Win95 1% Win98 16% WinME 3% WinNT 2% Win2000 18% WinXP 51% (that's a lot of XP)
Mac 3%
Linux 1%
Other 5% (What are these OS's?)
Really, aside from all the Windows versions listed and the "Mac" category, what other OS's are out there? There must be at least 6 of them with marketshare just below Linux's. But I don't know what they are. Any ideas?
Not that I don't trust Google's numbers (I'm cynical) but that 51% looks awful high too. At work we have about 3% XP machines (95% Win2000 and 2% Linux). That's an awful lot of XP that's been deployed, particularly when you see the 16% of Win98.
22% of the Windows machines are pre-Win2K Win2K accounts for 18% (so far I see no problem) WinXP is 51%?
Are all WinXP boxes shipped with google as the default?
It isn't someone looking at all the requirements of the system and evaluating them against the capabilities of the SHIPPING products.....
It's someone who's already made a decision to go with a particular platform and looking for anything that can be used to justify not going with a different platform.
"Look! Linux doesn't have that NX capability yet but it will be in the next XP service pack. Therefore, XP is more secure than Linux."
This is plain rationalization and justification. There's nothing you can do to change that behaviour. Just realize what is happening when you see it.
Gartner is in the business of selling "reports" and "studies".
Most of the "reports" and "studies" you'll see from Gartner are linked from vendor's websites. Vendors who paid for the report. So the vendors use those "reports" and "studies" as marketing materials.
I've only seen Gartner stuff used to justify a decision that has already been made. And, IMO, that's all they're good for.
The Linux kernel and the GNOME desktop did NOT GET IN THE WAY of the applications for those users.
You're correct about too much time being spent on the applications. But that's how most users operate. They spend the MINIMUM time possible interacting with the desktop and the MAXIMUM time interacting with the applications. (Aside from playing with backgrounds and sounds. I hate webshots.)
Personally, I think that a tiny bit of work on that study and the NEXT study would show Linux being incredibly easy to use even for novices.
#1. Get rid of the unstable apps. Each icon that they click on MUST launch an application and that application MUST be the most stable of the bunch.
#2. Populate the desktop with the apps they'll be trying to find (nothing like making it easy for them). This is what I do at work. And remove any other icons. They can put other ones there when they are more comfortable with the system.
#3. Put the controls for changing the background and the sounds in a very visible location and name them something like "Cool effects". Then give them lots of pictures and sounds to choose from.
So, the desktop would have the "My Computer" (or whatever) icon.
The "My Network Places" (or whatever) icon.
The "Recycle Bin" (or whatever) icon.
The "Work applications" folder/link icon.
The "Cool effects" folder/link icon.
The "Games" folder/link icon.
The "Help" icon (context searchable, etc).
Also, once you've run through with each of the testers the first time, have them form small groups and run through the test again. In the workplace, they will talk to each other and share tips/hints/ways to install spyware crap/etc.
Does the desktop facilitate or hinder that kind of human interaction?
And toss in a screensave as a background option just to give them something that Windows doesn't do.:)
jadavis said: "If someone creates a work and doesn't want to share it with me, that's their business. What if Disney made Mickey Mouse and then threw it away? Oh well, I can't stop them."
I replied: "And their work will NEVER enter public domain. Copyright only protects work that is distributed."
Note how the discussion is about copyrighted works falling into the public domain. That was even what the article was about (Elvis' recording falling into the public domain in England).
So, nfras takes half of that statement and drops the entire discussion of whether such a work would fall into the public domain and goes off on a tangent.
Also, I do not believe he knows the difference between copyright and trademark. But that's a different thread. Let's get back to YOUR example:
"Now let's say I write the Great American Novel, and I tuck it under my mattress and forget about it. It's not published, but it is protected by copyright."
Here's something. Suppose it wasn't YOUR novel, but your Grandfather's novel. Never published. But it has since passed the copyright expiration date.
Would it be illegal for the thief to PUBLISH it (under your Grandfather's name) once it had been stolen? Without your (his heir) permission?
This is the original discussion. Can an un-published, un-released, un-distributed work end up in the public domain without the consent of the heirs?
But I was replying to his previous comment: "If someone creates a work and doesn't want to share it with me, that's their business. What if Disney made Mickey Mouse and then threw it away? Oh well, I can't stop them."
Now, if I write something and do not distribute it. How long before what I wrote falls into the public domain?
"If I write the Great American Novel then have a heart attack and die, the EMS person cannot take my work and publish it as his."
Copyright is all about DISTRIBUTION.
In your example, the "EMS person" would be DISTRIBUTING your work. Then copyright law would kick in.
If he took your novel and never distributed it, copyright law would not be involved.
"If someone creates a work and doesn't want to share it with me, that's their business. What if Disney made Mickey Mouse and then threw it away? Oh well, I can't stop them."
And their work will NEVER enter public domain. Copyright only protects work that is distributed.
"And yes, 50 years is a balance too. I never suggested otherwise, that's why I left it "X"."
But you also said... "And all this makes the "X years plus life of author" make sense, I suppose. It's a balance."
How about 1 year then? That too is "a balance".
"I think probably the most important thing is stability. Investors will get scared if the government doesn't protect old copyrights as much as they do new copyrights because it's an indicator that they might not protect new copyrights as much as old copyrights."
What "investors" are you talking about?
"Stability is very important when it involves something as fundamental as property rights. We can't change copyright law around every few years because of a change of public opinion, because changing copyright protection is, in and of itself, bad for the economy."
How so is changinge copyright protection "bad for the economy"?
"So, it might actually be reasonable to give infinite ownership to the creator. Probably not a good practical idea, but reasonable people could at least make a good moral argument."
Why? I haven't seen "a good moral argument" for that case.
But I can make an easy argument NOT to make them infinite. The person who created the work will not live forever.
"And all this makes the "X years plus life of author" make sense, I suppose. It's a balance."
Yet 50 years is ALSO "a balance".
What is the criteria for choosing one over the other?
"My moral threshold would be much higher actually (X=100 years maybe), but from an economic standpoint, I really hate to see a valuable work go to waste."
Why is your "moral threshold" that high? Why do you not consider economics in your "moral threshold"?
The government (funded by the people) has to protect those copyrights. Where is the benefit to the people of that action if the works only enter the PUBLIC domain long after they've ceased to be of any value to the PUBLIC?
Your position would be stronger if the INDIVIDUALS held the copyrights to their creations.
But now it is mostly the corporations that hold those copyrights.
The extensions are designed so that every bit of value can be extracted long before the works end up in the public domain.
Which is why Disney fights for extensions every time Mickey Mouse is in danger of hitting the public domain.
#1. The tech is OLD. It will fail. Why should they spend $50 for a replacement power supply when a brand new box is $199?
#2. The tech is SLOW. Again, a new box costs $199 and runs 10x faster than the old stuff.
#3. When they finally do buy the $199 stuff, they'll be stuck with the recycling costs of your old stuff.
Of course, none of this matters if you also give your time and expertise to keep it running and so on. Those older machine can make great servers and firewalls, if you will set them up and maintain them.
Blaster did ya some harm We just say, hey, another worm But thank you, for trusting me To mind your site's security It's all good, when your server's downed Our dope PR will pass blame around Cuz it's known as such That this is some software, you can't trust
I told ya Homeland U can't trust this Yeah that's why we're giving ya the code U can't trust this Check out eEye, man U can't trust this Yo let 'em bust more funky system U can't trust this
Give 'em a string or recvfrom Like no sweat they got the keys to your kingdom Now ya know You talk about eEye, you're talking about holes Remote and tight Coders still sweating so someone better write A book to learn What it's gonna take in '04 To earn some trust Legit, either secure or ya might as well quit
That's the word because you know U can't trust this U can't trust this
I'll use anti-virus as an example. Instead of fixing the old macro-viruses (yes, I know they're fixed now, stfu) in Word and Excel, you had to keep your anti-virus signatures constantly updated. It took Microsoft a long, long time to deal with the root cause. Now that they have, macro viruses are few and far between.
So far, I see Mozilla focusing on the root cause of the problems. This is FAR more effective as once you deal with one problem, you have dealt with all the similar problems.
You complain about adding FireFox because it takes up some room and then IE would be "useless".
Yet you're more than happy to add AdAware and SpyBot to your system.
"Really, IE isn't that inferior of a browser to me. It's a decent browser. I'd prefer Mozilla, but it just isn't worth it to deal with conflicting apps."
Whatever works for you. Personally, I'll take the increased security, pop-up blocking, ad blocking, and tabbed browsing and leave IE there for those few websites that I need that run ActiveX or some crap.
I just find it very funny that you complain about the space for FireFox and then install AdAware and SpyBot.:)
"I'm not denying that centralized management is cheaper, just pointing out that you are trying to remedy a Political Problem with a technology product (Linux), and it ends up being a Apples/Oranges comparison."
This did not start out as a political discussion. Nor do I see the political aspect of it at this point.
"As natchoboy points out, people can and do manage 3rd party apps with ActiveDirectory and some scripting."
Yes, they do. Emphasis on the "and some scripting" portion there.
Now, the original comment was: "Contrast this with administering IE on domain machines via Group Policy. If our proxy settings change (which they do occasionally, out of our control), I just update the policy. I don't have to worry about writing my own script, fiddling with our Ghost images, checking who's been updated already, etc. Because we've already separated computer accounts into distinct OU's, I know my lab policy won't accidentlly end up on the office machines or laptops."
To which I replied: "Microsoft apps are easily adminstered on Microsoft platforms using Microsoft tools.
But those same tools do NOT work well with non-Microsoft apps (or platforms)."
I also pointed out the a Linux-based network and a Windows-based network do not have to be setup the same. I'm still not seeing the "political" aspect.
They you both went off about laptops. Laptops are a small minority in all of the companies I've worked at. I don't see any problem with centralizing everything that can be and then having a special case for laptops. And I'm still not seeing the "political" aspect.
In summary: Microsoft tools work best with Microsoft apps on Microsoft platforms.
Linux does not have that same level of integration between the OS/apps/directory services.
Laptops can be treated differently than regular workstations (under Windows and Linux).
LTSP and NFS mounted/home directories allow fewer admins to handle more users than the traditional (non-Citrix) Windows model.
"Now, if Unix is going to be a "replacement" for Windows, it has to work in an environment where wannabe bigwigs carry their laptops around, and that's probably going to end up looking a lot more like a Windows network than LTSP."
Nope. Because most of the people in most of the companies out there do NOT carry a laptop around. They're in a cubicle, working on a desktop PC.
So, if you can handle 95% of the workers and do so with very little effort and maintenance, then why no do so? That way you can focus more time and effort of those few laptop users.
"I think it's perfectly fair for the guy to say "Hey, I can't fundementally change how the network is run, now where's the Deploy and Policy tools for Firefox/StarOffice/etc?" If the tools aren't there, that's a big gap for Linux."
You didn't read my post. The tools are not there for most of the 3rd party products.
Microsoft tools work with Microsoft products on Microsoft platforms. That is why he couldn't manage FireFox (3rd party) with Active Directory (Microsoft) on Windows (Microsoft) the same as he could with IE (Microsoft).
Managing FireFox on Windows with Active Directory is almost the same as managing FireFox with scripts on Linux.
In fact, you can replace FireFox in the above statement with just about any non-Microsoft software and it will be accurate.
And centralized home directories on Windows have lots of problems. Just take a look at the registry if you don't believe me. Windows was not built to have remote home directories. Under *nix, the home directory contains the configuration information for that user. Under Windows, that information is in the registry.
Microsoft apps are easily adminstered on Microsoft platforms using Microsoft tools.
But those same tools do NOT work well with non-Microsoft apps (or platforms).
"Is Linux desktop administration even remotely like this?"
Sort of, but it is still mostly scripting the changes.
"I've been admin'ing Windows boxen for close to 10 years now and I'm not afraid of the command line, but if replacing all my desktops with Linux means I have to hire 2 more of me to keep up with the core admin tasks, no thanks."
In my experience, it takes FEWER people to admin X machines running Linux than it takes to admin X machines running Windows (given similar experience levels). So you would not have to hire 2 more people.
"I'm looking for broad-perspective comments from those who have experience with Active Directory and whatever the corresponding Linux desktop alternative is."
Linux doesn't have anything like Active Directory (a directory service that is tied to the OS). You can use LDAP or such, but you won't get the same level of integration of OS/apps/directory.
But, as you've noticed with Active Directory and FireFox, that "integration" is limited to Microsoft apps. And only for those aspects that Microsoft has chosen to make available in that fashion.
The key issue to understand is that Linux is not Windows. The way you've configured your network to operate efficiently for Windows is probably not the most efficient for Linux.
Two examples: #1. The Linux Terminal Server Project: In most labs, this is the easiest solution. Go to any terminal and you get the exact same desktop as before.
#2. NFS mount the/home directory. And both of these solutions allow you to control the personal setting of each user. But it does take scripting.
About the custom apps and so forth. That's why you implement a "migration plan". Some can be moved now, some won't be able to be moved for a while.
Where I work, we're moving all of our custom apps to Citrix servers or switching to web-based versions. I can access all of them from home, on a VPN, running Linux.
I'm also doing a pilot program with FireFox replacing IE. Just moving people off of IE for general surfing should reduce our workload with regard to spy-ware/ad-ware crap. We have a few IE-only websites that we need for work. But that can be solved with the "View in IE" add-on for FireFox.
Out of 300+ people here, only about 10 of them know or use anything more than the basics of Excel or Word. Re-training those few wouldn't be that expensive (compared to the cost savings of getting off MSOffice).
The current system is only "good enough" because no one has bothered to show them what a Linux-based system can do. The Linux Terminal Server Project changed quite a few minds. They also thought IE was "good enough" until I showed them FireFox and tabbed browsing along with SpyBot and AdAware to clean up their systems.
There might be problems with customers using different file formats, but we ALREADY have those problems. HR constantly comes to me with resumes that they want printed because they don't format correctly when they print them.
It won't be an easy drop-in-replacement, but it can be done. And the little steps at the beginning yield big time savings in support.
"But since worms etc can't do much damage if they kill their hosts, they're not losing their data."
Now, imagine a worm that changed a few random numbers in a few Excel spreadsheets that it could read/write.
It wouldn't kill the host, but it would cause lots and lots and lots of damage.
The virus/worm writers have NOT been focused on damage. They've been focused on spreading far and fast. And until they start to focus on damage, you will appear to be correct.
The only way to stop that is to be PRO-ACTIVE before it happens. And pro-active does NOT mean relying upon re-active systems.
Next week we're going to do a test roll-out of FireFox to replace IE at the company I work for. That is pro-active. We know there are flaws in IE and the odds are that more will be found. We aren't going to wait for something to get through.
"The reality is that us Windows users aren't scurrying around like that. Even the less techinically inclined users are running anti-virus and the sort."
My email scanner tells me a very different story. Again, I am pro-active in that I block ALL executable attachements from coming in. My first line of defense is NOT the re-active anti-virus updates.
You can keep believing that Windows users keep their anti-virus crap updated and running. But I see too many virus emails and spam from zombies to put much faith in your opinion.
I won't even go into the worm probes on my firewalls.
Pro-active is the best approach. But re-active is all the Windows users have. Too bad, so sad.
"we've been through these discussions over and over again. linux is NOT a suitable desktop operating system for the majority of users. most users do NOT want to spend a whole lot of time reading documentation on how to setup/configure their system, and most find it fustrating."
There are MULTIPLE categories of users.
Corporate data entry Corporate desktop user
Home "grandma" user Home "power gamer" user
And so on and so forth.
Linux is a GREAT idea for the CORPORATE user. It is easy to lock down and it is easy to remotely administer and it is very resistant to viruses and worms and it is INCREDIBLY STABLE. Also, corporations don't rely upon the end user to install and troubleshoot the OS, the apps or the hardware. Which is probably why so many cities and governments are looking at migrating to Linux.
For "Grandma", maybe Linux isn't a good choice if she doesn't already know someone who knows Linux. But if she does know someone like that, then Linux would be a good choice for her (no viruses, ad-ware, spy-ware, etc).
And so forth.
Making blanket statement such as "we've been through these discussions over and over again. linux is NOT a suitable desktop operating system for the majority of users." is counter productive (and incorrect).
Lots of people can use Linux at work (Corporate setting) and Windows at home ("Grandma" setting).
I've sorted their numbers a bit:
Win95 1%
Win98 16%
WinME 3%
WinNT 2%
Win2000 18%
WinXP 51% (that's a lot of XP)
Mac 3%
Linux 1%
Other 5% (What are these OS's?)
Really, aside from all the Windows versions listed and the "Mac" category, what other OS's are out there? There must be at least 6 of them with marketshare just below Linux's. But I don't know what they are. Any ideas?
Not that I don't trust Google's numbers (I'm cynical) but that 51% looks awful high too. At work we have about 3% XP machines (95% Win2000 and 2% Linux). That's an awful lot of XP that's been deployed, particularly when you see the 16% of Win98.
22% of the Windows machines are pre-Win2K
Win2K accounts for 18% (so far I see no problem)
WinXP is 51%?
Are all WinXP boxes shipped with google as the default?
It isn't someone looking at all the requirements of the system and evaluating them against the capabilities of the SHIPPING products.....
It's someone who's already made a decision to go with a particular platform and looking for anything that can be used to justify not going with a different platform.
"Look! Linux doesn't have that NX capability yet but it will be in the next XP service pack. Therefore, XP is more secure than Linux."
This is plain rationalization and justification. There's nothing you can do to change that behaviour. Just realize what is happening when you see it.
Gartner is in the business of selling "reports" and "studies".
Most of the "reports" and "studies" you'll see from Gartner are linked from vendor's websites. Vendors who paid for the report. So the vendors use those "reports" and "studies" as marketing materials.
I've only seen Gartner stuff used to justify a decision that has already been made. And, IMO, that's all they're good for.
The Linux kernel and the GNOME desktop did NOT GET IN THE WAY of the applications for those users.
:)
You're correct about too much time being spent on the applications. But that's how most users operate. They spend the MINIMUM time possible interacting with the desktop and the MAXIMUM time interacting with the applications. (Aside from playing with backgrounds and sounds. I hate webshots.)
Personally, I think that a tiny bit of work on that study and the NEXT study would show Linux being incredibly easy to use even for novices.
#1. Get rid of the unstable apps. Each icon that they click on MUST launch an application and that application MUST be the most stable of the bunch.
#2. Populate the desktop with the apps they'll be trying to find (nothing like making it easy for them). This is what I do at work. And remove any other icons. They can put other ones there when they are more comfortable with the system.
#3. Put the controls for changing the background and the sounds in a very visible location and name them something like "Cool effects". Then give them lots of pictures and sounds to choose from.
So, the desktop would have the "My Computer" (or whatever) icon.
The "My Network Places" (or whatever) icon.
The "Recycle Bin" (or whatever) icon.
The "Work applications" folder/link icon.
The "Cool effects" folder/link icon.
The "Games" folder/link icon.
The "Help" icon (context searchable, etc).
Also, once you've run through with each of the testers the first time, have them form small groups and run through the test again. In the workplace, they will talk to each other and share tips/hints/ways to install spyware crap/etc.
Does the desktop facilitate or hinder that kind of human interaction?
And toss in a screensave as a background option just to give them something that Windows doesn't do.
The ORIGINAL discussion went like this:
jadavis said:
"If someone creates a work and doesn't want to share it with me, that's their business. What if Disney made Mickey Mouse and then threw it away? Oh well, I can't stop them."
I replied:
"And their work will NEVER enter public domain. Copyright only protects work that is distributed."
Note how the discussion is about copyrighted works falling into the public domain. That was even what the article was about (Elvis' recording falling into the public domain in England).
So, nfras takes half of that statement and drops the entire discussion of whether such a work would fall into the public domain and goes off on a tangent.
Also, I do not believe he knows the difference between copyright and trademark. But that's a different thread. Let's get back to YOUR example:
"Now let's say I write the Great American Novel, and I tuck it under my mattress and forget about it. It's not published, but it is protected by copyright."
Here's something. Suppose it wasn't YOUR novel, but your Grandfather's novel. Never published. But it has since passed the copyright expiration date.
Would it be illegal for the thief to PUBLISH it (under your Grandfather's name) once it had been stolen? Without your (his heir) permission?
This is the original discussion. Can an un-published, un-released, un-distributed work end up in the public domain without the consent of the heirs?
I said that copyright only protects work that is distributed.
Your first attempt to prove I was wrong involved a publisher distributing a work.
Your second attempt to prove I was wrong involves a friend having a publisher distribute a work.
Hmmmmmm.... I'm still seeing distribution in those examples.
Here's a hint. Try finding an example where copyright is violated and no distribution takes place. Okay? Thanks. Buh bye!
I find the pure ignorance of the average slashbot to be fascinating.
"If I write a book and send it to a publisher who then publishes it without my permission they are breaching my copyright."
So, I say that copyright only protects work that is distributed.
And you say I am wrong and that copyright would protect a work of your's that is distributed by a publisher.
Fascinating.
You say: "No, copyright protects every work."
But I was replying to his previous comment: "If someone creates a work and doesn't want to share it with me, that's their business. What if Disney made Mickey Mouse and then threw it away? Oh well, I can't stop them."
Now, if I write something and do not distribute it. How long before what I wrote falls into the public domain?
"If I write the Great American Novel then have a heart attack and die, the EMS person cannot take my work and publish it as his."
Copyright is all about DISTRIBUTION.
In your example, the "EMS person" would be DISTRIBUTING your work. Then copyright law would kick in.
If he took your novel and never distributed it, copyright law would not be involved.
"If someone creates a work and doesn't want to share it with me, that's their business. What if Disney made Mickey Mouse and then threw it away? Oh well, I can't stop them."
And their work will NEVER enter public domain. Copyright only protects work that is distributed.
"And yes, 50 years is a balance too. I never suggested otherwise, that's why I left it "X"."
But you also said...
"And all this makes the "X years plus life of author" make sense, I suppose. It's a balance."
How about 1 year then? That too is "a balance".
"I think probably the most important thing is stability. Investors will get scared if the government doesn't protect old copyrights as much as they do new copyrights because it's an indicator that they might not protect new copyrights as much as old copyrights."
What "investors" are you talking about?
"Stability is very important when it involves something as fundamental as property rights. We can't change copyright law around every few years because of a change of public opinion, because changing copyright protection is, in and of itself, bad for the economy."
How so is changinge copyright protection "bad for the economy"?
"People working in the recording industry have as much of a right to lobby for rights as you have to lobby against them."
... I just don't see stacking the legal system so they get them.
It's the amount of money that is spent that is the difference. Disney spends a LOT more.
"These laws do, after all, benefit some people."
Yep, but mostly it is the corporate executives who benefit. Do we REALLY need to give them more benefits?
"It's not like corporations are just big evil moneymaking machines."
Take out "evil" and restate it as desire....
"It's not like corporations don't want to be big moneymaking machines."
There, that's closer to the truth.
"They are run by people just like any other business, and those people have needs and desires."
Trophy wives, expensive houses, yachts
"If people in these corporations command more influence in congress, it is only because they care about it more."
Read "care about it more" as "spend more money on it".
"I have to admit, though, that the really long copyrights in the US are a bit unreasonable."
Unreasonable to YOU, maybe.
From the corporation viewpoint, the MORE material they control for MORE years means MORE potential income.
My point is the corporations can go fuck themselves. I have yet to see why 50 years is NOT an acceptable time frame.
"So, it might actually be reasonable to give infinite ownership to the creator. Probably not a good practical idea, but reasonable people could at least make a good moral argument."
Why? I haven't seen "a good moral argument" for that case.
But I can make an easy argument NOT to make them infinite. The person who created the work will not live forever.
"And all this makes the "X years plus life of author" make sense, I suppose. It's a balance."
Yet 50 years is ALSO "a balance".
What is the criteria for choosing one over the other?
"My moral threshold would be much higher actually (X=100 years maybe), but from an economic standpoint, I really hate to see a valuable work go to waste."
Why is your "moral threshold" that high? Why do you not consider economics in your "moral threshold"?
The government (funded by the people) has to protect those copyrights. Where is the benefit to the people of that action if the works only enter the PUBLIC domain long after they've ceased to be of any value to the PUBLIC?
Your position would be stronger if the INDIVIDUALS held the copyrights to their creations.
But now it is mostly the corporations that hold those copyrights.
The extensions are designed so that every bit of value can be extracted long before the works end up in the public domain.
Which is why Disney fights for extensions every time Mickey Mouse is in danger of hitting the public domain.
If the virus randomly changed a few numbers in a few of the Excel spreadsheets it could access.
Damaging the computer itself is too easy to catch and causes people to take it seriously.
Changing data has more implications for CORPORATIONS and would take longer to detect.
#1. The tech is OLD. It will fail. Why should they spend $50 for a replacement power supply when a brand new box is $199?
#2. The tech is SLOW. Again, a new box costs $199 and runs 10x faster than the old stuff.
#3. When they finally do buy the $199 stuff, they'll be stuck with the recycling costs of your old stuff.
Of course, none of this matters if you also give your time and expertise to keep it running and so on. Those older machine can make great servers and firewalls, if you will set them up and maintain them.
http://www.eeye.com/html/Research/Advisories/AD200 40210.html
Scroll down to the end and find this.
U Can't Trust This
By: MCSE Hammer
Blaster did ya some harm
We just say, hey, another worm
But thank you, for trusting me
To mind your site's security
It's all good, when your server's downed
Our dope PR will pass blame around
Cuz it's known as such
That this is some software, you can't trust
I told ya Homeland
U can't trust this
Yeah that's why we're giving ya the code
U can't trust this
Check out eEye, man
U can't trust this
Yo let 'em bust more funky system
U can't trust this
Give 'em a string or recvfrom
Like no sweat they got the keys to your kingdom
Now ya know
You talk about eEye, you're talking about holes
Remote and tight
Coders still sweating so someone better write
A book to learn
What it's gonna take in '04
To earn some trust
Legit, either secure or ya might as well quit
That's the word because you know
U can't trust this
U can't trust this
Breakin' in
Stop -- eEye time
I'll use anti-virus as an example. Instead of fixing the old macro-viruses (yes, I know they're fixed now, stfu) in Word and Excel, you had to keep your anti-virus signatures constantly updated. It took Microsoft a long, long time to deal with the root cause. Now that they have, macro viruses are few and far between.
So far, I see Mozilla focusing on the root cause of the problems. This is FAR more effective as once you deal with one problem, you have dealt with all the similar problems.
And I have a feeling that no matter how proactive they are from now on, certain people will continue to remain focused on that single incident.
"If they had implemented a whitelist of known-good URL schemes back then, it would have been a proactive security measure."
Yes, that is correct.
"The Mozilla team isn't proactive on security issues."
You do not have support for that statement. The most you can claim is that they are not 100% proactive.
It's easy to take the moral high ground in hindsight.
Now, look at the flaws they have PROACTIVELY dealt with. No ActiveX crap. Which means no ActiveX security holes to deal with. That's proactive.
But you don't see that. Mozilla can head off a HUNDRED security issues by choosing a more secure model, but non-existant flaws do not get reported.
Count the number of holes in IE. Then count the number of holes in FireFox.
FireFox has fewer and FireFox was designed with better security in mind. That is proactive.
You complain about adding FireFox because it takes up some room and then IE would be "useless".
:)
Yet you're more than happy to add AdAware and SpyBot to your system.
"Really, IE isn't that inferior of a browser to me. It's a decent browser. I'd prefer Mozilla, but it just isn't worth it to deal with conflicting apps."
Whatever works for you. Personally, I'll take the increased security, pop-up blocking, ad blocking, and tabbed browsing and leave IE there for those few websites that I need that run ActiveX or some crap.
I just find it very funny that you complain about the space for FireFox and then install AdAware and SpyBot.
Some "analysists" say that something Microsoft might do sometime in the future might (or might not) hurt Linux deployments.
Some people think SFU is really cool.
Microsoft might upgrade SFU to 64bit sometime in the future.
SFU lets you run *nix apps on Windows.
There, now you don't have to wait for that page to load.
"I'm not denying that centralized management is cheaper, just pointing out that you are trying to remedy a Political Problem with a technology product (Linux), and it ends up being a Apples/Oranges comparison."
/home directories allow fewer admins to handle more users than the traditional (non-Citrix) Windows model.
This did not start out as a political discussion. Nor do I see the political aspect of it at this point.
"As natchoboy points out, people can and do manage 3rd party apps with ActiveDirectory and some scripting."
Yes, they do. Emphasis on the "and some scripting" portion there.
Now, the original comment was:
"Contrast this with administering IE on domain machines via Group Policy. If our proxy settings change (which they do occasionally, out of our control), I just update the policy. I don't have to worry about writing my own script, fiddling with our Ghost images, checking who's been updated already, etc. Because we've already separated computer accounts into distinct OU's, I know my lab policy won't accidentlly end up on the office machines or laptops."
To which I replied:
"Microsoft apps are easily adminstered on Microsoft platforms using Microsoft tools.
But those same tools do NOT work well with non-Microsoft apps (or platforms)."
I also pointed out the a Linux-based network and a Windows-based network do not have to be setup the same. I'm still not seeing the "political" aspect.
They you both went off about laptops. Laptops are a small minority in all of the companies I've worked at. I don't see any problem with centralizing everything that can be and then having a special case for laptops. And I'm still not seeing the "political" aspect.
In summary:
Microsoft tools work best with Microsoft apps on Microsoft platforms.
Linux does not have that same level of integration between the OS/apps/directory services.
Laptops can be treated differently than regular workstations (under Windows and Linux).
LTSP and NFS mounted
"Now, if Unix is going to be a "replacement" for Windows, it has to work in an environment where wannabe bigwigs carry their laptops around, and that's probably going to end up looking a lot more like a Windows network than LTSP."
Nope. Because most of the people in most of the companies out there do NOT carry a laptop around. They're in a cubicle, working on a desktop PC.
So, if you can handle 95% of the workers and do so with very little effort and maintenance, then why no do so? That way you can focus more time and effort of those few laptop users.
"I think it's perfectly fair for the guy to say "Hey, I can't fundementally change how the network is run, now where's the Deploy and Policy tools for Firefox/StarOffice/etc?" If the tools aren't there, that's a big gap for Linux."
You didn't read my post. The tools are not there for most of the 3rd party products.
Microsoft tools work with Microsoft products on Microsoft platforms. That is why he couldn't manage FireFox (3rd party) with Active Directory (Microsoft) on Windows (Microsoft) the same as he could with IE (Microsoft).
Managing FireFox on Windows with Active Directory is almost the same as managing FireFox with scripts on Linux.
In fact, you can replace FireFox in the above statement with just about any non-Microsoft software and it will be accurate.
And centralized home directories on Windows have lots of problems. Just take a look at the registry if you don't believe me. Windows was not built to have remote home directories. Under *nix, the home directory contains the configuration information for that user. Under Windows, that information is in the registry.
Microsoft apps are easily adminstered on Microsoft platforms using Microsoft tools.
/home directory. And both of these solutions allow you to control the personal setting of each user. But it does take scripting.
But those same tools do NOT work well with non-Microsoft apps (or platforms).
"Is Linux desktop administration even remotely like this?"
Sort of, but it is still mostly scripting the changes.
"I've been admin'ing Windows boxen for close to 10 years now and I'm not afraid of the command line, but if replacing all my desktops with Linux means I have to hire 2 more of me to keep up with the core admin tasks, no thanks."
In my experience, it takes FEWER people to admin X machines running Linux than it takes to admin X machines running Windows (given similar experience levels). So you would not have to hire 2 more people.
"I'm looking for broad-perspective comments from those who have experience with Active Directory and whatever the corresponding Linux desktop alternative is."
Linux doesn't have anything like Active Directory (a directory service that is tied to the OS). You can use LDAP or such, but you won't get the same level of integration of OS/apps/directory.
But, as you've noticed with Active Directory and FireFox, that "integration" is limited to Microsoft apps. And only for those aspects that Microsoft has chosen to make available in that fashion.
The key issue to understand is that Linux is not Windows. The way you've configured your network to operate efficiently for Windows is probably not the most efficient for Linux.
Two examples:
#1. The Linux Terminal Server Project: In most labs, this is the easiest solution. Go to any terminal and you get the exact same desktop as before.
#2. NFS mount the
About the custom apps and so forth. That's why you implement a "migration plan". Some can be moved now, some won't be able to be moved for a while.
Where I work, we're moving all of our custom apps to Citrix servers or switching to web-based versions. I can access all of them from home, on a VPN, running Linux.
I'm also doing a pilot program with FireFox replacing IE. Just moving people off of IE for general surfing should reduce our workload with regard to spy-ware/ad-ware crap. We have a few IE-only websites that we need for work. But that can be solved with the "View in IE" add-on for FireFox.
Out of 300+ people here, only about 10 of them know or use anything more than the basics of Excel or Word. Re-training those few wouldn't be that expensive (compared to the cost savings of getting off MSOffice).
The current system is only "good enough" because no one has bothered to show them what a Linux-based system can do. The Linux Terminal Server Project changed quite a few minds. They also thought IE was "good enough" until I showed them FireFox and tabbed browsing along with SpyBot and AdAware to clean up their systems.
There might be problems with customers using different file formats, but we ALREADY have those problems. HR constantly comes to me with resumes that they want printed because they don't format correctly when they print them.
It won't be an easy drop-in-replacement, but it can be done. And the little steps at the beginning yield big time savings in support.
"But since worms etc can't do much damage if they kill their hosts, they're not losing their data."
Now, imagine a worm that changed a few random numbers in a few Excel spreadsheets that it could read/write.
It wouldn't kill the host, but it would cause lots and lots and lots of damage.
The virus/worm writers have NOT been focused on damage. They've been focused on spreading far and fast. And until they start to focus on damage, you will appear to be correct.
The only way to stop that is to be PRO-ACTIVE before it happens. And pro-active does NOT mean relying upon re-active systems.
Next week we're going to do a test roll-out of FireFox to replace IE at the company I work for. That is pro-active. We know there are flaws in IE and the odds are that more will be found. We aren't going to wait for something to get through.
"The reality is that us Windows users aren't scurrying around like that. Even the less techinically inclined users are running anti-virus and the sort."
My email scanner tells me a very different story. Again, I am pro-active in that I block ALL executable attachements from coming in. My first line of defense is NOT the re-active anti-virus updates.
You can keep believing that Windows users keep their anti-virus crap updated and running. But I see too many virus emails and spam from zombies to put much faith in your opinion.
I won't even go into the worm probes on my firewalls.
Pro-active is the best approach. But re-active is all the Windows users have. Too bad, so sad.
"we've been through these discussions over and over again. linux is NOT a suitable desktop operating system for the majority of users. most users do NOT want to spend a whole lot of time reading documentation on how to setup/configure their system, and most find it fustrating."
There are MULTIPLE categories of users.
Corporate data entry
Corporate desktop user
Home "grandma" user
Home "power gamer" user
And so on and so forth.
Linux is a GREAT idea for the CORPORATE user. It is easy to lock down and it is easy to remotely administer and it is very resistant to viruses and worms and it is INCREDIBLY STABLE. Also, corporations don't rely upon the end user to install and troubleshoot the OS, the apps or the hardware. Which is probably why so many cities and governments are looking at migrating to Linux.
For "Grandma", maybe Linux isn't a good choice if she doesn't already know someone who knows Linux. But if she does know someone like that, then Linux would be a good choice for her (no viruses, ad-ware, spy-ware, etc).
And so forth.
Making blanket statement such as "we've been through these discussions over and over again. linux is NOT a suitable desktop operating system for the majority of users." is counter productive (and incorrect).
Lots of people can use Linux at work (Corporate setting) and Windows at home ("Grandma" setting).
Will those run on Linux?