Personally I figure this guy has some piece of software running that's adjusting his network or firewall settings unexpectedly, perhaps an IPS or VPN. He seems like the kind of guy that would run that sort of software without actually understanding that sort of software.
On the other hand, he didn't say how long the outages were. If we're talking 30 second dropouts, that's a flaky NIC dropping carrier followed by the switch's spanning tree timeout.
After the common failure causes are eliminated, there are too many things it could be and none of them likely. Not worth the effort to diagnose further if the customer isn't cooperative.
On the other side of this, your hosting provider has a guy who keeps angrily reporting mysterious outages where his machine keeps running even though he's on a trivial switch connection like everybody else. The guy then refuses access when they try to figure out what's going on so that they can fix it.
They shouldn't be rooting your server. That crosses a line. But if I were in their shoes, I'd say: "I'm sorry sir; we've exhausted our diagnostic capabilities without more closely examining your server. Without the root password, there's nothing more we can do for you."
Then you're doing something wrong. The on-call person is not an after-hours help desk and if you're allowing your team to be used as an after-hours help desk then you're managing them poorly. The emergency on-call contact is reserved for people who know the difference.
Eventually all things become a "job", so take the most cash you can get and rest peacefully at night knowing you will only be woken up 20 times a year at 3am instead of 100.
1. More than a third of the year that you're awake you spend at work. It isn't worth doing work that isn't fun.
2. If you're being woken up at 3 am 20 times a year then you're doing something wrong.
No mechanisms are in place stopping developers from writing and designing heterogeneous yet fully structured, narrative-based computer games with carefully constructed and immutable, unchangeable characters
The mechanism in place is called a "cash register." Stories with immutable characters are worth $7 to $20 whether it's a movie in the theater or a book at the store.
For me to cough up $50, the story must adapt to me. Starting with the characters.
following the NERC reliability policies [...] situational awareness
Affectionately known in reliability circles as a "pipe dream." Here's reality: policies and procedures are imperfectly followed, there's always a "fog of war" and first and foremost: all things break. Building reliable systems is in large part about anticipating what happens after a failure and arranging the cascade so that A) small failures can't quickly turn in to gigantic ones and B) somebody else's failure doesn't compel my failure.
don't routinely import or export more electricity than your local grid is capable of surviving should that import or export suddenly cease. That's the N-1 criterion I mentioned earlier.
No, it isn't. N+1 is an entirely different facet of reliable systems design. N+1 says that however much electricity you're exporting you have at least one more line to transport it than you need so that any single line can fail without causing a systemic failure.
When your neighbor unexpectedly drops not one but all connections, a scenario which is far from impossible as we saw in 2003, you're way past N+1. Your instantaneous generation is now substantially higher than your power consumption and your generating plants all head for the red line. In that instant and in the next several, one of two things is true: either the imbalance is small enough that the systems which ordinarily adjust for the changing demand throughout the day can shed generating capacity before the turbines redline, or else they can't. If they can't, your section of the grid is dropping too.
You're also fundamentally misunderstanding the character of N+1 systems. You don't practice N+1 just at the bottom level. You have to practice N+1 at every level for it to be effective. Not just N+1 transmission lines... N+1 transmission companies so that any one of the power companies can suffer a catastrophic operations failure without taking the whole system down with it.
This crap about how it was all FirstEnergy's fault really pisses me off. Yeah, they were a bunch of incompetent boobs. But a proper system design doesn't collapse from the failure of just one of its pieces, not even if it's a big piece.
If we were talking about computers, 2003 was the equivalent of having a raid array and then acting all shocked when two drives fail and you don't have any backups. My goodness, how could they have failed to replace the first bad drive in time? Did they not hear the beeping? Phht. You want real reliability, you also have N+1 servers running the application, N+1 data centers housing the servers and daily backups beyond that just in case.
Philadelphia and the surrounding mid-Atlantic areas were also completely unaffected because PJM disconnected them from the grid.
Coal town USA was unaffected because PJM was generating about the same amount of electricity as it was consuming so they were *able* to disconnect from the grid. Same thing happened with Dominion power in Virginia, they dropped their northern connections which is why the cascade didn't spread further south.
Thing is, you can't just disconnect if the differential is too great. If too much power is flowing in or out of your system, disconnecting takes you down hard.
Here's a tip for your research: all things break. Even the good, resilient designs occasionally suffer multiple failures... Sometimes because of incompetence, sometimes because of human error or defective equipment and sometimes because of just plain bad luck.
If you're charged with risk management, the responsible question is: what happens next?
Three mile island offers a lesson. What happened next at three mile island was that the protections functioned as designed and the failure was -contained.-
What happened next in 2003 was that 55 million people spent a couple days without electricity while the systems in place to isolate such problems "protected" about 200,000.
What happens next in a fully interconnected North American grid is that quarter of a billion people lose power.
What's the risk management answer then? The risk management answer is: from any given local grid, don't routinely import or export more electricity than your local grid is capable of surviving should that import or export suddenly cease. That way a failure in your neighbor's grid (or his neighbor's grid, etc.) does not cascade in to yours. And if you want to sell more electricity than that to your neighbor, plug your generating plant in to his grid, bypassing yours, so that when his grid collapses and scrams your plant, it doesn't take your grid down with it.
Does that honestly seem to you like such a huge and difficult problem
Yes, as a matter of fact, it does.
During a sudden large drop in demand you have fractions of a second before the turbines spike the hell out of the voltage frying unprotected electronics and maybe a few seconds before the turbines start to tear themselves apart. That's how much time the grid controller has to receive messages from and analyze the system state across the entire grid and decide which turbines across the entire grid to slam the emergency brakes on so that the remaining ones are properly loaded.
It isn't possible, not with any kind of safety margin. As a result, the grid isn't built that way. Instead, each generating plant has a local safety system on the turbines. If the demand changes faster than the speed regulator can compensate they go into emergency safe mode and shut down entirely, after which it takes days to run through the startup checklist and come back online. The grid controller can affect this only indirectly - by stabilizing the demand hitting each generating plant before the safety systems trip.
Which means that any time a sufficiently large capacity set of transmission lines fails, that failure cascades through the system dropping plant after plant.
This isn't just speculation, by the way. Go read http://en.wikipedia.org/wiki/Northeast_Blackout_of_2003 . When the cascade failure finally gets underway, it moves really fast. 150 seconds for the whole blackout in 2003. There's no time to fix it. Either your local portion of the grid transmits or receives so little power from the rest that it can instantly disconnect and absorb the change in demand or else it collapses along with the rest.
'Cause it's not enough to black out just the northeast during a cascade failure; we have to black out all of conus at the same time.
You're not safe just because your state is an energy exporter. Just like a sudden spike in demand, a sudden huge drop in demand forces generating plants into emergency-safe mode, shutting them down. You're safe only if your part of the grid neither imports nor exports more than a small percentage of the total power in play.
Look, it's my way or the highway. That may be elitist. It may be insensitive. It could well be poor management. But there's nothing sexist or discriminatory about it. So get over yourselves.
Sexist and discriminatory are words reserved for folks who because of your gender won't give you a chance to play their way.
IIRC, most of the 80's software used a specially misformatted disk (aka "bad sectors") as the main copy protection mechanism.
Trialware was very common in the 80's though it wasn't called that. Folks referred to the "shareware" version of their product. You could send them money and they'd send a disk with the full version.
Installation using a cryptographic key became popular starting with compact discs as an installation medium in the early '90s.
The online purchase of full versus trial keys became widespread within a year or two of the Internet becoming widespread in '95, it being an obvious extension of trialware + cryptographic key installation in a newly networked world.
The thing I don't get is this guy says he invented the system around '91 or '92. But Sun's Flexlm already did all this in 1988.
Designing nontrivial systems without single points of failure is difficult and expensive. Worse, it has to be built in from the ground up. Which it rarely is: by the time a system is valuable enough to merit the cost of a failover system, the design choices which limit certain components to single devices have long since been made.
Which means uptime matters. 1% downtime is more than 3 days a year. Unacceptable.
The TIA-942 data center tiers are a formulaic way of achieving satisfactory uptime. They've been carefully studied and statistically tier-3 data centers achieve three 9's uptime (99.9%) while tier-4 data centers achieve four 9's. Tiers 1 and 2 only achieve two 9's.
Are there other ways of achieving the same or better uptime? Of course. But they haven't been as carefully studied which means you can't assign a high a confidence to your uptime estimate.
Is it possible to build a tier-4 data center that doesn't achieve four 9's? Of course. All you have to do is put your eggs in one basket (like buying all the same brand of UPS) and then have yourself a cascade failure. But with a competent system architect, a tier-4 data center will tend to achieve at least 99.99% annual uptime.
If the newspapers are raking it in on the flash ads, why aren't their stocks over $100 a share? Surely the cost of collecting news is not significantly higher than the cost of the massive computing operation necessary for a search engine.
The answer of course is that fewer people click on the flash ads versus Google ads and of those that click, fewer buy. Some obvious candidates for why include:
1. Those who hang out on news sites have the ads disabled. 2. Those who don't have the ads disabled tend not to hang out on sites where lots of moving crap distracts the eyes. 3. The ads are poorly targeted; the newspapers fail to identify what the consumers are likely to be interested so most of the ad impressions are wasted.
Perhaps you haven't noticed, but journalists are not known for their brilliant analytical skills regardless of funding. If they were analysts then covering the recent Washington DC metrorail crashes, at least one of them might have wondered why it's possible for a modern train safety system to see a train disappear from its sensors and not sound all kinds of alarms.
A journalist's job is to report and they do best when they do just that: report the facts. When journalists make insipid and banal attempts at commentary and analysis, they usually get it wrong.
With a very few exceptions, news is worth what you can get advertisers to pay for access to the consumers. This has been true since the advent of television journalism half a century ago.
It's the newspaper's own fault that craigs list took over classified advertising. They had the better part of a decade to get their acts together and get the ads online before craigs list existed. And it's their own fault that they still haven't learned the Google advertising lesson so that they're still serving worthless banner ads that many if not most of the browsers block.
If they continue to refuse to embrace their new reality, they will continue to fail. Such is fate.
There might be some inherent value in knowing how to use the underlying skills that make up the essential underpinnings of literacy
There is a tremendous inherent value in knowing how to use the skills that make up the essential underpinnings of literacy. Handwriting is one of those underpinnings. Cursive writing in particular is not.
From its inception, cursive was nothing more than a shortcut, a way to write more quickly than was possible printing block letters. Even before typewriters and computers, shorthand was faster and did a better job than cursive. With word processors for any writing of substance and the ubiquitous cell phone for texting quick notes, it's past time to let cursive retire to the annals of history.
I use a calculator to do all my math at work, why should I learn how to do long division
Because long division demonstrates how division works. A better question is: why should you bother learning fractions when all your work will involve moving decimal points. A fraction is just a shortcut for long division and a calculator is a much shorter cut.
I have no personal experience with the FCC. I note, however, that Dell, HP and the other major manufacturers of desktop PCs don't offer "window" computer cases. To get those, you go with a specialty company or you buy a case or case mod aftermarket. Though I don't have them on tap, I've read several articles explaining why: the window cases don't obstruct RFI and without it, most computers don't pass FCC class B.
The fully enclosed and grounded metal computer case acts as a faraday cage, deadening RFI both outbound and in.
No doubt you *could* design a motherboard and a graphics card and all of the rest of the stuff that normally goes inside a computer case so that the RFI is within the class-B bounds. But that's expensive... which defeats the purpose of a cardboard computer case.
Pretty sure a cardboard box with a modern motherboard inside doesn't quite meet the FCC Part 15 class B regulations for unintentional radio emissions needed for residential use. That's why computer cases are usually metal instead of plastic.
How am I gonna do ssh on that? It doesn't even have number keys. It's everything that's wrong about the Blackberry plus the extra reliability issues from moving parts.
Unless she intends to pick a job in the future based on whether they use Linux, then whether the University supports it is probably a moot issue.
Truth. Don't get hung up on anything to do with the computer that a particular college degree program wants its students to get.
I made a mistake that way when I went to college in '91: VA Tech insisted that CS students get a commodore Amiga. That made zero sense to me (the world had already made up its mind about IBM PC compatibles) so I went elsewhere. Later on I found out that the CS department made that odd choice because that's the machine that they found a cheap way to put unix on. The students had their own unix box instead of relying on a terminal to one of the campus's central unix machines like at the place I ended up. 'Doh!
On the flip side, if I'd been puttering with unix on an amiga, I might not have gotten any exposures to Sun equipment and would likely have looked down my nose at Linux 0.9 in the summer of '92. Neither would have shown up on my resume when I applied for summer internships in '93. The researcher looking for an intern with Sun experience because his IT department was hassling him about supporting only Windows and Macs might have skipped my resume and that might have cost me the lucky break that launched my career.
Slashdot Mirror
Personally I figure this guy has some piece of software running that's adjusting his network or firewall settings unexpectedly, perhaps an IPS or VPN. He seems like the kind of guy that would run that sort of software without actually understanding that sort of software.
On the other hand, he didn't say how long the outages were. If we're talking 30 second dropouts, that's a flaky NIC dropping carrier followed by the switch's spanning tree timeout.
After the common failure causes are eliminated, there are too many things it could be and none of them likely. Not worth the effort to diagnose further if the customer isn't cooperative.
On the other side of this, your hosting provider has a guy who keeps angrily reporting mysterious outages where his machine keeps running even though he's on a trivial switch connection like everybody else. The guy then refuses access when they try to figure out what's going on so that they can fix it.
They shouldn't be rooting your server. That crosses a line. But if I were in their shoes, I'd say: "I'm sorry sir; we've exhausted our diagnostic capabilities without more closely examining your server. Without the root password, there's nothing more we can do for you."
Then you're doing something wrong. The on-call person is not an after-hours help desk and if you're allowing your team to be used as an after-hours help desk then you're managing them poorly. The emergency on-call contact is reserved for people who know the difference.
Eventually all things become a "job", so take the most cash you can get and rest peacefully at night knowing you will only be woken up 20 times a year at 3am instead of 100.
1. More than a third of the year that you're awake you spend at work. It isn't worth doing work that isn't fun.
2. If you're being woken up at 3 am 20 times a year then you're doing something wrong.
Then why didn't it work in 2003?
No mechanisms are in place stopping developers from writing and designing heterogeneous yet fully structured, narrative-based computer games with carefully constructed and immutable, unchangeable characters
The mechanism in place is called a "cash register." Stories with immutable characters are worth $7 to $20 whether it's a movie in the theater or a book at the store.
For me to cough up $50, the story must adapt to me. Starting with the characters.
following the NERC reliability policies [...] situational awareness
Affectionately known in reliability circles as a "pipe dream." Here's reality: policies and procedures are imperfectly followed, there's always a "fog of war" and first and foremost: all things break. Building reliable systems is in large part about anticipating what happens after a failure and arranging the cascade so that A) small failures can't quickly turn in to gigantic ones and B) somebody else's failure doesn't compel my failure.
don't routinely import or export more electricity than your local grid is capable of surviving should that import or export suddenly cease.
That's the N-1 criterion I mentioned earlier.
No, it isn't. N+1 is an entirely different facet of reliable systems design. N+1 says that however much electricity you're exporting you have at least one more line to transport it than you need so that any single line can fail without causing a systemic failure.
When your neighbor unexpectedly drops not one but all connections, a scenario which is far from impossible as we saw in 2003, you're way past N+1. Your instantaneous generation is now substantially higher than your power consumption and your generating plants all head for the red line. In that instant and in the next several, one of two things is true: either the imbalance is small enough that the systems which ordinarily adjust for the changing demand throughout the day can shed generating capacity before the turbines redline, or else they can't. If they can't, your section of the grid is dropping too.
You're also fundamentally misunderstanding the character of N+1 systems. You don't practice N+1 just at the bottom level. You have to practice N+1 at every level for it to be effective. Not just N+1 transmission lines... N+1 transmission companies so that any one of the power companies can suffer a catastrophic operations failure without taking the whole system down with it.
This crap about how it was all FirstEnergy's fault really pisses me off. Yeah, they were a bunch of incompetent boobs. But a proper system design doesn't collapse from the failure of just one of its pieces, not even if it's a big piece.
If we were talking about computers, 2003 was the equivalent of having a raid array and then acting all shocked when two drives fail and you don't have any backups. My goodness, how could they have failed to replace the first bad drive in time? Did they not hear the beeping? Phht. You want real reliability, you also have N+1 servers running the application, N+1 data centers housing the servers and daily backups beyond that just in case.
Philadelphia and the surrounding mid-Atlantic areas were also completely unaffected because PJM disconnected them from the grid.
Coal town USA was unaffected because PJM was generating about the same amount of electricity as it was consuming so they were *able* to disconnect from the grid. Same thing happened with Dominion power in Virginia, they dropped their northern connections which is why the cascade didn't spread further south.
Thing is, you can't just disconnect if the differential is too great. If too much power is flowing in or out of your system, disconnecting takes you down hard.
Here, this guy explains it better than I can: http://slashdot.org/comments.pl?sid=1402989&cid=29736735
likely hood of 2 events happen so closely is low.
Twice in, what was it, 40 years or so?
Here's a tip for your research: all things break. Even the good, resilient designs occasionally suffer multiple failures... Sometimes because of incompetence, sometimes because of human error or defective equipment and sometimes because of just plain bad luck.
If you're charged with risk management, the responsible question is: what happens next?
Three mile island offers a lesson. What happened next at three mile island was that the protections functioned as designed and the failure was -contained.-
What happened next in 2003 was that 55 million people spent a couple days without electricity while the systems in place to isolate such problems "protected" about 200,000.
What happens next in a fully interconnected North American grid is that quarter of a billion people lose power.
What's the risk management answer then? The risk management answer is: from any given local grid, don't routinely import or export more electricity than your local grid is capable of surviving should that import or export suddenly cease. That way a failure in your neighbor's grid (or his neighbor's grid, etc.) does not cascade in to yours. And if you want to sell more electricity than that to your neighbor, plug your generating plant in to his grid, bypassing yours, so that when his grid collapses and scrams your plant, it doesn't take your grid down with it.
Does that honestly seem to you like such a huge and difficult problem
Yes, as a matter of fact, it does.
During a sudden large drop in demand you have fractions of a second before the turbines spike the hell out of the voltage frying unprotected electronics and maybe a few seconds before the turbines start to tear themselves apart. That's how much time the grid controller has to receive messages from and analyze the system state across the entire grid and decide which turbines across the entire grid to slam the emergency brakes on so that the remaining ones are properly loaded.
It isn't possible, not with any kind of safety margin. As a result, the grid isn't built that way. Instead, each generating plant has a local safety system on the turbines. If the demand changes faster than the speed regulator can compensate they go into emergency safe mode and shut down entirely, after which it takes days to run through the startup checklist and come back online. The grid controller can affect this only indirectly - by stabilizing the demand hitting each generating plant before the safety systems trip.
Which means that any time a sufficiently large capacity set of transmission lines fails, that failure cascades through the system dropping plant after plant.
This isn't just speculation, by the way. Go read http://en.wikipedia.org/wiki/Northeast_Blackout_of_2003 . When the cascade failure finally gets underway, it moves really fast. 150 seconds for the whole blackout in 2003. There's no time to fix it. Either your local portion of the grid transmits or receives so little power from the rest that it can instantly disconnect and absorb the change in demand or else it collapses along with the rest.
'Cause it's not enough to black out just the northeast during a cascade failure; we have to black out all of conus at the same time.
You're not safe just because your state is an energy exporter. Just like a sudden spike in demand, a sudden huge drop in demand forces generating plants into emergency-safe mode, shutting them down. You're safe only if your part of the grid neither imports nor exports more than a small percentage of the total power in play.
Look, it's my way or the highway. That may be elitist. It may be insensitive. It could well be poor management. But there's nothing sexist or discriminatory about it. So get over yourselves.
Sexist and discriminatory are words reserved for folks who because of your gender won't give you a chance to play their way.
i'd hazard a guess that the offsite backups were corrupted as well somehow or were silently failing.
That seems unreasonably common with backup systems.
IIRC, most of the 80's software used a specially misformatted disk (aka "bad sectors") as the main copy protection mechanism.
Trialware was very common in the 80's though it wasn't called that. Folks referred to the "shareware" version of their product. You could send them money and they'd send a disk with the full version.
Installation using a cryptographic key became popular starting with compact discs as an installation medium in the early '90s.
The online purchase of full versus trial keys became widespread within a year or two of the Internet becoming widespread in '95, it being an obvious extension of trialware + cryptographic key installation in a newly networked world.
The thing I don't get is this guy says he invented the system around '91 or '92. But Sun's Flexlm already did all this in 1988.
Designing nontrivial systems without single points of failure is difficult and expensive. Worse, it has to be built in from the ground up. Which it rarely is: by the time a system is valuable enough to merit the cost of a failover system, the design choices which limit certain components to single devices have long since been made.
Which means uptime matters. 1% downtime is more than 3 days a year. Unacceptable.
The TIA-942 data center tiers are a formulaic way of achieving satisfactory uptime. They've been carefully studied and statistically tier-3 data centers achieve three 9's uptime (99.9%) while tier-4 data centers achieve four 9's. Tiers 1 and 2 only achieve two 9's.
Are there other ways of achieving the same or better uptime? Of course. But they haven't been as carefully studied which means you can't assign a high a confidence to your uptime estimate.
Is it possible to build a tier-4 data center that doesn't achieve four 9's? Of course. All you have to do is put your eggs in one basket (like buying all the same brand of UPS) and then have yourself a cascade failure. But with a competent system architect, a tier-4 data center will tend to achieve at least 99.99% annual uptime.
Which newspaper would that be? Certainly not the Washington Post or New York Times.
If the newspapers are raking it in on the flash ads, why aren't their stocks over $100 a share? Surely the cost of collecting news is not significantly higher than the cost of the massive computing operation necessary for a search engine.
The answer of course is that fewer people click on the flash ads versus Google ads and of those that click, fewer buy. Some obvious candidates for why include:
1. Those who hang out on news sites have the ads disabled.
2. Those who don't have the ads disabled tend not to hang out on sites where lots of moving crap distracts the eyes.
3. The ads are poorly targeted; the newspapers fail to identify what the consumers are likely to be interested so most of the ad impressions are wasted.
which makes in-depth analysis impossible.
Perhaps you haven't noticed, but journalists are not known for their brilliant analytical skills regardless of funding. If they were analysts then covering the recent Washington DC metrorail crashes, at least one of them might have wondered why it's possible for a modern train safety system to see a train disappear from its sensors and not sound all kinds of alarms.
A journalist's job is to report and they do best when they do just that: report the facts. When journalists make insipid and banal attempts at commentary and analysis, they usually get it wrong.
With a very few exceptions, news is worth what you can get advertisers to pay for access to the consumers. This has been true since the advent of television journalism half a century ago.
It's the newspaper's own fault that craigs list took over classified advertising. They had the better part of a decade to get their acts together and get the ads online before craigs list existed. And it's their own fault that they still haven't learned the Google advertising lesson so that they're still serving worthless banner ads that many if not most of the browsers block.
If they continue to refuse to embrace their new reality, they will continue to fail. Such is fate.
There might be some inherent value in knowing how to use the underlying skills that make up the essential underpinnings of literacy
There is a tremendous inherent value in knowing how to use the skills that make up the essential underpinnings of literacy. Handwriting is one of those underpinnings. Cursive writing in particular is not.
From its inception, cursive was nothing more than a shortcut, a way to write more quickly than was possible printing block letters. Even before typewriters and computers, shorthand was faster and did a better job than cursive. With word processors for any writing of substance and the ubiquitous cell phone for texting quick notes, it's past time to let cursive retire to the annals of history.
I use a calculator to do all my math at work, why should I learn how to do long division
Because long division demonstrates how division works. A better question is: why should you bother learning fractions when all your work will involve moving decimal points. A fraction is just a shortcut for long division and a calculator is a much shorter cut.
I have no personal experience with the FCC. I note, however, that Dell, HP and the other major manufacturers of desktop PCs don't offer "window" computer cases. To get those, you go with a specialty company or you buy a case or case mod aftermarket. Though I don't have them on tap, I've read several articles explaining why: the window cases don't obstruct RFI and without it, most computers don't pass FCC class B.
The fully enclosed and grounded metal computer case acts as a faraday cage, deadening RFI both outbound and in.
No doubt you *could* design a motherboard and a graphics card and all of the rest of the stuff that normally goes inside a computer case so that the RFI is within the class-B bounds. But that's expensive... which defeats the purpose of a cardboard computer case.
Or just regenerate and write the one sector from the parity data since all modern hard disks reallocate bad sectors on write.
Pretty sure a cardboard box with a modern motherboard inside doesn't quite meet the FCC Part 15 class B regulations for unintentional radio emissions needed for residential use. That's why computer cases are usually metal instead of plastic.
How am I gonna do ssh on that? It doesn't even have number keys. It's everything that's wrong about the Blackberry plus the extra reliability issues from moving parts.
Unless she intends to pick a job in the future based on whether they use Linux, then whether the University supports it is probably a moot issue.
Truth. Don't get hung up on anything to do with the computer that a particular college degree program wants its students to get.
I made a mistake that way when I went to college in '91: VA Tech insisted that CS students get a commodore Amiga. That made zero sense to me (the world had already made up its mind about IBM PC compatibles) so I went elsewhere. Later on I found out that the CS department made that odd choice because that's the machine that they found a cheap way to put unix on. The students had their own unix box instead of relying on a terminal to one of the campus's central unix machines like at the place I ended up. 'Doh!
On the flip side, if I'd been puttering with unix on an amiga, I might not have gotten any exposures to Sun equipment and would likely have looked down my nose at Linux 0.9 in the summer of '92. Neither would have shown up on my resume when I applied for summer internships in '93. The researcher looking for an intern with Sun experience because his IT department was hassling him about supporting only Windows and Macs might have skipped my resume and that might have cost me the lucky break that launched my career.