A CIO's View of SUSE's Enterprise Viability

onehitwonder writes "As part of an ongoing quest to find a viable alternative to the Microsoft desktop in the enterprise, well-known healthcare CIO John Halamka spent a month using Novell SUSE 10 as his sole operating system. His conclusion? It's good enough for the enterprise. In Windows vs. Linux vs. OS X: CIO John Halamka Tests SUSE, he explains how SUSE stacks up against RHEL, Fedora, XP and OS X (in a life-critical business environment), and which issues should influence an enterprise-class organization to adopt it."

Now That's a Good Viewpoint

[nz17]

We've had everyone from HardOCP to grandmas post their opinion on the "best desktop system" issue, but I think someone with not only workers and an enterprise on the line, but the life-and-death of people on his hands, is really going to give an honest opinion. He doesn't want deaths on his hands either directly or from his recommendations. I think everyone reading this post should give the article at least a cursory glance before jumping to their own opinions.

Re:Now That's a Good Viewpoint

[Original+Replica]

I think it's telling that he was originally gunshy about Linux because of his previous exerience with Fedora and Red Hat. The constant problem (as far as mass adoption goes) with Linux is that there are too many versions running around. It's time to thin the herd.

Re:Now That's a Good Viewpoint

[Ant+P.]

One of the things that might've put him off Windows is the EULA clause near the bottom stating "NOT SUITABLE FOR CRITICAL SYSTEMS INCLUDING NUCLEAR REACTORS, LIFE SUPPORT" etc.

Re:Now That's a Good Viewpoint

[jlarocco]

I think it's telling that he was originally gunshy about Linux because of his previous exerience with Fedora and Red Hat. The constant problem (as far as mass adoption goes) with Linux is that there are too many versions running around. It's time to thin the herd.

I completely disagree. There are a lot of problems with Linux, but too many "versions" isn't one of them.

Re:Now That's a Good Viewpoint

[ColdWetDog]

He's not running a nuclear reactor -- or a hospital. He's just doing email and typical business person stuff. Nobody lets a CIO do potentially dangerous or important things.

Re:Now That's a Good Viewpoint

[gweihir]

It's time to thin the herd.

I don't agree. The differences are of an other type than the ones between, e.g., versions of Windows. First thing is that the "look and feel" is really not tied to the distribution. Whether I run fvwm2 on top of Suse, RedHat, Debian, etc. does not matter much for its look and feel. That is almost completey determined by my .fvwm2rc file. Second thing is that hardware support (i.e. kernel) is again not tied to the distribution. I am running Debain with a stock kernel.org kernel with my own config. I did the same before with Suse. Not a problem. Third thing is that the rest of the OS is again not tied to the distro. Practically everything can be changed or customized. Same is true for the applications. Which distro I run an application on makes very little difference. The most difference makes the window-manager, but that is an application in itself and not distribution specific.

The thing that does matter is support and updates. These can be very different from distro to distro. This is also the point that becomes very important in professional adoption. Of course Linux has all the advantages here, since MS support is really very, very bad. For Linux you not only can get better support. You can have your own people do it on every level. Or buy the support from a lot of different poeple, with just the quality level you need. And if one support offer cannot cut it, moving to another one is a very real option.

And if you do not use the vendor-support, the distribution becomes even less important. Of course a large organization will need to hier a few Linux gurus in a move to Linux. But the potential gains are staggering.

Re:Now That's a Good Viewpoint

[ozmanjusri]

It's time to thin the herd.

So don't use the bad distros, and do support the good ones.

It's called "competition" and while it's been absent from the OS space for a long time, it's what drives innovation in capitalist economies.

Look, this dumb meme gets trotted out at just about every discussion of Linux. It's dumb because:

• Linux is free. That means anyone can make their own distro. Even if you were right (which you're not), there's bugger-all you can do about it.
• Having plenty of competing distros encourages distributors to keep improving their versions.
• Because of the copyleft provisions of the GPL, improvements in one distro can be adopted by all other distros. That means if one distributor fails (like Corel did), their efforts are not lost to the community
• Having specialised versions of Linux filling dozens of different niches means it's that much harder for an aggressive and predatory competitor to "fucking kill" all of them.

It's great that SuSe is able to fill the corporate desktop niche, but I'd still prefer to use Sabayon for gaming, Puppy on my pen drive, SME on a small server, Debian on a big one, Ophcrack for rescuing Windows users who've forgotten passwords, etc, etc, etc.

There's plenty more reasons this meme is dumb and dangerous. Try thinking of a few yourself, preferably before posting next time.

Re:Now That's a Good Viewpoint

Gawd this is getting to be an old and annoying discussion.

The typical home user does three things:
1. Instant messaging
2. Email
3. Surf the Internet

Once the typical user realizes that these tasks can be easily performed on any number of OS's, that they have a choice, there will be some movement away from MS Windows for these people.

Not that it matters that much to MS because most of their profits are derived from corporate customers.

Corporations have a fourth requirement, standardized information exchange of documents and spreadsheets. Love it or hate it, MS Office provides some degree of standardization that *nix platforms still lack. OpenOffice has matured to the point where for most medium or small companies it can meet their needs. OpenOffice still needs improvement but it now good enough for serious consideration as a replacement to MS Office. I'm not advocating everyone switch to OpenOffice, I'm advocating a reasonable evaluation of the users' requirements and the applications that are available.

The article is interesting in that it appears to be indicative of the thinking of a number of CIOs or anyone who is in the position of making IT policy decisions. The guy has a difficult time coming to a clear decision because he's evaluating non-MS options. It's the same thought process many of us have gone through. It's why I use Windows for some tasks and *nix for others. In my case it's using the right tool for the job.

It's about choice. And now we have them :-)

Re:Now That's a Good Viewpoint

[shlashdot]

"It's time to thin the heard"

no, it's time to develop a decent groupware solution.

Re:Now That's a Good Viewpoint

[Maxwell]

If you build your own PC's and put up screenshots on your desktop on your website, then it's 'fun' to have dozens of versions of everything. If you are a CIO, it's a pain in the ass and a huge, huge, problem with Linux adoption.

You gave no reason for you assertion that multiple versions is not a problem, but allow me give you some for reasons for why it is:
# You can't even use "linux" because there really is no such thing.
# And you can't hire Linux people because there is no Linux people, there are Fedora, RHEL, Suse, Ubuntu, Kubuntu, BSD, FreeBSd,Openbsd people, etc, etc. And the "linux" crowd tends to rush off on whatever the latest trend is, remember when Caldera Open Linux was trendy? Now it's Ubuntu, whoops, Kubuntu, whoops, linspire, whoops now back to Fedora. Like little kids running after the shiniest candy.
# And no they are not all 'the same'. They have wildly different directory structures, gui, lib version, kernel version support options, kernel versions, etc.
# Oh but any *good* linux admin can use any system, right? How many is that? If a CIO hires 100 Windows admins, thee will be 10 good ones, ten useless ones and 80 somewhere in between. If he hires 100 linux
there will be 2 good RHEL, 2 good SUSE, 2 good Ubuntu, 2 good Fedora and 2 good 'weird brand', 10 useless and 80 somewhere in between. That is spreading the talent pool pretty thin... It's no wonder Oracle on Windows is so popular, at least you can hire someone to install the thing!

Sorry, but multiple versions is holding Linux back at the enterprise level and will keep doing so until there is a clear winner aka 'standard' that can be relied on for stability, industry support, and support personnel. RH and Suse as a 1 - 2 combo were looking very good, but now ubuntu has wandered in and taken most of the community's time...until the next shiny candy shows up...

JON

Re:Now That's a Good Viewpoint

[good+soldier+svejk]

He's not running a nuclear reactor -- or a hospital. He's just doing email and typical business person stuff. Nobody lets a CIO do potentially dangerous or important things.

John is also an Emergency Medicine MD, so his business stuff is potentially dangerous and important. Actually, he is a programmer too. And he has a Masters in informatics from MIT.

Re:Now That's a Good Viewpoint

[NeverVotedBush]

I won't name where I work, but it is pretty big - over 12,000 employees - and they are seriously considering dropping Windows to switch to Linux. Vista is not considered suitable, the cost is huge per seat, and they figure that as long as they are retraining the workforce to use something, it might as well be something that is cheaper, more secure, and more reliable.

I know people will say that the TCO might be higher but in the long run, is it really? Once you get people moved over and used to it, and after a few new versions of OS where MS keeps gouging but Linux stays free, there is a point where the cost drops drastically comparitively. We don't have so many trained to support Linux yet, but that's coming.

Bye MS.

Re:Now That's a Good Viewpoint

[boyko.at.netqos]

Glad you remembered us!

-- Brian Boyko
-- Gramma's HardOCP Contributor

Re:Now That's a Good Viewpoint

[Jane_Dozey]

In a corporate environment one enterprise distro will be used and the same software loaded onto each desktop. That means no problems with directory structures, libs, DE's or really much else. Everyone in the company will be using the same thing, much like they are with windows (can you really see the IT dept letting users choose between windows versions?).

The company doesn't care about whether there's a "linux" or not. They're using RHEL/SuSE/whatever not this mysterious "Linux". I think you'll find a whole lot of "Linux people" disagreeing with you there. Every single Linux admin I've ever met has used lots of different distros and knows the quirks of each one. The company will hire people who can do the job on the system used, not those who don't.

A *good* Linux admin will know whether they can use the system or not and apply for jobs accordingly. A bad admin might try and wing it but hey, they're a bad admin and should never had been hired in the first place.

At the enterprise level there are very few options. I can currently think of 2 off the top of my head: RHEL and SuSE. These are what companies will be using and these are what they will be advertising jobs for, so no, at the enterprise level multiple versions really aren't such a problem.
But what if more enterprise distros appear? I still don't see a problem. The IT market has a habit of having it's top 2 or 3 choices and a multitude of alternatives. IT managers will be using the top 2 or 3 and pretty much ignoring everything else unless they get good enough to topple one of the current leaders, in which case there's still only 2 or 3.

It's only really when you get down to individuals and their home desktops that it becomes more difficult...

Re:Now That's a Good Viewpoint

[eihab]

And you can't hire Linux people because there is no Linux people, there are Fedora, RHEL, Suse, Ubuntu, Kubuntu, BSD, FreeBSd,Openbsd people, etc, etc. And the "linux" crowd tends to rush off on whatever the latest trend is, remember when Caldera Open Linux was trendy? Now it's Ubuntu, whoops, Kubuntu, whoops, linspire, whoops now back to Fedora. Like little kids running after the shiniest candy.

That right there tells me you don't know what you're talking about. Free/Open/Net BSD are not based on the Linux kernel, they're completely different beasts.

I wrote something before about how inconsistent some of the Linux distributions are and how frustrating it is, but this right here is an outright troll.

I'm a BSD guy at heart, maybe mainly because I got introduced to FreeBSD first as what a Unix like OS is all about, but that doesn't mean I don't appreciate "Linux" or what it has done for us.

In my living room there's a MythTV (KnoppmMyth) box that is waiting for a second TV-Tuner card to output to TV to be complete DVR system. At my job we have a couple of CentOS servers that replaced FreeBSD because of specific RAID driver support (It's in 6.2 but that was beta back then).

Point in case: I'm no OS zealot.

Having cleared that up, sure there are tons of Linux distributions out there, some of them are "corporate ready" and some of them aren't. If you're a CIO and going to standardize on Linux "based distributions", I hope to god you're not basing your decisions on what teenagers are writing in their blog about the hottest new distribution.

When you imply that the entire community is behind X distribution based on what you read on blogs is a complete disconnect from reality. The Debian people are still Debian, the Redhatters still do their thing, etc. etc.

Sure, Ubuntu's new users can become more vocal and say Ubuntu is the new hotness, but that doesn't mean they're the ones who write great code or do great things for their distributions (not that some of them aren't, but you get my point).

I can hear you thinking "Well what about Beta testers?", well sure, some of the distributions may have more beta testing done than others based on the "community" shift, but that doesn't mean other distributions won't benefit from it. Linux distributions are just that, they combine and distribute Linux, GNU tools and other programs with a few (ok maybe a little more than that) tweaks here and there.

If someone in Ubuntu finds a bug in gcc, all of the distributions will benefit from it (heck even BSD).

Companies like RedHat exist solely to provide you (Mr./Ms. corporate CIO) with that safety net, which is: you're going to get the latest patched stuff, you can demand Certification and get trained Sys admins that know what they're doing, phone and on-site support etc.

Re:Now That's a Good Viewpoint

[BiggerIsBetter]

The thing that does matter is support and updates. These can be very different from distro to distro. This is also the point that becomes very important in professional adoption. Of course Linux has all the advantages here, since MS support is really very, very bad. For Linux you not only can get better support. You can have your own people do it on every level. Or buy the support from a lot of different poeple, with just the quality level you need. And if one support offer cannot cut it, moving to another one is a very real option.

Indeed, I've done just that this week.

I've been running Novell SLED10 on two machines, and have been very happy with it. It's the most professional desktop distro I've seen (good enough to pay for - twice). That is, until the politics started and the SP1 update was released. One machine updated nicely... until the next reboot when a broken initrd didn't let it come back up. The other machine wouldn't update at all, probably due to not having bought the optional "upgrade protection" (SP1 is an upgrade, not an update?!), or possibly the updater, or maybe even something that I've done.

Anyway, rather than fight with a broken operating system or a company moving in directions I don't agree with, I downloaded Ubuntu 7.04. I'm back up and running in 2 hours, with no data loss/copying thanks to keeping /home on it's own partition. Even better, the same would apply if I'd gone with most any other distro such as RH or Mandriva.

We've done the same thing with the server too, moving across 3 vendors over a period of several years due to changing policies and distro hardware support. I just can't imagine being at the mercy of one vendor, especially in a small market like New Zealand.

As long as Linux is free, so are my systems, and so are the companies they work for.

Re:Now That's a Good Viewpoint

[mrsteveman1]

RHEL and Suse are the exception, everything else is forked to infinity.

Heres an example, I have a production server I need to run VMware server on, if my running kernel doesn't exactly match one of the 50+ modules VMware was nice enough to compile and include (wasting their time), I have to keep a build toolchain on a production server just to install the kernel module. That is not acceptable.

We don't need forks of everything just to change one small part of the system, we don't need 2 package formats, we don't even need 2 desktops (gnome is at best a thin client right now).

It has already hurt the Linux environment and anyone using Linux.

Re:Now That's a Good Viewpoint

[mrsteveman1]

"If someone in Ubuntu finds a bug in gcc, all of the distributions will benefit from it (heck even BSD)."

I wish I could say code made it back upstream and to others quickly and reliably but I doubt it, even if it does its an extra step for little gain. You also have 6+ companies doing the same work at the same time. It's all bit of a waste.

Re:Now That's a Good Viewpoint

[cyphercell]

Hmmm, I read there are about three distros he is trying out Red Hat, Suse, and Ubuntu. You can say that he also tried Fedora, but I'm pretty sure he tried them both as a matter of evaluating Red Hat.

Funny thing here is he is testing out the Linux systems that have already proven themselves in the corporate world, they are sold by both Dell and Sun-Microsystems. Basically, these systems are standards, they are ubiquitous and they are being recognized as such. It's multiple versions that are driving them to the top, ie it's choice that is putting them in the enterprise level.

Re:Now That's a Good Viewpoint

[cyphercell]

[Honest questions]Can't you build the kernel module on a test server and upload it to the production server? Besides, if you really need to run VMware on your production server wouldn't that be something you'd research before building the server?[/Honest questions]

I know there are always corner cases, but it seems to me like most of this kind of Q&A has already been answered. Anyways, choice and competition are one of open source software's greatest strengths; weakness is all to often a product of deficiency caused by strength in one area. The same is true of Windows' market share and viruses or software that sits on the desktop for YEARS without upgrade (IE6 I'm looking at you).

The point is for all the problems that come with choice in FOSS, there will always be cream that rises to the top, and that stuff is very good when compared to proprietary counterparts. I mean look at it, these are essentially free systems competing over about 3% percent market share, imagine what it would look like if they were competing for 10% or 20%, then things would really start to take form.

Re:Now That's a Good Viewpoint

[Original+Replica]

It's great that SuSe is able to fill the corporate desktop niche, but I'd still prefer to use Sabayon for gaming, Puppy on my pen drive, SME on a small server, Debian on a big one, Ophcrack for rescuing Windows users who've forgotten passwords, etc, etc, etc.

That's exactly my point right there. Sure IT guys might think that your list was a great sign of how well versed you are, but to the people who run companies that aren't IT guys you look like a disorganized gear head. I'm not saying that the advantages you listed aren't real, but don't think that a problem that "gets trotted out every discussion of Linux" isn't real, just because you say it's dumb. It shows up every time for a reason.

Re:Now That's a Good Viewpoint

[Antique+Geekmeister]

I dunno. CIO's tend to pick mail systems, trouble ticket systems, and do departmental hiring. The damage they can do is pretty serious in any environment: in a hospital where the budget masters are often not as technically sophisticated as those at a fundamentally technological company, these decisions can ruin careers and cost lives as systems fail at awful moments, or lead to stunningly unstable workarounds.

Not that this one is incompetent, but I've discussed IT issues with physicians: one of them always schedules an extra 10 minutes for my appointments so we can swap more detailed information about his more difficult needs, and mine.

Re:Now That's a Good Viewpoint

[thynk]

The company doesn't care about whether there's a "linux" or not. They're using RHEL/SuSE/whatever not this mysterious "Linux". I think you'll find a whole lot of "Linux people" disagreeing with you there. Every single Linux admin I've ever met has used lots of different distros and knows the quirks of each one. The company will hire people who can do the job on the system used, not those who don't.

A *good* Linux admin will know whether they can use the system or not and apply for jobs accordingly. A bad admin might try and wing it but hey, they're a bad admin and should never had been hired in the first place.

I agree with you there, you're average good *nix admin can be thrown in front of a new distro or flavor and be able to a fair job of being an admin on it. For example, I leaned HP-UX in college as well as when I did hardware support for Celestica. When I sat down in front of my first linux box, I wasn't totally lost - the basic structure was there. Just like when I sat down at my new job working on AIX, sure it's a little different but I haven't had much of a learning curve (vi works on everything). It's like a windows user going from 95 to XP, it's not the same OS and there will be some things that the average Joe would get stuck on for a few minutes, but it's the same basic concept.

Going from XP to a *nix system is a a jump for your average user and a bigger jump for a windows admin to being a linux admin. Let's be honest, Linux on the desktop is not where it needs to be for the average user - users have a rep for being idiots for a reason. Asking them to type a command at the cli will come across as mystical mumbo jumbo and the GUI doesn't do everything - but is HAS come a LONG way from even just a couple of years ago - I think that with Vista being out, a Linux/Debian/BSD distro will look even better for both the home market and the enterprise workstation.

Re:Now That's a Good Viewpoint

[ComputerizedYoga]

GCC is a particularly poor example of that sort of network effect, because most distros tend to be reticent to upgrade their "stable" gcc. Glibc would be another such poor example. Better examples might be Apache, Samba, MySQL, and any of a very large number of gnome and kde applications.

I've reported enough bugs that have been upstream problems, and seen the propagation of those fixes. Most distro maintainers don't, in fact, build their own patches to software. Instead, they turn around and file an upstream bug. If the package maintainer also happens to be an upstream dev, then maybe he'll patch it upstream himself. But either way, I've never seen the gentoo or debian teams patch samba without that patch going upstream and coming back down.

Redhat is a different story, since they've got a different set of concerns. They're willing to maintain their own patchsets because they frequently have to backport patches to keep things up to date without breaking their customers' enterprisey setups.

Re:Now That's a Good Viewpoint

[Ornedan]

So according to your hypothetical people running companies, using the correct tool for the job is disorganized, and just using the hammer everywhere is organized?

Re:Now That's a Good Viewpoint

[Ritz_Just_Ritz]

I recently talked to the "C level" folks at a large state-owned mobile carrier in a developing country. They've got somewhere north of 50,000 employees and are ACTIVELY excising M$ products from their desktop environment (it has never really been used as a server there since their infrastructure is unix-based). They cited the upgrade-itis of Microsoft and the constant march of new hardware to deal with the growing bloat. They figure they can get longer life cycles out of hardware and enjoy (at least for now) a substantial reduction in per seat software costs. And this is from a company that probably can (and does) license Microsoft products at substantially lower costs than most smaller enterprises.

Best,

Re:Now That's a Good Viewpoint

[Ajehals]

So are companies currently running a single windows flavour on everything? No they may run XP on their desktops (Probably a few 2K, NT or 98 boxes left for some application that doesn't like XP), Vista on some of the laptops (Sales need the latest gizmo's). Windows 2k or 2k3 server (Or more likely a mixture) on their internal servers (if they are a windows shop). A *nix on their web servers, whatever OS is in their managed routers (with its own management applications), PalmOS on their PDA's, Symbian on their Phones, Mac OS on their Graphic designers Powebooks.. Its hardly a monoculture.

With Linux you could get closer though, you could be running Dabian on all your desktops, Laptops and servers, And then Debian derivatives on your routers (well maybe...), PDA's and Phones... I haven't seen Linux specifically for switches but it may get there... - you could really get to the point where our entire IT infrastructure is based on the same code base, but still role specific (i.e. you are not going tobe running KDE on your servers or your PDA's - the kernel or each type of device is going to be different).

So as an enterprise you could have a license free (and therefore license cost free - no extra software costs associated with growth...) environment, total compatibility between everything (Your PDA works seamlessly with your desktop scheduling and mail software and happily mounts NFS shares to sync documents.. (I do that at home - never done it in a corporate environment))
All updates and patches come from a single source, or can be aggregated into a single source using the same methods (you can run your own internal repositories and manage all your application maintenance - not just the OS and some applications (ala Windows) No more having a SUS server, a Anti-Virus Update Server and a million small updating systems and scripts..)

I guess what I mean is that Linux is as diverse as you need it to be, but that diversity can be harnesed and standardised standardised... Its easy to create policies and procedures to manage and maintain Linux environments, (and to automate that management) in a way that isn't possible with windows.

The obvious caveat with all this is that you obviously (as a large company) cannot just install the latest release of Ubuntu on your desktops, the latest version of PCLinuxOS on your laptops, Red Hat on your servers, some OE Linux flavour on your PDA's, Phones, switches, and Routers and just expect stuff to work. You need to think about it first, design a good system and then implement it well.

So does that sound like the ramblings of a gear head? I would assume I would use about 4 different distributions (All derived from Debian), plus probably different versions of those distributions (stable / unstable) across the enterprise. Every Specific role would have a base image (including as much software as possible that as common to sub roles (i,e, Common Drivers, X, a DM, NFS Client, Office and productivity software on the Desktops, Common Divers, Tripwire, SSH maybe NFS on the servers ). Fro these you derive your environment... All very neat, simple and safe.

Oh and you have all the code so the vendor cannot harm you by going bust.
Oh and you have your own update servers so they cannot be denied to you.
Oh and you can change where you get your updates from, as other distributions will use the same code.
Oh and you can make your own changes to your applications if you need to and have the resources.

I cannot think of anything that offers these kind of possibilities except Linux/BSD. but correct me if I am wrong.

Re:Now That's a Good Viewpoint

[WindBourne]

Of course Linux has all the advantages here, since MS support is really very, very bad.

If is funny, but I got modded down for that a couple of days ago. But you are 100% correct. MS has more an 100 billion dollars in the bank, and are still whining for customers. Yet, if they had spent even a fraction of that on boosting support (and had spent a couple of more billions on development), then this blog would NOT have happened. The CIO would be judging Linux against a superior OS, rather than a peer with many issues.

As it is, I think that Linux is already superior. What is needed is more ease of use and better compatability. In particular, Sun (perhaps combined with IBM and HP) would do well to continue extending the OO to support project and the other parts that are missing. In fact, IBM and HP could create a group of coders to take that on and create a pure GPL (or even a different OSS license) app.

As to thinning the herd, that would be the biggest mistake. MS has been focused on Redhat and cut a deal with Novell. In the meantime, Ubuntu popped up. And it is winning accolades. Great support as well as a VERY easy to use app. It shows that real competition changes things. Worse, if this herd was too thin, then MS can successfully target the small # of companies and Win. Even suggesting that would be akin to suggesting that the best way to help Grizzly bears would be to thin their herd and then offer unlimited hunting against them.

Re:Now That's a Good Viewpoint

[TheRaven64]

The biggest difference on *NIX flavours I've used has been init systems. The first *NIX I used was Red Had (4.something), which used SysV init. I moved to FreeBSD just after it started using RCng and now use OpenBSD which still uses the classic BSD init system. I also use OS X (Launchd) and Solaris (SMF) which are both very different.

Beyond that, man hier is a huge help and everything else boils down to minor difference (missing / extra options on a few POSIX commands). If someone can't move from one *NIX to another, then they have no business calling themselves an administrator (I am not one, by the way).

It seems like the biggest difference is in GUI admin tools, but no admin should ever rely on these (they can be a convenient short-cut, but there will always be situations where they are not available).

Re:Now That's a Good Viewpoint

[Frumious+Wombat]

The "not sure personally"... statement gives me pause.

Look, I like (to a point, which is when RMS starts screaming it's GNU/Linux) Linux, it's great for certain applications, and fun to tinker with. However, having just been subjected to two months of intensive Health Care (hospitalized, multiple IV), and spent several of those weeks in a major research hospital (high-tech to the gills, MD/PhD's poking me daily), I really don't want to see something like that deployed until each critical app has been shown to be robust, to communicate well with everything else, and to Not Go Down. My hospital ran my meds and vitals (which are more important than sleep when you're sick, as they'll wake you out of deep REM at 4:00 a.m. to get a blood pressure reading) over a secured wireless system so the nurses had instant access to all the data they needed. They also copied everything on paper and put it in a big, thick, book, which was copied onto the secure optical network. Big instruments (x-ray, etc), had their own embedded, hardened OS.

The issue here is robustness, and it doesn't matter if its SuSE, Win2K server, AIX, or CP/M-86. There is no room whatsoever for political advocacy of an operating environment in a hospital. I'm glad he likes SuSE; I used to use it until it got flaky in the 9.x series, but the OS isn't the issue, the apps are. Show me the apps are stable, and we'll talk about OS advocacy.

Re:Now That's a Good Viewpoint

[Ngarrang]

I think it's telling that he was originally gunshy about Linux because of his previous exerience with Fedora and Red Hat. The constant problem (as far as mass adoption goes) with Linux is that there are too many versions running around. It's time to thin the herd.

I completely disagree. There are a lot of problems with Linux, but too many "versions" isn't one of them.

One of the complaints is about USB device support. This distro may have it good, but the next doesn't. If the combined labor of the Linux distros were put behind just a few, this complaint would disappear. It is possible to have too many distros.

Re:Now That's a Good Viewpoint

[Maxwell]

"Pick one" works only if you have no other applications to support. Think bigger.

If I standardize on one desktop, or roll my own, I don't get support from any vendor that does not support my desktop. Further, some of the distros are server or desktop only. If the CIO uses Oracle Linux for his Oracle servers, great. But Novell does not support Oracle Linus, only Suse. So I have some oracle and some suse. And some desktop tools use Gnome, which means they work best on Redhat. Gee, we are up to three already...?

As a CIO I can't just pick one, I have to use whatever my vendors support. And since there are dozens of version of everything it's impossible/extremely hard to build a fully functional network with running applications on ONE build of linux. You are constantly jumping through hoops to get you stuff working because app A has an exception if you are running Distro B with Kernel C and GUI D. Unless you also have LIB E then you need to install GTK F and edit the following files....

It's ridiculous really!

JON

Re:Now That's a Good Viewpoint

[Nutria]

And some desktop tools use Gnome, which means they work best on Redhat.

Well that's just a load of crap.

Re:Now That's a Good Viewpoint

[sveinungkv]

One of the complaints is about USB device support. This distro may have it good, but the next doesn't. If the combined labor of the Linux distros were put behind just a few, this complaint would disappear. It is possible to have too many distros.

What makes you think that people would be willing to work on those few, as opposed to not work at all? Just because someone has an interest in one area and are willing to work on it does not mean that they automatically has an interest in a related area and are willing to work on that. A reason for the different distros are different goals for the software, different personality types etc. Not to add that the competition keeps everybody working hard to beat the others.

Re:Now That's a Good Viewpoint

[jgrahn]

And you can't hire Linux people because there is no Linux people, there are Fedora, RHEL, Suse, Ubuntu, Kubuntu, BSD, FreeBSd,Openbsd people, etc, etc. And the "linux" crowd tends to rush off on whatever the latest trend is, remember when Caldera Open Linux was trendy? Now it's Ubuntu, whoops, Kubuntu, whoops, linspire, whoops now back to Fedora. Like little kids running after the shiniest candy.

And no they are not all 'the same'. They have wildly different directory structures, gui, lib version, kernel version support options, kernel versions, etc.

Bullshit. They are, for practical purposes, the same.

Why should you, or any normal Unix user, or programmer for that matter, care about directory structures, versions of libraries or kernel versions? And what's so "wildly different" about them anyway? In which Linux distro isn't /etc called /etc, /usr/bin /usr/bin, and your home directory $HOME?

As for GUIs, I wouldn't know because I always tear away that trash and use (c)twm as my "GUI". But I see some of my colleagues using something flashy starting with a K and some using something starting with a G, on the same server. Some use ssh clients from Windows or Solaris. And surprise, the world hasn't collapsed yet. In fact, there haven't even been any dumb managers screaming "But it isn't exactly the same everywhere!".

And as someone else more or less noted, any decent Unix administrator can handle any Linux, *BSD or Solaris (don't know about AIX ...) There are general principles, manpages and Google. Decent administrators are by definition literate, and good troubleshooters.

Re:Now That's a Good Viewpoint

[init100]

Sorry, but multiple versions is holding Linux back at the enterprise level

Why is this only a problem for Linux? <sarcasm>Wouldn't it be better if there were only one or two manufacturers for cellphones, computer hardware, tv sets, cars, shoes, food, etc? It is so tedious to choose, why cannot the other manufacturers just go away and die, so that I won't have to choose which one to buy? Monopolies are A Good Thing.</sarcasm>

Re:Now That's a Good Viewpoint

[init100]

Heres an example, I have a production server I need to run VMware server on, if my running kernel doesn't exactly match one of the 50+ modules VMware was nice enough to compile and include (wasting their time), I have to keep a build toolchain on a production server just to install the kernel module. That is not acceptable.

Then why not keep a test machine with exactly the same configuration as the production server? This could have the build toolchain installed, and you could just transfer the modules to the production server.

Actually, I'm surprised that you don't already do this, as competent admins usually do.

Re:Now That's a Good Viewpoint

[init100]

As to thinning the herd, that would be the biggest mistake.

Fortunately, that is simply not possible. Nobody has a mandate to declare that only a few distros can exist, and distro maintainers have to answer to no one guy. They can happily continue to maintain their distro forever, giving the "we must thin the herd" crowd the raised middle finger.

Re:Now That's a Good Viewpoint

[Patoski]

If you build your own PC's and put up screenshots on your desktop on your website, then it's 'fun' to have dozens of versions of everything. If you are a CIO, it's a pain in the ass and a huge, huge, problem with Linux adoption.

Go read most recent surveys about why the enterprises are considering / deploying Linux. The biggest reason given is that with Linux, they don't have to rely on one vendor, like they do for MS. This is basic business sense, don't rely on one vendor unless you have to for anything business critical.

You gave no reason for you assertion that multiple versions is not a problem, but allow me give you some for reasons for why it is:
# You can't even use "linux" because there really is no such thing.

How is this a problem? Linux is simply a general term to include all the various flavors of Linux.

# And you can't hire Linux people because there is no Linux people, there are Fedora, RHEL, Suse, Ubuntu, Kubuntu, BSD, FreeBSd,Openbsd people,

Now you're confusing your peas with your carrots. BSD is unix. Linux is.. well, Linux. :-)

This notion that Linux distros is so far from reality that it isn't even funny. If Linux versions are *so* different from one another, then how does Oracle support Red Hat, Novell and Ubuntu?

etc, etc. And the "linux" crowd tends to rush off on whatever the latest trend is, remember when Caldera Open Linux was trendy? Now it's Ubuntu, whoops, Kubuntu, whoops, linspire, whoops now back to Fedora. Like little kids running after the shiniest candy.

Surprise surprise, technology enthusiasts go after the latest and greatest thing. Go look at Red Hat Enterprise Linux, something that was built for business. Let me know if they go chasing after the latest fad.

By your reasoning, people who like PC hardware should make terrible technicians, since they chase after the newest, shiniest stuff. Often times they are the best techs, since they are passionate about PCs.

# And no they are not all 'the same'. They have wildly different directory structures, gui, lib version, kernel version support options, kernel versions, etc.

Organizations endure this same pain with MS. The jump from Win2k, to XP SP2, to Vista are all dramatically different. This is why standardization is good in an enterprise. You don't have to deal with these complexities if you run the same OS everywhere. It keeps costs down, simplifies administering your environment and allows you to run with a smaller IT staff. Tell me how the differences in RH, SLED and Ubuntu matter, if you only have one deployed in your environment?

# Oh but any *good* linux admin can use any system, right? How many is that? If a CIO hires 100 Windows admins, thee will be 10 good ones, ten useless ones and 80 somewhere in between. If he hires 100 linux
there will be 2 good RHEL, 2 good SUSE, 2 good Ubuntu, 2 good Fedora and 2 good 'weird brand', 10 useless and 80 somewhere in between. That is spreading the talent pool pretty thin... It's no wonder Oracle on Windows is so popular, at least you can hire someone to install the thing!

Last time I checked Oracle recommends Linux over MS. Again, Linux is Linux. The differences are quite minor. Any decent admin will be able to effectively take care of any Linux box.

Sorry, but multiple versions is holding Linux back at the enterprise level and will keep doing so until there is a clear winner aka 'standard' that can be relied on for stability, industry support, and support personnel. RH and Suse as a 1 - 2 combo were looking very good, but now ubuntu has wandered in and taken most of the community's time...until the next shiny candy shows up...

Red Hat is the de facto standard for business. The fact that people play with shiny new technology is great for business. The tech enthusiasts test new technologies and drop the losers. This creates low hanging fruit for smart businesses to deploy in their environments as they see fit.

None of your objections matter one bit in a well run Enterprise. Having a choice of more than one vendor is GOOD thing. You only have to pick one in the end.

Re:Now That's a Good Viewpoint

[mrsteveman1]

I see no advantage to having this many Linux systems at once, I do see plenty of problems.

So rather than fix the real problem (too many possible configurations in production use), you would have me use a test box which is currently being used to test things.... it isn't a stable build environment, nor does it perfectly match the running server, that's why its a test box and not a hot spare. So in addition to having a test server which i use all the time, i should keep a perfect copy of the production server just to compile stuff....why should I do that? To make up for the fact that the Linux environment is fragmented beyond belief?

VMwares installer isn't a packaging system, it compiles and installs these things, it doesn't put them in a nice package to move around.

These are NOT life critical...

[Creepy+Crawler]

If anybody knows about medical tech, they do NOT run "laptops" or desktops on critical equipment.

The life-maintaining equipment runs only secure hardware, with mathematically proven code, and fiber-optic links for isolation (to prevent electrocution hazards). There was even a heart monitor someone made and posted to /. , and it would have likely killed someone as it had them hooked up to a computer serial port.

SuSE will NOT run on the dangerous equipment. It will run on the network as a "online chart". Many people should be against that as well, for altogether different reasons. This is somewhat critical, as most med groups run paper charts just in case..

In Other News...

When it comes to sex, nerds everywhere claim that an inflatable doll is "good enough".

Why listen to this guy?

well-known healthcare CIO John Halamka Most well known for being the responsible guy for one of the biggest hospital IT failures on the books. All hospital systems out for 4 days? What kind of good CIO has that kind of failure on his watch?

See http://www.medical-journals.com/r0313.htm

Re:Why listen to this guy?

[pionzypher]

Coincidence perhaps, but right at the beginning of the story is this line:
That summer, Halamka had embarked on a quest to find a viable alternative to the Microsoft desktop--fed up as he was with Windows' instability.

Re:Why listen to this guy?

[jeevesbond]

What kind of good CIO has that kind of failure on his watch?

One that's using Windows? He seems wiser than you think as he's now trying to find an alternative. This month it's SuSE, then he'll be testing Ubuntu next, in July. From TFA:

That summer, Halamka had embarked on a quest to find a viable alternative to the Microsoft desktopfed up as he was with Windows instability. [...] They suggested he try SUSE [...] and Ubuntu. So he did. Keep reading to find out what Halamka thinks of Novells SUSE Enterprise Linux Desktop (SLED), and stay tuned in July for his take on Ubuntu.

He was probably one of the legions who subscribe to the 'Nobody was fired for buying Microsoft' meme, seems he's learnt his lesson now though. Wonder if we'll see this on Microsoft's 'Get the Facts' web site? :)

Re:Why listen to this guy?

[DogDude]

That summer, Halamka had embarked on a quest to find a viable alternative to the Microsoft desktop--fed up as he was with Windows' instability.

Yeah, and after I read that, this guy lost all credibility in my eyes. As a non-Windows admin (not even an IT person), I have no idea how people manage to make Windows 2000+ "unstable".

Re:Why listen to this guy?

[shlashdot]

expensive and annoying, yes. Unstable, no.

Re:Why listen to this guy?

[gonk]

Hmm, no. I've used XP for years on the desktop and rarely had an issue. I'm a long ways from being ignorant or lacking "real life experience". A long, long ways. That said, I've gone back to Linux on my desktop in the last month or two as an experiment of sorts. Linux was the only OS I used from about 1992 until 2004 or so. I have only used it on the server side since then, until recently. Frankly, I'm not sure I won't be going back to Windows.

robert

Re:Why listen to this guy?

[DogDude]

Understanding that that is just a setting (on my XP boxes, it is NOT checked by default), I re-iterate my point. I have no idea how people manage to make Windows 2000/XP unstable.

Re:Why listen to this guy?

[ozmanjusri]

Sure, easy to say.

But in the real world, I have a company to run. We use Windows machines mainly for video editing and 3D work, and when I have a task that requires more than a few hours of rendering, I have to plan my jobs around the expectation that a computer running Windows will fail. I'd prefer not to, but my crash logs tell a different story.

Spin it the way you like here, anyone who's seen what it takes to support more than a few Windows desktops will take the astroturf with a grain of salt. Let's face it, if I believed you and ran my business that way in the real world, I'd be committing slow suicide.

That's why things like this guy trying and liking SuSE are so important. If we get a bit of competition in the OS market, we might end up with truly stable computers instead of endless spin.

Re:Why listen to this guy?

[Short+Circuit]

Anyone with any real-life experience with Windows has suffered plenty of problems with 2K/XP's bad behaviour. There's an illusion of stability because by default, XP'll reboot instead of bluescreen, but that's just spin control. Very true, but I've typically seen that occur as the result of a hardware problem, not a software problem. In the PC Clinics I've run, blowing the dust out of a CPU's heat sink has fixed more computers than system reinstalls or driver upgrades. (That's not to say the latter two cases don't occur...)

Re:Why listen to this guy?

[good+soldier+svejk]

Most well known for being the responsible guy for one of the biggest hospital IT failures on the books. All hospital systems out for 4 days? What kind of good CIO has that kind of failure on his watch?

In this case, one who inherited a broken network architecture from a previous CIO and was denied funding to fix it until it was too late. I know; I was there.

Re:Why listen to this guy?

[LingNoi]

People don't make Windows 2000/XP unstable. Microsoft does that for them.

Re:Why listen to this guy?

[cyphercell]

funny, for me when I clean up a Windows PC it's all about re-imaging the thing. Why? because once you run the AV, the Registry Cleaner, the ad-ware remover, blah blah blah, it's a ton quicker, cleaner, and safer just to re-image the damn thing. You can spend days on a Windows machine cleaning things up that are archaically crufty after just a year of use. Of course I may be dealing with a different class of user than you, but I feel that on a system that is as heavily targeted for attack as windows is, it almost requires a new image every year or so, I mean who knows what's on there that you can't find.

Re:Why listen to this guy?

[Jackmn]

Anyone with any real-life experience with Windows has suffered plenty of problems with 2K/XP's bad behaviour. There's an illusion of stability because by default, XP'll reboot instead of bluescreen, but that's just spin control.

I've had XP on my desktop for years, and 2000 before that. I've had roughly three bugchecks in all that time.

Re:Why listen to this guy?

[Short+Circuit]

Spyware, adware and viruses all cause issues for many of our customers, sure. Probably the frustrating part is that maybe one in fifty of them even have a product key we can use to legally reinstall with. The best we can do for them is install AVG and Spybot, and possibly use the Repair feature of an XP disc.

Re:Why listen to this guy?

[cyphercell]

Sorry, I hadn't thought about that, bet you see some weird stuff some times.

Re:Why listen to this guy?

[AvitarX]

Your crash problem sounds like bad cooling to me.

Will Linux fix that?

Could be a multitude of other HW problems too. But crashing the OS when doing rendering does not sound like an OS (or even software) problem. Though a shoddy driver for a HW accelerator could do it, but I bet a similer card would be closed source driven on Linux too, leading to similar problems.

Re:Why listen to this guy?

[Antique+Geekmeister]

You too, huh?

Re:Why listen to this guy?

[drsmithy]

We use Windows machines mainly for video editing and 3D work, and when I have a task that requires more than a few hours of rendering, I have to plan my jobs around the expectation that a computer running Windows will fail. I'd prefer not to, but my crash logs tell a different story.

Your computers are broken. You should get them fixed.

That's why things like this guy trying and liking SuSE are so important. If we get a bit of competition in the OS market, we might end up with truly stable computers instead of endless spin.

We have a few hundred Windows desktops and servers in our Sydney office, including many running complex and quite hardware intensive tasks like virtualisation. In the two years I've been here, I don't think *any* of them have ever crashed.

Windows already is table. Your hardware, or possibly some third party drivers might not be, but that's not Microsoft's fault.

Re:Why listen to this guy?

[TheLink]

You probably have bad hardware or bad hardware drivers.

I have had only ONE BSOD this year and it was from a _Vista_ machine (and after only a few minutes - login, logout, login, blam!). Probably not MS's fault - bad drivers.

Anyway, I suggest you run memtest86 for a few hours, and if that passes, boot up Knoppix and run openssl speed for a few hours too.

Nowadays memory problems are more and more likely because you've got gigabytes of it and that means a lot more transistors.

Re:Why listen to this guy?

[ozmanjusri]

Your crash problem sounds like bad cooling to me.

One computer could be a cooling problem. We have 16 of them. This is a business, not a home computer used for email and web browsing.

Re:Why listen to this guy?

[mrsmiggs]

No, a carefully used and administrated Windows XP powered PC is stable and can remain so. The problem is when people start installing incompatible software, browsing porn, and generally dicking around. From an enterprise perspective if you just use your pc to do your job and install supported compatible software you'll be fine, the biggest problem users of XP are those who use their work machine as their personal machine have admin rights but don't really know what they are doing. From an Enterprise stand point it's going to be hard to dislodge because it can do the job, in the home however there are a lot of compelling reasons to change to Linux because it is far more flexible and inherently more secure as a standalone platform. Enterprise users don't need flexible they need consistent and although Linux is more secure as an individual platform it is hard to dislodge the Microsoft eco-system that protects Windows but not Linux.

Re:Why listen to this guy?

[LingNoi]

No, a carefully used and administrated Windows XP powered PC is stable and can remain so. The problem is when people start installing incompatible software, browsing porn, and generally dicking around.

So what you're saying is that Windows XP is stable as long as you don't use it. I disagree with you as I would rather spend time working on my OS without worrying. Example1: The swapping of office files. If I followed Microsoft's advice to not open office files from other users then I wouldn't be able to get any work done. Example2: If I needed some work off a colleagues pen drive and it has a virus on it Microsoft Auto loads the virus unless you're a tech wizzard that disables that ability, but lets not fool ourselves the people we're talking about USE the OS they don't install or play about with it so don't know. I can't really think of any more right now but these are the most realistic experiences of what is bad about Windows in an office place. Yes to some degree its the users fault but again you're missing the point that these are normal activities in an office. Also so what if people use their office computer like their personal computer. Should we also stop letting people put flowers and pictures of their family on their work desks because those things belong at home and the desk should be for work items. People spend 8+ hours sitting in front of the god damn screen it practically is home for some people..

Re:Why listen to this guy?

[Prof.Phreak]

What kind of good CIO has that kind of failure on his watch?

``Being a well known industry screwup can make you more employable.'' ``It's one of those things you're not meant to know'' ---Dogbert

Re:Why listen to this guy?

[Allador]

Actually, there are tons of us out there that have run decent-size windows networks with no unexpected problems. If you do it right, ie RTFM (so to speak) and manage your systems correctly, things tend to 'just work'.

There are lots of us out there that have been there, done that, and bought the t-shirt.

So to get to your situation specifically, what caused the crashes? Were the machines getting a blue-screen, or were the apps crashing? If the former, what did the dump logs say was the cause of the crash? If it was a third-party software or driver, did you contact that vendor with the situation and what was their response?

The bottom line is, if your systems are just spontaneously rebooting, then its:

1. Bad Hardware.
2. Bad Power.
3. Bad Drivers.

Dont get me wrong, Windows is far from perfect, but I get so sick of people blaming their organizational incompetence on the vendor. The information is widely and readily available on how to run windows securely, reliably, and consistently. And what you'll find is that its damn near identical to how you you run Unix systems securely, reliably, and consistently. But so often, people cant be bothered to institute some operational excellence, and 'do things right'. So they do a crappy job on managing the systems, and then yell and scream when things dont work well.

It's the equivalent of never changing the oil on your car (or doing any sort of maintenance) and then crying to Honda when the engine fails at 30,000 miles.

Re:Why listen to this guy?

[Allador]

So what you're saying is that Windows XP is stable as long as you don't use it. No, windows is stable as long as you use it correctly.

On your Linux box, do you run as root, browse the web (as root) with Firefox unpatched carrying known drive-by vulns, download arbitrary software off bittorrent and run it as root?

I'll tell you, 95% of the windows security and reliability problems go away if you run as non-admin. No drive-by owning of the box. No auto-loading of rootkits from pen-drives and CD-roms. No auto-owning of the box when you're using a 10-year old vulnerable version of office, and passing macro-laden files around. No more installing of rootkits when someone tries (and fails) to install that crappy rootkit of a screensaver program.

All you need to do is to run the windows box THE SAME WAY AS YOU WOULD RUN ANY OTHER OS. You dont do your daily usage in root, you use su/sudo (runas/makemeadmin in windows) when you need to do administrative tasks. (Yes, runas and makemeadmin are a bit less elegant than su/sudo, but they work, and regular users wont need them anyway, on a properly managed box.)

You keep up on patches.

And then, about the only difference on windows, is that for many users its smart to use an A/V program, just avoid Symantec/Norton and McAfee. They're basically rootkits that root your box first in order to block other rootkits. But the side-effect is massive system instability. So just use something simple and effective like kaspersky, sophos, trend-micro, etc.

Re:Why listen to this guy?

[LingNoi]

On your Linux box, do you run as root

No because for example Ubuntu won't let you just as root by default and to do that you have to know what you are doing at the command line. Everything you just mentioned is switched on by default in windows so how is this the users fault if that is the expected behaviour promoted by Microsoft?

I could understand if Microsoft Windows was locked down to begin with and users opened stuff up. Yes that would be their fault because they opened those security holes but that is not the case because it comes default like that.

It is Microsoft's OS not the users so they should know what is best when it comes to Microsoft Windows security not the CEO, Doctor, PR specialist or any other job where you could classify someone as a "luser" because they do not know about computer security.

Re:Why listen to this guy?

[Allador]

In the home user environment, I agree with you completely. MS does a bad job with the defaults. UAC in Vista is their (very belated) attempt to fix this in all environments (including the home).

But in the corporate environment (what we're talking about here), defaults are meaningless. You're right in that users should not (and do not) have to know about the details of computer security. Thats why you have an IT staff. Their job is to give the users the tools to do their jobs, and keep them secure and available. For an IT professional in this capacity, doing this on windows is a straightforward task.

But my argument is how your corporate environment is configured and deployed. In that scenario, there is no excuse for running as root for daily usage. Regardless of whether you're on Unix, Linux, BSD, OSX, or Windows.

licensing terms

[fermion]

One point in the article alleges tha MS knows that it must no cooperate with Linux. This is a silly notion. From what I can tell, the major reason that corporate does not have experience with other OS is because MS sets up the playing field so that it is expensive to do so. For instance, I believe that a customer has to pay for each machine at the location, even if it runs no MS products. Likewise, your agreement to non optional audits insures that any non MS hardware must be defended, and MS can put pressure through the draconian fines for any infringement.

In the end, the best prices go to MS only shops. Which is perfectly reasonable. The fact that this leads to employees only seeing MS, and therefore not realizing that other choices exist, is an coincidence. OTOH, It can be said that any subsidizes, in the same that MS subsidizes the xBox, is worthwhile to maintain the desktop monopoly.

Then we have the terms of Vista use that restrict the virtualization of the product. If MS were competing, it would develop and OS that was the best base for virtualization. Instead, it merely licesnses the product as non virtual. If MS is not the OS that everyone sees on startup, then people might start to believe that MS is not the best choice.

It kind of reminds of hummers, and the assumption of others on the road, that wow, that person can afford to buy a hummer. People in the know realize that for many hummer drivers, the US taxpayer is paying for large percentage of the Hummer. In fact, some figure suggest that if you bought a new hummer, and took all the tax breaks, and sold it after 5 years, your total cost of ownership would be zero, thanks to the goodness of the conservative government.

MS products are the same way. A good deal if you can get, but not such a good deal if you won't play ball.

His conclusion? Its NOT ready...

[NoGenius]

The author of the summary is flat wrong when he says the conclusion was "ready for the enterprise". If you actually RTFA the exact words were: "Though he personally is pleased with the OS, Halamka is not so sure he'd deploy it widely in his organization." Incredible that the poster of this article actually gets the conclusion 100% wrong. Biases like this is why nobody trusts technology people for an opinion of the readiness of new technology.

Re:His conclusion? Its NOT ready...

[duckbillplatypus]

Exactly......from the article: "For your average administrator or manager who is very comfortable with Windows 95, 98 and XP, it might be a little bit of a leap," he [Halamka] adds."

I second SUSE laptop experience

[itsjpr]

I've used SUSE 9.3-10.2 on a lightweight Dell laptop for the last 3.5 years. My experience was nearly identical, down the wifi connection issue after suspend and the work around. :)

I've used SUSE for a while. They pulled me away from RedHat with SUSE 9.0. It was the first linux I used that just worked after being installed. I didn't have to jigger with crap. RedHat lost me when they decided to put the desktop user in second place. I've used Linux exclusively for home and office for the past 5 years and it's been SUSE that made it enjoyable.

Too bad Novell felt the need to lick Balmer's d*** last fall. The best thing that could happen to the computing world is *not* greater compatibility between Linux and Windows. Windows is on its way disappearing into the ether. At the moment it fast becoming just a crappy API that can run (safely) in a VM to support the odd application that's not got a functional duplicate on Linux (eg. IE for testing web pages and some of the corporate crapware clients (oracle)). Too bad Hovispan forgot to read the judgment from the MS monopoly trial and pay attention to ever other poor bastard that thought they could dance with the devil.

Re:I second SUSE laptop experience

[houghi]

Do not forget he tested SLED, not openSUSE, which is the product you have used. It used to be called S.u.S.E, the SuSE, then SUSE and now openSUSE. SUSE is now 100% for SLES and SLED.

One of the main differences is that openSUSE updutes are free and will be available for 2 years. SUSE ones you need to pay and are available for 5 years. Pretty importand for a company, I would say,

How did he choose his distro

[ruewan]

The article says that many linux loyalist chided him for the distros he chose. I have to agree with them. It is not that difficult to do a search and see what is the most popular distro.

I don't know about that.

[twitter]

uname -a on one of GE's latest generation of CT scanners reports a version of Red Hat. Diagnosing cancer may not be as life critical as an EKG, but it's not something you want to have crash or degrade over time or have some kind of file quirk that screws up images.

Re:I don't know about that.

[Antique+Geekmeister]

And a lot of the MRI systems are IRIX, with an increasing use of Linux. Laptops and desktops are critical at the nursing stations and doctor's offices as well, for medical record and prescription management.

Authenticate into AD?

Suppose there is a file he needs on a W2K3 share in an existing AD domain. How can he get Linux or OSX to authenticate into the domain to have access to the share? Don't you need to make a descision up front wether to be a MS shop or a *NIX shop. Samba could be a partial solution, but the problem is a Samba *NIX server will still not tightly integrate into an AD domain.

Re:Authenticate into AD?

[DragonTHC]

you can add a suse computer into a windows AD very easily from within yast.

and samba does integrate tightly into AD. It can server as a PDC, BDC or standalone Fileserver.

Re:Authenticate into AD?

[cyphercell]

It's called LDAP Lightweight Directory Access Protocol.

I haven't done it, but it certainly looks doable.

http://www.microsoft.com/windowsserver2003/techinf o/overview/ldapcomp.mspx
http://www.google.com/search?q=linux+ldap

Re:Authenticate into AD?

[Antique+Geekmeister]

There are 3 distinct ways to do this:

1: Winbind (Requires Windows administrative access to add the machine to the domain.)
2: LDAP (Requires LDAP administrative access to add the machine to the domain.)
3: Plain old Kerberos (provides authentication only, not uid's or gid's, but cannot be turned off by Windows AD administrators.)

The capabilities of these vary, but for simple file-sharing access, the smbmount command or the Konqueror tool with smb: access capability is usually quite sufficient from the SuSE world.

Re:Authenticate into AD?

[Pop69]

Samba integrates just fine in an AD domain, got a Gentoo box doing file sharing and an internal wiki in an AD domain.

File share permissions from AD using this howto

http://gentoo-wiki.com/HOWTO_Adding_a_Samba_Server _into_an_existing_AD_Domain

Wiki login using this howto

http://www.mediawiki.org/wiki/Extension:LDAP_Authe ntication

I'm slightly confused as to how this isn't "tightly integrated" into the existing AD setup, perhaps you would explain ?

Do as I say, not as I do? Bogus worry.

[twitter]

His real opinion is this:

The X60 running Novell SUSE is the first Linux laptop I have used that is good enough to be my only computing device,

That is astounding after only one month of use. Most users take years to shake bad old M$ habits and almost as long to learn which of the dozens of free packages is their favorite for any given task. Most people want their Windoze safety blanket for a year or so. This kind of endorsement is ringing - he's saying that he could do without Windoze tomorrow, forever. He's right but has not had time to develop real confidence in his opinion, which is reasonable given the billion dollars a month M$ spends on marketing and lock on major vendors.

To be fair, you should have quoted his worry. What's keeping him from recommending widespread deployment? Well, this:

"I dont know enough about the remote management tools and capabilities for it"

OMFG! and,

"For your average administrator or manager who is very comfortable with Windows 95, 98 and XP, it might be a little bit of a leap"

Free software absolutely kills Windoze for remote control and management. The fact that thousands of computers have been corralled into clusters for decades should tell anyone that remote configuration has been mastered long ago in the free software world. It's amazing how much easier things are when you don't have integrated licensing and copy protection built into the product itself. On top of that, Novel offers it's own set of tools to manage mixed environments which are widely admired. This is a slam dunk for free software and Suse.

The other concern is a bit condescending. Even fanboys, given proper support and encouragement, soon learn how much better free software is. It's true that the deeper you are into M$, the harder it is for you to see anything else, but those who escape become the biggest M$ haters. They, more than anyone else, bear the brunt of M$'s intentional waste. It makes them angry but they accept it without knowing any better. Eventually, the lies melt away and all the talk about software freedom sinks in. Liberate them for just a while and it's all over.

and it was not suitable for that either!

[twitter]

He's not running a nuclear reactor -- He's just doing email and typical business person stuff. Nobody lets a CIO do potentially dangerous or important things.

Oh, I just hate to quote the fine article but:

That summer, Halamka had embarked on a quest to find a viable alternative to the Microsoft desktopfed up as he was with Windows instability.

It's kind of like ... unsafe at any speed.

Re:and it was not suitable for that either!

[Daychilde]

"It's kind of like ... unsafe at any speed."

And if you go read up on the history (as opposed to the 'popular knowledge') of the item you reference, you might be surprised at how much that really applies.

Tip: The car in question wasn't nearly as unsafe as it was made out to be - there was a lot of hype involved. That's true here. Not only of Windows, but also Linux and Mac. Some overhyping of the good points, and some overhyping of the bad points...

Re:and it was not suitable for that either!

[Allador]

Did you read the articles?

At the end of the earlier one, he clearly states that when his windows box was unstable, it was largely due to running as a local admin all the time, and installing things willy-nilly.

When he ran his windows box properly (dont work daily with a local admin account, dont install random shareware crap, etc), the box was fine, very reliable, and largely 'just worked'.

Having used XP since 2002, he's noticed that the more applications he installs, the slower and more unstable the operating system becomes. So to keep it in tip-top shape, he's keeping his software stack simple. He vowed to install as few additional applications as possible and to install only Microsoft manufactured and branded software at that (except for Firefox).

The other action he took was to create two separate log-ins: one with administrator privileges, which he would use on the rare occasions when he wants to install new software, and one with no administrator privileges, which he uses on a daily basis. The latter prevents websites he visits from downloading Active X controls. Halamka says these Active X controls, in addition to creating security holes, can introduce the software conflicts and hardware incompatibilities that cause crashes and slowdowns. The user-only log-in also prevents his computer from automatically downloading software updates from Microsoft at inopportune moments, like during presentations.

By taking those steps, Halamka says he's achieved "a version of XP that actually hasn't crashed in 30 days. "As long as I keep [the OS] in that totally static state, it'll be OK." Now granted, there are some factual errors in there (MS automatic updates requiring a login to download software updates, etc), but I'll chock those up to the shallow tech knowledge of a CIO, combined with the low-tech-knowledge of CIO reporters.

It also amuses me that he cites 30-days with a crash as something amazing. I think what he'll find if he continues to run his shop this way is that the OS installs will last years with little problems.

Halamka says it's possible to run a secure, stable
and reliable version of Windows provided you configure XP properly and don't make any changes to it. "If you give yourself system administrator privileges and you install software and serve a lot of websites, the likelihood that the OS will be corrupted is high. You can prevent yourself from getting hurt, but you have to have a really locked down environment," he says. Note that he's saying this like its a big deal, like running Windows properly is some hugely unusual situation. If you want it to work you treat it like any other system, you make it a controlled environment that is managed by professionals, who know what they are doing.

Easy there!

[twitter]

Do you think this will help the image of Novell after drinking Microsoft's Kool Aid? No, only when pigs fly.

If your boss offered you the chance to migrate from the Beast to Novel, you would be crazy to say no. The more free software people use, the better. I'd rather everyone used nothing but free software and I don't like that Novel endorsed M$, but let's not get carried away. When the alternatives are to stick with seven year old software and slowly migrate to Vista or migrate to Suse, Suse is the clear winner.

He's not too lost.

[twitter]

Too bad Hovispan forgot to read the judgment from the MS monopoly trial and pay attention to ever other poor bastard that thought they could dance with the devil.

He does not really think M$ is co-operating with Novel and is close to fed up with Outlook/Exchange:

Halamka notes that the problem he encountered with Evolution isnt due to any inherent flaws in the e-mail application; Evolution just doesnt work well as a front end to Exchange, he says. The fact that a Microsoft product doesnt play nicely with an open-source product shouldnt come as a surprise given the Redmond, Wash.-based companys historically vitriolic stance toward open source. However, you might think in light of the partnership Microsoft and Novell struck last year that the two applications would (eventually) work well together. That is, of course, if it is indeed a real partnershipsomething that many skeptical members of the open-source community question.

.... when it came time to [the exchange problem], Halamka found an alternate way to maximize his time: He simply accessed his e-mail over the Web.

I think he's catching on very well for a big dog. Most of us would be very happy with a boss this open and clued.

Re:He's not too lost.

[good+soldier+svejk]

I think he's catching on very well for a big dog. Most of us would be very happy with a boss this open and clued.

Yeah, John is a great boss. And he is very technical. In addition to his MD he has a degree in informatics from MIT and has written books about healthcare informatics, programming and unix system administration. Also, if you happen to suffer from mushroom poisoning, he is your man. John is also the CIO of the Harvard Medical School. Here is a word doc of his CV.

Re:He's not too lost.

[Allador]

... is close to fed up with Outlook/Exchange. By my read of the article, he clearly likes and finds invaluable Outlook+Exchange. What he hates is not having Outlook+Exchange on other platforms.

If he didnt like Outlook+Exchange (or any of the fancy features therein), he would just be able to trivially switch to Thunderbird on IMAP, and his problems go away. The fact that this is not even on the table tells me that for him, Outlook+Exchange is compelling.

Of course, we're all just speculating here, but it seems clear to me that he wasnt interested in giving up the functionality of Outlook+Exchange, just wanted it on a different platform.

"Typical User" - no such thing

[Venik]

Here are some of the recent impressions from someone who just had to deploy a 120-node SLES 9 cluster, shortly followed by an 80-node RHEL 4 cluster. This is not scientific research, so here is my unscientific professional opinion: both RHEL and Suse are a royal pain the ass to install, configure and maintain.

I have over a decade of Unix sysadmin experience (Solaris, AIX, HP-UX, IRIX) and about five years Linux experience (Red Hat and SuSE primarily). To give you an idea of my personal preferences and my unbiased nature: my personal laptop runs Solaris 10; my work laptop runs Suse 10; my home PC is a Windows XP Pro; my work desktop #1 is RHEL 4 WS; desktop #2 is Suse 9.1; and desktop #3 is a Sun Blade running Solaris 10.

So what is my problem with Linux? I like Suse as a desktop system. It's easier to configure and re-configure then Red Hat, mostly thanks to Yast and some logical organization of things. I am not a GUI sysadmin: I live inside Korn shell. Still, having a well-organized GUI is useful because you just can't remember everything.

All the little annoying things, which I can deal with on my laptop or desktop, are multiplied to obscene proportions in a large cluster. Scali and Yast apparently don't like each other; there are strange transient NFS problems having something to do with large file support; patching is more complicated then it has to be with RHEL and absolutely infuriating with SLES.

I don't want to go into all the bugs and idiosyncrasies of the two leading enterprise linuxes, the bottom line is: you want reliability and performance - stick with the big 'nixes and leave Linux to ripen a bit more. You want a desktop, then go with Linux, if Windows is not your cup of tea. But be prepared to catch heavy flak from your former Windows users.

There is no such thing as a "typical user". Rather there are typical tasks. Web browsing, emailing, text messaging are all trivial things you can do with most modern operating systems. Or can you? How many of your users ran into problems with video and sound using a Linux desktop? Why don't Java applets in Web pages never seem to work right under Solaris? Why does a thousand other things go wrong?

Is Linux more buggy than Windows? I don't think so, but many of my users do. They are switching from Windows to Linux - not their choice to begin with - and, being already used to all the Windows problems, they find Linux bugs to be new and worth complaining about. A lot. I have Suse 10 running on my laptop PERFECTLY. Everything works right: video, sound, wireless, card reader, volume buttons and all the other little things that usually annoy Linux users. But it wasn't easy getting there and it has to be if Linux is ever going to squeeze Windows market share. Not every PC user is a Unix sysadmin and they don't have to be.

Re:"Typical User" - no such thing

[Billly+Gates]

For a desktop your on your own with no fancy gui tools with Solaris. As a server it kicks ass and I agree.

I was going to say Ubuntu works well with almost any piece of hardware compared to most distros. I know OpenSuSE does not even have proprietary drivers which maybe causing issues on your desktops. With Ubuntu it supports proprietary drivers so more hardware works correctly.

But as the article says the CIO is convinced its the hardware and not the software which made his experience with SuSE.

Re:"Typical User" - no such thing

[discogravy]

for a more typical windows-like experience in linux distros (w/r/t windows users, anyway,) you really want to be looking at ubuntu-based distros (ubuntu, kubuntu, xubuntu, etc): all those video/sound probs w/ webpages (as well as java apps etc) are unbelievably easy to solve (very literally between 4 and 5 lines of apt-get tomfoolery).

server-side, PHB's like RHEL/SuSE EL for the corporate "support" warm and fuzzy, but I've found FreeBSD and Solaris to be the way to go (particularly w/ Solaris 10's improved patching utils...it's like they finally noticed that all the other major OS's had a better way of doing it).

Yet to be convinced!

[bogaboga]

Guys, I am yet to be convinced about SUSE's viability. It might be stable, secure and the like according to the reviewer...but I'm not convinced its main configuration tool (YaST2) is any better than before. You see, one changes one simple thing and the tool has to go through re-creating [all] configuration files...wasting time...not to mention its slow response time!

The placement of GNOME as the default desktop environment does not help matters either. This is not an endorsement of KDE either. But I hear KDE 4.0 will be a killer.

By the way...does anyone know whether the folks touting Linux as a possible Windows and Mac replacement have made its fonts beautiful by default?

This would not hurt at all. I hope slashdotters will not tell me to turn on the "byte code interpreter" or use "use freetype version xxx", or "load M$ fonts" and what not in order to have a decently looking desktop.

Well Twitter,

[ColdWetDog]

I'm glad you read the article. Now go back and work on reading comprehension. He's looking for a desktop OS replacement. I've worked in health care for over 20 years and desktop computers don't run health critical systems.

Desktop computers ("PCs" in the vernacular) run things like, please excuse me if this raises your blood pressure, Microsoft Office, Windows Explorer, Outlook and Bugs Bunny wallpapers. The critical systems typically use an embedded OS (ventilators and other machines that go "ping") or they run some UNIX variant (CTs, MRIs).

I'm trying desperately to get our small hospital off of XP. All we run are the above "productivity" apps and a bizarre VT100 terminal program that talks to the billing / order entry / lab system. Any reasonable Linux system would be fine except that company that runs the back end system won't allow anything but this oddball emulator to talk to their system. (Don't even think of VMware or similar - that's much too complex for them).

But anyway, don't have a heart attack if you see the green and blue wavy fields on the screen at your local ER. It won't shock you.

Actually ...

[Kristoph]

The conclusion of the article is that:

Though he personally is pleased with the OS, Halamka is not so sure he'd deploy it widely in his organization.

Although he apparently thought much more of SuSE then he did of RedHat, which is covered in this article:

http://www.cio.com/article/41140

Incidentally, in that article (which is the actual comparison) he says the best OS is Mac OS X, although his favorite piece of hardware is a Dell?!?

]{

Now That's a Good Point

[HangingChad]

since MS support is really very, very bad

I have a live version of Kubuntu running on a machine downstairs. I could install the live version to test that hardware, network compatibility and that it could find the shared network printer and backup drives. It didn't cost anything and the few minor problems resolved online. Actually, there weren't any problems, all I had to look up were some installation instructions. Didn't need to buy anything, call anyone, wait for anything. Tomorrow I can install it if everything else checks out. What risk am I taking adding that OS to my network?

Microsoft support, like Dell's support, used to be THE reason to stay with Windows on Dell hardware. But lately they've both let their support slide. There's no reason to stay with them. There's no risk trying Linux. You can test everything before committing. And it doesn't cost...how much are MSFT service calls going for these days?

Re:Now That's a Good Point

[Zaiff+Urgulbunger]

On a practical level, we know this is fine. But in business, people higher up the food chain like to know that their business can continue to operate in the future without risk of an IT failure. They typically do this by employing an outside company to "support" the product; by "support" however, they actually just want someone to blame/sue if things go badly wrong.

So whilst *we* know that Kubuntu (or whatever) will likely be very solid and reliable, and any future problems will be resolved by the community, that isn't good enough for most business folk; they'd sooner pay someone for "support" (even if they effectively get nothing) just so there is someone that will either sort the problem or get sued. When the support company is large, a business knows that with pretty much certainty, any problems they might have will be resolved, worked-around or at worst, financially compensated.

So on the face of it, they're paying for nothing. But in practice, business (particularly high up the food chain) is simply about investing X in order to later recover X+Y versus a risk. A company providing "support" removes some of that risk for a known sum. The alternative is "some bloke" telling them that this OS is brilliant and is much better! No matter how true that is, someones word does not mitigate the risk, and IT failures represent a very large risk to a business, hence the need for "support".

I think we agree.

[twitter]

I'm trying desperately to get our small hospital off of XP.

Then we both agree with Halamka that Windoze is suitable for neither critical systems nor desktops in a hospital. That was my point, so you might want to work on your own reading comprehension skills, coldwetdog

I'll go a step further and say that Windoze is an accident waiting to happen, however you use it. It's surprising how annoying a botnet can be on your network and how such non critical systems, like the door opener to surgery, can be painful when the network is congested by it.

I'll also point you here where I note that GE's new CT uses Red Hat. It's not the average PC under the hood because it's very fast at what it does, but that's not so far fetched.

This Article Is Heavily Flawed

[Heembo]

Here we have a study buy a highly technical CIO that claims that SUSE Linux is an acceptable enterprise OS. This is bunk. Any solid technical person can use any OS and make it work.

Show me a study where a non-technical standard business user is successfully using SUSE for 30 days as their only OS, and suddenly you got my interest.

Halamka

[suv4x4]

Halamka Halamka Halamka Halamka Halamka .... Come on everyone, it's getting better as you keep saying it.

Halamka Halamka Halamka Halamka Halamka Halamka Halamka Halamka Halamka Halamka Halamka ...

Re:yep: not viable

[Antique+Geekmeister]

Dealing with Microsoft at the enterprise level is like entering a partnership with Wal-mart. It may look great on paper, and like the only way to follow the next step economically. But it's often death on your bottom line, strips your corporate resources dry to maintain the relationship, and leaves your users frustrated with failed goals.

His big problem is not the desktop: it's the email system, most especially the associated calendar system. Calendar systems have turned out to be a huge chokepoint on the implementation of new email systems, and far too many of them simply stink due to poor interfaces, unstable databases, or user interfaces written for Exicing! New! Feature-Filled! Vaporware Demos!!!!!

I've been through the difficulty of convincing a company to switch from MS Exchange to an actually supportable mail server. I've seen half a dozen buy into Exchange as their primary mail server, then have to buy front-end Sendmail based servers to handle all their incoming email from outside their company because Exchange just couldn't deal with it.

Looks like a chicken, sounds like a chicken.....

[adarklite]

After playing around with Novell's OES I have come to the conclusion that nothing really has changed. It may be using a linux structure now. But there is virtually no difference between Novell of the past and the Novell of the present. Its just window dressing.

MSWindows is table

[Joseph_Daniel_Zukige]

Heh.

Well, I think it depends a lot on what you run.

I had a MSW2k box that ran well enough when I was using it for php dev a couple of years. Dual-booted freebsd on the box. Had to make sure I cut the MSW2k partitions first and keep the MSW2k partitioning tools away from the desk after I cut the freebsd slices, though. MS's tools would kill the freebsd partitions pretty quickly. I think I even managed to have multiple user accounts on it so I could be running a non-admin user when I went to the web looking for answers.

But the non-admin user was running an English locale.

Different job, different box. I think it was MSWxp. I needed to be in Japanese locale when I hit the web. (I forget why.) I set up a user account to run in Japanese locale, logged out and back in, and wasted a day trying to get the account unfrozen. Logging into that account would freeze the box. I couldn't even get it switched back to English locale. Fortunately, I hadn't saved anything important in that account.

What did my co-workers do when they hit the web? I asked. They looked at me with wide eyes and asked why bother making non-admin accounts? Malware? It wasn't such a problem back then, if you were careful where you visited. Otherwise, they wiped the OS on some machines regularly.

My solution? I would re-boot in Linux when I needed to hit the web in Japanese locale. (Again, I was careful not to touch the partitions with MS's tools after the Linux primary partition was cut.) Ultimately got a dedicated Linux box (and a Mac Mini a little later).

So, yeah, Microsoft Windows OS is table.

But I'm much more productive on anything else.

Suse 10.0 ok but 10.2 not recommended

[TheLink]

Suse dropped the ball for 10.2. The software management and update stuff is slow in 10.0. But in 10.2 it is extremely slow. I don't know about 10.1 (seems the suse support people claim 10.2 is an improvement over 10.1, and they are aware of the problem - this was when I submitted a bug to complain).

Maybe 10.3 will be better. But I suggest a test drive first.

I have no idea what they are doing that requires the software mgmt/update stuff to be so slow. I turned off their ZMD (Zen/Enterprise) crap and it's still slower. apt is magnitudes faster (we run apt to update stuff on our suse 10.2 servers).

That said, other than that, 10.2 is not bad (except I prefer the classic KDE, vs the "Vista style" KDE which 10.2 defaults to - you can switch it by right clicking). I think suse makes a decent linux desktop.

But, suse better make the software update and management stuff FASTER.

Re:Bull

[Bert64]

I wouldnt exactly called NTLM a secure form of authentication, or even a remotely well designed one.
Plus that means you need to expose all the overly complex rpc and netbios services to the network, and there really is a whole mess of code implementing those functions. Plenty of scope for more security vulnerabilities to be found in those thousands of lines of code.

On the other hand, SSH is relatively small, it's authentication and encryption is tried and tested, so you only expose a relatively small footprint to the network. Anything else can be piped over it, and done in the same way it would have been done locally.

responsible for biggest hospital IT failure ..

[rs232]

"Most well known for being the responsible guy for one of the biggest hospital IT failures on the books"

Yea, and he was personally responciple for the outage, not.

"On that date, a researcher at the hospital who was sharing data with colleagues inadvertently flooded the network with large quantities of data, causing it to slow drastically"

"The problem had to do with a system called spanning tree protocol, which finds the most efficient way to move information through the network and blocks alternate routes to prevent data from getting stuck in a loop"

was: Re:Why listen to this guy?

His conclusion: he would consider running SUSE ..

[rs232]

"It feels well-integrated and well-supported enough to be used in selected circumstances in my organization, but I don't know enough about the remote management tools and capabilities for it"

"He would consider running Novell SUSE on kiosks used exclusively for browsing the Web in CareGroup's hospitals. He also thinks it would be fine for early adopters of new technology who are willing to adapt to slightly different user interfaces and experiences"

His conclusion? Its NOT ready... (Score:4, Informative)

non-technical Windows user ..

[rs232]

"Show me a study where a non-technical standard business user is successfully using SUSE for 30 days as their only OS, and suddenly you got my interest"

I've sat non-technical Windows user down in front of this dual boot Win/SuSE/KDE box and they can't tell the difference. Start menu, browser, word processer, email, media player, they can't tell the difference.

was: Re:This Article Is Heavily Flawed

Re:non-technical Windows user ..

[Heembo]

I've sat non-technical Windows user down in front of this dual boot Win/SuSE/KDE box and they can't tell the difference. Start menu, browser, word processer, email, media player, they can't tell the difference.
Give me a clear study 1000's of users doing just this and I'll wave it in front of the CIO of every company I know!


PS: processer = spelled processor

Re:OhitSuX

[Hucko]

so we can safely say you don't use computers?

Desktop? CIOs don't care about desktops

[gelfling]

C'mon a CIOs opinion of a desktop is as valid, or trite as anyone else's. Why?

CIOs have support staffs, you do not.
A desktop is not a server or an enterprise it's a desktop in the enterprise.

This is silly. Are we going to read CIO reviews of corporate caterers too?

Re:Desktop? CIOs don't care about desktops

[r_jensen11]

I believe the key word here is "Enterprise" . That usually implies that there is a support staff of some sort, an IT department, and generally paid support from the software company and/or hardware company.

And with regards to CIO's not caring about desktops: When your employees' productivity decreases due to viruses, spyware, adware, instabilities, &c, you care.

Re:Desktop? CIOs don't care about desktops

[gelfling]

No not in the real world. Desktop deployment is driven by cost and only by cost. And the current model for most large corporations is to provide a standard build and deliver support through a do-it-yourself model. If you can't fix it yourself then you send in your desktop for a new build installation. Ergo the build's design points are cost and application compatibility. "Function" as it were isn't even in the top 5 of feature points. It's an asset and it's managed as one.

Mod Parent Up!

[sgtrock]

I wish I had mod points myself right now.

Re:Do as I say, not as I do? Bogus worry.

[udippel]

On Linux and OSX you can write a script that runs when connected to the Internet accesses a password protected encrypted web page, revealing a copy of a script to run locally, then run that script locally.

Any pointers here ? Or do I hear the usual WYO (Write Your Own) ? If the latter was the case, your contribution doesn't help very much at solving the problem of Adam (John Halamka).

Minicom

[Dark_Gravity]

All we run are the above "productivity" apps and a bizarre VT100 terminal program that talks to the billing / order entry / lab system. Any reasonable Linux system would be fine except that company that runs the back end system won't allow anything but this oddball emulator to talk to their system.

If it is really just a VT-100 emulator, how can their back end differentiate between their oddball program and minicom?

Re:Minicom

[ColdWetDog]

Beats the hell out of me. I suspect that, properly set up, anything would do. But they absolutely refuse to think about using anything else. Actually, I kind of understand it. The system is so flaky that tech support has their hands full just keeping the systems up, much less trying to deal with anything different.

One of these days when I'm really bored, I may just download a generic terminal program and plug in the address. My bigger problem is leaving the Windows network completely open so that lusers are able to download whatever program they want, plug whatever computer they want into the system, run quite little screensavers, cursors and Internet Explorer "tool bars".

Our sysadmin thinks that Norton Enterprise will save us all from ourselves.

Sigh.

Re:Minicom

[dosquatch]

One of these days when I'm really bored, I may just download a generic terminal program and plug in the address.

Go ahead. At worst, their weird little app is using some non-standard commands and you may confuse the back end system... but if it's as flaky as you say, I doubt anyone would ever pin the resulting instability/weirdness/server crash on you. Most likely, your local network people say "this is the only thing that works" because that's what they've been told by the vendor. Clients want accountability in the case of problems, so the vendor will certify just something when in reality any such standard-compliant something would work just as well. YMMV.

Our sysadmin thinks that Norton Enterprise will save us all from ourselves.

OTOH, there does exist the possibility that your IT folk are just flat out flaming idiots.

Well well

[jav1231]

Now that Novell got officially 0wned by Microsoft (okay, so Novell gave up the farm, work with me here) you gotta think they'll put a stop to such propaganda.

Re:yep: not viable

[JayAEU]

I've seen half a dozen buy into Exchange as their primary mail server, then have to buy front-end Sendmail based servers to handle all their incoming email from outside their company because Exchange just couldn't deal with it.

I remember a company that had it's Exchange Server directly hooked up to the Internet on port 25, without any live antivirus software running! Months of arguing, pleading and even begging to either at least put some security softare on it or shield the thing using some Sendmail satellites doing the scanning were not enough to make management understand that there was a serious and realistic risk of our whole network going down in case of an infection.

Suddenly, it became all so much easier and management understood... I love you...

Re:yep: not viable

[Allador]

I've seen half a dozen buy into Exchange as their primary mail server, then have to buy front-end Sendmail based servers to handle all their incoming email from outside their company because Exchange just couldn't deal with it. Other than the MTAs using Sendmail, thats a best-practices environment for very high volume exchange organizations. Why didnt they just put some extra Exchange servers running as MTAs (ie, no store) in that same role? Thats an infinite scale-out situation with exchange, same as with sendmail.

Re:yep: not viable

[Antique+Geekmeister]

From that experience, armoring a mail service with Exchange servers in front of it is like painting your house with watercolors. You can make pretty pictures, but you'll get smeared by every storm.

They're very expensive, they take expensive hardware to make physically robust, maintaining security for them is dreadful, they can't take much standard SMTP load, and they blue screen of death frequently (though less frequently than they used to, I admit).

Also note: there is no such thing as "no store" MTA's. You *MUST* have storage, to deal with temporary bounces when downstream MTA's go down. And since a spam or email worm deluge can easily saturate a 100BaseT uplink for a major company's mail services, you have to be ready to deal with that. That's a lot more Exchange servers than almost any other MTA.

Re:yep: not viable

[Allador]

They're very expensive, they take expensive hardware to make physically robust, maintaining security for them is dreadful, they can't take much standard SMTP load, and they blue screen of death frequently (though less frequently than they used to, I admit). Well that I find hard to respond to. I would build out exactly the same hardware, whether I was going to run sendmail or exchange as an mta. Probably lightweight 2-socket, 2-gb, 2-drive w/ raid 1, in a 1U box. Those are only a couple thousand each, and then you stack as many as you need to handle load.

Security is security, its no different than any other box on your data center. You should already know how to lock it down by this point, so you just do it. What's the big deal? It's just a matter of configuration.

As far as BSOD .... I cant even fathom what you're doing. In my experience, running actual server hardware and managed professionally, you'll see ~1 BSOD for every ~20 server-years. Based purely on my experience mind you, but its pretty darned rare.

Are you, by any chance, basing your experience on Exchange 5.5 or earlier?

Also note: there is no such thing as "no store" MTA's. You *MUST* have storage, to deal with temporary bounces when downstream MTA's go down. Sorry, I thought since you had experience with managing Exchange, that you would recognize the lingo. Exchange MTAs do not have an Exchange 'Store'. Only the mailbox servers have those.

Exchange MTAs cache incoming mail in the file-system (havent migrated over to 2007, so dont know if this changed there or not yet). So yes, there is a mail data 'store', but not an Exchange 'Store' on MTAs.

Re:Do as I say, not as I do? Bogus worry.

[Allador]

probably something along the lines of a shell script that sits on the server that I can change when I want. Including doing things like logging in to the client installing software as root and other such niceties You can do that on windows if you want. In an AD environment, there are simpler, more 'declarative' ways of doing most (though not all) of these things through AD, but falling back to scripting is always there.

On Linux and OSX you can write a script that runs when connected to the Internet accesses a password protected encrypted web page, revealing a copy of a script to run locally, then run that script locally. That's pretty straightforward to do on Windows as well. Scripting is scripting. The flavors are different, but on all the major OSs you can do any arbitrarily complex or ugly thing via scripting. Some things are simpler on some platforms than others, etc, but its really not that big of a deal.

Re:Bull

[Allador]

I wouldnt exactly called NTLM a secure form of authentication What about it do you not find to be secure? It's a relatively straightforward challenge-response, that doesnt ever pass actual passwords (or anything convertible to a password) across the networks, and uses a strong hash implementation.

The modern version of NTLM (NTLMv2) is quite robust, and does not have any trivial attacks, other than massive brute-force approaches (of either the time-based dictionary attacks type, or the storage based rainbow-tables approach).

Mind you, if you still have all the legacy protocols turned on, then you may have problems (ie, LM, NTMLv1, etc).

Plus that means you need to expose all the overly complex rpc and netbios services to the network, and there really is a whole mess of code implementing those functions. Plenty of scope for more security vulnerabilities to be found in those thousands of lines of code.

On the other hand, SSH is relatively small, it's authentication and encryption is tried and tested, so you only expose a relatively small footprint to the network. Anything else can be piped over it, and done in the same way it would have been done locally. If you're concerned about this in a Windows environment, you just create some IPSec policies, and only allow this traffic. Then you use the ipsec policy to only allow your trusted, known, 'admin' workstations or subnets access to the servers or other desktops.

A firewall-based ipsec vpn tunnel is effectively the same thing, just moves the tunnel endpoint to the firewall, rather than the servers.

Re:yep: not viable

[Antique+Geekmeister]

Security is just a matter of configuration. Oh, my. You've never actually run an MS based externally facing server, have you?

Let's take the BSOD. Basic Exchange Server 5.0 couldn't handle simultaneous incoming port 25 connections. Period, end of sentence, it wasn't fixed properly until about 5.5.

And I see your point about Exchange store. I've simply had the argument with new-to-the-business admins that external forwardnig MTA's don't need any significant local storage, and had to walk through the requirements with them. Then I had to explain that they had to store the mail for up to 3 days. Then I had to explain about rewriting the envelopes of the messages correctly, so that the external and internal mail servers were distinguishable for debugging reasons but the user still saw their mail to the correct "From:" line, and why using this kind of system broke their SPF filters on inbound mail (which they hadn't realized had to be moved out to the external mail servers).

That was a long, painful week the last time I did this. They finally gave up and bought some Linux based external spam filters, which did the job very nicely.

Re:yep: not viable

[Allador]

Security is just a matter of configuration. Oh, my. You've never actually run an MS based externally facing server, have you? Yes. Been doing Windows consulting, systems administration, development, what have you, for about 10 years. Have at various times supported medium (small to low thousands, havent done so in an org larger than a few thousand) sized windows installations. So not huge, but plenty of bigger than small business.

My expertise (up until ~2 years ago, which has been almost exclusively development) was IIS & SQL, with some hefty Exchange admin experience thrown in. All of these (except SQL and the DCs) were publicly available to some extent, ie the required minimum ports available to the world. So 25 inbound on Exchange MTAs, 80/443 on the OWA servers, and 80/443 on the IIS boxen. Sometimes DNS on the DCs in the olden days, but thats dangerous too nowadays, with most orgs doing split-brained dns on bind external, windows internal.

All OS management is formulaic. You do the research, create the most secure configuration you can that satisfies your needs. Identify risk vectors, develop a mitigation and monitoring plan to deal with it. Then you put together operational procedures to manage (ie, patch, deploy, upgrade) and audit (did patches apply, is the configuration in expected state, who logged in when, other log monitoring, etc). It's only complicated if its your first time and you have no mentors. Otherwise, you just take your proven best practices, and repeat them, with the occasional revamp/improvement as the platforms change or the environment changes.

Basic Exchange Server 5.0 couldn't handle simultaneous incoming port 25 connections. Period, end of sentence, it wasn't fixed properly until about 5.5. Well, that may be true, but you're reaching pretty far into the past there. That version only existed between May and November of 1997. Since then have been 5.5 (the first version that was doable for Small and Mid-sized orgs) in 1997-200, Exchange 2000 from 2000-2003, Exchange 2003 from 2003-2007, and Exchange 2007 currently. Given that since Exchange 2000, Exchange has been one of the most commonly seen collaboration (ie, mail & calendar) setups in big business, I think issues like you mention can be considered 'very old history'.

(Mind you, all big installations separate out the store servers, mta servers, and client connectivity servers (IIS & MAPI), as this provides effectively infinite scalability at only the needed layer. Some use unix-based mta's for that layer, some dont.)

Then I had to explain about rewriting the envelopes of the messages correctly, so that the external and internal mail servers were distinguishable for debugging reasons but the user still saw their mail to the correct "From:" line I believe this is only an issue if you're using non-exchange systems for your external MTAs. If its all Exchange, then the Message Tracking system shows clearly the progression through servers and layers. Same if your external email address isnt necessarily the same as your username@domain.name, if you're on a full exchange stack, this 'just works'. Not sure of the behavior if you have non-exchange MTAs re-writing the envelopes. But this is a commonly enough done thing, that I'm sure its well documented through google. :)

That was a long, painful week the last time I did this. They finally gave up and bought some Linux based external spam filters, which did the job very nicely. In my experience, we've always preferred to use SpamAssassin on our exchange environments, combined with rules in Outlook itself (and SpamBayes for those with some technical ability plus extra anti-spam needs). SpamAssassin on Exchange is interesting to setup, but works quite well. The only real problem is scalability, with Perl's lovely one perl.exe process per email. This would only scale in large organizations on dedicated boxes acting as mta's.

Re:Bull

[Bert64]

If your in a position to MITM, you can often force the clients down to using LM auth unless that's been explicitely disabled...
It's also very poorly documented, most third party implementations of ntlm suffer from several common misunderstandings of the protocol, which are sometimes exploitable.

Arent the windows "ipsec" policies just filtering rules? Or do they actually encrypt/authenticate the traffic in some way? Either way, i've hardly ever seen anyone bother.

As for the hashing, it's relatively weak and fast to crack compared to other comparable authentication methods, it's unsalted for instance which is why rainbow tables work.

Re:Bull

[Allador]

If your in a position to MITM, you can often force the clients down to using LM auth unless that's been explicitely disabled... Agreed, which is why you've got to disable the older methods via group policy or local policy. Unfortunately, a surprisingly small number of shops do this.

Arent the windows "ipsec" policies just filtering rules? Or do they actually encrypt/authenticate the traffic in some way? Either way, i've hardly ever seen anyone bother. You can use them as a poor-man's firewall as you describe, but thats mostly a side effect of its normal usage. When used as intended, you can very easily configure a machine to only respond via network traffic to any other machine who can create an encrypted tunnel (you can also do just authentication if you want). It's a full blown ipsec implementation.

We've used it in the past a number of times, for example, to restrict who can talk to a sensitive database server to only some select machines. Just a nice added layer of protection. Pretty easy to implement as well.

As for the hashing, it's relatively weak and fast to crack compared to other comparable authentication methods, it's unsalted for instance which is why rainbow tables work. Unsalted, yes. Weak hashing, no. It's not computationally possible (with any publicly known math at least, who knows what the NSA or such has up their sleeve) to reverse NTLMv2 hashes. Rainbow tables dont reverse the hash, they just repeat the known implementation of the hash to pre-compute all possible hash results within a keyspace.

At least that is my understanding. If you're aware of any way to reverse the NTLMv2 hash, I'd love to know.

The salting issues is an interesting one. It's what lets cross-domain (or cross-machine in a non-domain situation) user/pass combos work if the user/pass is the same on both sides. So a nice usability thing, but probably not the best solution in this day.

There are techniques such as using syskey to deal with an offline recovery attack (encrypts the sam), but there is not, to my knowledge, any way to use a unique salt in the hash. Which is a shame.

SUSE = Novell = lapdog of Microsoft...who cares...

[tek_heretik]

I don't, I won't be caught dead using anything that has signed with the devil. Sellout wankers, they make me puke, STILL. Nobody give me that openSUSE is ok crap, it's the testbed for the sellouts. I can't say %$&# you Novell enough.

Completely unnecessary

[jotaeleemeese]

The herd is already thin enough.

IT people in big corps know that the gem in town is Red Hat, SuSE and perhaps Mandriva or Ubuntu depending on the situation.

Smaller companies that will provide their own in house support can opt for Debian or perhaps Slackware.

Anybody else should be free to try anything that is being produced, but it is a false economy not to have options. The last thing I want to see is freedom of choice killed in Linux.

It is unstable by nature.

[jotaeleemeese]

Patching is a nightmare of unintended consequences, the GUI is very often on the way of what the machines hould be really doing.

Bizarre dependencies.

Applications locking up the machine.

Sorry, but that just does not happen in Linux and UNIX land.