No, the cost of testing and deciding if it fits a need is _not_ zero. I know that I'm paid a certain amount by my employer and if I spend my time testing and evaluating something, then that's time not spent doing something else. Regardless of what I do during business hours, it's costing my employer money.
If one is going to state that OSS programmers "don't give a shit whether or not their application is suitable for your business or not, because they are not in the market of selling their software to companies," then one can't be upset when companies have a similar idea. If the product that they're selling doesn't work with FOSS, then too bad to you as they're strictly in the business of "selling their software." Why shoud they "give a shit" as to whether-or-not your operating system supports their video card, their motherboard, their application or whatever.
To me, that's a problem that I have with FOSS (coming from a major Linux advocate at my particular employer). FOSS supporters effectively say, "Screw you and what you want, this is my sandbox and I'll do what I feel like." At the same time, many get upset when companies do the same. Try to get a Winmodem running in Linux: too bad, you're not the audience they want. Try to get a state-of-the-art Opteron running OpenBSD: too bad, you're not the audience they want. It just goes on and on.
If one is going to give this leeway to FOSS developers to effectively say, "Screw the users, this is what I want," then one shouldn't get upset when companies do the same thing. I view this as a sign of the current immaturity of FOSS and many of its developers. It's not a popular opinion, but dagnabbit, it's mine.
I'm a full-time security engineer for a company and the forms that I had to sign when I joined said the same thing. I wrote an addendum on my forms that the restrictions only apply if I create intellectual property on company premises and/or while using company resources. I wrote that if it's done outside of business hours and using my personal resources, then it is my IP. I signed and dated it, then passed it to the company's main lawyer. He didn'tt object and I'm good-to-go. The fact that your employment forms state various things doesn't mean that you have to agree. They don't either, but it is a give-and-take.
True, it's a small environment, but that doesn't make the changeover that much easier. Fifteen people breathing down your neck, including the one who signs your checks, is never a good thing. If the server is converted to Linux, has a funky crash (say it's a flaky CPU), and he's not sure how to troubleshoot it, then that's still a bad situation. I agree that it's not as huge as a failure of a critical system in a large enterprise, but it's still a bad thing to have happen to someone.
Actually, I'd be less worried about virii on NT 3.51 and WFW. I doubt that many of the new, interesting W2k and XP virii/worms will seriously harm either of these.
Actually, I'd say that he should start his business conversion with himself. Get a laptop, install Linux on it, and experiment with it as your main day-to-day work machine. Run the necessary Windows programs in Crossover Office, while becoming familiar with Linux and its own share of foibles. If something won't run in Crossover, then install it on a Windows server and run it in a Terminal Services session and access it with tsclient. See if you can wean yourself off of all the Windows-only programs that you have. If not, you still have Crossover and Term. Svcs. to cover you. In doing this you'll learn more about Linux, you'll be able to make a more informed decision as to whether-or-not you want to convert everyone, and you'll be the demo "guinea pig" to anyone else who may want to "take the plunge" too.
Why the hatred for those with certs? To me, a cert means that one took some time to learn some info about a certain area. I have two, both from vendors, that I was able to earn through the experience that I have. Does it make me talented because I took the time to jump through those vendor's hoops? I don't think they makes me better than an experienced person w/o them, but I also don't think they make me worse.
Do you have the same attitude for those with college degrees? Are they also "opportunists" with a "meaningless validation?"
Unfortunately, not everyone gets to screen resumes on their own. In previous places, my team was only able to review resumes that had been through HR. It sucks, but there are many times where a resume must pass through the hands of the non-IT-aware HR person before it gets to the tru techies.
Can one truly claim that GNU "was a free software operating system started by Richard Stallman?" If it didn't have a usable kernel, how would it truly be an OS? One argument made by FSF supporters is that the OS is more than the kernel. Can one not make the counter-claim that an "OS" w/o it's own kernel is not truly an OS?
This actually sounds like a class that I took as a sophomore in college. The class project was to do all the calculations for a probe to leave KSC and land on the asteroid Ceres. That was difficult, but doable. Well, it would've been easier if I hadn't waited until the night before.;) Thank goodness for Marlboro and Eric Clapton.
That's very true. The suits aren't interested in freedom, open source, or whatever. They want software on which they feel that they can bet their business' life. They want to feel that there is someone they can call when thing hit the proverbial fan. They want all of this for what they consider to be a reasonable price. They want the "warm and fuzzies" that stuff will work, money will be made, and they won't be fired for doing something considered to be "out of the mainstream" of business.
How true you are and how infuriating it is. SOX, HIPAA, GLBA, etc. are the only reasons that many places have any security funding at all. Security is an afterthought. People will open the checkbook wide for triage after the problem occurs, but too many senior managers are unwilling to do any prevention.
OK, that is her pedigree. So? Here are qualifications for very talented people with whom I've worked.
Sr. Unix Admin: No degree, was a chef
Unix Admin: BS in Physics, worked in a slaughterhouse before college.
Sr. Systems Architect: No degree, was a chef.
Sr. SAN Admin: No degree, was in the USAF
Sr. SAN Architect: No degree, worked on environmental control units
Someone's education, military record, etc. doesn't prove or disprove that they can do a job. If you believe that, you're falling into the same trap as way too many corporate HR departments.
My WAG is because they need something that's insulating, but lightweight enough for flight and relatively flimsy enough to burn up completely on re-entry. I'm not an engineer for NASA nor its contractors, so this is a total guess.
Peronally, I support removing the 5WPM for basic HF privileges. I learned it years ago when I got my license, but I can see how it's becoming an antiquated requirement. I like the idea of the Tech and General being non-code, but requiring a 5WPM test if one wants to get the Extra class license. IMO, Morse shouldn't be a requiment to get into the hobby. However, I have no problem with requiring it for the the "top-of-the-line" license privileges.
Don't get me wrong. I think CW is a great way to communicate and want to get back into it. However, I just think it's past time that it be a requirement for basic HF.
You may as well. I just got my General last week, due to the grandfathering my my early 1987 Tech license. In fact, an early enough Tech license (like my Tech Plus) immediately qualifies you as a General. There are no code or written tests.
It's also possible that NAT won't work and they're concerned about that. We have some Polycom video conference gear and it won't work with NATs. The box embed the endpoint IP in the packet itself, so NATs cause the system not to function. Yay.
What about a site-to-site VPN with a business partner? Would you rather configure your routers with ACLs for the unencrypted traffic or would you prefer to configure your firewall for a site-to-site VPN with NATs? For a business that doesn't require encrypted communications with another business, then going w/o a firewall may be doable. For a business that must have secure access to a partner's network (think some healthcare organizations), going w/o a firewall just isn't that feasible.
I completely agree with you. IMHO, the best setup is the classic "onion" configuration. The perimeter router and firewall log traffic, allow only certain inbound (and outbound) traffic, etc. Web proxies and hardened mail gateways sit in the DMZ, while the firewall only allows minimal traffic to & from them. The application servers, database servers, etc. are inside the corporate network with unnecessary services/processes disabled, regular patching, and minimal user access. Personally, I think the server farm should also be firewalled off from the user networks. This helps to prevent a compromised user machine (be it in a building, connected via VPN, or whatever) from attacking the critical internal machines.
I agree with the columnist that the internal network must be viewed as hostile, especially with VPN access, mobile laptops, hand-helds, wireless access points, etc. However, ditching the hardened perimeter because of these internal threats seems to me like "throwing out the baby with the bathwater." Dumping a good network config because it's not perfect just seems ridiculous to me. His ideas of hardening the client, etc. is absolutely needed, but ignoring the usefulness of perimeter defenses to help mitigate exploits (such as CheckPoint's Active Defense and ISS' SiteProtector RSKill) just seems like a bad idea.
Interesting, I wondered who would still be throwing money at SCO. I believe I've spent my last dollar at McDonalds. I don't want to support a company that's still supporting SCO.
"It doesn't have to be perfect, it just has to work."
That's an interesting comment. Isn't that one of the reasons that Microsoft's OSes have the problems that they have? The code doesn't have to be secure, it just works. The code doesn't have to be clean, it just works. Carry this in ad infinitum and you're making the argument stated in TFA. I quote, "De Raadt says their beloved program is starting to look a lot like what Microsoft puts out."
Slashdot Mirror
No, the cost of testing and deciding if it fits a need is _not_ zero. I know that I'm paid a certain amount by my employer and if I spend my time testing and evaluating something, then that's time not spent doing something else. Regardless of what I do during business hours, it's costing my employer money.
If one is going to state that OSS programmers "don't give a shit whether or not their application is suitable for your business or not, because they are not in the market of selling their software to companies," then one can't be upset when companies have a similar idea. If the product that they're selling doesn't work with FOSS, then too bad to you as they're strictly in the business of "selling their software." Why shoud they "give a shit" as to whether-or-not your operating system supports their video card, their motherboard, their application or whatever.
To me, that's a problem that I have with FOSS (coming from a major Linux advocate at my particular employer). FOSS supporters effectively say, "Screw you and what you want, this is my sandbox and I'll do what I feel like." At the same time, many get upset when companies do the same. Try to get a Winmodem running in Linux: too bad, you're not the audience they want. Try to get a state-of-the-art Opteron running OpenBSD: too bad, you're not the audience they want. It just goes on and on.
If one is going to give this leeway to FOSS developers to effectively say, "Screw the users, this is what I want," then one shouldn't get upset when companies do the same thing. I view this as a sign of the current immaturity of FOSS and many of its developers. It's not a popular opinion, but dagnabbit, it's mine.
I'm a full-time security engineer for a company and the forms that I had to sign when I joined said the same thing. I wrote an addendum on my forms that the restrictions only apply if I create intellectual property on company premises and/or while using company resources. I wrote that if it's done outside of business hours and using my personal resources, then it is my IP. I signed and dated it, then passed it to the company's main lawyer. He didn'tt object and I'm good-to-go. The fact that your employment forms state various things doesn't mean that you have to agree. They don't either, but it is a give-and-take.
True, it's a small environment, but that doesn't make the changeover that much easier. Fifteen people breathing down your neck, including the one who signs your checks, is never a good thing. If the server is converted to Linux, has a funky crash (say it's a flaky CPU), and he's not sure how to troubleshoot it, then that's still a bad situation. I agree that it's not as huge as a failure of a critical system in a large enterprise, but it's still a bad thing to have happen to someone.
Actually, I'd be less worried about virii on NT 3.51 and WFW. I doubt that many of the new, interesting W2k and XP virii/worms will seriously harm either of these.
Actually, I'd say that he should start his business conversion with himself. Get a laptop, install Linux on it, and experiment with it as your main day-to-day work machine. Run the necessary Windows programs in Crossover Office, while becoming familiar with Linux and its own share of foibles. If something won't run in Crossover, then install it on a Windows server and run it in a Terminal Services session and access it with tsclient. See if you can wean yourself off of all the Windows-only programs that you have. If not, you still have Crossover and Term. Svcs. to cover you. In doing this you'll learn more about Linux, you'll be able to make a more informed decision as to whether-or-not you want to convert everyone, and you'll be the demo "guinea pig" to anyone else who may want to "take the plunge" too.
Linksys makes something similar to what you're discussing.
e name=US%2FLayout&packedargs=c%3DL_Product_C2%26cid %3D1118334822574&pagename=Linksys%2FCommon%2FVisit orWrapper
http://www.linksys.com/servlet/Satellite?childpag
The article says that the study shows Linux to be cheaper than either Microsoft or Sun. Gee, I wonder why AIX wasn't included as a Unix variant?
Why the hatred for those with certs? To me, a cert means that one took some time to learn some info about a certain area. I have two, both from vendors, that I was able to earn through the experience that I have. Does it make me talented because I took the time to jump through those vendor's hoops? I don't think they makes me better than an experienced person w/o them, but I also don't think they make me worse.
Do you have the same attitude for those with college degrees? Are they also "opportunists" with a "meaningless validation?"
Unfortunately, not everyone gets to screen resumes on their own. In previous places, my team was only able to review resumes that had been through HR. It sucks, but there are many times where a resume must pass through the hands of the non-IT-aware HR person before it gets to the tru techies.
Can one truly claim that GNU "was a free software operating system started by Richard Stallman?" If it didn't have a usable kernel, how would it truly be an OS? One argument made by FSF supporters is that the OS is more than the kernel. Can one not make the counter-claim that an "OS" w/o it's own kernel is not truly an OS?
This actually sounds like a class that I took as a sophomore in college. The class project was to do all the calculations for a probe to leave KSC and land on the asteroid Ceres. That was difficult, but doable. Well, it would've been easier if I hadn't waited until the night before. ;) Thank goodness for Marlboro and Eric Clapton.
That's very true. The suits aren't interested in freedom, open source, or whatever. They want software on which they feel that they can bet their business' life. They want to feel that there is someone they can call when thing hit the proverbial fan. They want all of this for what they consider to be a reasonable price. They want the "warm and fuzzies" that stuff will work, money will be made, and they won't be fired for doing something considered to be "out of the mainstream" of business.
How true you are and how infuriating it is. SOX, HIPAA, GLBA, etc. are the only reasons that many places have any security funding at all. Security is an afterthought. People will open the checkbook wide for triage after the problem occurs, but too many senior managers are unwilling to do any prevention.
OK, that is her pedigree. So? Here are qualifications for very talented people with whom I've worked.
Sr. Unix Admin: No degree, was a chef
Unix Admin: BS in Physics, worked in a slaughterhouse before college.
Sr. Systems Architect: No degree, was a chef.
Sr. SAN Admin: No degree, was in the USAF
Sr. SAN Architect: No degree, worked on environmental control units
Someone's education, military record, etc. doesn't prove or disprove that they can do a job. If you believe that, you're falling into the same trap as way too many corporate HR departments.
Does that include Atheists, Muslims, and other non-Christians?
My WAG is because they need something that's insulating, but lightweight enough for flight and relatively flimsy enough to burn up completely on re-entry. I'm not an engineer for NASA nor its contractors, so this is a total guess.
Peronally, I support removing the 5WPM for basic HF privileges. I learned it years ago when I got my license, but I can see how it's becoming an antiquated requirement. I like the idea of the Tech and General being non-code, but requiring a 5WPM test if one wants to get the Extra class license. IMO, Morse shouldn't be a requiment to get into the hobby. However, I have no problem with requiring it for the the "top-of-the-line" license privileges.
Don't get me wrong. I think CW is a great way to communicate and want to get back into it. However, I just think it's past time that it be a requirement for basic HF.
You may as well. I just got my General last week, due to the grandfathering my my early 1987 Tech license. In fact, an early enough Tech license (like my Tech Plus) immediately qualifies you as a General. There are no code or written tests.
It's also possible that NAT won't work and they're concerned about that. We have some Polycom video conference gear and it won't work with NATs. The box embed the endpoint IP in the packet itself, so NATs cause the system not to function. Yay.
What about a site-to-site VPN with a business partner? Would you rather configure your routers with ACLs for the unencrypted traffic or would you prefer to configure your firewall for a site-to-site VPN with NATs? For a business that doesn't require encrypted communications with another business, then going w/o a firewall may be doable. For a business that must have secure access to a partner's network (think some healthcare organizations), going w/o a firewall just isn't that feasible.
I completely agree with you. IMHO, the best setup is the classic "onion" configuration. The perimeter router and firewall log traffic, allow only certain inbound (and outbound) traffic, etc. Web proxies and hardened mail gateways sit in the DMZ, while the firewall only allows minimal traffic to & from them. The application servers, database servers, etc. are inside the corporate network with unnecessary services/processes disabled, regular patching, and minimal user access. Personally, I think the server farm should also be firewalled off from the user networks. This helps to prevent a compromised user machine (be it in a building, connected via VPN, or whatever) from attacking the critical internal machines.
I agree with the columnist that the internal network must be viewed as hostile, especially with VPN access, mobile laptops, hand-helds, wireless access points, etc. However, ditching the hardened perimeter because of these internal threats seems to me like "throwing out the baby with the bathwater." Dumping a good network config because it's not perfect just seems ridiculous to me. His ideas of hardening the client, etc. is absolutely needed, but ignoring the usefulness of perimeter defenses to help mitigate exploits (such as CheckPoint's Active Defense and ISS' SiteProtector RSKill) just seems like a bad idea.
Interesting, I wondered who would still be throwing money at SCO. I believe I've spent my last dollar at McDonalds. I don't want to support a company that's still supporting SCO.
"It doesn't have to be perfect, it just has to work."
That's an interesting comment. Isn't that one of the reasons that Microsoft's OSes have the problems that they have? The code doesn't have to be secure, it just works. The code doesn't have to be clean, it just works. Carry this in ad infinitum and you're making the argument stated in TFA. I quote, "De Raadt says their beloved program is starting to look a lot like what Microsoft puts out."
Doesn't that apply to Linux people too?
"Microsoft operating systems are bad, and their morals are even worse..." - Linus Torvalds, 1996
http://mbrix.dk/files/quotes.txt