.

Mod parent up Up UP!

[khasim]

It's all about the criteria. Why was the criteria such that the Linux sysadmins were backporting patches?

and here's your sign

[everphilski]

He doesn't have to be lying. The fact that Microsoft funded the "study" means that you MUST look at the assumptions and process.

RTFI: Microsoft funded the study but the good Dr. selected the criteria. (see: question #4)

-everphilski-

Re:and here's your sign

[nharmon]

This wasn't the first study the good Dr. did for Microsoft. Guess how many times the good Dr. found Linux to be the right tool for the job? You would be correct if you guessed zero.

Not so clear for me

[trollable]

"All of our studies are written as if they will be released publicly BUT it is up to the sponsor if the study is publicly released."

My understanding is the sponsor will publish only favorable study. Do they have to choose before or after? Let's order a few studies and publish only the "good" ones.

Re:Not so clear for me

They get to choose when they want; it's their study. the things they don't get to pick are the methodology and the results. Picture a casino: you get to choose to play a game and which game. but you don't get to pick how the game is played or whether you win/lose. You do get one last choice, though. Whether to tell your friends that you won or lost.

ATM's vs Voting Machines

[greenegg77]

How is it that Diebold can make ATM machines that will account for every last penny in a banking system, but they can't make secure electronic voting machines?

The reason is that Diebold is not required by any law or regulation to do so. The banking industry and financial networks demand and regulate the security and journalling of transactions. If you don't follow the rules, they don't let you run transactions.
The "voting industry," on the other hand, has yet to regulate or stringently demand minumum standards from e-voting machines. Until the constituency informs their lawmakers that they want the security of a) knowing that their vote went through the way they wanted it to, and b) knowing that no one can rig the election so that Snoopy wins, Diebold has no economic incentive to add these features.

BTW - for what it's worth, Diebold can't build an ATM machine worth a crap. They were one of the original ATM manufacturers, and thus have great brand-name recognition in the industry. What they build is over-engineered, over-priced, and over-proprietary. Think of the old IBM PCs that cost much more that their clone counterparts, used nothing that was off-the-shelf, and did no more than a cheaper computer. That's Diebold.

Tackhead's question was not answered

[LordNimon]

Tackhead specifically asked, "Who are these people"? I didn't see an answer to that question in the reply.

Re:Tackhead's question was not answered

And the author is what supposed to respond with what? It was clearly a rhetorical question making a jab at any "idiot" who could possibly believe a research like this was unbiased. That's like asking Steven Speilberg who watches his movies. A lot of people... but I doubt he has a running tally of individual names...

I got what I paid for then

[flyinwhitey]

"The fact that Microsoft funded the "study" means that you MUST look at the assumptions and process."

No it doesn't. Examining the study in EXACTLY THE SAME WAY as every other study will reveal its flaws. Nothing else is necessary.

The fact that you think the funder matters means you MUST look up "circumstantial ad hominem", because you used one and don't even know it.

I have no skin in this, but I've always wondered why people like you try so hard to stay ignorant. You're wrong about this, and you're using a common fallacy to suport your opinion.

Instead of insisting you are right, just learn something. It's easier than defending an erroneous position.

Re:I got what I paid for then

[Raffaello]

"The fact that Microsoft funded the "study" means that you MUST look at the assumptions and process."

No it doesn't. Examining the study in EXACTLY THE SAME WAY as every other study will reveal its flaws. Nothing else is necessary.

The fact that you think the funder matters means you MUST look up "circumstantial ad hominem", because you used one and don't even know it.

An argument is only ad hominem if it attacks the person when such an attack is irrelevant to the argument at hand. Such is not the case here because the study criteria where chosen by Dr. Herb. When a researcher is contracted to conduct research by an interested party it is perfectly legitimate to question the motives and objectivity of the researcher when evaluating the research. The fact that MS paid for the study puts the burden of proof of the objectivity of the study criteria on MS's paid researcher, Dr. Herb. The standard is most definitely not that of treating the study as if it were neutral.

When we deal with real people pure logic is not all that is necessary. Dr. Herb has done studies for MS in the past. Do you think he would like to do them in the future? The study criteria did not fall from the sky on stone tablets from God. They were chosen by Dr. Herb. Do you think these criteria may have included some bias, whether conscious or otherwise on the part of Dr. Herb?

Numerous readers have already pointed out that the study criteria chosen by Dr. Herb required some pretty goofy behavior on the part of the Linux sysadmins, specifically, backporting patches and doing a glibc upgrade on a production system rather than simply doing a full OS upgrade. These odd "requirements" alone are enough to call into significant question any claim of research objectivity. I'd say, along with many slashdot readers that Dr. Herb has failed to prove that his study criteria are truly fair.

Re:I got what I paid for then

[flyinwhitey]

I'm going to say one last thing on this, which will shut you and all your ignorant friends up.

If the study is flawed, you wouldn't have to resort to ad hominems. Examining the study using traditional criteria is more than sufficient to gauge its accuracy.

So, why do you insist on being allowed to use fallacies and lazy thinking to make your point, when rigorous examination does a better job?

Re:I got what I paid for then

I tried explaining the same thing to this clown and he just won't get it. Don't waste your time or energy...

Re:I got what I paid for then

Oh Slashdot, the wonderful irony of modding +5 this sequence of statements:

"...you MUST look up "circumstantial ad hominem"

and

"..people like you try so hard to stay ignorant..just learn something"

Look up what 'ad hominem' literally means.

Re:I got what I paid for then

[QMO]

"The fact that Microsoft funded the "study" means that you MUST look at the assumptions and process."

No it doesn't. Examining the study in EXACTLY THE SAME WAY as every other study will reveal its flaws. Nothing else is necessary.

I believe that you are correct that we should examine all studies in the same way (though I hesitate to say exactly).
However, the way you said that implies that we shouln't look at the assumptions and processes of the study. That is one thing we should examine in any studies.

And that's a valid response

[everphilski]

If it turned out that the windows admins had to actually do anything

And that's a completely valid response. If your choice of software allows your admins to do less work, perform less upgrades/migrations/etc. over a given timeframe... that's a good thing.

-everphilski-

Just a small point

[lebski]

But regarding windows patches; You say that windwos patches don't come in alpha or beta but wasn't there a windows patch not so long ago that broke VPN - not so great for corporate users.

Re:sellout in style

[Call+Me+Black+Cloud]

His Linux admins had at least 5 years of enterprise Linux administration with at least 2 years administering SUSE.

Instead of saying "the admins were idiots" why don't you trying saying "the study was right"? You seem to be blindly rejecting anything that doesn't fit your world view.

Why stay on SLES 8?

[TheConfusedOne]

From the study:

Beginning at Milestone 1 however, some upgraded components were out of support from SLES 8 and updates for those components had to be obtained from the package distribution sites. As of Milestone 1, MySQL patches were obtained from the MySQL distribution site and as of milestone 2, glibc and directly related packages were maintained through manually applying SLES 9 patches.

If we look at the history of SuSE then we see Novell's big involvement was in the 9.0 world. Right from the get-go we can see that forcing the administrators to remain on SLES 8 is creating problems that would be considered a show stopper in a regular environment. Especially if you're talking about buying components with their required environments. The fact that you even have the option of applying SLES 9.0 patches to an 8.0 environment is something that you can't do in the Windows world.

What were the "third-party components" installed on the systems? The following dodge "The specific 3rd party vendors are not disclosed
because the focus of the study is the methodology and not a specific component." is complete bull if you're crowing about the repeatability of your experiment. How can the experiment be repeated if we don't know the items? (It would be interesting to know if those components didn't support SLES 8 at the time of their installation.)

Also, why this requirement for the components: "Support on both Windows and Linux" when your environments are obviously not equivalent (IIS/ASP versus LAMP instead of J2EE)?

Re:Why stay on SLES 8?

I would say that if the "milestone 2" 3rd party component required a GLIBC upgrade then it _definitely_ did not support SLES8. This was mentioned previously:

http://slashdot.org/comments.pl?sid=169039&cid=140 96181

I'd like to see this study repeated without the constraints of specific applications or Linux distros / versions. Then let's see the real ability of Linux vs. Windows to "meet business requirements" about which the present study purports to provide insight.

Re:Why stay on SLES 8?

[Master+of+Transhuman]

Excellent request. Right on the nose concerning the MAIN issue: choice and flexibility.

However, while I wouldn't be surprised if the study ended up favoring Linix in that situation, it still wouldn't prove anything either way, since the environments are still so different that it would still be comparing apples and oranges. That's the REAL problem with this study and any others like it.

The only studies that can contribute to our knowledge would be studies of mixed Windows-Linux environments, and more so, studies of companies that HAVE switched from Windows to Linux and have measured their before and after costs and benefits. And even then, we would have to question the results applicability to any SPECIFIC company contemplating the change.

We should also remember that, even though I believe Linux and OSS in general are better than proprietary software, it is likely that the overall problems in the IT industry makes the difference a matter of a small percentage improvement rather than multiple factors, let alone orders of magnitude, of difference, i.e., Linux might be "twenty percent better" (whatever that twenty percent means) rather than two hundred percent better.

We need better hardware and software design and development and IT admin practices - but we're more likely to get them from open source methods than proprietary methods.

I see the problem now...

[benjamindees]

[At best, your study seems to show that the GNU/Linux distribution you selected was not particularly good at this task. But why does that show that the ``monolithic" style of Windows is better per se than the ``modular" style of GNU/Linux distributions?]

That pretty much sums up the entire study. This isn't really a test of Windows versus Linux, but a test of "modular" operating systems versus "monolithic" operating systems. And, unfortunately, the study didn't even do a good job of testing that.

Linux happens to include several distributions, some more "monolithic" than "modular". Unsuprisingly, the "monolithic" versions are usually those used by "enterprises", such as RedHat and SuSE. The "modular" operating systems, such as Debian, are almost universally ignored by businesses, though you will find IT personnel swear by them. There are Linux distributions that adhere to the Unix philosophy, and there are those that try to emulate Windows and Apple in the name of "ease of use". Hell, even some of SCO's products are more "modular" than commercial Linux distributions.

By requiring "enterprise" sysadmins and a Linux distro that is geared towards "enterprises", the study preselected a Linux competitor with which Windows can easily compete: admins (probably used to using Windows) using Linux distros that attempt to emulate Microsoft's "monolithic" operating system. By virtue of the fact that Microsoft has been building "monolithic" operating systems for at least a decade longer than any of these Linux companies even existed, that the vast majority of Linux components are designed to be used instead in a "modular" fashion, and that most "enterprises" wouldn't know proper system administration from their own asses, anyone can see that this test is designed to fail.

I've spent the last one and a half years doing this exact same study. Guess what I found? You can't treat "monolithic" operating systems, RedHat, Fedora, SuSE, Windows, as though they were "modular". Though doing so is easier with Linux, it's not recommended, and distro makers such as RedHat explicitly warn against doing so. Any IT guy learns this lesson about six months into his career. You either find a truly "modular" OS, such as Debian, or a good Unix, or you very carefully buy products made only by Microsoft or by companies joined at the hip with Microsoft. That is, if you choose modularity, you choose Unix. If you choose out-of-the-box integration, you choose Apple or try to navigate the Microsoft "ecosystem", and you pay monopoly rents for doing so. The people who choose RedHat and SuSE, and expect it to be Windows at this stage, are kidding themselves.

The real headline should be: "Linux admins tasked with using Linux in the same retarded-ass way as Windows, fail." Which should be no suprise.

But the important thing to take out of this is that it is neither technical necessity nor user requirements that make operating systems less "modular", and thus less flexible, less powerful, and ultimately less valuable. It is the commercial requirements of the operating system manufacturers themselves. It is the fact that the OS is commercial that makes it difficult to upgrade, impossible to integrate, and expensive to maintain. The evolution of commercial Linux distributions towards the "monolithic" model of Microsoft, and the concomitant decline in their quality, has proved this beyond a shadow of a doubt. At most, this study only serves to highlight what any competent Linux admin already knew.

Re:I see the problem now...

[PCM2]

Linux happens to include several distributions, some more "monolithic" than "modular". Unsuprisingly, the "monolithic" versions are usually those used by "enterprises", such as RedHat and SuSE. The "modular" operating systems, such as Debian, are almost universally ignored by businesses, though you will find IT personnel swear by them.

This is not a prelude to a flame; I seriously would like to know how you define "modular" vs. "monolithic" in this context. What makes a Red Hat OS inherently less modular than Debian? And do you count Debian-derived distros like Ubuntu or Mepis in that category? I may or may not agree with you, I just want to know the terms you're dealing with here.

Re:I see the problem now...

[benjamindees]

Well, I didn't really define it. I just repeated it. But I assume it has the general meaning you would expect. A "monolithic" operating system is highly integrated, with irreplaceable components. A "modular" OS would be more flexible, have multiple, interchangeable options for major components. In a "modular" OS, components can be removed without causing adverse effects, yet the lack of standards can make setup and use more difficult. A "monolithic" OS has many standard components higher up the application stack, which have numerous cross-requirements, such that, for instance, removing a spellchecker might cause your e-mail client to fail.

"Monolithic" operating systems are usually easy to setup, impossible to upgrade, and can be supported by a small group of programmers apart from the environment in which they are used, along with relatively incapable administrators willing to perform mindless, repetitive tasks, perfect for a commercial OS. "Modular" systems are more difficult to setup initially, easier to upgrade (especially incrementally), and require (and enable) a more cohesive inteface between those who create the OS and those who use it, perfect for capable sysadmins, and Open Source Software.

A good example of each would be something like Debian versus something like OSX. Debian, as a "modular" OS, packages almost every OSS program out there, yet sets very few defaults. OSX, on the other hand, comes out-of-the-box with a full set of default programs and relatively little support for integration of 3rd party applications. Or you can think something like Windows 3.1 with 3rd party browsers, versus Windows 95 with Internet Explorer, or, in a more general sense, KDE versus a lightweight DE like blackbox.

What specific features contribute to a "modular" OS? I'd like to say things like robust, version and upgrade-aware package management. Obviously, a compiler and development tools and the ability of admins to modify the OS, which are lacking in proprietary commercial software, limited in some commercial Linux distributions (such as Linspire), and difficult or discouraged in others, such as Fedora. Or, lacking source availability, a robust community of interoperable, 3rd party software, and a generally application-neutral OS design. All of these requirements, to a certain extent, also necessitate a long development and support lifecycle.

But, in reality, those things are just symptoms of a much deeper cause. The actual, driving force behind modular operating systems is the concept of the "programmer-admin". A "programmer-admin", while perhaps not a full time programmer, is at least capable of diagnosing complex problems and submitting patches and valuable bug reports to upstream sources. Consequently, the "programmer-admin" doesn't spend much time further up the application stack, such as tasks like helping users write reports and general end-user training. The main task of the "programmer-admin" is to maintain and incrementally improve the functionality of the OS. As such, she must be capable of playing an integral role in the development process. Depending on the size of the userbase and IT staff, the "programmer-admin" may even specialize on a specific part of the OS, or ignore userland applications entirely.

However, this study, and many "enterprises", expressly forbid admins from programming. Using commercial, "monolithic" operating systems, most sysadmins are too busy trying to integrate 3rd party components and performing upgrades to be able to make real contributions to an OS, which will most likely render any improvements worthless at the next upgrade. The result is that admins perform a variety of incidental tasks, from minor upgrades to purchasing to user training, mostly nothing special or requiring extensive skills or ability, instead of truly beneficial, long-lasting work. Unless the client is large enough to garner special attention from the OS vendor, the OS is written by programmers who have little contact with end-users, and important functiona

Re:I see the problem now...

[timbo234]

You haven't really stated what specifically makes Debian any more 'modular' than SLES or RHEL or any other distro. Debian is very similar to RHEL - long release cycle, often older packages but with heavily backported patches and a binary software distribution system (dpkg/apt is equivalent to rpm/yum or rpm/up2date). I don't see how Debian is more modular, I mean could you have easily upgraded the glib in Debain - easier than in SLES or RHEL.

Why don't you go fuck yourself

And get off that high horse you're sitting on and stop telling "us slashbots" what YOU think we should say.

On any public forum there's going to be noise and if you can't deal with that, and learn to sift through it then perhaps this isn't the place for you, hmm? -we don't want you here-

Re:Why don't you go fuck yourself

[flyinwhitey]

"And get off that high horse you're sitting on and stop telling "us slashbots" what YOU think we should say.

On any public forum there's going to be noise and if you can't deal with that, and learn to sift through it then perhaps this isn't the place for you, hmm? -we don't want you here-"

More exciting commentary from the "shut up because you disagree with us" crowd.

Why do people struggle so much against enlightenment? Why do you try so hard to remain ignorant?

Re:Why don't you go fuck yourself

[cbreaker]

Ohh, not even. It's not a question of disagreeing with you, it's a question of you purposefully attacking the community which you're saying this kind of generalist, elitist crap to.

You start your post with ignorant flames at the entire slashdot community, and end with whatever it was you were trying to say. If you actually tried cutting out the bullshit and just getting to the point, you'd get a much better response.

Your post is pantomime to saying "A) All your fuckers suck dick. B) Global Warming. Now, please comment on point B only, and if you don't ignore point A, I'll call you ignorant."

Go on living in your own world.. must be nice.

Re:Why don't you go fuck yourself

[flyinwhitey]

Thank you for making my point for me. Also this

"Your post is pantomime to saying..."

is just too damned funny. I believe you meant "tantmount", because "pantomime" means something else.

"pantomime

      1. Communication by means of gesture and facial expression: Some tourists make themselves understood abroad by pantomime.
      2.
                  1. The telling of a story without words, by means of bodily movements, gestures, and facial expressions.
                  2. A play, dance, or other theatrical performance characterized by such wordless storytelling.
                  3. An ancient Roman theatrical performance in which one actor played all the parts by means of gesture and movement, accompanied by a narrative chorus.
                  4. A player in such a performance.
      3. A traditional British Christmas entertainment for children, usually based on nursery tales and featuring stock characters in costume who sing, dance, and perform skits."

No surprise really, but very funny nonetheless.

PS I'm pantomiming what you can do with your opinion right now.

Re:Why don't you go fuck yourself

There is nothing fallacious about being wary of Microsoft-funded studies, it's merely the side-effect of Microsoft crying wolf. A man beats his wife for years, and then his wife comes in and tells you that he just beat her again. Well, maybe he did and maybe he didn't, but being aware of his habitual abuse you might be more inclined to believe her and become involved. If instead the woman had a history of ramming her head into her dresser and falsely accusing her husband of beating her, then perhaps you'll be less inclined to believe her this time and tell her to be on her way.

In neither case do you know, a priori, whether the person is being truthful or not. That can only be satisfied with incontrovertible evidence from investigation. However you can make an inference with whatever degree of certainty as to whether to act on face-value or to spend the necessary resources to investigate the claims made. In the case of Microsoft, the sample size of propaganda is certainly more statistically relevant than the sample sizes used in such studies. If you really want to know with some certainty if the results of a study are significant and repeatable, then only considering methodology and reproducing the results will suffice. Most people don't have the resources to do this for every single study, and may be content to accept studies from reputable sources without further investigation until another party invalidates them, and only take an interest in those which are from people known to lie. Whether they have the resources to perform the necessary experiment will determine if they just dismiss it as nonsense until it is verified by another party, or perform the experiment themselves.

You clearly demonstrate that you perform the exact same actions.

Re:Why don't you go fuck yourself

[flyinwhitey]

"There is nothing fallacious about being wary of Microsoft-funded studies,"

You mean apart from being the definition of a circumstantial ad hominem? Like this?

"A Circumstantial ad Hominem is a fallacy in which one attempts to attack a claim by asserting that the person making the claim is making it simply out of self interest. In some cases, this fallacy involves substituting an attack on a person's circumstances (such as the person's religion, political affiliation, ethnic background, etc.). The fallacy has the following forms:

      1. Person A makes claim X.
      2. Person B asserts that A makes claim X because it is in A's interest to claim X.
      3. Therefore claim X is false.

      1. Person A makes claim X.
      2. Person B makes an attack on A's circumstances.
      3. Therefore X is false.

A Circumstantial ad Hominem is a fallacy because a person's interests and circumstances have no bearing on the truth or falsity of the claim being made. While a person's interests will provide them with motives to support certain claims, the claims stand or fall on their own. It is also the case that a person's circumstances (religion, political affiliation, etc.) do not affect the truth or falsity of the claim. This is made quite clear by the following example: "Bill claims that 1+1=2. But he is a Republican, so his claim is false."

So it is a fallacy. Now produce something that shows otherwise, specifically something other than a post from an AC troll shouting "nuh uh" over and over.

And don't argue by analogy. They're inaccurate, and fail to capture nuance.

Re:Why don't you go fuck yourself

Man, that other AC hit the nail on the head: You are a whiny little bitch.

Re:Why don't you go fuck yourself

[Infonaut]

On any public forum there's going to be noise...

... said the AC.

Re:Why don't you go fuck yourself

Nice ignoratio elenchi. Could it be more clear to you that you didn't read the comment you replied to?

Nowhere is there any claim that the truth of the study may be deduced from empiricism. It has absolutely nothing to do with classical logic, but rather is a matter of rational action.

If you can't read then don't reply. You should also learn the difference between an argument and an example.

Re:Why don't you go fuck yourself

Ahh, the sign of someone that has no arguement - which was what, exactly?

If you're going to correct someone's use of a word you could at least spell it right.

Dipshit.

Re:Why don't you go fuck yourself

For the kids at home:

The results of a study such as this cannot be proven to be valid using any deductive system, formal or informal, without taking as axioms many things people will find objectionable because they have no basis in reality. This study like any scientific experiment is subject to analysis by empiricism. You cannot prove that the results are true. You can present data by descriptive statistics with somewhat limited utility. You can also utilize inferential statistics to express results with some confidence levels. The results of such proesses are sensitive to sampling and the methodology used for conducting the experiment. Assessing the methodologies utilized for failings is the first step. What are the variables? What is the sample size? Is the sample biased? Are all of the variables present taken into account within the inferences? Such experiments should also be repeated, because the utility of empiricism lies in the ability to obtain reproducible results.

When you decide to apply these results to your models/projections what you are engaging in is inductive reasoning, or informal (probably) inductive logic if you will. You are taking as a premises the various results of the experiment and making probabilistic arguments and reaching probabilistic conclusions. When you compare your predictions with your data later, you can again compile descriptive statistics. You may or may not make confident inferences from these results depending on the methodology which you've utilized and your intentions.

Similarly you cannot state a priori that the results of the study are incorrect merely because they are funded by Microsoft. However you can use inferential reasoning to say that they are probably not representative results. Unless you bother to do the actual statistics you have no defined confidence that your inference is correct, but your inference is not necessarily irrational. You have not disproven anything of the conclusions in the study, but that isn't your intent. Your inference takes as premises a relationship between publishing previously useless studies and the likelihood of publishing useless studies in the future, and concludes that Microsoft is probably providing a useless study. You are not asserting either truth or falsehood, you are suggesting a probability and one that derives from related evidence.

Re:Why don't you go fuck yourself

[flyinwhitey]

You forgot the most important part, which is "... however, all of this hoop jumping is unnecessary, because there are established criteria for determing the credibility of studies such as this. Those standards are far more effective than any other known method, so whenever possible, use them first."

Re:Why don't you go fuck yourself

The point is that your comment is stupid. There is no hoop jumping involved at all for the people whose reasoning is adequately described there. The body of that text is to provide for readers a basic understanding of scientific reasoning, since that appears to be lacking. The point is, most people aren't going to even bother reading such a study, and I've just presented to you why. If you cannot honestly tell the difference between "this study is wrong because Microsoft paid for it," and "this study is probably not accurate because Microsoft has a history of promoting useless studies" then I suggest that you stare at them until you do.

They might bother to even read such studies when someone other than Microsoft is responsible for them financially or otherwise. Or not. Who knows. Your babble is nothing but invective against a mass of people, that mischaracterizes their reasoning and highlights your freshman Philosophy class level expertise in logic.

Oh, and provide sources for the effectiveness of determining the credibility of information from a subject. I would had so much for you to have expectations for the quintessential Slashbot you can't live up to yourself.

Re:Why don't you go fuck yourself

[spitzak]

These AC posts are probably fake, from people trying to reinforce the idea that the "slashbots" are all immature. Wonder who would be interested in doing that?

Real "slashbots" tend to not use the AC account, no matter how stupid the thing they say, and tend not to use profanity, because they think they are being adult even if they are not. Everybody should ignore any AC posts like this, it's obviously a marketing campaign.

Re:Your conclusions fly in the face of my experien

[Call+Me+Black+Cloud]

Dr. Herb Thompson talks a good story but it isn't supported by my first hand experiences - Why is that?

Maybe your first hand experience wasn't in a reasonably controlled environment. Maybe your bias will only allow you to see things one way.

Sorry Herb but your study is nothing more than a carefully crafted FUD attack on a superior product.

"Linux is better because I think so" is hardly a refutation. Why don't you point out the flaws in the study?

Most Valuable Professional?

[spejsklark]

FFE4: What kind of credibility do you think you have, being a Microsoft MVP?

Re:Most Valuable Professional?

[zootm]

Exactly the credibility that he had before with right-thinking people who don't like Microsoft, and more with people who do like Microsoft and hadn't previously heard of him?

Are You From Around Here?

[Petersko]

So how about, instead of relying on old prejudices, we instad attempt to actually examine the research and gauge it on it's own merits.

Oh hush. Why go against everything Slashdot stands for?

Admit it! You're working for Microsoft!

Now that I've accused you, I await a +5 Insightful mod, and the inevitable pats on the back.

Re:Are You From Around Here?

[flyinwhitey]

As a reply, I'll have you take a look at the "troll" moderation I received.

Re:Are You From Around Here?

[Serveert]

Actually the studied has been poo poo'ed on slashdot, just read the replies to the author and notice how the author is avoiding answering questions raised.

Re:Integrated VCR DVD story is insightful

[steveness]

Why are you trying to watch TV in my house? Get yer stinkin' hands off my remotes! :)

Re:Integrated VCR DVD story is insightful

[drinkypoo]

A used visor handheld with an omniremote module will be less than $250, and you can use it for other stuff, too. OmniREMOTE lets you create your own buttons and layouts. (ObDisclaimer: Omniremote is the product of a friend of mine; I have used it lots.)

Jumping to conclusions?

[arevos]

The problems the study reported with Linux appear to all due to an incompatable unnamed 3rd party software package. Surely then, all this study can conclude is that the 3rd party software used was incompatable with SLES? And if not, why not?

Complete retards...

[benjamindees]

They upgraded glibc? On SuSE? These "admins" aren't qualified to administer their home computers, let alone anything important.

All Native Americans walk in single file

[Petersko]

At least the one I saw did.

Re:Riiiiiight

[Chr0nik]

they'd be toll roads up to your driveway.

Like, uh.. large parts of the east coast? Please don't take this as a flame, because it's not, just an observation.

All due respect, but, like most folks who've taken a few short looks at libertarianism, and spend the rest of the energy they relegate to political thought on the intricacies of the spectacle being put on for us by the Democrats and Republicans, you don't seem to have full understanding of the libertarian perspective.

What you've posted is kind of an over simplification of Libertarian values. Libertarians aren't completely anti-govt. That would be Anarchism.
They just believe the govt. should stick with what the govt. does best. Fight our wars, and deliver our mail. I don't know a single libertarian that has a problem with road developement, however, most, like myself probably think that's a job more suited to the states, than the federal government. As are most issues they tend to stick their noses in. For example, if a few states want to legalize marijuana for medical purposes, what business is it of uncle sams? Why do they feel a need to remind people that it doesn't protect them from federal laws?

I agree the original poster's comments about him looking like a raving lunatic, however (even though he may not be). People with lazy eyes shouldn't pose for pictures with guns.

Followup question

[cavemanf16]

From one of the answers to a question:

"All of our studies are written as if they will be released publicly BUT it is up to the sponsor if the study is publicly released. The vendor knows that they're taking a risk. They pay for the research either way but only have control over whether it is published, not over content. So if their intent is to use it as an outward facing piece, they may end up with something they don't like. Either way, I think it's of high value to them. If there are aspects of the results that favor the sponsor's product, in my experience, it goes to the marketing department and gets released publicly; if it favors the competitors product it goes off to the engineering folks as a tool to understand their product, their competitor's product, and the problem more clearly. Either way, we maintain complete editorial control over the study and there is no financial incentive for us if it becomes a public study or is used as an internal market analysis piece. The methodology has to be as objective as possible to be of any real value in either case."

But isn't this part of the problem with vendor-funded studies? (Maybe it's THE problem)

This WOULD be fine if it were just science for the advance of knowledge, but in the case of studies of *products* somebody somewhere is looking to use the information to make a product purchasing decision, or to promote a new product. In other words, someone is looking to either save money or make money using the results of the study. But those two goals conflict. For the purchaser, they would like to know both the pros and the cons of all studies involving that product. For the seller, they want to know both the pros and cons of their product, but only want their consumers to know the pros, and minimize the cons as much as possible. Both of these positions make complete sense... except for the group conducting the study. You have two different types of customers that you are trying to satisfy with these studies, but only one group is paying you to do the study - the seller. Hence, the results ARE skewed in favor of the organization purchasing the study, because they maintain control over whether the study gets released to the purchasers of that seller's products or not.

In this case, Microsoft has a win-win proposition, whereas for the rest of us, the purchasers, it's a win-lose proposition. Only if the study is positive for Microsoft will we be given more information necessary to help us save money. But if it's a study that puts Microsoft in a bad light, we lose because we don't get to see such information to make a purchasing decision, and may therefore make an incorrect decision.

I'm still skeptical that these "industry supported" studies are fully worthwhile to us, the purchasers.

Re:Followup question

Well it works either way.

If the study points out disadvantages of Microsoft, it gets sent to the people that will fix the problem, Microsoft's internal developers.

If the study points out disadvantages of Linux, it gets sent to the people that will fix the problem, the public.

Re:Very detailed

How is a comment on the length of an article considered offtopic? I agree with the parent post.

Multiple studies

[hey]

I bet Microsoft (who is loaded) commissioned multiple studies with somewhat credible people. Eg different time periods, different assumptions, etc. Some will favour Windows and some Linux. They just don't release the Linux-friend ones and voila, a Window-friendly study by a credible guy.

Freeze! Spelling police here...

the bank is going to figure out that they're loosing money

Are loose ATMs like loose slots?

Mod parent up!

[absinthminded64]

This is specifically what I was looking for too and it isn't too surprising that it goes unanswered. The original thread was the clearest attempt at skewing the results that I could identify.

I wasn't trying to find the proverbial 'brick in the gears' but sore thumbs do make themselves rather apparent.

Re:Very detailed

A geek asking for less information? Please turn in your card at the next stop.

Patch Delivery

[jofi]

Simple one: of course I accept that Windows and Linux are a priori equally vulnerable - C programmers make mistakes. The question is which model is most likely to deliver a fix fastest.

Dr. Thompson

Businesses demanded that Microsoft set a schedule when releasing patches. So now everyone using Windows has to wait until the second Tuesday of each month to get the latest patches. So yeah, I agree Linux et al may be faster, not because many people are hacking at the code, but because businesses made these demands with their wallets to purposely slow Microsoft. If someone discovers a new vulnerability after that Tuesday, we still blame Microsoft even though they were listening to their customers. It should be the customer's (some company) fault.

Re:Patch Delivery

[Master+of+Transhuman]

Uhm, not exactly.

Business may have demanded this, but it was because the daily flurry of Microsoft vulnerabilities made patching a nightmare.

So business wanted a schedule - ANY kind of schedule.

Also, whether a new vulnerability is discovered after tha patch release date is irrelevant. Microsoft is criticized for having the vulnerability, not because they don't patch it until the next scheduled patch date. They are also criticized for having vulnerabilities go unpatched for multiple months - which is also a commentary on the doctor's "blessed Microsoft patch" comment. They are also criticized for having more critical vulnerabilities than OSS generally does. They are also criticized for having a monolithic structure that makes patching more problematic than in a Linux system - another point related to the study, since it was a proprietary system that made the patching in the study necessary, and which also relates to how long it takes Microsoft to issue a patch - because their vulnerabilities frequently affect large swaths of the (monolithic) system and so it's harder for them to patch safely - as the number of times their patches break stuff proves.

You can't blame the business community for anything other than exposing themselves to more Windows vulnerabilities by demanding a patch schedule - all the rest of the blame falls squarely on Microsoft.

thats because the questions were softcore

[gentimjs]

slashdot didnt exactly put his "feet to the fire" with all the nasty questions about conflicts of interest, potential NDAs about the funding/details, oversight, or any of the other real issues where the source of the funding (seemingly the only reason this research even got any attention here) would have been a serious problem...

Re:Your conclusions fly in the face of my experien

[SubDude]

>Maybe your first hand experience wasn't in a reasonably controlled environment.Maybe your bias will only allow you to see things one way.Why don't you point out the flaws in the study?

The flaws in the study? How can I? I have not heard from the supposed 'experienced Linux Admins'. I don't know what proprietary products were deployed. I have no idea why Suse 8.0 was selected (not my first or second choice, by the way).

The study was funded and conducted for the sole purpose of finding a favorable result for Microsoft and that is exactly what it did. How can I possibley find fault with it when it did exactly what it was supposed to do.

I am getting tired of this game, aren't you?

Dude

Upgrading glibc is akin to...

[Svartalf]

...upgrading something like kernel.dll under NT4, 2000, XP, etc. It's not something lightly undertaken on a running machine- especially a production machine. Typically, when something of that magnitude needs an update, it's a full system upgrade- doesn't matter if it's Windows, etc. What makes the author of the report think that this was even remotely a fair comparison in question.

And I'll be honest, I find it fishy to say the least that he seemed to need that specific version of glibc; pretty much all vendors that are in the FOSS world try to track deprecated interfaces, avoid making calls to "broken" apis on the machines in question, etc. Even with a security flaw present, unless the glibc actually is the root cause, they will go out of their way to code around problems in most cases instead of mandating a glibc update for customers- it's that big a deal. Better yet, it seems that the official version updates from SuSE DID address all of this, including dealing with a fix to glibc that changed the revision number. If it's on SuSE's update sets, it's been pretty much vetted unless you change something fundamental, like glibc, at which time, all bets are off- it'd be the same way with Windows if you figured out how to accomplish a swap out of kernel.dll, or similar. Currently, for all distributions in main use except for Slackware, a system of handling all dependency relationships and obtaining all the official updates, etc. online. This is a KNOWN feature of all those distributions, whether you're talking Yast, urpmi, apt-get, yum, up-2-date, etc. Given that this is the case, not a single admin that actually knows what he's doing would have ever done what you describe in the draft 13 version of the paper on page 31, where you list things like admins doing by-hand updates of glibc, etc. That's "where Angels fear to tread" territory and would only be attempted by people that either roll custom distributions for embedded use or similar (Myself, for example...)- which would not be your typical sysadmin and they'd not be doing something like that with a production or pre-production server because they know better. And this is just one of numerous flaws with the whole study. I'll try to get to more later.

While I won't label you as a shill for Microsoft (partly because you're brave enough to face the gauntlet on this site...), I will question your ability to frame in adequate tests that actually test something- because you failed to do anything useful here except give Microsoft precisely what they were looking for. The work you did as presented to the whole world is hopelessly flawed in a manner not unlike what Mindcraft did for Microsoft a while back. I'd not consider your firm a reliable source of input or information at this point- while I was going to use one of your other papers that was provided online for a reference item in one of the white papers I am working on for my company, I must now largely discard this and find other sources for the information as everything you've produced is suspect because of the egregious flaws in the paper we're discussing.

Re:Upgrading glibc is akin to...

[jacklexbox]

I agree with your point about the difficulty of upgrading the kernel compared to upgrading a Windows Kernel (ie. impossible). As for the article being fair to Windows, what did the Windows admins have to do?

That said, on the Windows side, it turned out that no upgrades of IIS were needed (except for patches) and SQL Server was upgraded to SP4 as part of patch application.

WOW! That's EASILY as hard as upgrading a whole linux system. In fact, that kind of Windows updates are the kinds I don't even go to the clients location to do, even the most computer "stupid" person can be told easily to click on "Windows Update" and to answer 'YES' to everylittle popup, and then click Install all Updates. So yes, the linux admins had a hard job to do, but for the sake of being fair, the Windows admins didn't have a hard job, so that alone is biased.

Re:Upgrading glibc is akin to...

[Whyzzi]

Agreed. I also disagree on the point where company patches aren't beta or thouroughly tested: Case & Point, Windows Server 2003 Service Pack One.

http://support.microsoft.com/default.aspx?scid=898 060

This fixes and issue with 2003 SP1 (Being the idiot I am I downloaded and installed SP1 and put it on a production machine - because if you don't you leave yourself open) where specific setups revealed a bug in the tcpip.sys driver. I was on the unfortunate end of that suckah, before they had the fix available for download from the website (you had to call M$ support and M$ would send the fix by email). I argued with our vendor who supplied the database for two weeks:

Me: It ain't corperate firewall. It ain't the server's firewall. I can't access the database, but I can ping ip of the database server. When I reboot the database is accessible again. Wtf is wrong? It almost points out a bug in Windows' TCP/IP.
Vendor: Dunno. Lets capture packets.
Me: Okay. Here's the log. Now, tell me, WTF is wrong?
Vendor: Interesting. We don't know what it is, but not our problem. The database isn't causing it.
Me: To heck with you. I'm following what I learned from this knowledge base article from a completely different resource.

Viola. All fixed. Do not ever claim that all patches from vendors are polished fixes.

Re:Upgrading glibc is akin to...

[ray-auch]

So yes, the linux admins had a hard job to do, but for the sake of being fair, the Windows admins didn't have a hard job, so that alone is biased.

It might be biased if you were comparing admin skills, or even the skills required for common admin operations, - but that isn't the point here.

The fact that the windows admins had an easier job of meeting the same business requirements is the conclusion, not the setup.

Change the business requirements for the test, and quite probably you'll get a different result - but for these particular requirements, windows was easier. MS would have us believe that this means that windows admins typically have an easier job [=lower admin costs], but the study doesn't show that. The author repeatedly points out that you should study your own situation and your own business requirements.

Re:Upgrading glibc is akin to...

[slashdotmsiriv]

Thompson says: "That said, on the Windows side, it turned out that no upgrades of IIS were needed (except for patches) and SQL Server was upgraded to SP4 as part of patch application."

So, during their study, windows-based systems did not need to upgrade anything more than the SQL server. However, linux-based systems required upgrading glibc.

They study the overall maintenance cost of a windows vs linux configuration, during a certain period of time, under their specific business requirements. And in their study, for windows the cost includes only updating the SQL server while in linux much more.
This fact by itself, proves their point (according to the study) that linux maintenance is more cumbersome.

How difficult is replacing "kernel.dll" is irrelevant. A conclusion you can derive from their study is that one of the reasons windows is easier to manage is because "kernel.dll" is not usually included in the regular updates an admin must make.

I have not rigorously analyzed their study, so I don't know whether their assumptions on maintenance requirements are valid. Yet we need to set facts straight and emphasize that the study does not compare how difficult updating system dll's vs linux libraries but on what was in overall the windows load on the administrators over the period of their evaluation.

Re:Upgrading glibc is akin to...

[IamTheRealMike]

Go read up on the versioning scheme glibc uses - it's unique and defies both logic and common sense.

Basically, and this is coming from somebody who has a lot of experience of dealing with binary software on Linux:

• Yes, it's entirely believable that a glibc upgrade was required, because when you compile a program that binary is usually locked to the version of glibc it was compiled with. Newer versions are OK, older versions aren't.
• This locking process is automatic and independent of what the source code actually does. Most of the time the developer isn't even aware it's happened.
• RPM understands it and will refuse to let you install a binary that requires a newer glibc, even though recompiling the software would allow it to be installed on your existing system just fine.
• There is typically zero benefit to be had from this scheme, it's a badly thought out backwards compatibility system, and systems designed explicitly with binary distribution in mind like autopackage work around it automatically.

We can blame the admins, or the people who set the conditions of the test, or whatever, but the real problem is that Linux is crap at handling binaries. It requires an extremely precise knowledge of a million things that don't actually matter.

Re:Upgrading glibc is akin to...

[Svartalf]

Defys logic and common sense? Only if you're thinking APIs, which glibc isn't just that...

If you compile and link cleanly against a given version of glibc, you've built against an interface to the whole system for a given version of the system. If you're working an ABI layer (not an API, which has different thinking involved- which may be where you think it defys logic and reason...) you don't want an application trying to use an older ABI interface because it might try to run against features NOT present in the ABI at the time of the application build. In this case, glibc is an API AND an ABI- so you pretty much need the versioning/locking scheme glibc uses for things. RPM blocks, yes, but if you've got source code, you can rpmbuild the package to map to the older glibc (so long as the app doesn't attempt to use anything from the newer glibc- which would be unworkable anyhow...).

It's problematic, yes. Defys logic and reason, no. If they had the same thing consistent on C++, there'd be a lot less issues with dynamic objects, etc. and it'd be easier to consistently build applications that span multiple revisions of a given distribution(s)- so long as you adhered to the rules. Besides, you really, really don't want to use code that hasn't been vetted against the oldest version of the ABI it's intended to be ran against ANYHOW. The fact that Autopackage "works around it" is irrelevent, really- you shouldn't really be "working around it" in the first place. Better yet, Autopackage, as it currently exists, only helps out with someone making packages for x86 ON x86 machines and doesn't cope with a lot of the things one might encounter doing cross-compilation, AMD64 execution, etc. I know, I've recently tried to utilize some of their tech, currently it doesn't play nice in a cross-compile environment because it doesn't know how to cope with it. It doesn't really work nicely with AMD64 setups either- all the Autopackages I've tried to install on my Athlon64 machines kind of don't install; but a 32-bit version, copied from a 32-bit machine that had the selfsame package installed on, it works as intended.

Autopackage is nice, but it's not for all solution sets, nor does it fix all the problems for even desktop deployment like you make it out to do here. It's a dramatic improvement with things, but it's not the silver bullet for all these problems that you make it out to be.

Microsoft-Sponsored Studies...

Only the guilty need to speak up!!!

So Google has been doing it wrong all this time

Those idiots :)

How Much Did Microsoft Know?

[Deinesh]

Did Microsoft pony up the money for your study after examining the methodologies and metrics you used?

How much did they know before the study was completed?

How much did they know about the study before you released the results publicly?

Did you receive all your funding in one shot or did Microsoft release funds in tranches based on certain milestones?

If you had to make periodic reports to Microsoft to continue the funding, did those reports contain any Data or preliminary conclusions?

Do you know of any other people researching TCO issues that had their funding pulled or denied by Microsoft?

Sorry about the tough questions, but based on your initial replies, I don't think you will have a problem answering them.

Thanks.

deinesh.

Re:How Much Did Microsoft Know?

Shut up Apu

Re:Riiiiiight

[benjamindees]

Because you are a sheep-person. ESR tends to be a bit, umm, over-the-top. Dumb animals interpret passionate communication as a threat.

Dr. Thompson, however, communicates in a calm, soothing manner. He exudes compassion and empathy. This communication style places you at ease, and lowers your natural adversion to foreign objects and ideas. By communicating in a manner that lowers your stress level, he enables your higher functions (what little there seem to be) a chance to absorb his ideas.

So, at a basic level, whenever you see something that you don't quite understand, which, for you, could be a lot of things, you try to interpret it based on the manner of communication, rather than what was actually communicated. This post, for instance, tends to cast you in a rather dim light. You will interpret it as threatening. If, on the other hand, I had written something like "I understand your concern," or "I see what you're asking," instead of "you are a sheep-person," you would have taken the time to understand what it is I'm saying.

Re:Very detailed

[Jerry+Coffin]

Anyone got the cliff notes version of the responses?

Note: I've attempted to be fair to the original questions and responses, but my opinion may have affected how I've summarized things. If so, I apologize.

1) What were the assumptions?

a) one year transition from basic purchasing site to personalized portal.
b) administrators free to adminster systems as needed.
c) systems kept up-to-date wrt patches and such.
d) no in-house software development.
e) same requirements/acceptance tests for all platforms.
f) attempted similar level of experience in admininstrators.

2) does publishing studies like this help or hurt credibility?

That mostly depends on how well you do the study.

3) Why did you force the Linux side to do so much more work?

We set the same requirements for both sides. The whole point of the study was to how much work each would have to do to meet those requirements.

4) Did you pick the metrics, or did Microsoft?

We did.

5) Why does Diebold make good ATMs but lousy voting machines?
Did your flame resistant suit include a matching tinfoil hat?

ATMs are constantly audited and nobody will settle for one that doesn't work extremely dependably. Voting machines are hardly audited at all, so people often don't even know whether it's worked right.

I didn't get a tinfoil hat -- the manufacturer is apparently still filling backorders from SCO.

6) Why did you require 4-5 years experience for Windows but only 3-4 for Linux?

That was a typo. Both had 4-5 years experience.

7) You only tested three administrators on one Linux distro. How does that really mean anything about the situation in general?

It doesn't give a final answer, but it does at least give some indication, especially since the Linux distro in question is fairly typical.

8) Is it good that vendors seem to be taking more control over what happens on my machine?

For ignorant users it's good. For sufficiently experienced users, BSD is good -- but any more, even a lot of programmers are basically ignorant, at least when it comes to security.

9) Which model has better security, especially fewer attacks and faster patches?

A problem in Linux will usually have some patch faster, but a patch that's been verified to fix the problem without side-effects will usually be considerably slower, just like on Windows.

Windows is obviously attacked more, but that's probably at least partly because it's a bigger target, and attackers realize that it's often adminstered poorly as well.

10) Is it good that OS vendors keep bundling more and more into the OS, or would it be better to just keep it a basic OS?

It depends on the user. Ideally, the user could configure exactly how much he needs/wants without compromising integration, ease of use, etc., but that isn't really available, so you have to pick what you value more and go with it. Personally I have stripped-down Redhat on my fileserver, XP on my laptop, and Windows Server 2003 on my desktop, (with virtual machines to run everything else under it).

--
The universe is a figment of its own imagination.

Re:Riiiiiight

Libertarianism is the most misunderstood political party in the world. Mainly by Democrats because all they understand is more taxes, more government. So, when they hear of the founding principals of Libertarianism, they immediately jump to conclusions and start calling people names. What else would you expect from a Democrat? An actual intelligent argument against it? Puhlease...

Changes in Windows

Microsoft seem to be putting a lot of emphasis into how consistent over time their platform is, yet we are seeing a number of changes in current and upcoming Windows that seemt to discredit this. Dot-Net changes dramatically between version 1 and 2. SQL Server also introduces some breaking changes - such as case sensitivity in table and view names which breaks code that used to work assuming it didn't habe to worry.

Are these costs ever factored in to the Windows equation? Would it be interesting to compare system longevity in both Windows and Linux?

Also, how much does quality matter over quick and dirty? This is entirely subjective but I get the impression a lot of Microsoft stuff is quick and dirty. Visual Studio seems great at what may be Joe Average Programmers' tasks - but get into something serious like threading and it rapidly goes downhill. On the other hand Eclipse maybe doesn't have the pretty user interface builder (which can easily be used to build terrible user interfaces) but it's great at more advanced development and its refactoring tools really work well.

I often see a leaning towards quick and dirty. Hire a cheap developer. Knock it out quickly. Throw it away if it breaks or requirements change and it no longer fits. I also often see proven the advantages of a properly thought out and designed system - where maintenance becomes easy and the model responds well to change in requirements.

Cargo cult science?

[cooldev]

We say, sure, BUT we have complete creation and control of the methodology, it will be reviewed and vetted by the community (end users and independent analysts) and must strictly follow scientific principles... All of our studies are written as if they will be released publicly BUT it is up to the sponsor if the study is publicly released.

While I understand the reasoning, I don't think this should be represented as following scientific principles. In one of his most famous speeches, Cargo Cult Science, Richard Feynman specifically called out this type of research as being problematic:

"One example of the principle is this: If you've made up your mind to test a theory, or you want to explain some idea, you should always decide to publish it whichever way it comes out. If we only publish results of a certain kind, we can make the argument look good. We must publish BOTH kinds of results."

"I say that's also important in giving certain types of government advice. Supposing a senator asked you for advice about whether drilling a hole should be done in his state; and you decide it would be better in some other state. If you don't publish such a result, it seems to me you're not giving scientific advice. You're being used. If your answer happens to come out in the direction the government or the politicians like, they can use it as an argument in their favor; if it comes out the other way, they don't publish at all. That's not giving scientific advice."

IMHO the open source community is just as bad on average, if not worse. You better believe they have an agenda and they often aren't held under the same level of scrutiny as corporations, who have to face up to investors, competitors, governments, and "lottery ticket" lawsuits (especially Microsoft these days). The solution? We need fewer one-sided publishing of studies. We also need more studies overall, as they naturally conflict and are situationally dependent, but together would paint a better picture of the state of the world.

Of course finding funding for unbiased studies that will be published regardless of outcome is probably hard to come by.

Re:Cargo cult science?

[FFE4]

This is *really* interesting. It gets to the "philosophy" of research as opposed to this study itself - we talk about this internally all the time and about how we can build an industry infrastructure to support this Feynman-esque research. Here's what I'd love to do: get a group of industry folks together on all sides of the fence (so there's no question of funding); agree to some ground rules, a methodology, and then also agree that the work will be published no matter what. To some degree that's what some of the consumer review groups do but I don't think we have a *real* equivalent in the IT world for the really big stuff. This gets down to the question of how could we set up something truly unbiased (perceived or real) in the Feynman sense of the word that would also work as an economic model. It seems like a consortium of consumers (organizations that use technology as opposed to selling it commercially) who do not have a vested interest in the outcome would be ideal. It would be great to get some responses to this thread with some suggestions. Again, the premise is simple, and funding from a fairly neutral third party like the government is one thing, but how would the IT community do something where multiple participants in the user world would be willing to fund it or multiple vendors, as a group, will be willingly to take that risk?

Re:Cargo cult science?

This gets down to the question of how could we set up something truly unbiased (perceived or real) in the Feynman sense of the word that would also work as an economic model.

The essential point I'm hearing is, "but if I am unbiased, how am I going to *get paid*?"

That answers itself right there. Your motive was not research or discovery, it was profit. And you made sure to create a "study" that would please your master. You've served them before, and wanted to make sure you stayed on the gravy train in the future as well. You're obviously here because you are struggling with how to resolve your conscience and your pocketbook. Yes, it's not as big a deal as, say, working for big tobacco, but it's not entirely academically honest either, is it?

There will be plenty of "researchers" willing to replace you on the MS dole -- more cheaply, too -- should you decide to "go legit".

Re:Cargo cult science?

[cgreuter]

I'd think that if you were going to hit someone up for funding, the people you'd want to go to are potential buyers such as large enterprises who are considering switching to or from Linux. Those are the folks who would most benefit from an objective study.

Re:Cargo cult science?

[mesterha]

One idea is to have a standardized open contract that is publicized by the research and computer communitiy. This contract stipulates rules that include, at a minimum, that the results of the funded research will be published no matter what the results of the experiments. When a study comes out, it can be used as a seal of approval to show that the research was not siphoned out of a pool of negative results.

The real problem is to get the companies to use the contract. However, there must be some companies that have clearly superior products who would be confident enough to use the contract. They can start a trend where statistical research without the contract is considered tainted.

While many details need to be filled out, it would be a big improvement over the current situation. Currently a wealthy company can poison the statistics of research by fishing for good experiments. This is a serious problem and calls into question all of your published vendor supported research.

Actually...

[Svartalf]

The Linux admins were artificially given much more to do and screw up than the Windows admins, if the verbiage in the paper is to be believed. They were mandated to patch much more than is realistic, etc. in a production shop. If you were to have to patch all the local exploits in everything Windows related, you'd be very busy, moreso than the Linux admins- but they only had to do the Windows critical updates as MS provided them. The Linux admins were off patching everything- even if it wasn't very relevent to the servers (i.e. if it's a properly set up server, they shouldn't be ABLE to exploit local exploit possibilities, etc...). Worse, they had the guys doing manual updates to a lot of stuff, even though it WASN'T needed.

The study's heavily stilted to favor Microsoft and Windows- either through ignorance or malice. It'd be your call on how it got there, but it DID get there all the same.

Re:Your conclusions fly in the face of my experien

[TubeSteak]

I'm not to defending the GP, just mentioning something your last sentence brought up.

"Why don't you point out the flaws in the study?"

I think it irritates a lot of smart people when they see/hear/read something and it 'feels wrong' or 'doesn't seem right'

I personally don't have specific knowledge in a lot of areas to say why something strikes me as wrong, but significant mental processing is happening at the subconscious level.

Grammar is a fair comparison. Most anyone on /. knows bad grammar when they see it, but I doubt 99% of us could explain in a highly technical fashion why it's wrong.

It isn't directly analogous to the flamebot GP, but I hope you got the point.

Re:Riiiiiight

he did work for microsoft... they paid his bills for this study.

doesn't necessarily make the study right or wrong...

Found the bug in the study

[jmorris42]

Thanks for giving those details. The study makes sense now. Basically it was a rigged demo.

Given the requirements the answer was a given. Lets count off the big ones:

1. A required OS upgrade after only one year in service? What? On a production system? No, you upgrade the OS when you add something that requires a newer version of something that is only available on a newer version of the OS or the deployed version is about to hit end of errata. And I'm sure you didn't budget a Windows upgrade, seeing as there wasn't one released in the timeframe specified. Now try again when Shorthorn ships and watch the MCSE kids clock up massive overtime.

2. Carefully cherrypicking 3rd party apps that were a nightmare to install on the selected version of Suse. The correct response would of course be to pick an OS from the vendor's recomendations. Then everything would 'just work.' What was done, on the other hand, would be as daft as trying to install an app designed for Windows Server 2003 on XP. Sure, if you are leet enough you might pull it off, but it would be crazy to put into production.

3. Then there was this beaut: "recommended best practice like not introducing out-of-distribution components." Wrong. You don't REPLACE a component in your distribution but without the third party repos (Dag for RH based distros comes instantly to mind) you are screwed.

4. A general mindset of trying to apply Microsoft/Sun server management theory to an Open Source platform.

Re:Found the bug in the study

4. A general mindset of trying to apply Microsoft/Sun server management theory to an Open Source platform.

But... in fairness, that's what companies do.

Re:Found the bug in the study

[jmorris42]

> But... in fairness, that's what companies do.

Good point, but I'm sure that wouldn't have made quite as interesting a media splash. "If Linux installations continue the defective practices they learned with proprietary platforms they won't realize much, if any, cost reduction." Nope, that isn't what Microsoft was paying for when they funded the study.

What can be learned from this?

[chaoskitty]

The study illustrates some of the weaknesses of the GNU/Linux methodology which were previously GNU/Linux strengths. For instance, much software in the Unix world is distributed as source code, yet problems constantly arise because people have moved from source distribution to binary distribution. As a BSD user who hardly ever uses x86 systems, I find it strange that the trend is heading in this direction, but it seems that this isn't the only way that GNU/Linux distros are becoming more similar to Windows. Binary patches seem to be commonplace, and so are "wizards" which are hardly stateful and therefore not particularly suited to a multiuser server, for instance.

Would it be unreasonable to suggest that a good lesson that GNU/Linux people could learn from a study like this is that moving towards the lowest common denominator is NOT a good thing?

market leading 3rd-party software...

The 3rd party components installed were chosen solely based on their market leadership position and any upgrades of OS were unknown at the time of selection. That said, on the Windows side, it turned out that no upgrades of IIS were needed (except for patches) and SQL Server was upgraded to SP4 as part of patch application. On the Linux side, at a high-level there were two main classes of upgrades: MySQL and GLIBC and they were both prompted by the installed components.

with the largest degree of market saturation belonging to windows, doesn't the software with the largest amount of market share automatically equal an application which is by necessity tuned to run best on windows? i think this study is void without assessing the value of a linux system utilizing enterprise-level open source software. essentially what he's saying just means, "we picked out the best selling windows software and tried using the linux ports in a previously untried configuration."

this study is misleading as usual.

How to Rig a Windows vs. Linux Study

[LightSail]

How to rig a Windows vs. Linux study in 7 easy steps!
1. Choose hardware that has known difficulties with Linux.

2. Plan simulated study over a time period in which the number of patches favors Windows.

3. Compare minor version change - Win2000 to Win2003- against a more complex Linux migration. SLES 8.0 (2.4 Kernel) to SLES 9.0 (2.6 kernel)

4. Deny administrators use of test systems, which is a Linux cost advantage. Test system can be run on available hardware with free license.

5. Run Linux with all available services instead on the needed minimum. This reduces system performance and adds difficulty to patches and migration.

6. Deliver external data from third party in a Windows favorable format.

7. Require several feature changes that are pre-built into Windows but requires customization in Linux

This "study" was designed to show Linux in an unflattering light. Requiring the "feature upgrade" with MySQL before doing the migration SLES 8.0 (2.4 Kernel) to SLES 9.0 (2.6 kernel) skewed this results in favor of Windows. That decision alone biased the study to the point that it is simply F.U.D.

Re:How to Rig a Windows vs. Linux Study

[tomstdenis]

Why they use "versions" is beyond me. Install gentoo from stage3 off gentoo.org. Do an update to the world. Install services you require [and only the ones you need], configure it. Clone the fuck out of the box. Voila. A full "typical" Gnome desktop takes about 20 hours to build with Gentoo from stage1 on a 1.6Ghz Sempron [I know, I just did it last week]. It's a heck of a lot faster on a typical server box [e.g. dual-core +2Ghz].

The fact that they rely heavily on stagnating Linux distributions shows they don't really know what they are talking about. Heck, even a debian distro would be easier to customize. Plomp a knoppix CD in, copy to HD, do upgrade, install serivces, configure and clone. That's less flexible than Gentoo but a heck of a lot faster.

Of course Windows folk always "forget" to mention that little issue. In Linux [and BSD] you can just tarball the filesystem and untar it anywhere to get a clone. In Windows you can't do that [hidden or system files] and even if you could it'll bitch that you have to activate your copy. Costing more money...

Why is cloning important?

1. Quickly get multiple boxes up [untaring a base install takes all of a minute or two]

2. Lets you maintain a consistent deployment [e.g. no version mixups]

3. Lets you recover quickly. If your HD dies you can just buy a new one and be up in minutes.

But we all know the study(ies) was foobar from day one. If you need to hire a firm to prepare a report about how good your product is when your competition are hordes of IT peeps who just use what works ... you've already lost.

Good summary though, I'm sure MSFT is taking notes :-)

Tom

Re:How to Rig a Windows vs. Linux Study

actually, re: point 4, Microsoft's Service Provider License Agreement does come with free test licenses. Apart from that, I couldn't possibly argue with the wisdom you lay out. Love your use of scare quotes though.

Selective publication

[Julian+Morrison]

A major possible fault of subject-is-buyer studies is the possibility of bias by selective publication. Do ten thousand completely fair studies, publish the favourable results and bury the rest. Or, a similar procedure but preemptive, focus the study's remit upon a known strength which is in fact surrounded and dwarfed by (un-studied) weaknesses.

In this the researcher may not actually be methodologically at fault at all. How did you protect your study from this kind of externally induced bias?

Cmdr. Taco Impostor

All others claiming to be him are imposters.

Hey, you're not Cmdr. Taco! Try as you might, your spelling and grammar lameness can't begin to match that of the Cmdr. Now go away and don't come back until you've learned to truly embarass yourself.

Related question

[Lifewish]

Who were the CIOs and industry analysts who helped determine the metrics? Were they more experienced with Windows or Linux on average? If there was a clear slant towards Windows-oriented participants, they'd tend to produce realistic scenarios in a way that would be soluble on a Windows box. If you needed a daemon doing task A, and this tended to be accomplished on a Windows system by a work-around that involved program B, you might find that the requirements were closer to "implement program B" than "implement a program performing task A".

Can we talk to the Admins? What about the CLT?

[crulx]

Many of us have several questions about the level of incompetence displayed by these Linux Admins. From the choice of distros to the botched installation of glibc, they made egregious errors that would have sunk ANY startup that they were intended to help setup. And given your knowledge of Linux from your home use, I think you know this.

Do you see this as a credible challenge to your study?

Can we talk with these supposed "admins" to gain insight into why they behaved so incompetently?

And given that you don't have enough admins to be in adherence to the central limit theorem, how do you feel your study applies in a general way to anything at all?

Why didn't they use apt-get?

[mangu]

instead of relying on old prejudices, we instad attempt to actually examine the research and gauge it on it's own merits.

The research is badly done because it did not allow the participants to choose the best tools available for Linux.

I have used Conectiva Linux at work for several years, maintaining and upgrading a server. The only (almost) command I need to know is "apt-get update; apt-get dist-upgrade" for maintenance, and "apt-get update; apt-get install package name" for installing new packages. I have never needed to worry about patches or versions.

Dr. Thompson's words "the basic assumptions of the methodology are that patches are applied at 1 month intervals and that business needs evolve over time" imply a faulty methodology, which imposed unnecessary constraints on Linux. The apt packaging system makes the whole idea of "patching at n-month intervals" obsolete. Linux can be "patched" every day by an automated script, with no effort at all for the administrator.

Re:Why didn't they use apt-get?

[flyinwhitey]

Awesome. Seriously, you examined the study, found some flaws, and at no time relied on lazy thought processes and biases to make your determination.

Out of curiosity, how long did it take? Many of the anti-MS trolls are claiming they don't have time for such analyses.

Re:Why didn't they use apt-get?

[CableModemSniper]

You scare me. You do know that apt can break, right? And its especially fun if it breaks during a cron job at 2 in the morning on a dist-upgrade and no one is around to notice something went horribly, horribly wrong.

Re:Your conclusions fly in the face of my experien

[Call+Me+Black+Cloud]

I understand your point and I agree with you. In coding, when weighing different approaches to a problem sometimes a solution just feels like the right solution, when from a technical view the best path is ambiguous. In this case, however, the OP has a distinct bias. I suspect his feelings are more a product of the bias than any intuition based on experience. I was trying to draw out any rational thoughts he had on the topic, or maybe even learn about his experiences. It didn't work :)

Question "root source of vulnerablility"

Microsoft said Spooler was most likely just a DoS. Immunity Inc. let people know that was not true; the Spooler vuln was reliably exploitable remote root code exec & working exploit code was clearly in existence prior to or at least at the time of patch release.

At the time, a few months ago now Dave Aitel from Immunity Inc. said "Linux vulnerabilities are a thousand times harder to exploit than Windows vulnerabilities", and "'many eyes' have reduced Linux to a fished out pond, whereas things like strncpy() bugs are highly likely to still be around in remotely accessible (Microsoft Windows) components."

The following link seems to suggest that Microsoft (as of q3 2005) did not understand or worse misrepresented the "root source of vulnerablility" for Spooler; a critical security risk. Perhaps one could argue that Linux style patch transparency would have made that vulnerability/exploit far more publicly visible and would have resulted in fewer people being misled into believing it was a less severe risk (only a DoS, hah).

http://archives.neohapsis.com/archives/dailydave/2 005-q3/0221.html

How much value do you place in the fact that Linux patches are always made available in source code form? Do you think that those "many eyes" Aitel talks about bring greater scrutiny to Linux bugs when they become publicly known? Do you think the nature of Linux patches results in a better or worse understanding of vulnerabilities and true risks?

http://secunia.com/product/22/
Currently, 27 out of 122 Secunia advisories (for Windows XP Professional), is marked as "Unpatched" in the Secunia database.

Re:Your conclusions fly in the face of my experien

[Call+Me+Black+Cloud]

The study was funded and conducted for the sole purpose of finding a favorable result for Microsoft

How do you know this?

By the way, what is your experience?

I Hadn't Looked At This Study Before Today

[Master+of+Transhuman]

and I still haven't read it (and I won't, for various reasons, including lack of time and frankly, lack of interest related to the reasons below.)

This point here http://interviews.slashdot.org/comments.pl?sid=168 949&cid=14084692/,however, makes it fairly clear that there were problems with this study. To what degree these were mandated by Microsoft, or added by someone on the research term with a bias one way or the other, or by someone on the team who just didn't know better, or whatever, is unclear. I won't make any accusations here at all.

One thing I would ask is: if the SUSE system had to be upgraded to the point that the RPM manager broke, why weren't backups done beforehand to be able to restore the system to its original configuration, to be able to back out the changes? Seems to me any competent sys admin - particularly one with enough experience to know that upgrading the compiler and/or libraries is risky - would have made sure he could recover the system if something broke.

This indicates to me either that the Linux sys admins weren't as competent as their years would indicate - and having five copies of one year's experience doesn't make you an expert, as the saying goes - or that there were other constraints on their performance NOT mentioned in the study - which would indicate bias (or incompetence or simple error) in the study design.

I think the real problem with this study is the idea of having a reproducible scenario to follow. In the real world, Linux vs Windows entails major differences in IT policy, administration policy, software, admin technigues, etc., etc. To even try to compare these on the basis of a single scenario is to compare apples and oranges. Also such a study does nothing to analyze the overall issues of vendor lock-in, security, quality of software, and many other issues.

It's easy to compare reliability and stability - how often do you reboot the machine? How often does the system crash? How often do you have security penetrations? It is NOT so easy to compare overall system functioning in a live environment. In that sense, this study HAD to be either biased or unable to come to any definite conclusions almost by definition. I am pleased to see the author acknowledging that the sample was too small to make any definitive conclusions, but I question his suggestion that the methodology has value.

This is essentially the problem with TCO studies in general. As a lot of people have said, TCO is very particular to what your overall policies and procedures are and these are specific to a given company. If you're a "Windows shop" and have no clue about anything else, it's going to cost you more IN THE SHORT TERM to switch to Linux than if you come from a UNIX shop. That's obvious. The REAL question is: what is it going to cost you overall OVER TIME to STAY a Windows shop than switch to Linux? Most TCO studies don't even attempt to touch that question. But the problem here is that a Windows shop is going to be totally different from a Linux shop, even if the "same" administration functions have to be done on the same hardware for the same applications.

There's just too much generality being brought down to too much specificity and too much extrapolation from the results to place any trust in these studies. And this author doesn't seem to show any more understanding of that than other authors - not surprising, since he's in the business of producing these studies.

I think it might be better to rely on more anecdotal studies of mixed Windows-Linux shops, such as we've seen occasionally here from sys admins working in them, that indicate the common experience of sys admins working on both sides, or the results of companies who HAVE mass-converted from Windows to Linux and who have then measured their costs and savings.

And in those studies, Linux beats Windows every time.

Again, remember what I always say in interpret

They do

[bmajik]

but not in the way you expect.

There are a lot of people that are not Microsoft employees that have seen and have improved the Windows source code.

However, Microsoft is an Intellectual Property company. For better or worse, Microsoft considers its source code its crown jewels. Sharing that in a restriction-free manner is a risk that has been too great to consider thus far. What has instead happened is that MS has worked to get some of the benefits of peer review, but in a way that manages risk (selected audience, NDA, etc) of intellecetual property loss.

There are paid security consultants that review key portions of MS code; there are many Universities that have Windows source licenses.

What I'm Interested In

[Necrotica]

I would be much more interested in seeing a whitepaper that compares reliability between Windows and FreeBSD.

FreeBSD is a pure, cohesive operating system. Linux is not. I'm not bashing Linux here, but if you have used FreeBSD you already know that Linux does not have the same cohesiveness, and therefore feels like a bunch of utilities slapped on top of a kernel, and a few added scripts to make it all work.

With FreeBSD you would not run into an issue where, "GLIBC had to be updated first" in order to allow for a MySQL upgrade.

Several companies doing what they can to GNU/Linux to personalize it and make it their own. What works on one Linux distribution may or may not work on another. There is, however, only one FreeBSD.

Re:What I'm Interested In

I'm SURE they could find the 3rd party packages used in the test for FreeBSD. Hahahahahahaha!!!

Haven't you heard...BSD is dead!

Re:What I'm Interested In

[JamesTRexx]

I'd be interested in this as well. One of the first things I thought was how would FreeBSD and the ports system handle this? In my humble experience all I'd need to do is a portupgrade, and even an upgrade to a higher stable version wouldn't be much trouble with make builworld and -kernel.

Re:What I'm Interested In

FreeBSD is a pure, cohesive operating system. Linux is not.

This is (arguably) true only so long as the applications that you want to use are available in native FreeBSD form.

you forgot the last two steps...

[codergeek42]

8. ???
9. Profit! :-)

Re:Very detailed

[op12]

I wasn't being serious...though some of the replies I got seem to indicate that wasn't obvious! The detail was interesting. However, that is a really good summary.

Re:By the way, this is your constituency

[flyinwhitey]

You'll notice the mods for pointing out the hypocrisy.

Newsflash to the mods, this was a quote, not my statement.

But why bother reading it, when you can just throw your mods points away.

That's the problem, they did.

[khasim]

Yes, they should've allowed for the upgrading. The configuration control was overly stringent and caused undue breakage.

But they DID allow for upgrading.

In fact, it was part of the requirments.

But they did NOT let them upgrade when any normal person would have. They REQUIRED them to stay on SLES 8 and backport patches from SLES 9 ... and then later they required them to upgrade to SLES 9.

Any intelligent person would have skipped the backport process, done the upgrade when it became necessary and bypassed all the "problems" that were "found" in this "study".

Re:That's the problem, they did.

[orderb13]

Unless you have a PHB that won't LET you upgrade at this time. Perhaps that is what they were simulating, after all they were going for "real world" conditions.

Re:That's the problem, they did.

[BerntB]

Unless you have a PHB that won't LET you upgrade at this time. Perhaps that is what they were simulating, after all they were going for "real world" conditions.

Sorry, but that was stupid. For this study to be honest, the Win side should have had idiot rules, too.

Looks flawed, IMHO.

In a nutshell

Here's what I get from this guy's comparison: "We have compared apples (Windows) with oranges (Linux). First test metric was the color. The apples were green and nice smelling. The oranges were also green but not as nice as apples. The second test was how good the pie made from this taste like. The apple pie was much better and easyer to make since oranges are more difficult to grate. We also found that we can pick apples from a local orchard but oranges need to be transported from Florida. We have then concluded that apples are much better than oranges." Anyone is still in doubt this is a fair comparison ?

Re:Very detailed

[op12]

The real irony is I actually read through it first, but thought it would be a funny comment. Apparently, the sarcasm/humor was lost on some people. Then again, that seems to happen a lot around here :)

When you disagree...

[flyinwhitey]

This is the commentary you'll recieve

"Man, that other AC hit the nail on the head: You are a whiny little bitch."

Funny how every AC on the planet decided to post, and all of them made my point for me.

Re:When you disagree...

I'll post as an AC, too, then. Although you may have valid points, the way you put them across and the way you treat people invalidates them slightly. Don't see it? Doesn't matter, we do, and we're your audience :)

Flatly, this wouldn't have been done this way...

[Svartalf]

I have grave concerns as I'm reading the paper. If the 3rd party component needed an upgrade to a new glibc, you would never have done what these admins allegedly did in the paper. It would have been a red-flag on the component in question and if it was something critical to the application, it would be assumed that the official version of the OS that was supported by the components was SLES 9, not 8 because it didn't have support for that version of glibc. You don't hack something like this in a production system, ever- even if you've got the skills to pull something like it off. I've got the skills, but even I wouldn't do what was done. You'd do a migration to the next version- period. There's far, far too many things that can go wrong and you really need to vet everything once you do it. What your esteemed admins did was analogous to someone haxoring kernel.dll by patching it manually and then putting it into a production Windows machine. I honestly don't know of anyone in their right mind that would do that one- ever.

Another faintly disturbing thing in this paper is that it's assumed that it's Linux at fault, when in reality, it was the ancillary components' requirements and someone trying to bull their way through the "problem". There's several problems with this, but I can number a few key ones for you:

1) glibc's interface, the ABI, doesn't change all that much over time. Typically, it's linked
to at runtime through a sonamed link to the actual .so file (Currently libc.so.6 on modern Linux and *BSD distributions...). This interface can be safely used for many years at a time, in spite of varying version numbers and the expected behavior will be the same for an older and a newer version- so long as you're not stepping on a bug within the older version or a new feature offered by a later on version of the runtime.

2) Yes, you CAN get away with minor revision updates of glibc without problems, but typically, you need to vet all your compiled code for regression testing purposes. It really, really is like replacing kernel.dll on Windows. If it isn't provided as an update, you've got a lot of regression work ahead of you to ensure that fixes done to the library don't break other code (Typically not a problem, but you never can tell when someone mis-used something...)- this is NOT something that your rank-and-file sysadmin has any real business doing. It's NOT their job.

3) Either the component stepped on a bug, or they're using some new feature of the glibc layer. In either case, you can't bull your way into using it on something that doesn't have the needed support level. What your admins did was analogous to trying to make this work on NT4, only to find out that you need the .Net framework for everything and then proceeded to install pieceparts of the OS to get it there.

The study's flawed- that plain, that simple. You can defend it all you'd like, but it's got bad problems that everyone, myself included, have been pointing out and you've avoided answering several of the key points we've been making.

Re:Very detailed

[Jerry+Coffin]

I wasn't being serious...

I didn't really figure you were -- but this makes sure if I missed something relevant in reading TFA, I'd hear about what it was (loudly, most likely). Personally, I'd rather get flamed now and then than miss something interesting.

--
The universe is a figment of its own imagination.

How did the study prevent bias over 1 year?

I struggled through the first few pages, then scanned the article to find some keywords. The basic structure of the study was to place a new installation into a startup company then administer patches and upgrades throughout a year. What safeguards were there in place to prevent self-fullfilling prophecies (or self-enriching profitry ;) ? No offense, but was the study performed as single-blind or double-blind and what were the codewords?

=========
Microsoft's idea of double-blind is to stick their fingers into both eyes of their competitors.

Control over results publication..

[sadr]

You mention in one of the replies that the company funding the research (Microsoft) had control over publication.

This implies that they could have funded 10 different studies (and perhaps did, even with your company), and only the one favorable to the company was published.

In the case of this study, if they'd funded doing the same study 10 different times, with 10 different small sets of administrators (posssibly being performed by the same research company, possibly being performed by 10 different independent researchers), if even one shows results favorable to Microsoft, that would be the only published results. That's like paying 10 different doctors to perform a drug study on 2 patients, and only publishing the results where the 2 patients recovered, failing to admit that the other 18 died.

Alternately, the might have funded you to research 5 different tasks, but only one favored Microsoft, and the others were buried.

If you aren't paid to publish the results, regardless of who they favor, your efforts are, in my opinion nearly useless. (Especially with the caveats introduced by small sample sizes of administrators.)

So Who Pays Me?

[chivo243]

So if my auto is recalled, it is all costs(usually) on the mfg. I'm in a mixed environment, win/mac(lose/win)... I recently had to manually update all M$ computers on the network, that all had been set to run updates at 3am once a week, due to the GAV tool had to be manually ok'd... What a JOKE! Who pays the cost for that, surly(I mean surly) not my boss.... So what would be callled a recall in most industries, is in fact fart of the TCO of M$...and I mean fart... I lost two days of productivity due to this TOOL.... I ended up working the following weekend to make up for wa$ted time... So who should pay me for fixing MS problems.... The fools (My Keepers)who bought into it, or M$ itself???
p.s. we have Mac servers that have never needed anything more than a pat on the ass, they just work.....

Re:Integrated VCR DVD story is insightful

[hebie]

Reminder: A lot more rides on your computer than on a tv/vcr/dvd combo. Your identity even.

Risk? Oh, Please...

>>All of our studies are written as if they will be released publicly BUT it is up to the sponsor if the study is publicly released. The vendor knows that they're taking a risk. They pay for the research either way but only have control over whether it is published, not over content.

you make this sound like msft *really* took a stand here. puh-lease. they win either way.

if the news is good, the hype machine goes into overdrive and the author becomes a well paid slash dot celebrity. of course, money and fame mean less than nothing to you, right?

if the results turn out badly, they hide the results from the public (no harm there!) and they learn how to improve their SW.

another win.

to paint this as some super risky behavior is a joke, imho.

in fact, it indicates advocacy on your part. you are advocating for the one who paid you. spinning something that a company did precisely to PROTECT THEMSELVES FROM RISK as very risky is ADVOCACY!

suse 8? i'm not even a month into linux and i wouldn't install suse 8. i will likely be installing suse 10.

that's a gaping problem here... besides your advocate assertions of risk.

you remind me of a trial witness we had in a high profile case in san diego... the issue was the date of fly infestations on a body. the entomologists used different temp data and various studies to arrive at minimum times for infestation. this was CRITICAL to the case.

a defense witness had a matrix of times and studies... all of them showed a time much less than expected. there was one point in his matrix left empty, though.

the prosecutor went over the math with this witness, a doctor. guess what? the result yielded the EXACT DAY ONE WOULD EXPECT if the accused had perped the crime. somehow, his portestations that he "just ran out of time" didn't quite ring true. you see, he was ADVOCATING for the accused. he left out data that would reflect poorly on his client. he was happy only discussing the positive stuff. he was paid by his client.

imho, consciously or not, you were happy with the result, predetermined or not, and the sound bite and headline were a go.

more pay days are coming. more name recognition on the way. you know you don't make money telling your employers what they don't want to hear. therefore, you install suse 8 and then require (or figure out how to just get it done) apps not designed for suse 8.

then, like the doctor claiming he ran out of time, you claim, "not my fault, business requirements." name one business that went through that methodology in the real world - w/o an easier alternative.

the validity and trustworthiness of your conclusions are basically worth nothing beyond an advocate advocating for microsoft's marketing advantage.

just for context - how many studies have you done that were unfavorable to and unpublished by the company that hired you to produce the study?

please don't say NONE!

or do. it would be nice to get and honest answer in context.

Re:Your conclusions fly in the face of my experien

[BeBoxer]

As others have pointed out, the root problem was a GLIBC incompatability with a closed-source binary-only application which was one of the requirements. For unknown reasons, upgrading to SLES9 was ruled out. As was running the closed-source application on a separate server. As was choosing a compatable product instead of the incompatable one. Moreover, the selection of the "requirement" applications was made solely on "market share" with no consideration as to the actual compatability with existing IT infrastructure. Basically, a series of poor techincal decisions which no competent IT organization would make. The only valid conclusion you can draw from this study is that choosing applications based on market share alone with no thought as to technical considerations can lead to unfavorable outcomes. Is that enough of a refutation for you?

Techo Goop aside ... "Follow the leader"

[ScrewTivo]

These studies are nice and peek curiosity into the hypothetical. They are nothing to stake your cheese, the future of your company or the security of your government on. If you really want the straight scoop for massive Internet portals just play the old school yard game "Follow the leader". What stack does Slashdot use to avoid the Slashdot effect all day every day? What stack is Google using NOW? What stack does Yahoo use? You surely must dismiss the giants that are selling stacks, because they will try to eat their own dog food no matter how much they choke on it. So the PHD's keep publishing or die, trolls keep flooding the place with mod points, I will ignore you all the same way I ignore Politicians promising to "work for me". Go away I have work to do.

It is a wonder that this research did not look to existing implementations of their design to see what the "best in class" solutions were using. Hummm....

Keep the sheep comments to yourself unless you have millions to spend on independent research yourself. A few engineers and a lab burn up 1 million dollars real quick!

Come on MS trolls you have lots of points to hand out...I bet this little puppy catches a Singapore caning.

Seems like most his answers are like this:

Great question! Blablabla... kitchen sink. His answers don't seem to answer anything.

Apples and Oranges

If this was going to be a comparison of like systems, they would have used PostgreSQL vs MSSQL Server or MySQL vs MS Access.

Not just different OSes, but different jobs!

[blugeoned]

One of the most striking things I believe the experiment shows is that not only are the operating systems different, but the administrator's job requirements are different as well.

On a Linux system, an administrator (especially a "successful" one) is expected to know how and perform compilations of software on a regular basis. This not only includes knowing how to work a compiler, but also what components to include when compiling a piece of software.

In contrast, in the Windows world, compiling and finding components is the job of the software developer. A product is not considered "finished" if an administrator needs to do something besides double-clicking on setup.exe.

In comparison, would it not be more fair to compare a Windows admin with 5 years experience to a Linux admin with 8 years of experience?

Re:Not just different OSes, but different jobs!

[Quantam]

In other words, administering a Linux system is more difficult than administering a Windows system?

Re:Not just different OSes, but different jobs!

[blugeoned]

Personally, I would say so. At least I would say that in an app server scenario (not just an out of the box setup), a Linux admin needs to understand their system better than a Windows admin performing the same function. In the grand sceme of things, I would say that the Linux admin will be more knoweldgeable, but due to the extra complexity of their system, they will not be as efficient in making changes to their environment.

Re:Not just different OSes, but different jobs!

[Quantam]

Aren't you saying, then, that the study is correct in saying that Linux is more difficult to admin than Windows, while at the time saying the study is flawed in that very way?

Re:Not just different OSes, but different jobs!

[blugeoned]

More specifically, I am saying that the study has been mistitled if anything. It claims to be measuring uptime when it is really measuring administration efficiency. The study is flawed in that it is attempting to equate the two jobs when the Linux admin job = 1.5 Windows admin jobs. Since it takes more work to administer Linux, the ultimate result of the study is correct in that one person administrating Linux will be less efficient than one admin working on Windows. When an equal number of administrators (euqal number of man hours) are used in both scenarios, the Linux environment should have less uptime since there is 50% more work that needs to be done in order to achieve the same results as on the Windows side. Note however that this does not necessarily equate to one OS being "better". At some point, that extra 50% effort on the Linux side must be paid for on the Windows side as well. This may be reflected in the 3rd party software being cheaper on Linux than on Windows, or updates come to market faster on the Linux version (assuming equal effort by the vendor for both platforms).

I would say this would still hold true regardless of the number of patches released for both platforms. The author makes some correlation between the number and variation of patches to the uptime of the system. My experience with RPM and apt-get suggest that for patches to ordinary modules in Linux, these tools work as well as Windows Updates for applying patches (and takes about the same amount of effort on both platforms). It is the one-off modules and applications that require the Linux administrator to go beyond the update tools and do development work that my point above comes into play.

A more fair comparison would be a small organization that writes the ecommerce code in-house while supporting the ecommerce web sites. In this scenario, you may end up adding an extra 1.5 Windows developers to every 1 Linux developer since the Linux admin shares some of the roles that would otherwise belong to the Windows developer. It would be interesting to see where the corporate "pain" lies in this case.

Re:Your conclusions fly in the face of my experien

[jschrod]

The problem is: These decisions are not competent, but they are representative for large companies. (In my 10+ years as consultant I see this kind of decisions all the time.) They are so ubiqutious that there is a whole cartoon series out there -- called Dilbert, you surely have seen them...

That is more a comment on the sad state of our IT world than on the study (which I haven't read).

The answer to question nine was a complete dodge

[micheas]

I have to say that I found the answer to question nine to be a dodge, so I will give my thoughts on the subject :-)

There has been a lot writen about apache vs. sendmail in terms of security and those issues seem to apply to apache vs IIS as well.

Apache seems to have a lot going for it that IIS does not. (See the Halloween documents)

One of the biggest things going for apache is httpd.conf.

It is documented and a seasoned *n*x admin can quickly tell what it is doing.

This seems to be one of the big advantages exim, postfix, and qmail have over sendmail.

I am never entirely sure that sendmail works as I think it does. I also had the same problem on IIS (thankfully now on the scrap heap.) I didn't have a problem configuring it, I just couldn't quickly tell how it was configured.

I would also say that patch distribution is so varied (ports, apt-get, home brewed, etc.), and people routinely have uptimes in years on *n*x side so I would expect that IIS actually has a better patch distribution system than apache, just a substandard product with even worse patches.

I also suspect that apache has an advantage in the fact that it lives on many different operating systems, many of them incompatible with each other, limiting the scope of the freebsd apache vulnerablity, for example.

Care to chime in?

Condensed version as I interpreted it.

[WebCowboy]

I found Dr. Thompson to be very forthcoming and objective in his responses, and certainly not a "Microsoft shill". From his responses I think he was asked to deliver a specific study by Microsoft, and he followed the MS request as closely and objectively as possible. That said, I think that the scenarios he studied don't exactly match real-world practise. He did, however, seem to welcome and encourage scruitiny of his study and others before making critical decisions rather than taking action based on reading executive summaries.

Anyways, here is my "Coles Notes" version (Cliff Notes for those American readers out there):

1. Q: what assumptions did you make in your study and how did they affect the results?
A: Lot of verbage around "every organisation is different/this depends/that depends/etc"...eCommerce application with constatly changing needs (not a steadty-state system), 3rd party software installed, all critical updates applied, upgrade OS at end of study...etc.

2. Q: I'm an IT grunt...every MS-sponsored study I've read is total crap (doesn't reflect my experiences) and many others feel the same. Doesn't this make doing MS-sponsored studies a risk to your credibility?
A: Regardless of funding our studies are objective, peer-reviewed, etc. but you have to carefully read the study and its methodology to see how it matches your situation. More verbage about "it depends" etc...infers that Windows (or Linux) might be better for you.

3. Q: No fair! Linux admins were made to run multiple versions of db on one machine and other unwise/unsupported stuff and Windows users just had to use one DB and didn't have to do such stupid things! Real sysadmins in ay case would use vritual machines or staging hardware.
A: Study wasn't supposed to cover performing the same tasks--it was to make each platform meet the same end goals. We chose 3rd party packages based solely on market share and in the case of Linux thosed packages needed this sort of work done. In Dr. Thompson's opinion he agrees VM or other hardware would've been best but this still represents "more pain" than Windows.

(question 3 in MY opinion reveals a big reason why this study is flawed--see below)

4. Q: Did MS invent the metrics/methodology or did you come up with them?
A: MS did NOT come up with these--MS asks for a study on certain qualities/characteristics and we insist on independenly developing the study metrics and methodology. MS risks getting results that are not in their favour but it is their choice whether to release the study publically. If they don't they at least get value for their money in the form of suggestions to improve their offerings.

5. Q: Diebold makes crap voting machines but we never hear of serious issues with their ATMs. Why is that?
A: Saying Diebold voting machines "concern" him is a "serious understatement". Can't make an informed assesment on ATMs but they are probably more secure and reliable because they are carefully watched 24/7/365 by banks AND their customers to make sure they work right--functions and their results very visible. Voting machines are not scruitinised as thoroughly and are only looked at during elections. Advocates "checks and balances" and more openness and accountability (letting independent security experts have more access to the systems, etc).

6. Q: Why did you require more experience from Windows admins?
A: Oops..that was a typo as a reult of upping the experience reqs for ALL admins. Requirements were matched as closely as possible.

7. Q: study was so small--hw can you make any statements about the benefits of one over the other? How does your study really show "monolithic" windows is better than "modular" linux?
A: It doesn't--study like this cannot make "sweeping generalisations" about any platform--it studies reliability in a certain scenario. Should

The Scientific Method Proves it:

[ch-chuck]

A study commissioned by the Northwest Association of Apple Growers proves conclusively that Apples DO taste better than Oranges.

Parent sounds like an accurate summary to me

The study is obviously skewed, no matter how interesting Dr Thompson found the questions he didn't adequately address the major technical flaws in his study. I'm waiting for him to justify the forthcomming Novell study where Windows admins are forced to install an unsupported 3rd party application that requires they hack windows libc with a hex editor.

Re:Integrated VCR DVD story is insightful

[newsbeagle]

Not really, it just highlights the lack of standards.

If there was an open standard for remotes and manufacturers ensured interoperability, then it wouldn't matter whose brand Satellite, DVD, VHS, etc. you bought. They would work the same at your house and at your freind's place.

Back to the topic, what the study's author did wrong is to pick a best-fit Microsoft solution for the MS side. Then he tried to make Linux jump through hoops to match Microsoft's way.

The outcome may have been quite different if he picked a best-fit Linux solution and then tried to make Microsoft conform to the Linux solution.

Failure is perhaps too strong word.

[einhverfr]

Ok.... You have two basic issues: 1) questionable methodology in *this* experiment and 2) making more out of this document than it should be.

When reading this paper, it did not come across as a recipe that businesses should use in determining their platform commitment. It came across instead as a paper detailing why WIndows was superior.

The second issue is that the experiment itself was designed in such a way as to make any conclusions we can draw from it to be *very* limited. Indeed, what one can draw is that if you want to run your business entirely based on COTS with no modifications from you, then Windows may be the best choice (if you are running an e-commerce business). If you want a more customizable environment, where *you* can keep up with the latest trends by managing extensions to the software products you make, then this study has no value whatsoever.

In essence, this study is only valid where certain limited assumptions hold up. The only real failure is not to state these up front and indicate that these limit the results of this experiment to be meaningless in most cases.

What would be more appropriate would be to give the admins entirely free reign regarding how they impliment the solution and then compare total administrative labor.

Re:Your conclusions fly in the face of my experien

[Master+of+Transhuman]

Actually it IS a comment on the study - because the study took piss-poor IT decisions which favor the Microsoft way of doing things and imposed them on Linux.

More importantly, the study is attempting to compare two systems while the environments themselves are so different as to render the study almost meaningless.

You're right, though, the main result is to demonstrate how IT is totally screwed up.

Data Points

[quantaman]

A lot of people are trying to poke holes in the study itself though it seems to have been fairly well implemented.

I did however notice two interesting bits that cause me to put a lot less importance on the results

With three people there's certainly likely to be a lot of variability and to get some conclusive results, I'd love to get a huge group of administrators across the spectrum in terms of experience. I'd also love to do it across multiple scenarios, beyond the ecommerce study.

And a little later

it is up to the sponsor if the study is publicly released

Simply fund a lot of small legitimate studies with a high variance, publish only the results that fit your case. In a way it's like one big badly done study where someone throws out all the data points that don't fit their hypothesis, for all we know he, or another researcher, might have done a dozen other studies which came out in favour of Linux and were subsequently ignored. The research itself is all completely legitimate but Microsoft creates a false overall conclusion through selective publication, perhaps companies who fund the studies should be held to the same eithical standard as those who do the research?

Ahh... No.

[Concern]

Not really. Just more sophisticated than usual.

There's a lot of fancy ducking and dodging, none of which changes the facts that:

1. Whether you're crooked or not, you'll give the exact answers he gave about your ethics. We judge only by the work itself. If you asked me that question, that's what I'd say, not a lot of stuff I wouldn't expect anyone to believe.
   
2. The sample size is far too small to be meaningful in any way to anyone, yet he did the study anyway, knowing full well how Microsoft would "misrepresent" it afterwards (if it cut their way, assuming this was ever in doubt).
   
3. The work re. glibc done on the Linux boxes is absurd, unjustifiable, and utterly unrepresentative of normal Linux use. Yes, people hack their boxes up. But how many real business do that sort of thing in production?

Re:Ahh... No.

[Mortlath]

But how many real business do that sort of thing in production?

I don't know. How many?

I can say that the CS department at my university uses a bunch of hacked Fedora Core systems. They use a version 3/version 4 hybrid. One reason they are using the hybrid is so that certain projects will work for certain CS classes offered here.

I imagine that businesses might have unusual requirements like those that my university has. Maybe a study should be done in regards to this issue?

Re:Ahh... No.

[Concern]

It's too obvious to require a study.

Your university isn't a real business. It _sounds_ the classic case of where that kind of hacking _does_ happen.

I've seen a lot of real businesses use Linux (and Unix and OS's in general) by now. How many? Put it this way: way, way more than were involved in this study. :)

In an environment where downtime costs real money/goodwill, you work with the vendor on every aspect of your environment, or you don't work with that vendor at all, so those kinds of hacks are never seriously considered. This is so that when something goes wrong, you can blame the vendor and keep your job.

Re:Ahh... No.

[Fallingcow]

More to the point, the university computer department probably tried the hybrid upgrade on a couple of test cases before doing it to all of the computers. If it hadn't worked, no harm would have been done, and they would have done something else.

If a real business *did* need to do something like this, they'd do the same thing. A couple test boxes (same hardware as the production machine[s], most likely), make sure the backups are current, probably put up a temp server while the main one's out of action (assuming they don't already have some kind of load balancing between several boxes).

Of course, in the real world an admin would have simply upgraded to the new version of SuSE. Still with sane levels of testing and precautions, of course, but it wouldn't have been nearly as big a hassle (or as sensitive to admin error) as backporting Glibc.

Say what?

[TheOrquithVagrant]

> But a second point would be to mention that SUSE is not a server
> distribution.

SLES, SuSE Linux Enterprise Server, is not a server distribution? Now, I'm a RedHat guy myself, but that's _really_ unfair.

I agree with most of the rest of what you said, though. The time it took them just to set things up raises a huge red flag in itself.

Re:Your conclusions fly in the face of my experien

[TheSkyIsPurple]

>I have no idea why Suse 8.0 was selected (not my first or second choice, by the way).

Did you read the study? Or even his response? I really can't tell from your response.

I can't guess what sort of problems you have with the choice, because you chose to give us no information beyond "It stinks".
Was your problem with Suse at all, or why they chose 8.0 instead of 9.0? Where is your problem?

"The period we looked at was July 1st, 2004 to June 30th, 2005"
Out of curiosity, what were your top choices as of July 1st, 2004 for an enterprise level solution? (ie, something breaks you can yell at the vendor...)

>The study was funded and conducted for the sole purpose of finding a favorable result for Microsoft and that is exactly what it did.

Thank you for the clear description of how you reached that conclusion given the evidence.
With such transparency in thinking you should really get into doing studies for profit as well! I can definitely see how you would be able to wade through several people's complex decisions, describing each one perfectly in all detail for every possible reader in addition to choosing people who would have through processes and environmental experience that exactly matches all the readers as well.

I'm not saying to cut the study any slack at all... I'm saying that just because you happen to believe in the prevailing theories of this group here, doesn't mean you can just say "Me too!" and expect everyone to think you're smart. (Did my AOL and MS references make it through?)

Am I smart? I really try not to be... someone might actually ask me to write something useful, and then I'd really be done for.

Flawed Methodology

[gr8_phk]

You say that you'd only do the study if you had control over the methodology, and leave it to the customer (funding source) to decide if it's published or not. You point to benefits weather it's published or not. I would argue that you should only do work if you are allowed to publish the result no matter what. Why? Microsoft could afford any number of such studies (and probably does). This gives them the option of selecting ones for publication that make them look good. In this case, the GLIBC upgrade caused pain for the Linux side. Other researchers are bound to run across different problems with either OS. The practice of leaving publishing decisions to the funding source allows them to present only favorable results to the public if they so choose. I'll leave comments about your research methodology to others, but I insist that your publishing methodology is deeply flawed. By agreeing to such terms, you ensure that the public will only see results favorable to the funding source. How is that objective?

You suggest that a larger sample or other similar studies would be more insiteful, but you know that more were likely conducted. Your's was published because the results were favorable to MS - some others were probably not. By agreeing to let MS decide if people see the results, you are skewing the results that the public sees. If you're not concerned about what the public sees, then put it in the contract that the results will not be made public regardless of the outcome.

You're only one sample in the "metastudy" that MS conducted. They show the data selectively because you agreed to let them do so. That's just piss-poor research.

Re:Flawed Methodology

[dtfinch]

There may have been researchers who demanded that their studies be released regardless of who won, but obviously Microsoft decided not to commission those kinds of studies.

Re:The answer to question nine was a complete dodg

[Master+of+Transhuman]

"I didn't have a problem configuring it, I just couldn't quickly tell how it was configured."

Good point. Try figuring out how an entire Windows 2003 Server is configured - especially Active Directory.

Bring supplies for a long stay at the office...

Now break it and try to figure out how it broke.

Bring your wife and kids for an even longer stay at the office.

linux vs windoze

Roblimo's questionable book "Simply Mepis" was a total waste where can I get A refund. He like most LINUX Nerds doesn't consider that there are ever any problems with LINUX and fails to help newbies to LINUX by not pointing out the weaknesses and glossing over these points claiming IT's All so easy! A responsible writter would use the problems to introduce the newbie to the syntax and proceedures for correcting script and making changes. Like GRUB boot loader... the version on his disk in the book ias faulty for some installs the fix turned out to be adding a space to the script but he totally avoids even suggesting this is a problem. He shoul dgo back to LIMO driving and quit being such a LAMEO Author

Drawing conclusions from Qualitative Study?

[freelock]

See, here's the thing. You have qualitative studies, and you have quantitative studies. Qualitative studies can help you discover flaws in a product, basically by systematically collecting anecdotal information. They can tell you a lot about the differences between a couple different products.

But anybody trying to extract judgements about which product is better, based on such a qualitative study, is taking things way too far.

Quantitative studies measure results. To do a quantitative study, you need a representative sample for your study--the more representative the sample compared to the population, the more confidence you have in your results. Six administrators is nowhere near an adequate sample size to have any confidence in the results of this study.

But taken as a qualitative study, we can just learn from the results. Microsoft is counting on all of their customers being dumb enough to think that the experiences of 6 individual administrators in a study can persuade you to believe that Windows is better than Linux. That's a big stretch, a big leap to make in your judgment, but Microsoft is hoping you're too lazy to actually dig into the qualitative results and learn the lessons of the study.

We should actually thank Microsoft for taking Linux seriously, and helping us find its weak spots! We already know that open source is a much more effective way of solving them--just witness the current unresolved IE script vulnerability...

Boy did he ever pass his "Business Rhetorics 101"!

[atrocious+cowpat]

FTFD:

This is a really important question.
This is a really interesting question because [...]
You make a great point about [...]
Great question!
This is a question that has passed through my mind more than once.
This is an interesting problem because [...]
You bring up a couple of interesting points.

Etc. etc.

Mind you: I'm not commenting on the actual value of his arguments (I know next to nothing about the subject matter), but this read eerily straight from the "How To Successfully Communicate In Meetings"-Handbook.

SLES?

[grolschie]

Answer: SLES 8 was the most recent at the beginning of the study time period - July 1, 2004

There's your problem. I have had nightmares upgrading from one SuSE release to another, requiring a re-install every time. SuSE tends to break itself very easily. But never had such problems with a well tested distribution like Debian GNU/Linux 'stable'.

Re:Riiiiiight

Seems to me that state's rights issues are completely separate from libertarianism - what real difference does it make if the government is an individual state or the federal government?

Why??

[LeFaux]

I've worked as an admin on both Windows and Linux (specifically SuSE) I don't understand why these experienced Linux admins didn't just say this is not acceptable for the stability of the system. Disclaimer: I have never worked worked for someone (in an ecommerce setting) that didn't understand a simple statement like that. Especially when it could be easily translated by even the most moronic boss into "You are demanding that we do something stupid here and if we do it and the system fails then I will explain EXACTLY why. It just seems wrong to me that the admins would do something dumb to their system even if it is for just a study.

digging a deeper hole for himself

[penguin-collective]

Anybody who asserts that they can conduct an unbiased study that is paid for by a beneficiary of that study is simply fooling himself; trying to defend that is just making him even less credible.

There are lots of other problems with the study apart from its intrinsic bias. The selection of experimental subjects and the statement of business requirements both reflect a naive view of how these things work in practice in a real organization; selecting them in "the same way" is, in fact, not at all selecting them in the same way.

The only thing this study shows is that these people don't know what they are doing and that they can be bought.

Translation

[dangitman]

I agree though that one is tempted to dismiss research a priori though because of funding or some vendor tie. I think a good way to reverse the trend is to open the process up to public scrutiny; that's probably the main reason I came on Slashdot.

So, he came here to make vendor ties to research more acceptable. Is it really appropriate for Slashdot to give him a platform to do this from? Has Slashdot been paid to provide this PR?

I don't see what's wrong with rejecting corporate-sponsored research, and favoring independent research that isn't sponsored by the company.

mod parent up

[sbwoodside]

I was also astonished that they would use SuSE. Who uses SuSE? This is a server ... you use either Debian or Fedora core.

--simon

Re:mod parent up

[timbo234]

You're joking right? Very few companies use Fedora as a server because its a hobbyist/consumer OS. It lives on the bleeding edge which means things break regularly and it has short support cycles (18 months) which means you have to keep upgrading it (a real PITA for servers) or lose updates.

Businesses use distros like RHEL, Debian and SLES (note that's not the same thing as the desktop-oriented OpenSuse or Suse Professional) for servers because they have long support cycles (5-7 years usually), are focused on stability (often at the expense of 'newness' of packages) and because they are often certified for 3rd party products (eg. Oracle) and are supported by the vendors. Fedora Core meets none of these requirements, SLES does.

With all the hoopla about a ms shill

[bxbaser]

If you dont belive him dont run a ms server, if you do belive him run a ms server.
I have found that the quality of a product is inversly proporianate to the amount of advertising needed.

ms = large amounts of advertising dollars
linux = word of mouth

Im sure there are ad dollars going to linux the above was just a generalization.

I am certainly not gonna change my server os cause he said ms is better.

Here's the key extract:

[podperson]

All of our studies are written as if they will be released publicly BUT it is up to the sponsor if the study is publicly released. The vendor knows that they're taking a risk. They pay for the research either way but only have control over whether it is published, not over content. So if their intent is to use it as an outward facing piece, they may end up with something they don't like. Either way, I think it's of high value to them. If there are aspects of the results that favor the sponsor's product, in my experience, it goes to the marketing department and gets released publicly; if it favors the competitors product it goes off to the engineering folks as a tool to understand their product, their competitor's product, and the problem more clearly. Either way, we maintain complete editorial control over the study and there is no financial incentive for us if it becomes a public study or is used as an internal market analysis piece. The methodology has to be as objective as possible to be of any real value in either case.

So they are paid to provide honest assessments of MS software vs. competitor software and then if the results are good it goes to marketing, and if they're bad they go to engineering. MS is huge and has zillions of products, and it probably pays for dozens or hundreds of these tests every year. The interesting question (which would never be answered) is "how many such studies have you done for Microsoft which never get shown to the public?" You can guess your own answer.

This kind of thing is a huge issue in academia where non-results (e.g. failures to obtain a predicted result or failures to replicate a published result) are seldom published. So if one researcher uses dodgy data to buttress a result and gets a publication out of it, it's highly unlikely that failures to replicate the result will ever see the light of day. In this case, Microsoft hires someone to perform a test of product A vs. B, it favors A, so they publish. The numbers are so small there's no statistical significance -- so for all we know MS could have given the same brief to the same outfit five times, gotten one positive result, and sent it off to marketing.

Disappointed with the Methodology

[nathanh]

My biggest concern is that the methodology drove a glibc upgrade on a production system. In my experience, any methodology that forces a technical disaster like that to occur must be inherently flawed. I wouldn't manually upgrade glibc on my personal systems and I certainly wouldn't dream of doing it on production systems.

I'd like to know if threat-risk assessment was part of the methodology. My own internal TRA suggests that a glibc upgrade is an extreme risk. A chrooted glibc, a parallel glibc, or recompiling the third party application against the existing glibc are minor risks. Why was an extreme risk chosen when minor risks were available? This reeks to me of methodology running rampant over common sense and industry best practise.

Question on Studies

[MrCopilot]

How many Studies were you asked to do?

How many were "UnPublishable" in MSFT's eyes?

If this issue is covered by an NDA, We understand but, we'd like to know that.

uptime and maintience

[Janek+Kozicki]

I've seen several posts where people were criticizing the solution chosen by those 'linux experts'. Whether they are experts or not - is a matter of different subject. I think that we should look at the broader picture. And instead of talking about replacing glibc we should talk about the study's conclusion, not how they reached this conclusion.

Ok, so they have chosen to replace glibc, perhaps in their circumstances they couldn't see any other applicable solution. I'm a true linux zealot, I've thrown windows away 5 years ago, and I do the same with computers of my friends and family. And during that time I learned a lot. For instance I've learned that each problem has dozens of solutions, and when I approach each problem for the first time - I do not choose the best solution possible. But I do after solving that same problem several times - because I learn how to do that.

The bottomline is that collective knowledge of all /. readers is far greater than knowledge of single linux administrator. And what he does can be criticized by others. He did the best he could when he approached that specific problem for the first time.

Another bottomline is that even skilled linux administrator - when meets a new kind of problem - will not choose the optimal solution, and most of the time he will spend on it - will be learning stuff, reading man and googling.

to summarize, I'll repeat my other post - I can belive that setting up a linux sever can take longer time than setting up a windows server doing the same.

But such conclusion from a study means nothing, since everybody will agree that UPTIME of linux server, and its need for MAINTIENCE will score far better than windows server doing the same.

And that's the only reason for which I think that this study is totally useless.
1. I agree that setting a linux server takes more time
2. But 1. is irrevelant because it's the uptime, and maintience for years, that really counts.

Dear Dr. Herb Thompson - tell me if you plan to study how linux vs. windows score in "uptime and maintince" in real corporate environment. I think that this test should be at least 1 year long.

Re:uptime and maintience

[NullProg]

to summarize, I'll repeat my other post - I can belive that setting up a linux sever can take longer time than setting up a windows server doing the same.

If we were talking about setting up a slackware, gentoo, or debian linux severs I'd agree with you, but this topic is about SuSE. In our lab, we have RedHat, SuSE 8/9, Windows NT/2000/2003, AIX 4/5, and SCO servers. The SuSE Yast program beats them all at setting up server services. Oracle setup on the other hand sucks on any platform :)

Enjoy,

Re:Integrated VCR DVD story is insightful

[plover]

I had OmniRemote on my Palm Pilot way way back when. I then ran it on my Visor for several more years. And I even put it on my Tungsten, but it didn't work there. So thank your friend at Pacific Neo-Tek for me, it's very cool software. It did what "couldn't be done" at the time.

(BTW, I don't like the IR port on the side of the Visor, I much prefered the "extended IR" of my original Palm, but that wasn't the fault of O.R. As a matter of fact, the "rotate" thing in O.R. was a really cool trick to compensate for it.)

What I most appreciate about the Harmony is that setup is all automatic. I didn't have to train it with 50 buttons on each of four different remotes. I didn't have to draw hundreds of tiny boxes, meticulously laying them all out on aligned grids, giving each an illegible mnemonic. I didn't have to redesign the concept of a remote.

I spent dozens of hours with Omni Remote, and the ORdesktop software. I tried importing codes and stuff from the Pronto (mixed success there.) I tried finding layouts on-line that other people had done. I went so far as to digitize photographs of my existing remotes to try to figure out a sane layout for the screen. I basically spent forever trying to set up the remote, and never got it perfect.

The Harmony eliminated all of that. I bought the remote. I installed the CD-ROM. I plugged it into the USB port, which automatically took me to their web page. I registered a new account. I typed in the model numbers for each of my devices. The web page then gave me a list of activities: "Watch TV", "Watch a DVD", "Listen to Radio", etc. It asked me "what input do you need to set your audio system to watch TV and hear it through the stereo" and gave me an appropriate set of radio buttons to pick from. It asked "what input do you set the TV to watch cable TV?". After answering those few questions, I clicked "done" and it downloaded the new data straight to my remote, which just worked. It took about half an hour, total. I've played with the web page a few more times just because I could, not because I had to. But the remote just worked the first time I downloaded to it, and it had all the functionality it needed to pass the dreaded "wife test."

All in all I find the Harmony is actually cheaper than the Visor + O.R. when I factor in the time investment. I can't recommend O.R. to someone who isn't a techie, or to someone who doesn't have the time to fiddle with creating dozens of screens.

MS Shills

Looks like the MS shills are crawling out from under their rocks again...

The reality is...

[Svartalf]

That if you consider that the decisions are representative for most large companies, then they'd have had issues with Windows. It's as if the admins deliberately chose the absolute wrong path for each Linux decision. I've made these points earlier, if you did the analogous things under Windows you'd end up with a mess much like the one the Linux admins ended up with- probably worse.

You simply don't replace glibc without vetting code- all of it in the system. An official update or the next version should (and typically does) have the bulk of this work done for you already. If they're saying that the revision control process wouldn't let them upgrade the version of the distribution, they already broke that because an update to glibc of the nature in question IS a version update for all intents and purposes.

The whole thing is flawed because the analogous insane decisions were NOT applied to the Windows side as well.

Re:The reality is...

[jschrod]

You have not understand me. I see analogous insane decisions for Windows almost weekly, when I come in a company to troubleshoot problems. I also see them on Unix. I seldomly see them for mainframes, as they have typically other change and release management processes associated that protects them more. (And yes, I work with all Windows server OSes, half a dozen Unixes, and z/OS on a regular basis.)

As I wrote, this is not a comment on the study, but on the state of typical IT processes in large companies. (Large is defined here as the IT staff alone being more than a few hundred persons, more often in the 1,000s. Employee numbers of my customers are in the 10,000s.) I don't know if it is different for mid-sized companies and I expect it to be different for small companies.

Re:Boy did he ever pass his "Business Rhetorics 10

[tidge]

That is how you professionally answer a question.
I know that is how I do it when giving a presentation, or anything along those lines.

Re:sellout in style

[Jack9]

Being surprised and learning that something new is *true* is specifically what geeks search for. Disovering a new paradigm (MS superiority) wasn't found here. The admins were idiots (5 years of knowing how to spell Unix). What is true is that the study was broken and many of us wish it weren't so. You dont hand MS binaries to one guy and tell the other guy to build linux .so's....unless you want to tell the MS guy to build his Dlls too.

jsr $FFE4

JSR $FFE4 (GET whatever key is being pressed

c64 assembly

And...

[Svartalf]

...niether is glibc updates for Linux admins... When they are, they're handled, typically, in the manner a Windows update is... What they did, wasn't what would be in either world.

E-Z fix

Yes, it's entirely believable that a glibc upgrade was required, because when you compile a program that binary is usually locked to the version of glibc it was compiled with. Newer versions are OK, older versions aren't.

Why not just use a local copy of the required glibc version and set LD_PRELOAD or LD_LIBRARY_PATH in the binary-only program's ENVironment before running it? That way it won't affect anything else.

We can blame the admins, or the people who set the conditions of the test, or whatever, but the real problem is that Linux is crap at handling binaries.

Yes and no - if you compile statically, it doesn't matter what glibc version you're running, or anything else. If you use dynamic linking, then you need the right versions of system libraries, JUST LIKE with Windows. Do you even remember using Win 95 and Win 98 and DLL hell and DirectX upgrades that make your new game work but break the old one, etc., etc., and new software that requires XP or 2003 only? And not only XP, but a certain service pack level?

If you have a constantly changing system (e.g. rapid glibc development OR DirectX upgrades) then there WILL be these sorts of issues. Linux is not unique in this respect. Even Mac software requires certain versions, like 10.4 but NOT 10.2, etc.

It sounds like the study chose a pathological case on purpose (requiring a system-wide glibc backport instead of a local copy particular to the one binary-only 3rd party program). They also arranged the schedule so e.g. vendor fixes were installed monthly -- in accordance with MS release dates -- thus not penalizing them for being 29 days behind with a critical fix that was fixed on Linux the same day it was publicized, that kind of thing.

Re:E-Z fix

[IamTheRealMike]

You really can't LD_PRELOAD glibc with any degree of confidence, it's not like other libraries. In fact I'd be amazed if you can even build glibc from the sources yourself, its build system is notiorusly arcane and undocumented - often requiring CVS builds of binutils/gcc, at some points it's even required custom patches not available to the public.

And I'm afraid static linking doesn't solve the problem either. You can't statically link everything, the NSS doesn't like it and will crash, and if you statically link libraries but not glibc you get the same problem.

Believe me. I've looked at this problem in depth. The best way to fix it is to build on the oldest version of the distro you want to support or to use apbuild. Neither of these are obvious solutions, and it's entirely the fault of the glibc designers.

Re:E-Z fix

[EzInKy]

In fact I'd be amazed if you can even build glibc from the sources yourself, its build system is notiorusly arcane and undocumented - often requiring CVS builds of binutils/gcc, at some points it's even required custom patches not available to the public.


LFS manages to compile glibc just fine.

Re:E-Z fix

[cyphercell]

mod parent up

I compiled Linux From Scratch after taking a one term intro to Linux at a community college. Otherwise one needs the configuration options used by Suse.

Et tu?

I'm going to say one last thing on this, which will shut you and all your ignorant friends up.

If the study is flawed, you wouldn't have to resort to ad hominems. Examining the study using traditional criteria is more than sufficient to gauge its accuracy.

Et tu, Brute?

Do you eat your own dog food?

choosing components

[rusko]

in your response, you indicated that 3rd party components were chosen purely based on their market position. i'm not sure who you were working with, but as a consultant, i've never seen a competent CTO/CIO make a decision based on market position. what they have done, on the other hand, is pick the right tool for the job - namely, evaluated the quality of the software, the features, the technical support *and*, most importantly, its support for the platform they were going to run it on. in my experience, in the real world, a component requiring such hoops (installing unsupported versions of software, upgrading glibc etc) to be jumped through would never even make it to the evaluation stage. with all of that said, it is highly debatable that the 'no custom code' approach is even worth looking at - it does not reflect real life. and this is coming from someone who's worked with some of the top 100 ecommerce sites in several european countries and the US.

Parent is "Insightful"?

[sj88]

Parent does not add anything new to the discussion, yet it's modded insightful? Did Microsoft tell it's employees to start posting on Slashdot or something?

Realistic?

[hollisbrown]

Dr. Thompson,

In your opinion, would this scenario have actually happened in a large enterprise that was running Linux?

Research papers offer reproducible facts...

[NullProg]

I see none in this study.

I have a SLES8 box here in the lab. I would enjoy reproducing the tests to see for myself.

The 3rd party software used is not disclosed. I see no commercial ecommerce solutions that run on both Windows and SLES8. http://www.google.com/search?hl=en&lr=&q=ecommerce +software+sles8&btnG=Search

I updated a SuSE8.2 Workstation (same core as SLES8) to SuSE9.0 with no major issues. I clicked on the Yast -> System -> Software Update after inserting the 9.0 CD1. This method is not addressed at all in the research paper.

In appendix 5, the table of companies consulted is listed, but not the contacts. I would like the names of the people contacted for this research paper that work for NASA, the FAA, the FTC, the USAF, the DoC and the DoJ. The FOIA gives me the right to query what was actually contributed from the US Government towards this research paper.

Enjoy,

Re:Very detailed

I really enjoyed your summary. However, could you please put your .sig in the actual .sig area on Slashdot, and not list it here? Some of us have those little taglines turned off on purpose and do not like to see them. The other way I know of to get rid of them is to change the relationship, but that seems kind of drastic. I do enjoy your posts, just not reading your .sig.

Where he fucked up

[246o1]

He didn't, or at least, that's not the bad part. The key issue is that MICROSOFT DECIDES WHETHER TO RELEASE THE STUDY. This means that only good (for Microsoft) studies are released. A study like this provides an interesting road map for a real study, as mentioned in several of the answers, but it is far too small to be statistically significant. An easy method of sure success for Microsoft is:
1. Commission many too-small studies with their $$$$$.
2. Only allow the statistically insignificant positive results to be published.
(3. Keep the info from all of the studies so that they end up with statistically significant results.)
4. Profit!

Re:Boy did he ever pass his "Business Rhetorics 10

[atrocious+cowpat]

I know.

I was just joking, you know.

My comment...

[Alizarin+Erythrosin]

Is this enough to make sweeping claims about the reliability of Linux/Windows? No way.

I don't think that'll stop Microsoft from making said sweeping claims, though.

Seacrest out.

Question 7

[toetagger1]

In your answers to question 7 you say:
"Is this enough to make sweeping claims about the reliability of Linux/Windows? No way."
"Hopefully these are the questions that people will ask after reading this study, and with any luck it will prompt others to carry out their own analysis within their own IT environment, building on what we started here"

In the orginial Slashdot story, you are quoted as:
"The study claims that Windows is "more consistent, predictable, and easier to manage than Linux.""

Why is it that you hope your study will prompt others to carry out their onw analysis within their own IT environment, but the concolusion of your study says that Windows is "more consistent, predictable, and easier to manage than Linux?"

And where are these admins?

[mtxmorph]

We all know any self-respecting Linux admin reads Slashdot.

So why can't these guys answer for themselves? Are they too ashamed? ;)

Yes, see this example with old Loki games

http://gentoo-wiki.com/HOWTO_Running_Old_Loki_Game s

"To use the old glibc libraries set the LD_LIBRARY_PATH environment variable to the directory these libraries are located. Additionally prepend the game binary to run the game with the old ld-linux.so.2 dynamic linker/loader (as the one with glibc 2.3 does not include the GLIBC_2.2, GLIBC_2.2.1 or GLIBC_2.2.3 profiles used with glibc 2.2.5 for some reason)."

And I'm afraid static linking doesn't solve the problem either. You can't statically link everything, the NSS doesn't like it and will crash, and if you statically link libraries but not glibc you get the same problem.

That's why you STATICALLY LINK glibc if you need to. What don't you understand about that? I used a certain binary-only program for years across multiple distros which was statically linked, and worked on all of them. Transgaming's utils are statically linked as well. Correct, you don't need to do this for everything, just for the binary-only packages that are otherwise a pain. Linux has historically supported multiple simultaneous libc versions since it did not used to use glibc but its own C library. Distros had an option to install old "compat-libs" so your old binaries would continue to work even if they weren't statically linked.

In fact I'd be amazed if you can even build glibc from the sources yourself,

Amazingly prescient that I never mentioned compiling glibc. Just use the old glibc .so and the old linker and you're in business.

Re:Yes, see this example with old Loki games

[IamTheRealMike]

Even statically linked binaries have stopped working before due to linker, toolchain and kernel changes. And like I said, statically linking glibc itself is very dangerous. If you get it wrong DNS lookups will crash, and various other things will break in obscure ways.

Corporate Policies already developed for UNIX

I have been consultant for several Medium and BIG Corporation and government. It is my personal experience that "BIG Corporation" will forbid updating the GLIBC and many other Linux components without the express consent of a specific groups or individuals. Usually, when a policy mandate something... There is also procedure in place that are limiting the liberty of the SYSADMIN to do thing it's own way. This generally includes any modification that is not "sanctioned/approved" by the OS Distributor/DATABASE Supplier, etc. GLIBC will logically fall in this category.

This is generally true on UNIX, Linux or Windows.

In most cases, when a piece of software need something that is outside of the corporate "Standard", the Supplier of this software get call and asked the best course of action. For example, does it have something compatible with "SES8"? If not, what will be the best alternative solution, etc...?

It is also my personal experience that great many new OS get put "in limited" production (meaning: for a specific function only) to get support from third party tools. A while back, that was true for MS-Windows 2003 mandated by some ISV when most corporations did operate on W2K.

In most "big company", there is a mix of MS-Windows NT 4 that runs some applications that can't be upgraded to MS-Windows 2000. Either many Windows 2000 or many Windows 2003 but generally some of the others because some software mandate it. In extreme cases, there is "specific software" that can even force a specific Service Pack Level (EX:MS-Windows 2000 SP3). This appends when a business application has been heavily updated by an ISV, is too different from the one currently in production but the older one can't be run under the newer OS. On MS-Windows, little option exists but to keep a server, somewhere operating under this non "compliant" OS.

Microsoft OS use to be the worst offender in this area. I know great many company that use "many harware boxen" for the sole purpose of avoiding incompatibility between ISV applications of different vendors. I also know many companies that refuse to use the same "hardware" for too many MS-Windows application because it might become a nightmare to update them -- if the business mandates it.

Of course, I also know about Linux/Unix boxes were the GLIBC has been upgraded/downgraded to accommodate a specific application. Generally, this will be to have otherwise "Incompatible" software operate on the same "computer". This is not a routine decision.

What I really want to say: In most case, at most company, the servers OS policy are stringent but a lot of WAIVER are issue.

At the desktop level, this is different story. In this setup, several different software have to be executed out of a common "OS"/"SPx" level. When new software needs a specific release of the OS... This is where the "$" take it full meaning. Upgrading a few thousand desktops is always a challenge. This is generally under these conditions that we ask a "Windows SYSADMIN" to tweak the configuration to "MAKE IT RUN" without upgrading if possible at all. Often the proposed solutions are ugly and needs considerable time to develop (weeks or months).

This is under these conditions that your "Study" does not fly with me. Generally, big corporation mandate that the OS must be such and such. If the Business application does not run under these conditions, we look at the best alternative to be supported by all software distributors. (We may download from the developer site some software, but this is not a common procedure at most place)

Forced sense of humor

[thegnu]

It's kind of a forced, interview-voice sense of humor. I mean, Herb, I know you're a human and a person and all that, but I just don't believe you. You seem to waffle too easily.

You do. Just say it. Go ahead. Say, "I WAFFLE!" and then I'll respect you, I swear.

Non technical admin skills ?

[simoncrute]

I'm left wondering what non-technical skills the admins in question had ?

IME, most linux admins with significant experiance have mainly worked in environments where *they* are the final arbiters of the chagne controll policies etc. They've tended to work in smaller companies, or been putting linux in the edge or certain well defined services (i.e. DNS), and not at the center of larger companies.

Windows admins on the other hand (again, IME) are used to working with the larger comapnies and the beurocrecy that goes allong with it.

Re:Boy did he ever pass his "Business Rhetorics 10

[nagora]

I know that is how I do it when giving a presentation, or anything along those lines.

I hope you realise it makes everything you say afterwards sound fake.

TWW

I think I'll leave the final word to...

[pruneau]

This blog

'nuff said.

Re:Very detailed

I noticed how the linux results are projected to all distributions of Linux, where only Suse Linux was included in the study. Each distribution has it's strengths and weaknesses. The be truly objective, The report title should not imply that all linux is Suse linux.

  Another point is the integration issue. The TV/DVD/VCR analogy in one response could be consider a bit flawed. A more accurate analogy for some linux distributions would be more like the matched component systems from company's like Zenith and RCA where you have a TV, a VCR, and a DVD player in separate boxes with a universal remote that defaults to the same brand conponents.

Everything works fine unless you have to replace a component or the remote with a different brand or model. However, if the VCR eats a tape, your mother can get you to drop by, and take it to the repair shop, (or fix it yourself) and she won't have to miss her soaps.

  Over the years I have used redhat, Mandrake, turbolinux, slackware, and debian distributions of linux. I currently use debian, since it includes a lot of games and education software for the kids. All of these distributions had
strengths and weaknesses for certain application.

  In summation, Windows is Windows, Linux is not Suse. Linux is to Suse what kernel.dll is to Windows. And the linux kernel can be easily tailored to a specific application, which is one of it's advantages.

  and... the study should have included a larger sample....

No, DLL hell does not exist outside MS windows

[dbIII]

Still, though, any Unix admin should know that upgrading glibc is risky at best

So, why do you have to get rid of the old version? The default behaviour of RPM may be an upgrade, but you don't have to delete the old version when you put a new libc on the system. Think of what the tool is doing and why you are using it instead of doing things the MS Windows way on *nix - those version numbers on the libraries are there for a reason and you can have multiple versions of libc. If you do, often all it takes is a two line script to get that program last compiled in 1995 going on a current system - you just need to tell the program to use the old library.

Similarly I consider the above item on third party out of distibution software stupid - for a start you have the application software that you want to run and bought the machine for in the first place - in the case of servers of any OS it may not necessarily come bundled with the base install. Considering MS Windows you REQUIRE third party applications just to get it to function properly in the first place - antivirus and functional backup software if nothing else.

Every tried to change hardware on a Windows box?

As all those studies from/sponsored by m$, one subject is allways not touched. What happens when you have to change things like the harddisk or the motherboard?
Every tried to move a domain server or a ts to another hardware? This is just a pain. Microsofts backup almost never works and you can find such answers like "install new" in their knowledge base. What this means for a painfull (through search and click in the best case and normally with tons of stupid registry changes) configured windows system is missed in almost any positive study about windows.

Why SuSE?

[thread5afe]

Why was SuSE chosen over perhaps Microsoft's biggest Linux [server] competitor RH ES? For me that tainted the study...

You are an automaton

[mary_will_grow]

After the experiment, the administrators were asked on both sides if this kind of evolution of systems met with their real-world experience. They said yes, with the caveat of if they were asked to install a component that required an upgrade of GLIBC that they would likely upgrade the operating system as long as their configuration control policy allowed it.

Oh OK so the Linux admins thought everything about the test was real-world, except, ummm, the operating system version.

Sounds great. Oh and the study included SIX groups? Wow this just gets better and better.

The thing that scares me is how excellent people are getting at hiding their agendas, even when they are RIGHT OUT IN THE OPEN. Micro$oft-funded linux vs. windows study? Nah, no conflict of interest there, seriously! (and people believe it!) A couple ex energy company executives decide to bomb the country w/ the largest oil reserves? Nah, no conflict of interest there, serious! (and people believe it!) DIEBOLD makes some e-voting machines, their CEO publicly claims he's "Devoted to delivering bush Ohio", and Computer Science PhDs across the globe are horrified at what they see when DIEBOLD's source code is leaked? Nah, no conflict of interest there.

Open your eyes. Someone stop this idiot before he eats our children.

hoax is the joke...

[kopykat]

i use windows.. i use dos... i use an open source unix emulator on a windows partition too... and I can say that a study that claims test conditions as a medium for comparison between a unix architecture and a windows platform as a way to bring meaning to MSsofts apparent denial of unix/linux expansion at this current time???? ask any real programmer or technician endowed with real programming skills which operating system will do what... 10 to 1 windows will do the job... and unix\linux will effectively control a real programming environment with a command line interface, system heirarchy and built in support for programming in virtually any language in the real world thats 80% of all programmers with any credible ability to run, compile and administer an operating system without replicating on a basic gui interface thats probably going to overheat where a linux\unix mchine just starts to move... using all 139 patches in the test conditions and the 1001 more required for real life application. i think this demonstration just undercut exactly how many patches would be required by windows (39 or something) by 1 too many to even be credible... sorry dr.thompson sounds like a hustle to me!