...that every now and then someone has an idea on how to make OSS development yet even better?
The whole point of OSS is that nobody actually tells (as in commands or orders) anyone to do anything. The success of Linux, Apache, BIND etc. are testament to the fact that successful software can be developed this way. Given, there are projects where I wish the developers would put more effort into one feature or into making it work at all, but the interesting thing is, that I can tell them (email or bugtracker etc.) and often enough they have listened.
But, the main reason why the community shouldn't, or probably couldn't change is because it just simply works. And this is all due to the fact that it is a self-organised network. These kind of networks have a enourmous capacity of stability and work rather effeciently (for more info on SO networks).
"Choice should not only be limited to two or three options, but all of them should also have a common code base."
Says who? And more importantly, why? Commercial companies don't (always) use the same methods, processes or technologies. Why? Simply because there is no one best way, as there is no one best code base on which to build the other options.
IMHO we should embrace the diversity of the different projects and enjoy the creativity the developers put into them and generate in others. Where necessary, the developers of competing projects are working together to interface their systems. If someone would make a case that we need "yet another senmail" or what have you, let them work on it. It's their time and nobody (or at least very few) pays them. It'll work in the end, maybe just not the way you expected.
Between Iraq and a hard place
on
Strike on Iraq
·
· Score: 1
For further information watch this to get an idea.
Errr, but the "server" is actually quite useless without the "clients", that's why I guess SETI@home belongs into the distributed computing corner of the P2P realm.
Please stop drawing analogues between socioeconomical politics and physics.
If you had read the book (pp.93) and maybe this paper, you would have noticed that Bose-Einstein condensation is used to mathematically explain monopolies in the economic network. So, the analogy is a) explained and b) may be even valid.
From the book: "It is, simply, that in some networks the winner can take all. Just as in a Bose-Einstein condensate all particles crowd into the lowest energy level, leaving the rest of the energy levels unpopulated, in some networks the fittest node could theoretically grab all the links, leaving none for the rest of the nodes. The winner takes all."
Even better: Modify bblcd to write the logs to a line printer. Now try and see if you can modify the logs. Of course you will have a lot of paper flying around depending on your verbosity preferences:-)
The kernel only has an expert mode. It would be nice if there were a higher order config that asked you basic questions and built the things you were most likely to need, with the option of going into a more expert mode if you needed to fine tune something.
You are right of course, but did it ever occur to you that this is a development kernel, to be used primarily by experts, i.e. people who can submit useful bug reports?
Your average Linux user (not a professional admin and/or geek) should not use this stuff, unless he or she is willing to provide information other than "2.5.47 doesn't work for me. Help!" As long as this kernel is still in development and not even testing, only experts should use it. But, I agree that the configurator has to change when 2.5 reaches the testing, RC phase so that Joe Average-Linuxuser can run it.
The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
The freedom to run the program, for any purpose (freedom 0).
So, the community can not (does not) restrict terrorists from using any GPL'd (or compatibly licensed) software. And by the way, one man's terrorist is another man's freedom fighter. As it stands the community does not want to engage in moral discussions about who uses its software and for what purpose.
I have no idea what the government can do about it, but how could it prohibit the use of something that is widely available? That's the reason why it would be completely useless to restrict the distribution of strong crypto to NATO countries only for example. In order for a crypto algorithm to be deemed secure by the security community, it has to be published and proven secure through years of peer review. Even if access to programs incorporating this crypto stuff could be restricted, anyone with access to academic publications (and decent programming skills) could write software based on the published algorithms.
That's the protocol, but have a look at our latest version of SeX (R), with full client/server architecture.
From the FAQ:
Q: What is it? A: Simply put, SeX(R) is an implementation of the Bee, Pollen & Flower concept.
Q: Why would I need a client/server architecture? A: In fact you don't , but we highly recommend it for stability purposes. There are standalone versions, but only SeX will give full satisfaction and process functionality.
Q: Is it secure? A: That depends. Microsoft (TM) alternatives are very prone to virus infections. In a promiscuous, multi-user client/server structure proper safeguards (e.g. firewalls) are recommended although the functionality of Sperm 1.0 might be adversely affected.
Q: Is it free? A: That depends: Although we advocate the Open Sauce approach, we can not garantee you free (as in beer) access to SeX. However, modifications can be distributed freely.
I agree, but that is not the only reason. Short-termism as you might want to call it is also introduced via the stock-market. Far too many people expect(ed in recent years) returns in the vicinity of 20-25% anually, just look at analysts' reports (another reason of course are the big pension funds, who have to rely on big profits for their current payments/liquidity). That of course means that the managers have to look for investments which will generate this kind of return. Unfortunately, this also means that the company would have to double in value every three years (approximately) and in turn that only short-term decisions are being taken while strategic decisions with long-term goals become unprofitable.
So the problem is not only management's short-term view, but also the market's. Even if I wanted to take a stretegic (long-term) approach, my stock-holders would make pretty sure that I will deliver or otherwise get replaced. It's a structural problem also, and not necessarily only a managerial.
The main problem with manager's payments is that they usually gain when the company is profitable but rarely lose when it is not. The idea of stock options should have dealt with this problem, but we all know how this can be handled (bring profits forward, overvaluation of assets etc.). Furthermore, stock options which are not in the money only mean that they will earn less, not that their income becomes zero or negative (like the company's).
In order to bring management back into closer relationship with reality (and the company's/market situation) would be to tie them completely to the company's situation. In times where the company is profitable they can rake in the doe, but at times the company is ailing, management will also lose (private) money. This way managers will have an incentive to think twice (or more often) about the decisions they are taking. Currently only stockholders and employees pay the price, and these people are hardly influential.
Sorry, not to offend, but I don't understand your answer: Why should RH8.0 be at least 20% faster than W2K on the same hardware? Especially out-of-the-box?
Did anyone (Redhat themselves even? Where?) claim that it would be? Isn't the reason why people switch to any kind of Linux because it's more flexible and customisable? I.e. instead of having to accept the OS manufacturer's idea of the OS, you can tune it to fit your needs?
I agree with you on how the world "doesnt see what it can do.... the world sees what it does out of the box", but isn't that the reason why we still have administrators around? To keep the machines running as smoothly and fast as possible? A distro maintainer can't possibly foresee what kind of a system any user might need and tune it to fit everybody's needs. What is good for someone might not be good for someone else. It's really that easy and the reason why OS maintainers (RedHat as well as Microsoft for example) provide the user with an easy to set up package that will do most of the things anyone might possibly need, albeit not as fast as possible. If the administrator can't communicate that to management, we have a problem. I give you that the sales brochures and consulting guys promise you a lot more, but who believes them anyway? You? Your boss?
Anyway, I would also like to have a distro that installs the perfect system out-of-the-box, but I know that this will never happen for me. I too, have to live with the crap they sometimes come up with, but like most other people I am happy about the fact that the distros let me do it.
I wouldn't say that W2K or any Linux distro with a recent desktop environment is happy with 64 MB. Sure, they'll work, but they will be extremely slow and swapping out constantly.
Thing is, most boxes you buy nowadays come with at least 128 or even 256 MB (if not 512 MB for the better/more expensive ones). So, this should not be an issue after all. Even my old and trusted Celeron 400 came with 128 MB and works just fine.
In general, it is not really useful to state that any modern OS would be a memory hog on older (to avoid 'out-of-date') hardware, since that was designed to run older/out-of-date software. One can't seriously expect to run bells-and-whistle software on hardware that was simply not designed to run effectively with it. That said, you can still strip down RH8 to perform reasonably on hardware as old as a 486 (not sure, but Pentium 100 isn't a problem at all). Of course, I don't use this machine for 3D gaming, it is currently a router, but could still perform for Internet browsing, albeit very slowly. But, that was always the case, even with 6.1.
Where did I say that your Grandmother (or anyone's Grandma for) is responsible for the security of my computer?
What I said was that anyone with a computer connected to a public network, a thing I like to call the "Internet", has a responsibility to secure his or her own computer so that it can't do any harm to other boxes on the net.
The Internet would be an even greater place if programmers could devise strategies to autoupdate their software with security patches. To a certain extent this could be done, but alas the system is too complex: The software would either have to request the updates or they would have to get pushed on to the systems. You don't have to think for too long to imagine the vulnerabilities in these scenarios. How about I push a not-so-secure patch on your box to update I program for which I am not even a maintainer? Too many people complain about Windows Update and switch off auto update functionality completely for the system to work properly. What about software that is distributed source code only? Let's assume you only install software that requests its own updates. What about your firewall? I know there are solutions in progress to work on some of the problems.
But one important point remains:
You have to grant access to someone else, i.e. you have to act, either by subscribing to push-auto-updates, by running an updater and/or by configuring your firewall and other security tools (think about IDS). The user still has to play an active role in this model, which is all I am asking of admins/users as long as we don't have a completely secure system. Come to think of it, work is in progress to achieve something like that in the form of TCPA, albeit it's not about our security, grrrmpf.
Is that auto update secure? Doubtful, very very doubtful.
Many people here are talking about choices and how RedHat is removing choices on the desktop. Well, think about it this way: RedHat also has the freedom of choice and that includes choosing to unify the look and administration of the desktop systems that come with their distro. Users are still free to choose another distro or install the default desktop environments as provided by the different projects.
You are right, I don't know of all the implications of all the software I run on my system. Why? Because I can't and I don't have to. All I have to do to act responsible is take reasonable diligence in securing my systems, i.e. run a packet filtering firewall, run an IDS, read security announcements and apply patches as necessary.
By the way, what is your last statement supposed to mean? Just because a truly secure system is one that I can't operate doesn't mean that I can't have a reasonable secure, monitored system that I can work with.
I am not saying that consumers should "review the design of cars, appliances, toys or other products", and neither should they (have to) review the code they are running.
All I am saying is, that one has to be aware of the possible bad stuff that could happen, monitor your system and act when something unusal shows up. You do the same with your car, e.g. something suddenly doesn't sound quite right when you shift into reverse and you take the car to the shop (or if you are the DIY type have a look yourself). Many people even do yearly inspections, refill oil when the light shows you it's time to do so, etc.
It should be the same for IT systems. You neither want the gear box to fall apart at 180 kph (yeah, I know the example is bad) on the highway and risk a severe accident that could involve others, nor do you want your computer to become a liability for others on the Internet. That's at least how I think it should be and the law often agrees with me. If forensics show that your car's malfunctioning brakes or whatever caused the accident you can be sued for gross negligence. IANAL, but I think laws exist that could be used against you if your box was used to harm others.
Why would it be "unreasonable to expect ordinary consumers to understand network security" in this context? I expect ordinary consumers to use a safe car when engaging public traffic, without simultaneously expecting them to understand how the internals of their car works. Knowing when it's not functioning within normal parameters and what to do about it (take it to the shop, reinstall system when compromised, apply patches as posted by software vendor/author).
You are running a computer that is connected to the Internet. For the sake of this argument it doesn't matter which system you favour. You are the admin of this machine.
Like it or not, you have responsibility towards ALL other network peers (i.e. the whole Internet) to make your system as secure as possible. Consider malicious software that can start DoS attacks on other remote boxes. Your insecure machine is now causing trouble to others as well as yourself (degrading connectivity).
Would you like this? Your answer could be: I don't care.
Imagine someone else has a similarly unpatched/insecure system and is directing DoS attacks on your IP. Do you care now? I guess you would.
The problem is that advertising and far too many teachers in "Internet for dummies" courses do not emphasize the fact that anyone with admin privileges on any computer (that is connected to the Internet) is effectively an administrator and has to act accordingly on issues like security. Point'n'Click installation doesn't make it any easier: You want to run a web server? Here you go.
How many install software without knowing about the security implications of the stuff they are going to run? I guess far too many. If you had to read about a certain program BEFORE you install it, the manual or How-To can give you an idea of the security implications you are probably going to run into, thus alerting the admin (on a home system that means you) and increasing awareness.
This could be a reason why Linux/Unix installations often seem to be more secure: You have to read a lot more before you can actually do something. This advantage, of course is slowly going away with point and click installations on Linux systems as distro installation programs become more user-friendly and everything gets installed via a graphical system. This might be ok for an advanced user, but could be dangerous in the hands of a novice (i.e. most home users).
I guess you could compare it to driving a car, where you have to get a license in order to participate in public traffic, because you need to know about the rules and dangers beforehand. The impact your mistakes might have on others can be very serious.
I don't want to lecture you, but I think it is important to increase awareness of security ramifications on boxes that are connected to others.
I guess it all depends on determination and what you want to get out of academic studies. I used to work for a bank, while trying to get a degree at the same time. Since I tend to have a more practical approach to work, I often couldn't see the benefits of my very theoretical business studies and focused on work. Eventually I quit the job and finished my studies with a one year full-time MBA course, which was just perfect for me. I got enough theoretical background, while getting a lot of practical input from a great variety of backgrounds, mostly from fellow students.
So, if all you want is the degree and the theories, by all means consider part-time courses, but if what you want is a broad knowledge and a network of people, you should opt for a full-time course, which will probably not leave you the time to successfully run your company.
Having said that, a friend of mine founded a company during his studies, eventually wrote his PhD thesis on the stuff he did in his company and is to this day, running the company, teaching students and doing research. He doesn't have much time for a private life though.
I mean sites devoted to web development on Linux, Apache, Perl and PostgreSQL (no, not MySQL)?
I prefer to have both. It doesn't need to be exactly the same book, although that is nice, a good book that covers the area in general and websites for more in depth information. 'Running Linux' is a perfect example, it covers the specific areas well enough to get you going and is general enough to be of use to the experienced user who just needs a simple kick in the head. The more specific stuff can then be gathered from the web, once you know what you are looking for (or at least have an idea).
So, Linux companies have to rely on a different source of income, like for example, service and consultancy. That's hardly news.
The figures can also be interpreted this way: Since Linux is usually installed once (or multiple times, let's say, one CD purchase) and then updated regularly (patched, whatever), there is no need to buy a new version. You can't upgrade MS systems (I am talking about major version updates, as in Win98->XP, not Service Packs, which sometimes are more of an annoyance pack then anything else, but that's a different story...) incrementally for free. An update from, say 98 to XP is in comparison counted as sales.
With Linux there is often no reason to update the whole distro, just update the kernel, binutils, modutils and whatever you fancy. All this stuff would rightfully never be counted as sales since (I guess) few people would buy the CDs to merely get a new kernel. It's small enough to download even with a 56K modem in a reasonable amount of time.
So yes, that was yet another useless article which showed exactly nothing. It's like saying Pete Sampras scored no points in the NBA last season. This is also true, but proves nothing. He didn't even try, or maybe he did but realized that he wouldn't be able to pay his bills playing basketball. That's why he is still playing tennis for a living.
Slashdot Mirror
The whole point of OSS is that nobody actually tells (as in commands or orders) anyone to do anything. The success of Linux, Apache, BIND etc. are testament to the fact that successful software can be developed this way. Given, there are projects where I wish the developers would put more effort into one feature or into making it work at all, but the interesting thing is, that I can tell them (email or bugtracker etc.) and often enough they have listened.
But, the main reason why the community shouldn't, or probably couldn't change is because it just simply works. And this is all due to the fact that it is a self-organised network. These kind of networks have a enourmous capacity of stability and work rather effeciently (for more info on SO networks).
"Choice should not only be limited to two or three options, but all of them should also have a common code base."
Says who? And more importantly, why? Commercial companies don't (always) use the same methods, processes or technologies. Why? Simply because there is no one best way, as there is no one best code base on which to build the other options.
IMHO we should embrace the diversity of the different projects and enjoy the creativity the developers put into them and generate in others. Where necessary, the developers of competing projects are working together to interface their systems. If someone would make a case that we need "yet another senmail" or what have you, let them work on it. It's their time and nobody (or at least very few) pays them. It'll work in the end, maybe just not the way you expected.
For further information watch this to get an idea.
Errr, but the "server" is actually quite useless without the "clients", that's why I guess SETI@home belongs into the distributed computing corner of the P2P realm.
How about getting some data from CERN?
They seem to have a couple of spare petabytes available. Just take part in the European DataGrid project and you'll have more than enough data.
Please stop drawing analogues between socioeconomical politics and physics.
If you had read the book (pp.93) and maybe this paper, you would have noticed that Bose-Einstein condensation is used to mathematically explain monopolies in the economic network. So, the analogy is a) explained and b) may be even valid.
From the book: "It is, simply, that in some networks the winner can take all. Just as in a Bose-Einstein condensate all particles crowd into the lowest energy level, leaving the rest of the energy levels unpopulated, in some networks the fittest node could theoretically grab all the links, leaving none for the rest of the nodes. The winner takes all."
Just my 2 Eurocents.
Even better: Modify bblcd to write the logs to a line printer. Now try and see if you can modify the logs. Of course you will have a lot of paper flying around depending on your verbosity preferences :-)
The kernel only has an expert mode. It would be nice if there were a higher order config that asked you basic questions and built the things you were most likely to need, with the option of going into a more expert mode if you needed to fine tune something.
You are right of course, but did it ever occur to you that this is a development kernel, to be used primarily by experts, i.e. people who can submit useful bug reports?
Your average Linux user (not a professional admin and/or geek) should not use this stuff, unless he or she is willing to provide information other than "2.5.47 doesn't work for me. Help!" As long as this kernel is still in development and not even testing, only experts should use it. But, I agree that the configurator has to change when 2.5 reaches the testing, RC phase so that Joe Average-Linuxuser can run it.
From the Open Source Definition:
6. No Discrimination Against Fields of Endeavor
The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
And this from the Free Software Definition:
The freedom to run the program, for any purpose (freedom 0).
So, the community can not (does not) restrict terrorists from using any GPL'd (or compatibly licensed) software. And by the way, one man's terrorist is another man's freedom fighter. As it stands the community does not want to engage in moral discussions about who uses its software and for what purpose.
I have no idea what the government can do about it, but how could it prohibit the use of something that is widely available? That's the reason why it would be completely useless to restrict the distribution of strong crypto to NATO countries only for example. In order for a crypto algorithm to be deemed secure by the security community, it has to be published and proven secure through years of peer review. Even if access to programs incorporating this crypto stuff could be restricted, anyone with access to academic publications (and decent programming skills) could write software based on the published algorithms.
so it's not even full-duplex? imagine more than two participants in the network....
That's the protocol, but have a look at our latest version of SeX (R), with full client/server architecture.
From the FAQ:
Q: What is it?
A: Simply put, SeX(R) is an implementation of the Bee, Pollen & Flower concept.
Q: Why would I need a client/server architecture?
A: In fact you don't , but we highly recommend it for stability purposes. There are standalone versions, but only SeX will give full satisfaction and process functionality.
Q: Is it secure?
A: That depends. Microsoft (TM) alternatives are very prone to virus infections. In a promiscuous, multi-user client/server structure proper safeguards (e.g. firewalls) are recommended although the functionality of Sperm 1.0 might be adversely affected.
Q: Is it free?
A: That depends: Although we advocate the Open Sauce approach, we can not garantee you free (as in beer) access to SeX. However, modifications can be distributed freely.
I agree, but that is not the only reason. Short-termism as you might want to call it is also introduced via the stock-market. Far too many people expect(ed in recent years) returns in the vicinity of 20-25% anually, just look at analysts' reports (another reason of course are the big pension funds, who have to rely on big profits for their current payments/liquidity). That of course means that the managers have to look for investments which will generate this kind of return. Unfortunately, this also means that the company would have to double in value every three years (approximately) and in turn that only short-term decisions are being taken while strategic decisions with long-term goals become unprofitable.
So the problem is not only management's short-term view, but also the market's. Even if I wanted to take a stretegic (long-term) approach, my stock-holders would make pretty sure that I will deliver or otherwise get replaced. It's a structural problem also, and not necessarily only a managerial.
The main problem with manager's payments is that they usually gain when the company is profitable but rarely lose when it is not. The idea of stock options should have dealt with this problem, but we all know how this can be handled (bring profits forward, overvaluation of assets etc.). Furthermore, stock options which are not in the money only mean that they will earn less, not that their income becomes zero or negative (like the company's).
In order to bring management back into closer relationship with reality (and the company's/market situation) would be to tie them completely to the company's situation. In times where the company is profitable they can rake in the doe, but at times the company is ailing, management will also lose (private) money. This way managers will have an incentive to think twice (or more often) about the decisions they are taking. Currently only stockholders and employees pay the price, and these people are hardly influential.
Sorry, not to offend, but I don't understand your answer: Why should RH8.0 be at least 20% faster than W2K on the same hardware? Especially out-of-the-box?
Did anyone (Redhat themselves even? Where?) claim that it would be? Isn't the reason why people switch to any kind of Linux because it's more flexible and customisable? I.e. instead of having to accept the OS manufacturer's idea of the OS, you can tune it to fit your needs?
I agree with you on how the world "doesnt see what it can do.... the world sees what it does out of the box", but isn't that the reason why we still have administrators around? To keep the machines running as smoothly and fast as possible? A distro maintainer can't possibly foresee what kind of a system any user might need and tune it to fit everybody's needs. What is good for someone might not be good for someone else. It's really that easy and the reason why OS maintainers (RedHat as well as Microsoft for example) provide the user with an easy to set up package that will do most of the things anyone might possibly need, albeit not as fast as possible. If the administrator can't communicate that to management, we have a problem. I give you that the sales brochures and consulting guys promise you a lot more, but who believes them anyway? You? Your boss?
Anyway, I would also like to have a distro that installs the perfect system out-of-the-box, but I know that this will never happen for me. I too, have to live with the crap they sometimes come up with, but like most other people I am happy about the fact that the distros let me do it.
I wouldn't say that W2K or any Linux distro with a recent desktop environment is happy with 64 MB. Sure, they'll work, but they will be extremely slow and swapping out constantly.
Thing is, most boxes you buy nowadays come with at least 128 or even 256 MB (if not 512 MB for the better/more expensive ones). So, this should not be an issue after all. Even my old and trusted Celeron 400 came with 128 MB and works just fine.
In general, it is not really useful to state that any modern OS would be a memory hog on older (to avoid 'out-of-date') hardware, since that was designed to run older/out-of-date software. One can't seriously expect to run bells-and-whistle software on hardware that was simply not designed to run effectively with it. That said, you can still strip down RH8 to perform reasonably on hardware as old as a 486 (not sure, but Pentium 100 isn't a problem at all). Of course, I don't use this machine for 3D gaming, it is currently a router, but could still perform for Internet browsing, albeit very slowly. But, that was always the case, even with 6.1.
Just my 2 Eurocents.
Denial of service
Where did I say that your Grandmother (or anyone's Grandma for) is responsible for the security of my computer?
What I said was that anyone with a computer connected to a public network, a thing I like to call the "Internet", has a responsibility to secure his or her own computer so that it can't do any harm to other boxes on the net.
The Internet would be an even greater place if programmers could devise strategies to autoupdate their software with security patches. To a certain extent this could be done, but alas the system is too complex: The software would either have to request the updates or they would have to get pushed on to the systems. You don't have to think for too long to imagine the vulnerabilities in these scenarios. How about I push a not-so-secure patch on your box to update I program for which I am not even a maintainer? Too many people complain about Windows Update and switch off auto update functionality completely for the system to work properly. What about software that is distributed source code only?
Let's assume you only install software that requests its own updates. What about your firewall? I know there are solutions in progress to work on some of the problems.
But one important point remains:
You have to grant access to someone else, i.e. you have to act, either by subscribing to push-auto-updates, by running an updater and/or by configuring your firewall and other security tools (think about IDS). The user still has to play an active role in this model, which is all I am asking of admins/users as long as we don't have a completely secure system. Come to think of it, work is in progress to achieve something like that in the form of TCPA, albeit it's not about our security, grrrmpf.
Is that auto update secure? Doubtful, very very doubtful.
Many people here are talking about choices and how RedHat is removing choices on the desktop. Well, think about it this way: RedHat also has the freedom of choice and that includes choosing to unify the look and administration of the desktop systems that come with their distro. Users are still free to choose another distro or install the default desktop environments as provided by the different projects.
Freedom of choice applies to all in the system.
You are right, I don't know of all the implications of all the software I run on my system. Why? Because I can't and I don't have to. All I have to do to act responsible is take reasonable diligence in securing my systems, i.e. run a packet filtering firewall, run an IDS, read security announcements and apply patches as necessary.
By the way, what is your last statement supposed to mean? Just because a truly secure system is one that I can't operate doesn't mean that I can't have a reasonable secure, monitored system that I can work with.
I am not saying that consumers should "review the design of cars, appliances, toys or other products", and neither should they (have to) review the code they are running.
All I am saying is, that one has to be aware of the possible bad stuff that could happen, monitor your system and act when something unusal shows up. You do the same with your car, e.g. something suddenly doesn't sound quite right when you shift into reverse and you take the car to the shop (or if you are the DIY type have a look yourself). Many people even do yearly inspections, refill oil when the light shows you it's time to do so, etc.
It should be the same for IT systems. You neither want the gear box to fall apart at 180 kph (yeah, I know the example is bad) on the highway and risk a severe accident that could involve others, nor do you want your computer to become a liability for others on the Internet. That's at least how I think it should be and the law often agrees with me. If forensics show that your car's malfunctioning brakes or whatever caused the accident you can be sued for gross negligence. IANAL, but I think laws exist that could be used against you if your box was used to harm others.
Why would it be "unreasonable to expect ordinary consumers to understand network security" in this context? I expect ordinary consumers to use a safe car when engaging public traffic, without simultaneously expecting them to understand how the internals of their car works. Knowing when it's not functioning within normal parameters and what to do about it (take it to the shop, reinstall system when compromised, apply patches as posted by software vendor/author).
Amen brother, especially since this nice little tool is available you don't even need to build the RPMs yourself. Let 'checkinstall' handle this.
Disclaimer: I am not involved in this project and receive neither money nor sexual favours for endorsing it.
Let me elaborate a bit here:
You are running a computer that is connected to the Internet. For the sake of this argument it doesn't matter which system you favour. You are the admin of this machine.
Like it or not, you have responsibility towards ALL other network peers (i.e. the whole Internet) to make your system as secure as possible. Consider malicious software that can start DoS attacks on other remote boxes. Your insecure machine is now causing trouble to others as well as yourself (degrading connectivity).
Would you like this? Your answer could be: I don't care.
Imagine someone else has a similarly unpatched/insecure system and is directing DoS attacks on your IP. Do you care now? I guess you would.
The problem is that advertising and far too many teachers in "Internet for dummies" courses do not emphasize the fact that anyone with admin privileges on any computer (that is connected to the Internet) is effectively an administrator and has to act accordingly on issues like security. Point'n'Click installation doesn't make it any easier: You want to run a web server? Here you go.
How many install software without knowing about the security implications of the stuff they are going to run? I guess far too many. If you had to read about a certain program BEFORE you install it, the manual or How-To can give you an idea of the security implications you are probably going to run into, thus alerting the admin (on a home system that means you) and increasing awareness.
This could be a reason why Linux/Unix installations often seem to be more secure: You have to read a lot more before you can actually do something. This advantage, of course is slowly going away with point and click installations on Linux systems as distro installation programs become more user-friendly and everything gets installed via a graphical system. This might be ok for an advanced user, but could be dangerous in the hands of a novice (i.e. most home users).
I guess you could compare it to driving a car, where you have to get a license in order to participate in public traffic, because you need to know about the rules and dangers beforehand. The impact your mistakes might have on others can be very serious.
I don't want to lecture you, but I think it is important to increase awareness of security ramifications on boxes that are connected to others.
...a hammer in the morning...
:-)
Sorry, couldn't resist
I guess it all depends on determination and what you want to get out of academic studies. I used to work for a bank, while trying to get a degree at the same time. Since I tend to have a more practical approach to work, I often couldn't see the benefits of my very theoretical business studies and focused on work. Eventually I quit the job and finished my studies with a one year full-time MBA course, which was just perfect for me. I got enough theoretical background, while getting a lot of practical input from a great variety of backgrounds, mostly from fellow students.
So, if all you want is the degree and the theories, by all means consider part-time courses, but if what you want is a broad knowledge and a network of people, you should opt for a full-time course, which will probably not leave you the time to successfully run your company.
Having said that, a friend of mine founded a company during his studies, eventually wrote his PhD thesis on the stuff he did in his company and is to this day, running the company, teaching students and doing research. He doesn't have much time for a private life though.
Hope this helps and good luck.
Come on, get out of the fifties and sixties: They are called terrorists now.
I mean sites devoted to web development on Linux, Apache, Perl and PostgreSQL (no, not MySQL)?
I prefer to have both. It doesn't need to be exactly the same book, although that is nice, a good book that covers the area in general and websites for more in depth information. 'Running Linux' is a perfect example, it covers the specific areas well enough to get you going and is general enough to be of use to the experienced user who just needs a simple kick in the head. The more specific stuff can then be gathered from the web, once you know what you are looking for (or at least have an idea).
Slainte
So, Linux companies have to rely on a different source of income, like for example, service and consultancy. That's hardly news.
The figures can also be interpreted this way: Since Linux is usually installed once (or multiple times, let's say, one CD purchase) and then updated regularly (patched, whatever), there is no need to buy a new version. You can't upgrade MS systems (I am talking about major version updates, as in Win98->XP, not Service Packs, which sometimes are more of an annoyance pack then anything else, but that's a different story...) incrementally for free. An update from, say 98 to XP is in comparison counted as sales.
With Linux there is often no reason to update the whole distro, just update the kernel, binutils, modutils and whatever you fancy. All this stuff would rightfully never be counted as sales since (I guess) few people would buy the CDs to merely get a new kernel. It's small enough to download even with a 56K modem in a reasonable amount of time.
So yes, that was yet another useless article which showed exactly nothing. It's like saying Pete Sampras scored no points in the NBA last season. This is also true, but proves nothing. He didn't even try, or maybe he did but realized that he wouldn't be able to pay his bills playing basketball. That's why he is still playing tennis for a living.