>"Tiemann offers an historical perspective on what makes open source businesses successful, and shares how he dealt with the open source movement's early skeptic"
Cygnus lasted only for 11 years and was not a huge success. We shouldn't take advice from small business owners that didn't do very well. Sure Cygnus survived, but eventually sold out to Red Hat.
Now if you're the guys who originally came up with Android (pre-Google acquisition, as Google didn't create it), I'm listening.
Cygnus developers gave Red Hat talent, insight and control over what was the most important part of the ecosystem for the burgeoning operating system company - the toolchain. GCC was critical in the ability to provide 10 years of API/ABI compatibility and support for enterprise legitimacy.
Without Cygnus, Red Hat Linux would have had a hard time remaking itself into Red Hat Enterprise Linux.
A lot of this conversation has been about remote security scans, but once you find a vulnerability, how do you remediate it? How do you maintain your security posture, and continue auditing your hosts on a regular bases? To what standard?
The National Institute of Standards & Technology provides a lot of help to those attempting to implement security standards.
First is the Security Content Automation Protocol (SCAP) - scap.nist.gov. This defines how you manage, measure and evaluate vulnerabilities.
Second would be SCAP content. You'll note on the NIST SCAP page the word "community" appears 5 times in the first paragraph. That's not on accident. SCAP content is generally community generated, and there are lots of great lists of people working on SCAP content for a variety of operating systems.
Red Hat maintains the gov-sec mailing list and fedora, for example has loads of content available for Red Hat Enterprise Linux based systems.
Our friends at NIST also publish what is called the US Gov't Configuration Baseline (USGCB for short). USGCB content is available in SCAP format for Windows & RHEL. These standards are certainly a good starting point.
If your standards come in the form of a STIG - that content is available as well from the Aqueduct project.
[Disclaimer - I work for Red Hat, I support the US Gov't, and I think making security easier is probably an important thing to do]
re-read the parent post. It has nothing to do with actual fuel economy, and everything to do with how govt's define and evaluate average fuel economy. His point is that you need to compare like test results, not disparate standards.
Your personal experience, while representative of your actual gas mileage, represent yet another standard for comparison.
There is no such thing as a "one-time issue" with RHEL.
True.
You have to pay for a yearly minimum support contract, for the right to use software that has their trade marked brand name and logo's embedded.
False. You are paying for support and updates, access to the KB, the Certifications (Common Criteria, FIPS, etc, etc), reference architectures, etc. NOT for the use of the trademarked brand name / logo's
Once that runs out, you should either renew, or remove the offending binaries, documentation and logos off your systems.
False. Once your subscription runs out, your RHN account will be locked, and you will not be able to get updates, access the KB or enter support tickets.
You do get update binaries in this minimal contract, which is what you really want anyway. Waiting for CentOS to come up with those may be the difference in having your systems compromised or not. There's nothing wrong with CentOS, but it's always behind RHEL, because of the mere concept of it.
Without Red Hat there would be no CentOS, and even with Red Hat doing the lions share of the work, the CentOS folks have a hell of a time getting updates, patches, security fixes out.
Ok, well I have my own little bit to post, so here it goes. I am 19 and make $40k+ a year, Unix/NT Sysadmin at a major corp. I did not go to college, but I wish I had. I missed out on some great parties, dorm living, etc. But, i have my own car, pay my own bills, go on vacations, etc. (none of my college friends can afford to order pizza, much less a airplane ticket) Three of my very good friends also skipped college and started working, they are pulling $30k+ @19. Not bad if you ask me. Two of them do helpdesk, but one is a Cold Fusion dev. doing intranet applications. I've taken a few classes at the local community college, but working 50+ hours a week & going to school did not work for me. All in all, I think we are doing fine now, but eventually I will go to school, who wants to be a techie all their life? I know that what I really want to do is project management.
I have to say that I disagree with what this guy has said, he is wrong about the technology @ schools. I would love to have gone to MIT and played in a devl. lab all day, but I chose instead to start my career. Oh well, we'll see how it all goes!
Slashdot Mirror
This region is only Secret - Top Secret workloads have been running in C2S for years.
Read the CIA Press Release here
Did I miss a sarcasm flag somewhere?
>"Tiemann offers an historical perspective on what makes open source businesses successful, and shares how he dealt with the open source movement's early skeptic"
Cygnus lasted only for 11 years and was not a huge success. We shouldn't take advice from small business owners that didn't do very well. Sure Cygnus survived, but eventually sold out to Red Hat.
Now if you're the guys who originally came up with Android (pre-Google acquisition, as Google didn't create it), I'm listening.
Cygnus developers gave Red Hat talent, insight and control over what was the most important part of the ecosystem for the burgeoning operating system company - the toolchain. GCC was critical in the ability to provide 10 years of API/ABI compatibility and support for enterprise legitimacy.
Without Cygnus, Red Hat Linux would have had a hard time remaking itself into Red Hat Enterprise Linux.
That may well be the point ;)
A lot of this conversation has been about remote security scans, but once you find a vulnerability, how do you remediate it? How do you maintain your security posture, and continue auditing your hosts on a regular bases? To what standard?
The National Institute of Standards & Technology provides a lot of help to those attempting to implement security standards.
First is the Security Content Automation Protocol (SCAP) - scap.nist.gov. This defines how you manage, measure and evaluate vulnerabilities.
Second would be SCAP content. You'll note on the NIST SCAP page the word "community" appears 5 times in the first paragraph. That's not on accident. SCAP content is generally community generated, and there are lots of great lists of people working on SCAP content for a variety of operating systems.
Red Hat maintains the gov-sec mailing list and fedora, for example has loads of content available for Red Hat Enterprise Linux based systems.
Our friends at NIST also publish what is called the US Gov't Configuration Baseline (USGCB for short). USGCB content is available in SCAP format for Windows & RHEL. These standards are certainly a good starting point.
If your standards come in the form of a STIG - that content is available as well from the Aqueduct project.
[Disclaimer - I work for Red Hat, I support the US Gov't, and I think making security easier is probably an important thing to do]
re-read the parent post. It has nothing to do with actual fuel economy, and everything to do with how govt's define and evaluate average fuel economy. His point is that you need to compare like test results, not disparate standards.
Your personal experience, while representative of your actual gas mileage, represent yet another standard for comparison.
capiche?
A television Tax.
http://en.wikipedia.org/wiki/Television_licensing_in_the_United_Kingdom
http://slashdot.org/comments.pl?sid=2959927&cid=40557327
OSX is Unix (TM).
iOS is a Unix derivative.
KTHXBYE
No, but really. OSX is Unix.
http://images.apple.com/media/us/osx/2012/docs/OSX_for_UNIX_Users_TB_July2011.pdf
then what's this : http://books.slashdot.org/story/11/11/30/2216218/book-review-the-cert-oracle-secure-coding-standard-for-java
Reads like an article to me.
There is no such thing as a "one-time issue" with RHEL.
True.
You have to pay for a yearly minimum support contract, for the right to use software that has their trade marked brand name and logo's embedded.
False.
You are paying for support and updates, access to the KB, the Certifications (Common Criteria, FIPS, etc, etc), reference architectures, etc. NOT for the use of the trademarked brand name / logo's
Once that runs out, you should either renew, or remove the offending binaries, documentation and logos off your systems.
False.
Once your subscription runs out, your RHN account will be locked, and you will not be able to get updates, access the KB or enter support tickets.
You do get update binaries in this minimal contract, which is what you really want anyway. Waiting for CentOS to come up with those may be the difference in having your systems compromised or not. There's nothing wrong with CentOS, but it's always behind RHEL, because of the mere concept of it.
True
http://www.nccs.gov/computing-resources/jaguar/
Cray linux, which as I understand is a derivative of SuSE
Without Red Hat there would be no CentOS, and even with Red Hat doing the lions share of the work, the CentOS folks have a hell of a time getting updates, patches, security fixes out.
Hopefully this will send a message to the big corp's that want to hold us down.. :)
What else are we going to see in a set top box? BTW- i'd rather have a console style stereo piece, like a CD Player...
Ok, well I have my own little bit to post, so here it goes. I am 19 and make $40k+ a year, Unix/NT Sysadmin at a major corp. I did not go to college, but I wish I had. I missed out on some great parties, dorm living, etc. But, i have my own car, pay my own bills, go on vacations, etc. (none of my college friends can afford to order pizza, much less a airplane ticket) Three of my very good friends also skipped college and started working, they are pulling $30k+ @19. Not bad if you ask me. Two of them do helpdesk, but one is a Cold Fusion dev. doing intranet applications. I've taken a few classes at the local community college, but working 50+ hours a week & going to school did not work for me. All in all, I think we are doing fine now, but eventually I will go to school, who wants to be a techie all their life? I know that what I really want to do is project management.
I have to say that I disagree with what this guy has said, he is wrong about the technology @ schools. I would love to have gone to MIT and played in a devl. lab all day, but I chose instead to start my career. Oh well, we'll see how it all goes!