Having said all of that, it's still useful if there are distributions with the same level of stability and security as their enterprise-level cousins. There are some that do this, though.
Have any in particular worked well for you? As a consultant, having to turn to RHEL or SuSE really cuts into the bottom line!
The way to make money on OSS is usually the same as the way to make money on proprietary software. Businesses don't buy software; they buy solutions. Licensing is an implementation detail. Remember that the majority of software written is produced in-house or as a contracted custom job. One advantage with OSS is that you can focus your business locally but network with consultants elsewhere to share development load of a common codebase. (ie. excluding that which is custom to your own clients)
The exception, of course, is "off-the-shelf" software with a wide audience. Traditionally, OSS replacements for these tend to work as just plain community projects because there is widespread developer interest. (OpenOffice, Gimp, Mozilla, etc.) If you want to make a business in this sector, you'll need to think more creatively because this is a largely unexplored OSS services market. For instance, you might market the service of enhancing Gimp or Blender to graphics houses, perhaps combined with training or support. Or you might post a list of most-desired features for OpenOffice and offer to develop them once a certain pledge level has been met. The difficulty in all of this is aggregating enough smaller payments / contracts to make a living. With these models, you are, in fact, competing directly with proprietary licensing costs. The risks are inherently greater -- though no more so than trying to start a proprietary shrink-wrap shop.
From the article: "It's not surprising that the revenue is so great. More and more commercial organisations choose to buy Linux rather than download and deploy it independently," he said.
You know what this tells us? The OSS community is not going far enough. We're producing a lot of good raw materials but not enough good solutions. As a result, companies must turn to expensive commercial support options (usually bundled with proprietary administrative interfaces that make our raw materials useful in the real world). It is quite time to abandon the mentality that most users should/will build and configure their systems by hand. This old-school style of Unix admin was right for a time, but that time has passed. And I'm not just talking about the desktop. For example, it is far too difficult and costly to use stock Debian or Fedora to build a full-featured enterprise server using best practices. (ex. Linux 2.6 w/ACL patches, LDAP, Kerberos, Samba, NFSv4, etc.) Yes, it can be done. I've personally pulled it off. But it's extremely ugly and painful. And when it comes time to patch/upgrade, some work must be re-done because there is no way to cleanly and automatically migrate / merge settings. As much as I like Debian, it's not really applicable to many real world tasks where time-costs matter. Or even if the costs even out, it's more hassle than it's worth.
The solution? http://elektra.sourceforge.net/ (or at least the concept presented here..) The reason why we don't have any good Open Source configuration management tools (GUI or otherwise) is that it's too difficult to grok the hideous mess that is today's/etc hierarchy. Every tool has it's own config schema and syntax. There's no standardization whatsoever. Trying to write a tool to manage this mess is like trying to write an application using 100 diverse and unstable APIs. And forget about more advanced admin tools like automated integration of multiple components. (ex. ldap + postfix + cyrus + amavis + spamassassin + your favorite webmail) A key-value based replacement for/etc is the first step in creating an Open Source "unix that just works." And it wouldn't even be that hard! The beauty of the Elektra concept is that it can be a gradual change and no new tools or security models are required.
No, I am not a member of the Elektra project.. I just happened across their page the other day and was shocked at how obvious their proposal is in a "duh! why didn't I think of that?!" sort of way.
4) Mono. A development platform that gets a large developer base into the same boat, using the same tools and libraries, and same.. "culture", and perhaps even woo some of the massively large traditional app development community that has been heretofore developing windows-only. A single point to concentrate innovation.
Mono may become a significant player but I think that it (and.NET) are still far too immature to say for sure. On the backend, it's nowhere near as powerful and mature as the Java platform. On the frontend, it seems there is too much emphasis on traditional thick clients that talk web services. I have always wondered if.NET was MS's calculated answer to true web applications making the desktop platform irrelevant. While the core (C#/CLI) is cross-platform, there are abundant platform-specific libraries which make it heavily client-sided. Time will tell..
Wow! After hearing Linsux Lusers talking about how awful the Windows registry is, you went and copied it. Well, why not? Linsux lamers have imitated every other innovation Microsoft had, why not copy this too? Apparently the idea of a registry is now "ingenious".
The win registry is awful for a multitude of reasons. The only similarity with Elektra is that it is key-value based. Stupid troll.
Obvious, but... So $ is saved by installing OSS and thus avoiding licenses. Then, the next year the budget is cut that amount. But again, with no licenses to pay, the cut $ isn't missed.
There's a really obvious possibility that you folks are missing. What if the DOJ had instead used that $13.2mil over 5 years to contract with Sun/OpenOffice.org to hire a bunch of top programmers and perfect OpenOffice. Same budget, but much better outcome for themselves and for society. Do you realize how tragic it is every time a deal like this goes down? Going with WP instead of MS is better than nothing, but it's a major lost opportunity to move the entire Open Source movement forward. All we need is for one company / government to make a significant contribution into OpenOffice development and the MS Office monopoly will come crumbling down in a matter of a couple years.
Everyone has been saying exactly what you've said for many years now and it still hasn't happened..
Yes, because the relevant technologies are only now starting to become mature. People jumped the gun with this claim back in the late 90's. Today, we're finally seeing realistic possibilities. Note that I never said that all apps will be web-based. But all business / communications / database apps will be. This will also include the demise of office suites -- replaced by document management systems and a new generation of flexible databases. For the forseeable future, we will still need local apps for graphics and multimedia.
At each stage the claim has been that to get anywhere, we have to change what we're doing. Each time they have been wrong.
The problem with these screeds is that they don't make constructive criticisms and don't look at future options or possibilities. Yes, several things are sub-optimal with the direction OSS is heading right now. But these are solvable issues.
What do we need most today?
1.) Commercialization of all significant Open Source projects. Important projects need funding so they can hire more full-time developers. The result will be more polish and better QA, which is sorely needed. NPO's are another option for some large projects which would rather be donation-driven.. (think large corporate contributions in effort to meet common needs.. OpenOffice anyone?)
2.) The Elektra Initiative (http://elektra.sourceforge.net/) This is an ingenious key-value configuration system suitable for replacing the mess that is/etc and user dot-file hierarchies. It is entirely plain-text, human-readable, and file-system based. No daemons, databases, XML, binaries, etc. If we could standardize on this, it would virtually eliminate the differences between distros and finally make it possible to develop unified GUI config interfaces and automated admin tools.
3.) X.org.. which is progressing nicely, but could always use some extra help / funding.
That's what we need today. Longer term, the desktop is going to become largely irrelevant anyhow due to web-based technologies. This is what most pundits fail to realize when discussing the future of Linux and MS. Standards-based rich-web intranets are the holy grail of business IT.
Every year, I've been posting that the OSS world needs one sane, unified development API for its desktops. I sometimes get modded down, sometimes get angry replies...but nobody ever actually refutes what I'm saying, because they know I'm right.
A few years ago, I would have argued the same thing, but it's pretty clear now that the desktop is becoming increasingly irrelevant as web technologies mature. Think of it this way: In another 10 years, it won't matter what desktop platform you use because 90% of your day-to-day software will be web-based (think intranet). But most people will use Free Software desktops simply because they're the cheapest. Businesses will buy $200 disposable desktop PCs that network-boot Linux, an open clone of Java, and whatever highly-evolved form of Mozilla / Konqueror exists at that time. No more complicated deployment. No more licensing hastles. This sort of simplicity is the holy grail of both IT and business productivity. MS has a lot less to worry about Linux than open web standards. Although Linux is a good vehicle for their delivery.
Open source or Closed Source... makes no difference bugs and exploits will always exists.... no code is completely secure.
This is simply nonsense. It is quite possible to produce code which is completely secure, but most developers today either don't know how or don't take the extra time to do so. Because secure coding is ultimately about tight input checking, it can also have a negative effect on performance. But at some point you have to make tradeoffs. For popular (high-risk) software like OS'es and web browsers, the tradeoff always needs to fall in favor of security rather than development time or squeezing out every last ounce of performance.
I haven't found anything that compares to a combination of PP buffer protection on binaries, chroot jailed services, iptables, and SELinux policy. I just don't understand why more vendors haven't tried to create default installs that support this level of security.
The article as has a point when it states that "linux wizards" could do a lot more to enhance the Linux machine's security compared to the default RHEL installation they were using. Indeed, why are vendors not using the complete assortment of Linux security best practices? Administrators almost always go for the path of least resistance -- whether Windows or Linux. As a result, Linux distros need to make absolutely sure that this path is also the most secure by default. And tools need to be written to make proper administration easier.
Anyone have any ideas on how to prevent abuse of such a system? That is, too many people using the system and not enough people contributing?
In my experience, you can't worry about the people who don't contribute. It's their own loss -- though most will realize with time that it isn't worth the cost of maintaining private forks.
The business decision for OSS is always a very calculated one. It comes down to this: after investing in development of any necessary improvements to an OSS package, are you still saving money? The answer is often different depending on the term -- such as in the case of a less-mature project that needs more work. It is easy to envision a world where the short term costs of choosing OSS are always cheaper because everyone else has already done the majority of the work. But this is not where we are at today. As a result we need a maximum of cooperation with the realization of those involved that the beginning stages are the roughest and most expensive. Perhaps this is why we've seen the most OSS involvement from larger companies -- they have the resources to think longer-term and take more risks. For the rest, we probably need more heavily commercialized OSS business software to spread the load/risk.
Not quite. Most enterprise software comes with source available, and pretty much all of it gets customized once you get into bigger customers. Its actually a real PITA when it comes time to do upgrades.
That's exactly it.. if in-house customizations were made cleanly using proper APIs and proper modular design techniques, they could be contributed back to the community codebase such that all future upgrades would automatically include the improvements and thus reduce the need for patch & hack work. Sure, there's a fair bit of work to do either way, but the advantages to this approach are obvious. To get your own code accepted into the community codebase, it must conform to rigid quality specifications. But in return, you also get high quality improvements from others. Done properly, this is a hands down win-win for all companies involved.
The problem is that much of today's software is not designed well enough to allow for this. Customizations too often require modification to core application code. This needs to change, but Open Source alternatives are the perfect place to start. So, in contrast to the view of this article, I would argue that "ERP" and other business softwares are the perfect place for OSS. But this is a purely corporate form of OSS.. not hobby-hacker OSS.
What we need are some "professionals-only" projects aimed at meeting business needs. They can be commercially-supported or they can be designed to build ad-hoc commercial alliances. Make no mistake. This is the "killer app" of OSS in the business world -- not Linux or OpenOffice. (Although these and others will also skyrocket in popularity once the door of Free software is flung wide open.)
I'd like to see large organizations that realize a quantifiable savings due to the use of OSS contribute a small portion of the savings back to the projects that made it possible.
Lets take it a step further. Suppose that a company or gov't. could save $5.2m by using OO.org, but the result of missing features / lack of polish would cost too much in lost productivity. However, if they spend $4m to hire some programmers to improve OO.org to the point where it no longer sucks for their needs, they're still saving $1.2m. It may not be as large, but in the end, any significant and viable savings opportunity is worth pursuing.
Lets say they hire programmers at a respectable $75k/year. Figure another $25k/year for benefits, management costs, etc. $4m = 40 full-time programmers for one year. Can I get, by a show of hands, how many of you Open Source developers out there would accept a $75,000 w/ benefits contract to work full time for one year doing what you love with a team of like-minded co-workers?
And that's only one company / government. There are literally thousands of possible contracts like this worldwide.
Now, think further. Suppose that we make it easier on these prospective companies / governments by starting a company that contracts out this work and has a staff of 100+ OpenOffice programmers. This way, customers don't have to worry about the management / HR end of things. It would be a very simple company -- basically just a way keep the developers salaried and insured. A thin layer of abstraction if you will. No sales. No marketing. Just an employee owned-and-run "labor farm" if you will. It would market itself. "Thinking of switching to OO.org but it doesn't meet your needs? Let us fix it for you for half the cost of MSO licensing."
Lets be honest, folks.. OpenOffice is not the same quality of MSO yet. It is improving but it's definitely not there yet. And the project could be progressing a heck of a lot faster. Yes, the example I gave is idealistic. But it's the idea that counts -- the money is out there for the taking! People want an alternative. It is our fault if we do not provide it.
Do we want our government to be OO programmers? I don't think so.
Maybe.. if it saves taxpayer money in the long run. That's always the determining factor. It's not a matter of rich vs non-rich companies or whatever. The fact is, anyone can learn to program. Not everyone can manufacture routers, chairs, light bulbs, etc. If a government (or business) can hire some programmers and save money in the long run, they should go for it. Capitalism at work. Remember that software is most naturally a labor market.
You also have to be carefull on the el cheapo Power Supplies as they often do not supply enough amps for the 12v. It is not unheard of to see a 500w Supply deliver only 12 amps on +12v.
It's also not unheard of to see 400w cheapo power supplies rated for 18+ amps on +12v but only deliver 15A sustained before letting the magic smoke out. Or, on the other side, I've never had problems with high quality 300-350w supplies (12-15A on +12v) even on heavily loaded, modern systems. Honestly, I think the power supply number game is a bit bogus today. Then you look at the major system integrators.. and they're putting quality 200-250w supplies into P4/Athlon systems with 2 optical drives and Geforce4's. No doubt they've calculated theoretical maximum current on all rails and chosen components accordingly..
You see, even if Microsoft charges $5 per license to run CE on some embedded device which has a $10 microcontroller, they're still making the same profit per person as they would otherwise be making. sure, the profit per product is lower, but their total revenue stays positive.
Well, the article was discussing something more along the lines of IBM's Cell processor and some form of "dynamic, UPnP Beowulf cluster" of sorts. But, regardless, a couple things are certain at this point regarding hardware. Future hardware will be:
1.) Nearly free (as in: how much are you willing to pay for a 4-function calculator?)
So now we need software to run on all these tiny disposable devices. By this time, nearly all applications will use various forms of thin-client technology. (graphics rendered locally, etc.) Wireless Internet access (both on and off the "grid") will be fast and ubiquitous. So whether you are accessing your home data center or a corporate mainframe (which fits in an ATX-sized case..) or a hosted application residing halfway across the world, your means of interfacing will be small lower powered devices that don't get in your way. In such a world, there is no room for Windows. All basic software will be 100% free and commoditized because profit margins demand it and nobody will want to waste time reinventing wheels that have been perfected. Most people won't even know what an operating system is. All common-use software will also be free -- the kind of stuff you'll serve locally from your home data center. The rest will just be a highly rich and evolved Web. (think of where Google will be in say 5 years.. then think along the lines of: SVG + homogenized multimedia formats)
I'll put my bet on 10-15 years for the complete obsolescence of the consumer PC and 20 years for 95% of the world's software to be free and commoditized. Beyond that, we're talking about the stuff of SciFi.
Moving directly to Linux means a forced change of all software at once. As a rule, users hate sudden changes. I love the fact that I can now recommend a whole suite of Open Source software to my unfortunate Windows-using friends. Since they've already bought their machines, it's too late to avoid paying the "PC tax." But if they can become accustomed to using almost entirely OSS, their next system purchase can easily come pre-installed with Linux instead. Create the demand and the market will follow.
I'd love to use Amarok and k3b when I'm in Windows.
Amarok is pretty likely. It's a great "iTunes killer" and AFAIK, iPod support is progressing nicely. k3b, on the other hand, is a frontend to cdrecord, growisofs, and other low level unix-specific utilities. I imagine these will be quite difficult to port to Windows.
I'm not surprised that PSU related problems is on top seeing how it's the most important component of the computer but the one that people seem to pay the least attention.
At one of my jobs, a client had a lab full of fairly new computers with cheapo supplies. I kid you not: within 1 year, 25 out of 40 supplies failed and in three cases the motherboard and CPU were destroyed in the process. When I came onboard, I made it a policy that any machine found to crash at random would immediately have its supply yanked and replaced with a quality one. (indication of pending failure..) User complaints dropped rapidly as reliability instantly went up.
What people must understand is that they need a PSU that have the most stable rails (such as the +5 & +12 rails) and that isn't made by Mr. Bingo Bongo. Sure you can save around $20-30 going with a cheaper PSU but that action is a gamble.
It's not even just stable rails. (although this is one indication of quality..) I've found by examination of fried supplies that the cheapo varieties don't have much in the way of protection circuitry. All power supplies die at some point. That's a given. The quality ones just die gracefully and don't take the rest of your hardware with them.
As for price, the amazing thing is that there's not always that much difference between a quality budget supply and a total garbage one. I've found 300W Fortron (FSP-300) supplies in the $25-30 range. They're not top of the line, but I've yet to have a problem either.
Having implemented diskless workstation solutions, I definitely concur that this is THE way to use Linux in business or educational environments. The administrative ease (and therefore cost reduction) is simply a dream come true compared to comparative Windows-based solutions.
On the other hand, people really need to work on improving the technologies relevant to this sort of application. LTSP is pretty bad in general and I ended up rolling my own solution using Debian instead. The result works, but has a lot of room for improvement (specifically in the areas of NFS, security, and managing standard userland software configurations). Although it may be the most readily available, I generally disagree with the "thin client" aka "terminal services" approach because powerful workstations are not a significant cost factor anymore. You might as well give your users the responsiveness and multimedia capabilities they are used to. Also, when vector graphics-driven, OpenGL-accelerated desktops become the norm (1.5-2 years), you can forget about running apps on the server.
In one case, my cost ended up around $350/ea for OEM AthlonXP 2500, 256mb, 17" (refurb) monitor workstations. That's only about $100-150 more than a crappy thin-client pre-fab.
As for those leftover Windows apps on Windows terminal servers.. Well.. it's high time to develop modern, rich web applications to replace them. (think XUL and Java) Note to all entrepreneurial geeks: there's a huge market out there for superior-quality Open Source business software. In fact, I would go as far to say that this is where most of the money in developing Open Source software is. The fact that the software can also run on a Free OS is just icing on the cake. Specialized business software is the #2 reason why more companies don't switch to desktop Linux. The #1 reason is MS Office, but office suites themselves need to be obsoleted by a new generation of rich, flexible, web-driven business database software where users are concerned strictly with content and not typesetting, macros, spreadsheet creation, file management/exchange, and other hastles.
Gates: If everything runs under the same platform, however, you can better concentrate resources and more quickly repair errors.
I've admin'ed hybrid networks (Windows and Linux) and I've spent a whole lot more time and effort keeping Windows working and secured than Linux.
It's true that all platforms have security problems and need frequent updates. This will not change until all developers start taking security seriously and using secure-by-design coding practices. In the meantime, I have found Linux/FOSS systems much easier to deal with when security problems do arise. After all, I can usually run one program to automatically upgrade all software on a system. Not only does the OS get patches, but also user-space programs. With Windows, I have to deal with multiple versions of the OS because the licensing does not allow free upgrades. And worse, I have no way to easily upgrade the diverse selection of software that people are using. (Remember the Windows GDI bug?) This is one of those "secondary" benefits of Free licensing that most people don't think about. Free distribution means centralized updates and therefore easier administration.
Re:Passwords are fine, the systems that are broken
on
Password Security Panned
·
· Score: 2, Insightful
The result, of course, was a trivially easy denial-of-service attack that left me locked out of my own system.
Hence why any locking mechanism should be per-IP address..
Another option is simply to not lock the account but instead have a 15 second delay or so between failed attempts. Given a secure password, this makes brute force useless. That's only 240 attempts/hour. Suppose you use random case sensitive alphanumerics with a length of only 6. That would be 62^6 = 56,800,235,584 possibilities. Nice try cracking that..
Of course, for VPN, some form of host key authentication is probably the best solution.
Why? Why is one a natural right and the other not?
Did you read the last paragraph of the parent post? Since your only argument amounts to "I think everybody who challenges the current state of IP law must just be out for freebies," why don't you try explaining why the hypothetical US inventor in the example has a natural right to own the idea? If you cannot, it should be self-explanatory why "IP" is not a natural right, but rather a limited granted privilege.
For the record, most people who challenge our current implementations of copyright and/or patent have specific and legitimate arguments based upon real-world experience in various industry. Indeed, most are neither against these social constructs nor the recognition of physical property rights. So please stop making assumptions.
I'm sorry that the freedom to own property annoys you.
Freedom of speech is a fundamental freedom which the government cannot take away because it was never "granted" in the first place. It simply exists as a basic, inalienable human right. The body of law, which only recently became in vogue among lawyers to call "intellectual property," is a limited granted privilege. The US Constitution gives Congress the power to create such laws, but it does not require it to nor does it claim that copyright, patent, or trademark are fundamental rights. Fifty years from now, if Congress decided to completely abolish copyright and the patent system, this would be perfectly constitutional.
The Constitution also requires that such laws be used by Congress "to promote the progress of science and the useful arts." So if the application of copyright or patent in a particular field does not achieve this goal, by definition that application is unconstitutional. There are very good arguments why software patents fall into this category and therefore should be abolished.
If you've ever read the writings of the founding fathers of the US, you would very quickly realize that they would never have agreed to use the term "intellectual property" because this is, in fact, a misnomer.
Consider the philosophy of this situation: An inventor in the US and an inventor in Japan come up with the exact same idea completely independently. But suppose the Japanese inventor had the idea 1 month before the US inventor. Who actually owns the idea? Obviously neither of them. It's just an idea that both inventors happened to have, most likely because it was the logical "next step" of innovation. However, if the US inventor publically disclosed the idea using a patent application before the Japanese inventor could get around to it, the US inventor would be granted the patent. This sort of thing happens all the time. See why the term "intellectual property" doesn't quite fit the subject matter?
I think this is exactly what is happenning. Microsoft owns the office suite arena. As of right now they have nothing to really worry about in any of the other office suites.
The open source community needs to learn something from this whole scenario. We may not be able to beat them at their own game. It may be a wasted effort to continue chasing MS's taillights when it comes to office suites. After all, many people / companies aren't upgrading from Office 97/2000, so why should they bother switching to OpenOffice? (hint: they're not saving any money) What we need to do is re-write the rules and offer something completely new and innovative. Instead of trying to compete head-to-head with Office, we should be working to obsolete it with fundamentally superior technology. The whole "office suite" paradigm is thoroughly outdated given the software techniques available today. (think: web-centric, separation of duties, separation of content and presentation, centralization, server-side, etc.)
Slashdot Mirror
Having said all of that, it's still useful if there are distributions with the same level of stability and security as their enterprise-level cousins. There are some that do this, though.
Have any in particular worked well for you? As a consultant, having to turn to RHEL or SuSE really cuts into the bottom line!
The way to make money on OSS is usually the same as the way to make money on proprietary software. Businesses don't buy software; they buy solutions. Licensing is an implementation detail. Remember that the majority of software written is produced in-house or as a contracted custom job. One advantage with OSS is that you can focus your business locally but network with consultants elsewhere to share development load of a common codebase. (ie. excluding that which is custom to your own clients)
The exception, of course, is "off-the-shelf" software with a wide audience. Traditionally, OSS replacements for these tend to work as just plain community projects because there is widespread developer interest. (OpenOffice, Gimp, Mozilla, etc.) If you want to make a business in this sector, you'll need to think more creatively because this is a largely unexplored OSS services market. For instance, you might market the service of enhancing Gimp or Blender to graphics houses, perhaps combined with training or support. Or you might post a list of most-desired features for OpenOffice and offer to develop them once a certain pledge level has been met. The difficulty in all of this is aggregating enough smaller payments / contracts to make a living. With these models, you are, in fact, competing directly with proprietary licensing costs. The risks are inherently greater -- though no more so than trying to start a proprietary shrink-wrap shop.
From the article:
/etc hierarchy. Every tool has it's own config schema and syntax. There's no standardization whatsoever. Trying to write a tool to manage this mess is like trying to write an application using 100 diverse and unstable APIs. And forget about more advanced admin tools like automated integration of multiple components. (ex. ldap + postfix + cyrus + amavis + spamassassin + your favorite webmail) A key-value based replacement for /etc is the first step in creating an Open Source "unix that just works." And it wouldn't even be that hard! The beauty of the Elektra concept is that it can be a gradual change and no new tools or security models are required.
"It's not surprising that the revenue is so great. More and more commercial organisations choose to buy Linux rather than download and deploy it independently," he said.
You know what this tells us? The OSS community is not going far enough. We're producing a lot of good raw materials but not enough good solutions. As a result, companies must turn to expensive commercial support options (usually bundled with proprietary administrative interfaces that make our raw materials useful in the real world). It is quite time to abandon the mentality that most users should/will build and configure their systems by hand. This old-school style of Unix admin was right for a time, but that time has passed. And I'm not just talking about the desktop. For example, it is far too difficult and costly to use stock Debian or Fedora to build a full-featured enterprise server using best practices. (ex. Linux 2.6 w/ACL patches, LDAP, Kerberos, Samba, NFSv4, etc.) Yes, it can be done. I've personally pulled it off. But it's extremely ugly and painful. And when it comes time to patch/upgrade, some work must be re-done because there is no way to cleanly and automatically migrate / merge settings. As much as I like Debian, it's not really applicable to many real world tasks where time-costs matter. Or even if the costs even out, it's more hassle than it's worth.
The solution? http://elektra.sourceforge.net/ (or at least the concept presented here..) The reason why we don't have any good Open Source configuration management tools (GUI or otherwise) is that it's too difficult to grok the hideous mess that is today's
No, I am not a member of the Elektra project.. I just happened across their page the other day and was shocked at how obvious their proposal is in a "duh! why didn't I think of that?!" sort of way.
4) Mono. A development platform that gets a large developer base into the same boat, using the same tools and libraries, and same.. "culture", and perhaps even woo some of the massively large traditional app development community that has been heretofore developing windows-only. A single point to concentrate innovation.
.NET) are still far too immature to say for sure. On the backend, it's nowhere near as powerful and mature as the Java platform. On the frontend, it seems there is too much emphasis on traditional thick clients that talk web services. I have always wondered if .NET was MS's calculated answer to true web applications making the desktop platform irrelevant. While the core (C#/CLI) is cross-platform, there are abundant platform-specific libraries which make it heavily client-sided. Time will tell..
Mono may become a significant player but I think that it (and
Wow! After hearing Linsux Lusers talking about how awful the Windows registry is, you went and copied it. Well, why not? Linsux lamers have imitated every other innovation Microsoft had, why not copy this too? Apparently the idea of a registry is now "ingenious".
The win registry is awful for a multitude of reasons. The only similarity with Elektra is that it is key-value based. Stupid troll.
Obvious, but ... So $ is saved by installing OSS and thus avoiding licenses. Then, the next year the budget is cut that amount. But again, with no licenses to pay, the cut $ isn't missed.
There's a really obvious possibility that you folks are missing. What if the DOJ had instead used that $13.2mil over 5 years to contract with Sun/OpenOffice.org to hire a bunch of top programmers and perfect OpenOffice. Same budget, but much better outcome for themselves and for society. Do you realize how tragic it is every time a deal like this goes down? Going with WP instead of MS is better than nothing, but it's a major lost opportunity to move the entire Open Source movement forward. All we need is for one company / government to make a significant contribution into OpenOffice development and the MS Office monopoly will come crumbling down in a matter of a couple years.
Everyone has been saying exactly what you've said for many years now and it still hasn't happened..
Yes, because the relevant technologies are only now starting to become mature. People jumped the gun with this claim back in the late 90's. Today, we're finally seeing realistic possibilities. Note that I never said that all apps will be web-based. But all business / communications / database apps will be. This will also include the demise of office suites -- replaced by document management systems and a new generation of flexible databases. For the forseeable future, we will still need local apps for graphics and multimedia.
At each stage the claim has been that to get anywhere, we have to change what we're doing. Each time they have been wrong.
/etc and user dot-file hierarchies. It is entirely plain-text, human-readable, and file-system based. No daemons, databases, XML, binaries, etc. If we could standardize on this, it would virtually eliminate the differences between distros and finally make it possible to develop unified GUI config interfaces and automated admin tools.
.. which is progressing nicely, but could always use some extra help / funding.
The problem with these screeds is that they don't make constructive criticisms and don't look at future options or possibilities. Yes, several things are sub-optimal with the direction OSS is heading right now. But these are solvable issues.
What do we need most today?
1.) Commercialization of all significant Open Source projects. Important projects need funding so they can hire more full-time developers. The result will be more polish and better QA, which is sorely needed. NPO's are another option for some large projects which would rather be donation-driven.. (think large corporate contributions in effort to meet common needs.. OpenOffice anyone?)
2.) The Elektra Initiative (http://elektra.sourceforge.net/) This is an ingenious key-value configuration system suitable for replacing the mess that is
3.) X.org
That's what we need today. Longer term, the desktop is going to become largely irrelevant anyhow due to web-based technologies. This is what most pundits fail to realize when discussing the future of Linux and MS. Standards-based rich-web intranets are the holy grail of business IT.
Every year, I've been posting that the OSS world needs one sane, unified development API for its desktops. I sometimes get modded down, sometimes get angry replies...but nobody ever actually refutes what I'm saying, because they know I'm right.
A few years ago, I would have argued the same thing, but it's pretty clear now that the desktop is becoming increasingly irrelevant as web technologies mature. Think of it this way: In another 10 years, it won't matter what desktop platform you use because 90% of your day-to-day software will be web-based (think intranet). But most people will use Free Software desktops simply because they're the cheapest. Businesses will buy $200 disposable desktop PCs that network-boot Linux, an open clone of Java, and whatever highly-evolved form of Mozilla / Konqueror exists at that time. No more complicated deployment. No more licensing hastles. This sort of simplicity is the holy grail of both IT and business productivity. MS has a lot less to worry about Linux than open web standards. Although Linux is a good vehicle for their delivery.
Open source or Closed Source... makes no difference bugs and exploits will always exists. ... no code is completely secure.
This is simply nonsense. It is quite possible to produce code which is completely secure, but most developers today either don't know how or don't take the extra time to do so. Because secure coding is ultimately about tight input checking, it can also have a negative effect on performance. But at some point you have to make tradeoffs. For popular (high-risk) software like OS'es and web browsers, the tradeoff always needs to fall in favor of security rather than development time or squeezing out every last ounce of performance.
I haven't found anything that compares to a combination of PP buffer protection on binaries, chroot jailed services, iptables, and SELinux policy. I just don't understand why more vendors haven't tried to create default installs that support this level of security.
The article as has a point when it states that "linux wizards" could do a lot more to enhance the Linux machine's security compared to the default RHEL installation they were using. Indeed, why are vendors not using the complete assortment of Linux security best practices? Administrators almost always go for the path of least resistance -- whether Windows or Linux. As a result, Linux distros need to make absolutely sure that this path is also the most secure by default. And tools need to be written to make proper administration easier.
Anyone have any ideas on how to prevent abuse of such a system? That is, too many people using the system and not enough people contributing?
In my experience, you can't worry about the people who don't contribute. It's their own loss -- though most will realize with time that it isn't worth the cost of maintaining private forks.
The business decision for OSS is always a very calculated one. It comes down to this: after investing in development of any necessary improvements to an OSS package, are you still saving money? The answer is often different depending on the term -- such as in the case of a less-mature project that needs more work. It is easy to envision a world where the short term costs of choosing OSS are always cheaper because everyone else has already done the majority of the work. But this is not where we are at today. As a result we need a maximum of cooperation with the realization of those involved that the beginning stages are the roughest and most expensive. Perhaps this is why we've seen the most OSS involvement from larger companies -- they have the resources to think longer-term and take more risks. For the rest, we probably need more heavily commercialized OSS business software to spread the load/risk.
Not quite. Most enterprise software comes with source available, and pretty much all of it gets customized once you get into bigger customers. Its actually a real PITA when it comes time to do upgrades.
That's exactly it.. if in-house customizations were made cleanly using proper APIs and proper modular design techniques, they could be contributed back to the community codebase such that all future upgrades would automatically include the improvements and thus reduce the need for patch & hack work. Sure, there's a fair bit of work to do either way, but the advantages to this approach are obvious. To get your own code accepted into the community codebase, it must conform to rigid quality specifications. But in return, you also get high quality improvements from others. Done properly, this is a hands down win-win for all companies involved.
The problem is that much of today's software is not designed well enough to allow for this. Customizations too often require modification to core application code. This needs to change, but Open Source alternatives are the perfect place to start. So, in contrast to the view of this article, I would argue that "ERP" and other business softwares are the perfect place for OSS. But this is a purely corporate form of OSS.. not hobby-hacker OSS.
What we need are some "professionals-only" projects aimed at meeting business needs. They can be commercially-supported or they can be designed to build ad-hoc commercial alliances. Make no mistake. This is the "killer app" of OSS in the business world -- not Linux or OpenOffice. (Although these and others will also skyrocket in popularity once the door of Free software is flung wide open.)
I'd like to see large organizations that realize a quantifiable savings due to the use of OSS contribute a small portion of the savings back to the projects that made it possible.
Lets take it a step further. Suppose that a company or gov't. could save $5.2m by using OO.org, but the result of missing features / lack of polish would cost too much in lost productivity. However, if they spend $4m to hire some programmers to improve OO.org to the point where it no longer sucks for their needs, they're still saving $1.2m. It may not be as large, but in the end, any significant and viable savings opportunity is worth pursuing.
Lets say they hire programmers at a respectable $75k/year. Figure another $25k/year for benefits, management costs, etc. $4m = 40 full-time programmers for one year. Can I get, by a show of hands, how many of you Open Source developers out there would accept a $75,000 w/ benefits contract to work full time for one year doing what you love with a team of like-minded co-workers?
And that's only one company / government. There are literally thousands of possible contracts like this worldwide.
Now, think further. Suppose that we make it easier on these prospective companies / governments by starting a company that contracts out this work and has a staff of 100+ OpenOffice programmers. This way, customers don't have to worry about the management / HR end of things. It would be a very simple company -- basically just a way keep the developers salaried and insured. A thin layer of abstraction if you will. No sales. No marketing. Just an employee owned-and-run "labor farm" if you will. It would market itself. "Thinking of switching to OO.org but it doesn't meet your needs? Let us fix it for you for half the cost of MSO licensing."
Lets be honest, folks.. OpenOffice is not the same quality of MSO yet. It is improving but it's definitely not there yet. And the project could be progressing a heck of a lot faster. Yes, the example I gave is idealistic. But it's the idea that counts -- the money is out there for the taking! People want an alternative. It is our fault if we do not provide it.
Do we want our government to be OO programmers? I don't think so.
Maybe.. if it saves taxpayer money in the long run. That's always the determining factor. It's not a matter of rich vs non-rich companies or whatever. The fact is, anyone can learn to program. Not everyone can manufacture routers, chairs, light bulbs, etc. If a government (or business) can hire some programmers and save money in the long run, they should go for it. Capitalism at work. Remember that software is most naturally a labor market.
You also have to be carefull on the el cheapo Power Supplies as they often do not supply enough amps for the 12v. It is not unheard of to see a 500w Supply deliver only 12 amps on +12v.
It's also not unheard of to see 400w cheapo power supplies rated for 18+ amps on +12v but only deliver 15A sustained before letting the magic smoke out. Or, on the other side, I've never had problems with high quality 300-350w supplies (12-15A on +12v) even on heavily loaded, modern systems. Honestly, I think the power supply number game is a bit bogus today. Then you look at the major system integrators.. and they're putting quality 200-250w supplies into P4/Athlon systems with 2 optical drives and Geforce4's. No doubt they've calculated theoretical maximum current on all rails and chosen components accordingly..
You see, even if Microsoft charges $5 per license to run CE on some embedded device which has a $10 microcontroller, they're still making the same profit per person as they would otherwise be making. sure, the profit per product is lower, but their total revenue stays positive.
Well, the article was discussing something more along the lines of IBM's Cell processor and some form of "dynamic, UPnP Beowulf cluster" of sorts. But, regardless, a couple things are certain at this point regarding hardware. Future hardware will be:
1.) Nearly free (as in: how much are you willing to pay for a 4-function calculator?)
2.) Disposable (think: old cell phones)
3.) Extremely small
4.) Universally compatible (various wireless standards, USB, UPnP, etc.)
So now we need software to run on all these tiny disposable devices. By this time, nearly all applications will use various forms of thin-client technology. (graphics rendered locally, etc.) Wireless Internet access (both on and off the "grid") will be fast and ubiquitous. So whether you are accessing your home data center or a corporate mainframe (which fits in an ATX-sized case..) or a hosted application residing halfway across the world, your means of interfacing will be small lower powered devices that don't get in your way. In such a world, there is no room for Windows. All basic software will be 100% free and commoditized because profit margins demand it and nobody will want to waste time reinventing wheels that have been perfected. Most people won't even know what an operating system is. All common-use software will also be free -- the kind of stuff you'll serve locally from your home data center. The rest will just be a highly rich and evolved Web. (think of where Google will be in say 5 years.. then think along the lines of: SVG + homogenized multimedia formats)
I'll put my bet on 10-15 years for the complete obsolescence of the consumer PC and 20 years for 95% of the world's software to be free and commoditized. Beyond that, we're talking about the stuff of SciFi.
It's all about the "baby steps."
Moving directly to Linux means a forced change of all software at once. As a rule, users hate sudden changes. I love the fact that I can now recommend a whole suite of Open Source software to my unfortunate Windows-using friends. Since they've already bought their machines, it's too late to avoid paying the "PC tax." But if they can become accustomed to using almost entirely OSS, their next system purchase can easily come pre-installed with Linux instead. Create the demand and the market will follow.
I'd love to use Amarok and k3b when I'm in Windows.
Amarok is pretty likely. It's a great "iTunes killer" and AFAIK, iPod support is progressing nicely. k3b, on the other hand, is a frontend to cdrecord, growisofs, and other low level unix-specific utilities. I imagine these will be quite difficult to port to Windows.
I'm not surprised that PSU related problems is on top seeing how it's the most important component of the computer but the one that people seem to pay the least attention.
At one of my jobs, a client had a lab full of fairly new computers with cheapo supplies. I kid you not: within 1 year, 25 out of 40 supplies failed and in three cases the motherboard and CPU were destroyed in the process. When I came onboard, I made it a policy that any machine found to crash at random would immediately have its supply yanked and replaced with a quality one. (indication of pending failure..) User complaints dropped rapidly as reliability instantly went up.
What people must understand is that they need a PSU that have the most stable rails (such as the +5 & +12 rails) and that isn't made by Mr. Bingo Bongo. Sure you can save around $20-30 going with a cheaper PSU but that action is a gamble.
It's not even just stable rails. (although this is one indication of quality..) I've found by examination of fried supplies that the cheapo varieties don't have much in the way of protection circuitry. All power supplies die at some point. That's a given. The quality ones just die gracefully and don't take the rest of your hardware with them.
As for price, the amazing thing is that there's not always that much difference between a quality budget supply and a total garbage one. I've found 300W Fortron (FSP-300) supplies in the $25-30 range. They're not top of the line, but I've yet to have a problem either.
Having implemented diskless workstation solutions, I definitely concur that this is THE way to use Linux in business or educational environments. The administrative ease (and therefore cost reduction) is simply a dream come true compared to comparative Windows-based solutions.
On the other hand, people really need to work on improving the technologies relevant to this sort of application. LTSP is pretty bad in general and I ended up rolling my own solution using Debian instead. The result works, but has a lot of room for improvement (specifically in the areas of NFS, security, and managing standard userland software configurations). Although it may be the most readily available, I generally disagree with the "thin client" aka "terminal services" approach because powerful workstations are not a significant cost factor anymore. You might as well give your users the responsiveness and multimedia capabilities they are used to. Also, when vector graphics-driven, OpenGL-accelerated desktops become the norm (1.5-2 years), you can forget about running apps on the server.
In one case, my cost ended up around $350/ea for OEM AthlonXP 2500, 256mb, 17" (refurb) monitor workstations. That's only about $100-150 more than a crappy thin-client pre-fab.
As for those leftover Windows apps on Windows terminal servers.. Well.. it's high time to develop modern, rich web applications to replace them. (think XUL and Java) Note to all entrepreneurial geeks: there's a huge market out there for superior-quality Open Source business software. In fact, I would go as far to say that this is where most of the money in developing Open Source software is. The fact that the software can also run on a Free OS is just icing on the cake. Specialized business software is the #2 reason why more companies don't switch to desktop Linux. The #1 reason is MS Office, but office suites themselves need to be obsoleted by a new generation of rich, flexible, web-driven business database software where users are concerned strictly with content and not typesetting, macros, spreadsheet creation, file management/exchange, and other hastles.
Gates: If everything runs under the same platform, however, you can better concentrate resources and more quickly repair errors.
I've admin'ed hybrid networks (Windows and Linux) and I've spent a whole lot more time and effort keeping Windows working and secured than Linux.
It's true that all platforms have security problems and need frequent updates. This will not change until all developers start taking security seriously and using secure-by-design coding practices. In the meantime, I have found Linux/FOSS systems much easier to deal with when security problems do arise. After all, I can usually run one program to automatically upgrade all software on a system. Not only does the OS get patches, but also user-space programs. With Windows, I have to deal with multiple versions of the OS because the licensing does not allow free upgrades. And worse, I have no way to easily upgrade the diverse selection of software that people are using. (Remember the Windows GDI bug?) This is one of those "secondary" benefits of Free licensing that most people don't think about. Free distribution means centralized updates and therefore easier administration.
The result, of course, was a trivially easy denial-of-service attack that left me locked out of my own system.
Hence why any locking mechanism should be per-IP address..
Another option is simply to not lock the account but instead have a 15 second delay or so between failed attempts. Given a secure password, this makes brute force useless. That's only 240 attempts/hour. Suppose you use random case sensitive alphanumerics with a length of only 6. That would be 62^6 = 56,800,235,584 possibilities. Nice try cracking that..
Of course, for VPN, some form of host key authentication is probably the best solution.
Why? Why is one a natural right and the other not?
Did you read the last paragraph of the parent post? Since your only argument amounts to "I think everybody who challenges the current state of IP law must just be out for freebies," why don't you try explaining why the hypothetical US inventor in the example has a natural right to own the idea? If you cannot, it should be self-explanatory why "IP" is not a natural right, but rather a limited granted privilege.
For the record, most people who challenge our current implementations of copyright and/or patent have specific and legitimate arguments based upon real-world experience in various industry. Indeed, most are neither against these social constructs nor the recognition of physical property rights. So please stop making assumptions.
I'm sorry that the freedom to own property annoys you.
Freedom of speech is a fundamental freedom which the government cannot take away because it was never "granted" in the first place. It simply exists as a basic, inalienable human right. The body of law, which only recently became in vogue among lawyers to call "intellectual property," is a limited granted privilege. The US Constitution gives Congress the power to create such laws, but it does not require it to nor does it claim that copyright, patent, or trademark are fundamental rights. Fifty years from now, if Congress decided to completely abolish copyright and the patent system, this would be perfectly constitutional.
The Constitution also requires that such laws be used by Congress "to promote the progress of science and the useful arts." So if the application of copyright or patent in a particular field does not achieve this goal, by definition that application is unconstitutional. There are very good arguments why software patents fall into this category and therefore should be abolished.
If you've ever read the writings of the founding fathers of the US, you would very quickly realize that they would never have agreed to use the term "intellectual property" because this is, in fact, a misnomer.
Consider the philosophy of this situation: An inventor in the US and an inventor in Japan come up with the exact same idea completely independently. But suppose the Japanese inventor had the idea 1 month before the US inventor. Who actually owns the idea? Obviously neither of them. It's just an idea that both inventors happened to have, most likely because it was the logical "next step" of innovation. However, if the US inventor publically disclosed the idea using a patent application before the Japanese inventor could get around to it, the US inventor would be granted the patent. This sort of thing happens all the time. See why the term "intellectual property" doesn't quite fit the subject matter?
I think this is exactly what is happenning. Microsoft owns the office suite arena. As of right now they have nothing to really worry about in any of the other office suites.
The open source community needs to learn something from this whole scenario. We may not be able to beat them at their own game. It may be a wasted effort to continue chasing MS's taillights when it comes to office suites. After all, many people / companies aren't upgrading from Office 97/2000, so why should they bother switching to OpenOffice? (hint: they're not saving any money) What we need to do is re-write the rules and offer something completely new and innovative. Instead of trying to compete head-to-head with Office, we should be working to obsolete it with fundamentally superior technology. The whole "office suite" paradigm is thoroughly outdated given the software techniques available today. (think: web-centric, separation of duties, separation of content and presentation, centralization, server-side, etc.)