Slashdot Mirror
Google Reportedly Ditching Windows
Reader awyeah notes a Financial Times report that Google is ditching the use of Windows internally. Some blogs have picked up the FT piece but so far there isn't any other independent reporting of the claim, which is based on comments from anonymous Googlers. One indication of possibly hasty reporting is the note that Google "employs more than 10,000 workers internationally," whereas it's easy enough to find official word that the total exceeds 20,000. "The directive to move to other operating systems began in earnest in January, after Google's Chinese operations were hacked, and could effectively end the use of Windows at Google. ... 'We're not doing any more Windows. It is a security effort,' said one Google employee. ... New hires are now given the option of using Apple's Mac computers or PCs running the Linux operating system. 'Linux is open source and we feel good about it,' said one employee. 'Microsoft we don't feel so good about.' ... Employees wanting to stay on Windows required clearance from 'quite senior levels,' one employee said. 'Getting a new Windows machine now requires CIO approval,' said another employee."
'Linux is open source and we feel good about it,' said one employee. 'Microsoft we don't feel so good about.'
However, they feel pretty good about a closed-source implementation of an open source operating system on locked-in hardware? This sounds rather flamebaity and very light on facts.
The year of Linux on...
Never mind.
.....if Microsoft employees can ditch Google.
That will be the true test of Google's influence.
Fucking Eric Schmidt is a fucking pussy. I'm going to fucking bury that guy, I have done it before, and I will do it again. I'm going to fucking kill Google.
Your friend,
Steve Ballmer
I recently left IBM, but while I was there, there was considerable effort to eliminate M$ products. Symphony was being pushed out over MS Office, and Apple netbooks were an available option in some areas. Obviously IBM has a love for Linux, and the Linux folk there are doing everything they can to make it perfectly acceptable, and usable, to use Linux internally. For all of my 4 years at IBM I used Debian and then Ubuntu on my work thinkpad (but I kept a XP partition for Visio).
I'm not as smart as most of you slashdotters, but this seems smart in that they can write their own security updates with Linux, as opposed to waiting for Microsoft to fix them.
Macs are only more susceptible to spearfishing because the monitor and body are one. Ram a spear through that and the whole machine is gone. With most windows machines, spearfishers go for the bright monitor but since the real guts of the machine is in a seperate body, it just requires replacing an ever-cheaper monitor.
On other news, RedHat announced it does not use Windows on its web servers and Apple announced that no employees use Windows Mobile phones.
That's because the hackers want a Mac, not some lame old Windows box.
Man who leaps off cliff jumps to conclusion.
Windows, if administered right? There are new critical flaws found almost daily. Windows can be locked down pretty tight if you remove the network cable though. I don't think Windows has yet earned the security ratings that various *NIXes have. If I'm wrong, please show me.
I had a Linux machine I put up get hacked once though... I set up a machine for someone and told them explicitly, "CHANGE THE PASSWORD!" He agreed to. He didn't and it was compromised within two days. After that, though, it was all good. Linux seems trivial to lock down but perhaps it is because it is less of a target... or perhaps not. Time will tell. But the nice thing about Linux is that there are so many of them. Find a flaw in one, it may not apply to others and even if it does, it might require some tweaks to make the exploit work as needed. The point here is that even though machines could be compromised "as easily" it couldn't as easily be done using a massive wave of self-replicating exploits where compromised machines go on the attack automatically searching for more vulnerable machines to infect. The DNA of Linux has very healthy variations while Windows is a pygmy village just waiting for someone to kill them with the next "common cold."
This is the Financial Times, not the New York Post, Mac OS Rumors, or some random blog. This reminds me of when the Wall Street Journal was reporting that Apple was going to Intel, and Slashdot said, "Never going to happen." Of course, it did happen. Folks, when a major newspaper like the FT, WSJ, or New York Times reports something, it's probably true. Which makes this very interesting. I think the most interesting aspect will probably be that feature parity for things like Google Chrome will probably benefit--no longer will Chrome, or Google Toolbar, or Google Earth lag behind on Linux and Mac, because Google employees are using Linux or Macs, because now Google employees will be using Linux and Macs.
"He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
So Google employees don't use the client software they themselves produce, considering that a lot of it is still Windows-only?
I would be particularly curious about Google's own GTalk client...
Tell me... what IDE runs on ChromeOS? Where's the Emacs for Android? When I see that, we'll talk. Until then, I don't think that Google's going to be able to migrate it's most vital employees (engineers) to "eat their own dogfood." Might be interesting to migrate support staff, but that's not where the heart of Google is.
"He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
OS X has all the nice overflows, poor to no memory protection, problems with users ect that most consumer quality OS face.
Actually not really. It's not as prone to buffer overruns as C++ or C would be, thanks to Objective-C used to write most apps.
Also with Snow Leopard, it has fairly good memory protection at this point.
And the users are more partitioned off, because there are no programs that demand you run as admin the way you find Windows programs that flake out... not to mention no open ports by default.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
No, the number of unnecessary and undesirable services automatically deployed with Windows operating systems is quite profound. The automatic sharing of the C: drive as \\hostname\c$\, for example, has been nearly impossible to turn off for even a competent systems administrator without ripping out parts of the operating system you may want.
Shall we review the security risks of the almost mandatory use of dynamic DNS associated with Active Directory? Or the very poor security models of overburdening the Kerberos server underlying Active Directory with graphical and non-security related tools which have _nothing_ to do with that absolutely critical security service, yet are mandatory with the Windows "Server" releases required to run an Active Directory server? Or the denial of service attacks possible against an Internet-exposed Exchange server because it simply cannot handle a reasonable amount of direct SMTP traffic, especially broadly distributed spambots?
The Linux boxes simply do not run all these services and have all these vulnerabilities when they come out of the box because they don't _activate_ such services without giving the owner a patch to patch their systems. And users are not forced to run "Internet Explorer", that festering cesspool of security vulnerabilities, because someone locked the software update mechanism to a web browser with too many "features" to possibly secure.
It has always surprised me how few companies run linux on the desktop. I have personal converted about 30 in the last 10 years, all of which were mom and pop places with less than 100 seats. Google using Chrome would not surprise me. 90% of the office desktop users dont need more than a browser, office platform, and maybe e-mail assuming the company does not have a web based e-mail. I have heard many geeks say it is not ready for the desktop based on a list of reasons but the general office user has such a small software need that it fits nicely..
The last company I migrated over to linux was a rush job. They needed it done in a short window before the inspection of there licences. I set up 1 server with home directory shares in both NFS and Samba, ldap, dns, printers, and DHCP. There were 3 desktop configs, 1) for users that had with firefox, OpenOffice, and google chat. 2) for managers that had that plus planner, and Dia. 3) was for upper management that had everything from the first two plus a few specialized things that one VP seemed to think he needed like bit torrent and an RSS feed reader.
Everyone got the basics like a calculator, archive manager, Notepad, etc.
All in all they run smooth, easy access to pen drives etc. Windows Laptops could be pointed at the server and after logging in would get the users home directory allowing them to easily move data between there laptop and the desktop. The remote home directories and ldap logins meant that users could login at any desktop and do there work. All the desktops were the same for a given group so if one failed it was simply replaced and a new image installed (Totalling about 45 min install time) Top this off with no viruses, spy ware, or bot software and the desktops were locked down with only a couple of open ports. So far every company I have done this for has loved the setup.
This old myth has never been true.
Apache is more popular than the Windows web server, yet gets hacked less, which completely debunks the idea that being a market leader is the only reason Microsoft products are so shockingly vulnerable to attacks.
OS X is a GUI shell on a BSD layer on a Mach engine. Like any flavor of *nix, it was designed from the ground up to live safely in networked, multi-user environments.
It's an order of magnitude harder to hack than a Windows box, because of superior design. This has been demonstrated over and over for nearly a decade now, yet the MS fanboys continue with the silly drumbeat that Macs are only enjoying security via obscurity.
Information wants to be anthropomorphized.
windows key + r /u:domain\user application.exe
runas
return or enter key
when prompted enter your password
use a- prefix accounts within a group on the domain for local administrator access.
use normal accounts for login and day to day.
I don't care about the OS "fighting" but make sure you look at all the details first.
Or the denial of service attacks possible against an Internet-exposed Exchange server because it simply cannot handle a reasonable amount of direct SMTP traffic, especially broadly distributed spambots?
That is so true. Our Exchange server was falling over at least a couple times a week, even though it was on a fresh install on good hardware and run by a competent admin. It just couldn't stand up to all the dictionary attacks and other jackassery thrown at it. I installed a FreeBSD+Postfix server in front of the Exchange server and configured it to learn which usernames were valid on the Exchange, set up Spamassassin, and let it go. We literally haven't had a single unplanned outage on Exchange since that day.
Dewey, what part of this looks like authorities should be involved?
Bullshit. I do a great deal of C/C++, R, C# development on XP and very, very rarely need to run anything as administrator. I can't even remember the last time I had to runas Admin other than installing software.
Do you see now why that won't be a problem for Google?
That's because the hackers want a Mac, not some lame old Windows box.
Sorry, but the contestants do not decide the order in which they attack the target computers. They are allocated timeslots randomly to each system. The Mac fails first because they haven't implemented some of the basic security precautions that the other operating systems have.
You can right click on any app in XP and choose "Run As". Same as sudo.
I wonder what Google uses for an accounting package? Very hard to find accounting programs that do not require Windows OS.
Corporate accounting? General ledger, accounts payable, that sort of thing? No company of Google's size would do that with a Windows-based application. They would likely do accounting with SAP or Oracle, probably running in a Unix environment of some kind. Both of these have web UIs nowadays, so all the employees who need access can use any OS they want.
Unpatched 5% (11 of 217 Secunia advisories)
That's the important part. Linux always has more vulnerabilities publicly found and fixed due to it being open source, a process which leads to a more secure system -- wouldn't you rather have a vulnerability found and fixed, or even found and marked "unpatched" on Securina, than found and exploited (hidden) elsewhere?
And even more important is what those unpatched vulnerabilities actually are:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
This is in the CIFS code, which presumably can be disabled. Should be fixed, but how many Linux systems actually need to defend themselves against local DoS attacks?
Tony Griffiths has reported a vulnerability in the Linux Kernel, which can be exploited malicious, local users to cause a DoS (Denial of Service).
Another local DoS. And another, and another... Yawn. Let's skip to the good stuff:
An error in the DRM (Direct Rendering Manager) drivers due to insufficient DMA lock checking can be exploited to crash the X server or modify video output.
Modifying video output could be very bad, but also very hard to exploit in a way to make it worse than rickrolling you. And again, local.
A race condition within the handling of "/proc/.../cmdline" may disclose the content of environment variables of spawning processes.
In other words, there's a race condition (hard to exploit) which may disclose sensitive information in your environment variables to other procesess you run. I honestly can't think of a single case where this would reveal anything exploitable. Clearly, it should be fixed, but right now, you're welcome to my environment variables.
A race condition within the memory management can be exploited to disclose the content of random physical memory pages.
That could be very, very bad, but also very difficult to exploit. Again, local.
The vulnerability is caused due to an unspecified error within the ide-cd SG_IO functionality. This allows a user with read-only access to bypass these permissions and perform write and erase operations on media in a drive.
So, in other words, anyone who uses an IDE CD-RW drive is vulnerable. Otherwise, you need a lightning-quick exploit to grab someone's blank media and burn something evil to it. I'm quaking in my boots.
The problem is caused due to signedness errors which can lead to integer overflows in the XDR decode functions in kNFSd. This can be exploited by sending packets with a write request larger than 2^31, causing the system to crash.
In other words, doesn't affect people who don't run NFS, or specifically kernel NFS (there's a userland NFS now). Oh, and you need to be on the local network.
Various functions in the IEEE 1394 driver contain integer overflows within the memory allocation scheme. This can potentially be exploited via specially crafted requests, which may cause a large amount of data to be copied into an insufficiently sized buffer.
That's probably the most serious one I've seen -- possible privilege escalation -- but what privileges do I have to have to access the raw FireWire device anyway? I bet most users can't.
So that brings it down to, what, one actually unpatched vulnerability that I'd be worried about. And it's still only local, and still a bitch to exploit.
Now let's try the Windows ones. One is a remote exploit, which can be triggered merely by convincing an Aero user to view a given image. Another is a remote exploit which may allow people to manipulate SSL-encrypted streams.
Security is not and never has been about numbers -- I only need one serious exploit.
Also worth
Don't thank God, thank a doctor!
Actually, since all platforms are hacked at the conference, it shows that the Mac is the biggest prize.
More to the point, the weakness exploited was in Safari (in all but one case) and required user intervention in all cases. For Windows, systems were compromised in ways requiring no user interaction.
So it does actually show that a Mac is harder to "pwn". It's not like the time of pwn2own means anything--the hackers have all prepared their exploits and practiced them for months in advance.
We'll see how long it takes Google to start frantically doing the back-stroke.
I don't think we will see Google doing a backstroke anytime soon. When you think about how badly Google was compromised, and what someone could do to them if they are every compromised like that again. What are their options.
1. Find a way to live without Microsoft and all the software that will ONLY run in a MS Environment.
or
2. Give to it, take the easy way, run MS software and just expect that you can survive any system breach no matter how badly you are compromised.
If it takes 5 years and a billion dollars, I am sure it will be worth it to Google in the long run. Also note. Google is not "talking" about switching. They are not trying to get a better price from Microsoft. They just quietly started to mandate that MS is not an option any longer.
vi +