Slashdot Mirror
IBM's Answer To Windows 7 Is Ubuntu Linux
An anonymous reader writes "It looks like IBM isn't much of a friend of Microsoft's anymore. Today IBM announced an extension of its Microsoft-Free PC effort together with Canonical Ubuntu Linux. This is the same thing that was announced a few weeks back for Africa (a program that began a year ago), and now it's available in the US. The big push is that IBM claims it will cost up to $2,000 for a business to move to Windows 7. They argue that moving to Linux is cheaper."
If you reduce the cost of software to zero and compete only on the hardware, you shut out some people from the market and trample others with your behemoth size.
A standard user account doesn't exactly have alot of control to begin with. The way Windows does things is they open up access and lock things down while in the UNIX word its all locked down and open things up (i.e. sudo)
Your point is only valid if you want to prevent a use from changing his wallpaper, screen savers and the like. There are (expensive) tools out there but dont handle very well.
Also in GNOME you have gconf and can put custom settings into a SOE very easily.
This sig has been distributed under the Creative Commons license.
Yeah it is so hard:
gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type string --set /desktop/gnome/background/picture_filename /usr/share/backgrounds/warty-final-ubuntu.png
gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type string --set /desktop/gnome/interface/gtk_theme Human
gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type string --set /desktop/gnome/interface/icon_theme Human
Huh wah?? Obviously you must be from a parallel universe, rather uninformed or a clever troll. I manage the desktop branch of a medium - large sized organisation and the amount of pain involved in locking machines down in the distributed workforce age is quite painful. Sure there are apps to aid this (we employ ZenWorks) and they do work really well, but you can't have used anything more then a default install of Ubuntu. Honestly the amount of fine grained control mixed with sudo (neither run-as or UAC are sudo, they impersonate another user rather then privilege escalation) you get with *nix environment is leaps and bounds ahead of Windows. Admittedly group policy has some nice default templates, but as soon as you step an inch outside the norm (which is hard not to) be prepared for pain, so much so that the only place we employ GP is on our Terminal Services boxes. Even then a lot of the "Lock Down" is pretty much just obscuring things without actually adding any security.
Nice try, but I suggest you undertake a bit of a learning curve and you will be enlightened.
# cat
Damn, my RAM is full of cats. MEOW!!
Fine-grained permissions are somewhat difficult. Locking everything down is really easy: just don't give the user root/sudo permissions.
Has anyone here been able to find a good guide for joining a Linux client to an AD domain?
ViewTouch
now sod off you stupid troll
Uhh . . .
Ubuntu needs 256 MB RAM and ~8 GB (they say four, but from personal experience, you need at least 8) of Hard drive space.
Windows 7 needs 1 GB RAM and 16GB Disk.
Source: http://en.wikipedia.org/wiki/Windows_7
http://en.wikipedia.org/wiki/Ubuntu_(operating_system)
I read TFA and all I got was this lousy cookie
The main problem with OS/2 was that it came out too soon, and so the muckety mucks decreed that it had to run on a 286, and so lots of it was 16-bit, and so when the 386 came out the move to 32-bit was painful. The second problem with OS/2 was the GUI's single-threaded model....
The SCO lawsuit makes me wish my company were in Utah. We need a new building.
I would suggest you try figuring out why these apps require admin, using sysmon and regmon. Most of these apps are just poorly made and the users need write permissions to some file or reg key. Once you give them that the app works just fine.
I don't know of anything similar in the Linux Desktop Environment to Windows Access Control or the other programs that are out there. Does anyone else?
The reason you don't know of Linux programs that let you lock down the desktop is that no such program is needed. A default Linux install will allow you to control access to files and programs on a user by user, or user group basis without the need for extra software. It will take a little bit more expertise than using some program with a gui on windows might, but it also allows much greater control of precisely what user can do.
"I wonder how IBM arrived at the result of $2000."
From the actual press release: Independent market estimates range up to $2,000 for the cost of migrating to the Windows 7 operating system for many PC users. New PC hardware requirements account for a significant portion of the added expense.
For those that care, the Actual IBM press release
http://www-03.ibm.com/press/us/en/pressrelease/28649.wss
Disclosure: I do not work for IBM.
firstly, can we all try to learn what a concept is before brandying it around?? anti-competitive *only* has any relevance when a company is a monopoly. ibm has not been in this position for decades now.
secondly, ibm are not *forcing* anyone to do anything. install what you like on their hardware, they are only making a recommendation.
Successful exploitation requires that a threaded Multi-Processing Module is used and that the mod_proxy_ftp module is enabled. (...) An error in the included APR-util library can be exploited to trigger hangs in the prefork and event MPMs on Solaris.
And the second (first in order on the site) unpatched vulnerability deals strictly with a mod_ftp input validation issue. Again, I rarely even see mod_ftp even used as opposed to an entirely seperate FTP server daemon but disabling the faulty module is simple enough in environments requiring absolute security.
And input validation issues are usually patched fairly quickly anyways, I mean come on, this is 2009 and there are too many developers for the project that wouldn't let this sort of thing continue for this amount of time. Not to mention the fact that these unpatched vulnerabilities are nothing compared to the olde IIS Webdav exploit of a few years ago - too bad there wasn't a community aware of it sooner other than the underground black hats already using it to their advantage by the time it was brought to the attention of MS.
"The second problem with OS/2 was the GUI's single-threaded model...."
What are you talking about? The Presentation Manager was totally multi-threaded. Do you mean the single input queue, which was Microsoft's idea anyway? I do believe they fixed the problem of the GUI "locking up" before they stopped selling it retail, before I switched to Linux at least.
And to quote from the secunia website:
"PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products."
But just for fun - don't forget that IIS needs to run on Windows: 212 Secunia advisories, 282 Vulnerabilities, 12 Unpatched...
That's the secunia report for Windows 2003 "Web Edition" - which is reasonably representative. Compare that to OpenBSD.
Goodluck with that! :)
The backward-ness of your comment on sudo is hilarious.
The core of sudo is actually a very simple program - at installation it is SetUID root (but executable by users). When invoked, it reads the sudoers file to check whether the action is permitted (possibly checking a password, etc) and if so, simply execs the parameters it was passed. The relevant thing here is that sudo itself (and therefore any program executed by it) always runs as root. Remove the SetUID bit on sudo (or change its owner) and it's pointless.
How is this different from using Run As on Windows? Again you tell it the program to run, the user to run it as (default is Administrator), and provide credentials. There's no sudoers equivalent and the API to start a process is different, but the end result is the same - the program is run using the user ID of the high-permission user (root or Administrator).
UAC, by comparison, actually works differently - Vista/Win7/Server 2008 user accounts have two tokens, elevated and un-elevated. If you're a member of the Administrators group but not *the* Administrator account, then processes normally start using the un-elevated token. If you use UAC to start a process, that process gets the elevated token. Here's the difference, though - the elevated token is still for your account.
A quick way to test and compare: both Windows and *nix have the whoami command. Try the following: /noprofile /user:[computer_name]\administrator cmd and enter the password when prompted (on Vista/Win7, you'll need to have enabled the Admin account. You could alternatively use another user account on your computer). In the new window, try whoami again - it should come up like [computer_name]\Administrator (or whatever account you specified).
At an un-elevated CMD prompt, use whoami. You should see something like [computer_name]\[your_user_name]
Next, type runas
Third, try opening a CMD prompt using UAC, then run whoami again. You'll get the same response as if you didn't use UAC.
On Linux or another Unix-like system, type whoami and you'll see your username (presumably not root).
Then try sudo bash followed by whoami (or even just sudo whoami) and it'll say root.
Using su will give the same result.
There's no place I could be, since I've found Serenity...
You clearly have never worked inside a large company, or if you did, you didn't pay attention. They have better things to do with their precious developer talent than recompile Firefox and Linux kernels all the time. Stuff like writing Visual Basic applications to assure that they will forever be tied to Windows, leaps immediately to mind. Oh, wait...
If you mod me down, I shall become more powerful than you could possibly imagine.
Uh, I used Vista right after it first came out and never came across a program that didn't work. Same with Windows 7. So no, not like Vista.
Don't take life so seriously. No one makes it out alive.
Please don't ever use the Wine as an example of Linux being compatible with Windows software. Because a huge majority of programs simply don't work with it, and those that do have had special coding done in Wine to make them work, and even then they are as buggy as hell.
No, Wine has a strict policy of not letting app-specific hacks into the mainline tree, if that wasn't the case things would be a mess and nothing would run. Certainly not everything works 100%, but there are many apps that run very well. For example, I played Diablo 2 on and off for several years through Wine, and having originally played it on 'doze, I can tell you it plays identically through Wine.
Also, Wine has made an enormous amount of progress in the last 4 years. It helped a lot that the Win32 API pretty much stopped dead between XP and Vista, as it gave the Wine team a huge amount of time to catch up instead of having to chase a moving target. The huge Vista backlash also helps quite a bit, Wine has only really started on D3D10 support this year or late last year, but the fact that really nothing uses D3D10 (because it doesn't work on XP) makes the lack of support largely irrelevant. There's really no point in comparing Wine 4 years ago to Wine today, so much so that it's probably not unreasonable to say that more has changed in Wine's last 4 years than the previous 12 years before that.
Game! - Where the stick is mightier than the sword!
Call me when it's possible for my company to have absolutely all system and OS settings administrated centrally while ALL the user's personal customisations ("registry") and documents rest in his home directory on a file server, and when a motherboard fries, it'll take less than half an hour to physically replace the box and get the user back in business with all software and personalisations in place).
Windows has been able to do that for a long, long time. Roaming user profiles store a user's settings, documents and files on a central server. The user can then log into any computer, anywhere, that's joined to the Windows domain and access files and settings as if they were stored locally. If the motherboard on a machine blows up, just log into a different computer and your files and settings will be right there.
Depends. There are a bunch of man pages on the grub commands, and there's /etc/grub.d/README and /etc/default/grub for the menu configuration. There's also Google.
http://upstart.ubuntu.com/
https://help.ubuntu.com/community/UEC
Apt supports file:/, so you can use that if it's just for personal use. Otherwise, you apparently just replicate the directory structure of an existing repository on your server and generate the necessary files. (Google produced many quick guides on how to do this.)
https://help.ubuntu.com/community/
https://help.ubuntu.com/7.04/installation-guide/i386/preseed-using.html
All except GRUB and "building your own repository" were found in less than a minute on Google.
Remember that Ubuntu is mostly an amalgam of discrete software packages, all bundled up nice and neat. The best place to look for documentation is usually the origin.
I know your reaction was knee-jerk, but just in case you didn't know, unix machines can also be configured by policy (cfengine/puppet) and single sign ons originated in the unix world (kerberos). The freeipa project http://freeipa.org/ already has a working nice kerberos+ldap solution with integrated multimaster replication and quite easy to set-up (version 1.2, if I recall correctly). Version 2 will come shortly and it will be even easier). I know, I know, first I have to see it.
You can now join linux/solaris clients to a freeipa kerberos domain in a very similar way as to how you join a window machine to a windows domain. You have delegation of tasks for junior staff and it just works. Why has it taken so long? Good question, ask the big linux players (google, ibm) why they were not interested in this. Red Hat started it and they are actively developing it right now.
It takes time, but good stuff happens eventually.
Natxo Asenjo
You're misinformed. IBM is already jumping. You can have a Linux workstation (Open Client for Linux - for Red Hat/Fedora, Ubuntu, SLED) in IBM. What's more the default office suite in IBM is Lotus Symphony now. MS Office is slowly going away. BTW: I've never seen Windows Vista installed on any work PC in IBM.
I've actually been in that specific scenario, and it certainly didn't go like that.
For those that don't know, if you have an Enterprise Agreement with MS, you self report what you're using and can optionally buy software assurance on the SKU's you purchase. Software assurance allows you upgrade rights to the next best thing, or not, your choice. Depending on your agreement, once a year or every couple of years, MS comes around and asks you what you've installed new since the last time we spoke and put into production. You then indicate what that is and cut a check for the additional software, and optionally renew your software assurance on that. Mind you, this is totally self reporting. There are no BSA thugs, there is no magic thumb drive that executes a script against your infrastructure. It's all a pretty reasonable transaction.
My company makes heavy use of Microsoft Dynamics. And I know most of you don't know what that is, but when you get to a certain size, you need enterprise financial and accounting packages, inventory packages, and CRM packages. Dynamics is Microsoft's answer to this. I won't say they are fault free but nothing is, even were you to use SAP, Siebel, or IBM, or Oracle which also compete in this field. Usually we can work with MS and get these issues fixed as they come up. No one, period, makes enterprise financial packages for free. You either write it yourself, or you get a foundation platform and write your custom libraries on top of it. For the most part, I'd say we've been very happy with Dynamics and the abilities to tie our from scratch POS application we wrote into our financials with Dynamics. It works pretty darn well.
Most of the comments on /. appear to come from people with usually SOHO and at best SMB experience, but largely little enterprise experience. I think it truly skews the point of view about software. I come from Enterprise. Those Dynamics products and the MS SQL Server instances they run on are without a doubt, the most expensive part of the enterprise agreement. Windows client and server OS licenses as well as the Office licenses are cheap comparatively.
Now, we have to have the Dynamics products and the SQL server licenses. Those must be paid. But this being an economic recession and all that, we looked where we could save money. Because of how well OpenOffice had come along with 3.0, I and my team found exactly one spot where OpenOffice didn't work well enough for our needs, and that was Sharepoint integration that we, as a company, hardly used anyways.
We took that information to the CFO and CIO along with a true up bill for MS Office. The CFO and CIO took that to the CEO. We got a sign off from the CEO, so we took that back to MS to dicker. No dice, they called us on it.
Three weeks later we rolled OpenOffice to everyone in the company. We generated exactly one helpdesk ticket concerning the lack of Sharepoint integration. We did generate quite a number of HD tickets concerning training, but those tickets would have been generated using scalc or excel and were quickly discounted.
Of the remaining tickets, a significant number did concern failings in OpenOffice's ability to correctly render an MS Office document. Some of those were from our own internally generated documentation, but very few, and quickly purged. The rest were from our interactions with customers.
Initially we were screening the documents and having the HD convert the documents for them. That way we could analyze what documents were causing fails in OpenOffice. In corner cases we started putting OEM copies of MS Office that we'd previously taken off, back on certain users laptops. At four months out we built a terminal server farm with MS office on it and selectively allowed users to connect to it, provided there was a document rendering issue. At six months out we opened the gates for everyone in the company to that TS farm. Barring a few hold out users, just about everyone is now using that farm instead.
True up is just around the corner and we've already committed to buy MS Office.