Having this included by default in the log means that even if the application logging sucks you still can get some useful info. The process IDs you see in those application logs are because someone decided they would be useful and so logged them.
I guess you are right, but the process IDs on the application log are one of the parameters of the xml entry, so it is not a custom field. Probably the system isn't always logging the IDs.
That was a run-time error. It only shows up while the program runs. I could write a program that'll only show this error half the time it runs. So how's that a parsing error?
It is a parsing error because the code/bytecode is only parsed when executed. That also happens with other dynamic languages such as PHP. But even picking up on your example, are you saying that a windows version of Python won't produce the same error?
I've used it a lot and "windows event viewer" logging is crap and crappier than it should be. That's why my applications by default log to text files instead of the windows event logger.
I never really have had any serious problems with it, but you do raise some valid points and probably you've had to deal with more complex problems than I. But while I _do_ love the simplicity of textlogs, I've seen many many useless log messages in unix systems.
Not a vaid example to extend to extend to all linux Network code, where you would replace it with something involving NFS in a non window environment.
You usually cannot replace 100% of windows desktops for various reasons (and in some environments you'll find decade-old Apple computers, archaic unix systems, etc), so SMB is the lowest common denominator. But from your post I guess (I may be wrong) you never really had to deploy NFS or have an idea why the alternative to Samba in pure-unix environments often is AFS or GFS2, and not NFS, so I see no point in continuing this further.
You come off as a well practiced windows admin who has picked up linux from the internet in the past 5 or so years or no the right person to make these argument
While I do perform windows administration (since NT3.5 and before TCP/IP was commonplace, but not relevant), I have more than 10 years of experience deploying and maintaining unix operating systems (mostly BSD, but also some Linux and some Solaris) in commercial environments. And "I picked up" Linux in 1996. So, I'm technologically old, but is any of this relevant?
ask your self how much expertise he had or if he was trolling.
This is slashdot. I prefer to ask myself if he raised a valid point or not. And he did. How much expertise is enough for you? And how do you measure it? By years? If someone has fedora on their laptop for the past 6 years, does that count as "unix administration" skills? (I don't think so) And the Linux admins, are they that much better on average than everyone else? I don't think so. Fact is, everyone has different backgrounds and different experiences. That is what makes this discussions interesting - I may learn something new.
Like you ask for proof above, prove it, This is subjective.
Maybe. But I'm still waiting for you to provide similar funcionality to AD (management-wise) for unix. And it's not like it doesn't exist - Novell had something somewhat similar - but check the price. As an example, do you know one of the major problems in using eg. Firefox in large scale desktop networks? Yup, is the fact that you can't lock down the browser easily and in a centralized fashion. How do I prove it? Well, next time you go to a bank that has windows desktops, ask the teller what he can and can't do with his browser. If you never used this kind of funcionality, you probably never looked for what's available, what works good on paper but fails in production, and the cost of the commercial versions.
Cost wise you need less linux admins to windows ones, see the Munich linux roll out.
I find it funny how you cherry pick the examples of others, but fail to give actual insight in your own examples. The Munich rollout started in 2003, and was "complete" in 2011 (75% of total desktops migrated). They took 8 years to get to this point, and they are still migrating the 3000 desktops remaining, so we have different ideas of what is "success". One of the reasons for the migration was, and citing an interview "There was, according to Schießl, no common directory, no common user management, no common hardware or software management. ". Is that a relevant example for this discussion? Doubtful.
You could, however, picked some successful examples, such as Brazil's Federal Government, Extremadura (Spain), or even IBM. Each case is a case, there is no magic bullet, and a lot of work is made to ensure there is no relevant loss of funcionality.
Whats the metric for easy?
One of my metrics for easy is not having to mess around the samba code to try to understand why it isn't working as advertised, when users are waiting for it to work. Or performing regular maintenance and upgrading, and suddenly having things stop working and you have no idea why. If it is easy, the required skill level is always inferior. If you think I'm trolling, go have a look on samba's bugzilla.
Sorry for the late reply, but let me start by saying I share the +1 awesome idea of the other guy:) your post and your work is awesome, respect:D
I'm not an expert on valve amplifiers, but I do recognize shitty transistorized works when I see one. My last post was based on what I've seen from maintenance schematics from big brands like marshall. Crappy crappy designs. Guitar and bass players usually don't know shit about both good sound and electronics, so if a given amplifier happens to produce a more suitable tone, they'll be all over that - usually that warm fuzzy sound is a valve amplifier, and there is little to no incentive into having DSP's (the rack-mount appliances you mentioned, not the ICs I mentioned) cannibalizing that market and taking advantage of those.005% THD transistorized amplifiers. And the funny thing is, they will even plug in effect pedals between the preamp and the guitar - effect pedals that use ampops, transistors and crappy, crappy, CRAPPY power adapters. I'd like to receive your feedback on that one - do you think effect pedals are evil, or a source of random noise?
Regarding louder:D (yeah your pics are awesome) I'm a big metal fan. The "norm" is to have hi-quality mics pointed at the valve guitar amps, and then have the unique sound propagated to whole stadiums via transistorized amplifiers. I see no problem there:)
Btw, thanks for the schematics, it is rare to find such an insightful post here:)
I mentioned OpenBSD mostly because not only I'm a fan, but also because of the securtiy myth. You don't really need capiscum in OpenBSD when systrace does almost the same job. The problem is, OpenBSD is crap as a simple user desktop, and has no MAC framework. OpenBSD desktops are as vulnerable to attacks as everyone else.
OpenVMS still alive and well. It doesn't matter what the vendor says. If you can still buy official support, it is alive. And OpenVMS isn't UNIX, so while it is more secure than OpenBSD, the latter holds a pretty good track record among unixes.
If one is going to look beyond Windows for this reason, seems to me that the above would be the best combination.
You shouldn't. Try smartcard auth. Or any kind of centralized auth besides kerberos. And the lack of MAC. And the lack of desktop-friendly applications. If you need windows, and need to replace it, you need windows.
Linux logging facilities give you specific, text-based error messages indicating what the problem is and when/where it occurred without needing to look up some esoteric (and numeric) error code on Microsoft's web site to even guess what the problem might be related to.
Since you said you are a windows administrator, I'll treat you like one.
There are several popular logging programs used in Linux, but let's assume we are using the "de facto" unix standard, syslogd. Well, syslogd has no saying about the quality, insightfulness, or truthness of the messages it is ordered to log. The same applies (mostly) to windows. While I do prefer the traditional text-based logging of unix systems, the quality of the logs vary greatly from application to application. Almost as in windows, where some special applications (SQL Server, PostgreSQL, etc) have their own text-based logs for troubleshooting.
Syslog doesn't give me nothing - the application logging does. And I can tell you, there are some shitty applications out there. The other day, I had a openvpn server simply not working. The client and server were in different timezones, so the certificate was "in the future". It didn't work. No log entry, it just didn't work. No error message whatsoever. And don't even get me started on eg. samba problems. The last time I had a serious samba issue I had to analyze the source to find out that it was a registry option in windows (related to performance of applications in network shares). The unix logs were as useless as the windows ones. Try postfix. or openldap. or whatever, because I had applications silently failing in every environment.
As an aside, I have never had a Linux system give me an error that included the text "The operation completed successfully" [google.com]. I'll leave that google search for you to laugh at.
I've had a "security update" for a given distro (ubuntu) upgrade my kernel to one with a non-functional intel ethernet driver. That's right - intel ethernet driver. Intel, not those new marvell chips. It took me half an hour to understand why the machine was off the nework until someone said it installed some updates, Thank god it wasn't a server.
But hey, you seem to think I don't have a clue of what I'm talking about. I guess I'm pretty skilled for a dumb guy.
I guess i take that back then but your argument is what?
My argument is that, for management sake (and less steps directly translates to less errors, less technicians and so forth), Windows networks as a whole are easier to maintain (desktop-wise) than *nix-based ones. And that the tools available are businesss oriented, and not nerd-oriented.
My understand that the article was arguing a network of linux desktops and admin would be more secure than a windows one. The article seems to mean that windows desktops are security hole.
I didn't reply to the article itself. The article is an ugly mess of concepts, starting with the fact that dropbox is mostly OS-agnostic. Somewere along this thread, the extrapolation that linux is somewhat more secure than windows was made, without presenting any kind of proof. As someone else said it, it is and irrelevant question, since it depends of the system administrator (and not of the operating system).
No idea, i have no training.
That is the problem. You replied aggressively to someone without even having a vague idea of what you're talking about (the original thread I replied to). Some days ago, someone was modded down because it said that the best way of perform linux upgrading (regarding to a linux usage in google article) was to re-image the system. That is the correct/best bet way of doing it, regardless of what you or others think. Shit happens. In all flavors and all platforms. Knowing it is half the battle. The problem here, is that experience/insight is buried by zealotry/false beliefs. Sometimes, the linux folks seem a lot like a religion.
I trust those packages because I know that if they do have a problem it will come out soon enough
So, the "because someone else may look at them" approach. It didn't work for Debian.
after which Ubuntu is sure to start losing users in droves, and go bankrupt.
Canonical (the Ubuntu company isn't named ubuntu) does not have a clear business model, and it is (as a sustainable business) bankrupt today. Can you please explain to me the difference between having zero paying users or one million of those?
Ubuntu has a good business reason
Oh god, please tell me, I really want to know! Because the company isn't run as a profitable business.
And that's what makes me trust them to keep it safe, and also that once a problem has been identified, that they will act to fix it.
1) Canonical has ZERO control over the repositories they push the sources from, so they can't really guarantee that - as an example, there is a cgi php bug that is only really fixed in 5.4, which is incompatible with a ton of existing php code. 2) every other vendor does that (fixing bugs), including Microsoft.Can I get security updates for my Linux 8 year old system install? doubtful.
The same for organisations like Mozilla or OpenOffice and it's forks: they run a business based on people trusting their software to do what it says it does
I want some of what you're taking. Mozilla is sustained mostly by Google trough the search engine in firefox, and OpenOffice doesn't have a commercial model at all, being a shared effort project.
And that "trusting in people you don't really know for stuff to be ok" is called social engineering. Look it up.
So, the fault is on the logging infrastructure, or on the failing application?
I have no idea how I'm supposed to solve this one since I have neither the source for CRM nor psychic powers.
If you really want an answer, you can create a crash dump of your application and analyze it with a debugger (just as you'd do with any unix), and try to understand why it failed. It is not easy, but the same applies to debugging of unix applications.
Both of them are system logs, not application logs. Please tell me what advantage would you get from knowing what was the process id at the time of execution, since (usually) you can't have services with the same name running at the same time. And both of the error messages are quite clear on the problem and what went wrong (but sometimes you can really get some cryptic messages).
As for the "object reference" errors, in other systems/programming languages you get way more useful error messages like: (...)
You example is apples and oranges. The errors you mentioned are _parsing errors_, not runtime errors. Try with a compiled language.
In contrast I see my colleagues working till late at night wrestling with "Object reference not set to an instance of an object.", and it's not always their code they're having to fix. Maybe there's a way of turning on debugging symbols so that message is replaced with something a lot more useful, but so far they seem to get the same useless error message even with debugging on.
I don't know your colleagues nor their expertise in programming, but those kind of errors are language-dependant and not platform-dependant, and are usually easily by static analysis tools or avoided altogether with good programming practices (by the description, it reminds me of some common bugs of VB applications that were mostly solved by using "option explicit on").
FWIW I do write windows programs/services that log more informative "syslog style" error messages (with process AND thread ID- makes debugging multithreaded stuff easier), but Microsoft's own stuff doesn't do it.
Not all available software for linux/unix is that nice, also. It is true that you can tune up or down verbosity, but - as an example - postfix, samba and openvpn are god-awful to troubleshoot only by loggin in complex problems.
for example if there is a problem with an email message amongst a bunch of Microsoft Exchange servers, figuring out the path it took and where the message had problems, and why is so much more difficult than with postfix, qmail etc.
I'd say you never really had problems with qmail:D I have limited experience with Exchange (but a lot of experience with postfix), but I must say that what you describe is pretty much the experience my colleagues have reported me. From that limited experience, half of the problems arise from incompetent system administrators that don't understand the SMTP protocol. If you can access the message, you can easily examine the path taken. But hey, maybe your problems are more complex - I don't know.
Sometimes it seems to me that Microsoft's stuff was designed by some smart people, but the coding was outsourced to India or wherever. So the outsource coders will write in logging (and other features) as defined in the requirements in the easiest/cheapest way, which often turns out to be almost useless. But they don't care - they are not ever going to use what they write!
Maybe. But many applications have separate logging (SQL Server, PostgreSQL, MySQL) to help with that. I'm not saying Windows logging is perfect, but it is not the unusable pile of crap everyone that never tried to use it say it is. I've had issues with cryptic message logs in both unix and windows (eg. try to run openvpn with certificates from "the future" - different timezones - a
On Linux, I can combine grep, awk and perl to turn logs into useful information. On Windows I can browse them through an annoying GUI.
No argument there. I also prefer the flexibility of unix-style logging.
I have never, ever, had a Windows server problem that was easier to diagnose than the most pathological Linux server issue I've had.
Do you have an easy way to monitor, as an example, disk I/O, cpu usage and memory allocation of a given process, for a period of time (let's say 12h)? Or can you easily verify if a network bandwidth problem is directly related to hardware problems, such as a deficient network card generating too much interrupt requests? Or can you extract disk usage statistics (both TPS and bandwidth) over a large period of time, so you can determine if the storage is the bottleneck of a given system? You probably can (I guess now there are some probes similar to DTrace), but it is a couple of clicks away in any windows version >=2000. And yes, it has helped me many times diagnosing faulty hardware or detecting resource starvation in some operations ("the database was slow. now it seems fine" - why was the database slow? that kind of diagnostics).
They don't tell you where or what. You don't even get the process ID of the stuff that's logging the error.
You do get the process ID, accompanied by a bunch of other stuff (such as vendor error codes, the binary path, etc).
You can't even easily sort by date then by error type - sorting by error ID causes the date sort to no longer be in order. So what's the frigging point of the stupid fancy log UI?
But you can easily discard non-relevant information, or create a custom view for a given error ID. And the available info isn't limited by default to 7 days. And you can export the available info to XML (granted, not as easy to work as textfiles).
That crappy attitude to useless logs goes all the way up to the app level with useless messages like "Object reference not set to an instance of an object."
And in other systems, this is different how? How more helpful are messages about segfaults before a core dump? And if you _do_ have debug information, firing up the debugger will give you detailed information about what went wrong. Just like any other system.
As everyone else here is saying if your admin is not up to it then any argument about OS security is irrelevant.
Maybe you aren't reading the same thread as I. Very few people are actually saying that, and it is a shame, because it is the truth.
I don't know the best way to do this but I (no admin training) could get something this working on linux.
Shure you can. On linux or on any other unix operating system. But can you do it in under a minute, or without logging on the machine (suppose it's 7pm and the user already left the building), or that instead of 2 or 3 accounts, you have to enforce 50 or 100 with different schedule requirements? The easy answer is to have your linux desktop authenticate on a Windows Server (or some other directory service that can provide you that funcionality). But the cheapest, easier to use solution I know of is Windows - and you can even train a monkey to perform that specific task.
Don't try to argue that windows has better networking admin than *NIX without researching (do you know you could have done in linux?), i would guess that some *NIX probably did something like it first and probably can still do the equivalent better but in a *NIX way.
Given that my work envolves maintaining heterogeneous infrastructures (bsd/linux/windows/osx/etc) on corporate networks, covering both server and desktop integration, i'd say I have a pretty good idea. And while I do prefer unix on the server (even if it requires me to use samba), many of the issues I solve/work around wouldn't exist on a windows-only network, or could be easily done by someone with superficial tech knowledge.
I'm betting even an OpenBSD workstation is prone to become compromised once it's handed over to the average "user", who'll want to download and install unvetted software (etc.)
OpenBSD security is (at least partially) a myth. Don't get me wrong, I'm an OpenBSD user (less and less these days) and enthusiast, and their base network services are usually rock-solid. But the lack of some sort of MAC, compartimentalization/virtualization support and the occasional local kernel hole (as any other unix system) is a bit of a letdown.
And really, what do I know about the majority of the smaller software packages in the Ubuntu Software Center?
I've been saying the same ad nauseum. They say it's more secure because the connection between your computer and the package server is verified and encrypted, but when you ask what kind of guarantee the user has that some package wasn't built using tainted source or on a compromised server, the arguments quickly fade away.
All the examples you mentioned are people that really don't know how to use computers, regardless of the operating system. They probably don't mind if rendered fonts appear a bit funny, if some keyboard shortcuts are different (or semi-useless), if LibreOffice has some limitations when comparing to MS Office, or if the cornerstone application of their business doesn't run on that given operating system. Those are the kind of users that need a browser and a wordprocessor, and use them 2 times a week.
Picking on your example, those are also the people that usually know how to use a touch-based smartphone without a problem - I can easily install and configure "complex" unix systems (or use my windows desktop), but usually have great difficulty using a smartphone for anything but texting and calling. Does that mean that the interface is bad, or that just It wasn't designed for people like me?
You could never convince him that a free alternative to anything could be better
Define "free". Most corporate Linux distros I've seen aren't free, and often their pricing isn't that far from Microsoft. Some unix vendors (such as IBM and SUN/Oracle) will probably have much more expensive solutions. Because, you know, not everyone is spending a ton of money on server-grade hardware to install CentOS or whatever, without any kind of insurance that eg. the thousand-dollar fabric adapter will work with the manufacturer driver as advertised.
And since there's these successful and widely popular companies selling the widget for lots of money and making a killing,
That also happens in the linux/unix ecosystem. And you also have the opposite, companies without a clear revenue model that give away their product (such as Canonical). If a motocycle manufacturer started giving away motorcycles, and charged only the maintenance, probably would have some legal problems - in many places, you can't sell the product for less than it costs to manufacture it. The OSS software ecosystem is hard to understand for an outsider (as usually many decision makers are), and the similar business models they can use to compare say the product is worthless or has hidden fees. Can you blame them? Maybe. Maybe the problem is on the label of the product, and not on "the customer". Point is, it's not that simple.
But the main issue/what Linux advocates tend to forget is that the technology behind a given platform is less and less relevant each day. There has been a paradigm shift from resource-based to service-based systems. Linux is very popular as an infrastructure operating system (hosting, storage, firewall, virtualization, etc), and Windows is very popular as a services/frontend operating system - aplicational software, intranet portals, document management systems, etc. Users tend to interact more with Windows (because it's what they see on their end), and recognize it more easily, than all those linux-based technologies that they also use, but are locked away on some datacenter. I haven't seen a pure windows network in years.
Microsoft spends a lot of money on getting people hooked on their technologies
Thats how commercial unix go to be such a big success. Most of big vendors of unix products did the same.
including getting most universities to teach their crap
While I agree with you, I don't see linux as a viable alternative. Is just a different kind of crap. There are some operating systems built for reasearch/teach environments that are more suited to teach operating systems design than both windows or linux.
CTOs get bribed. Those bribes determine what technology they buy.
So are you saying that most/all CTOs that choose some tech you don't approve of are being bribed, but none of those who pick the tech you do approve aren't bribed? Can you really stand by your argumentation with a straight face?
The FSF doesn't have much money to waste on bribes, but many corporations do.
As a personal opinion, I think the FSF does more damage than good to OSS in general. Mixing software/tools and politics isn't usually a good idea, specially when the frontman has almost zero experience in actually working on a company. But given your nickname, I'd guess we have different views on the subject.
Why is it FUD? I often see in my servers maillog a ton of blocked spam sent from compromised unix/linux servers. It's still not that difficult to find RedHat 7.x installations on the wild, with a vulnerable OpenSSH. And don't even get me started on vulnerable ProFTPDs, stupid user passwords, vulnerable web stack (apache/php/python/java/whatever) and so on and so on. The same way you'll find a _ton_ of Windows servers with vulnerable IIS (old versions) and the stupid stupid habit of having RDP open to the world.
The argument that "Linux is more secure" is a shitty one. Is there anything more secure than Linux? Of course there is - OpenBSD, for example. Is there anything more secure than OpenBSD? Of course there is - OpenVMS, for example. Can OpenBSD (the example I'm more familiar with) be vulnerable to external threats if you load additional third-party software? Yeah, shure. They can all be made insecure by adding needed software or an incompetent administrator.
Working with both unix and windows, I'd say one of the big advantages of windows is how well it integrates with windows servers, and how easily (assuming you don't run into a random bug or design flaw) you can manage granular permissions of your users (the people from sales cannot change the wallpaper, plug in USB devices or write to "my documents", but the sales manager can do it on machine X, Y and Z), add and remove privileges (there will be an external audit and the guys need to be able to login into the accounting machines from 9am to 5pm, but only thursdays and fridays for a month). If you run a managed, well filtered and secure large-scale desktop network, you'll learn to apreciate those tools (and to have every hiccup you'll have) - and all the perimeter appliances probably will run some sort of unix.
So, I'd say you are probably a Linux administrator, and not a windows one. Windows also have logging facilities, and a pretty complete statistics monitor to help you diagnose/troubleshoot problems (and probably can gather metrics with far more detail than you would on a Linux system). That said, there are some issues an lot of badly designed software out there. But unfortunely, that's not Windows-specific.
The security concern on Linux isn't malware, it's remote exploits of one of the services that are installed, by default, to be accessible from the Internet.
Virtually everyone in a first-world country uses a router with a built-in firewall and/or NAT. Maybe with IPv6 this will be a problem, but for now, those ports are only accessible from the internet if you specifically say so.
The security concern on Linux isn't malware
...And browser plugins such as Java. And insecure permissions (such as running the browser with the ID of the user). And browser vulnerabilities. And the false sense of security of using an operating system that "doesn't need an antivirus" to surf the internet.
Android is (usually) not used as a desktop operating system, and not everyone uses it to store valuable information or even to connect to the internet. Also, the Android application ecosystem can't hold a candle to Windows, both in variety and quality. I'd bet that 99% of all that Windows malware is directly related with pirated/cracked applications, and not "worms/virus on the wild".
The last couple of years, the relevant threats are usually online and not even Windows-related. Phishing, social engineering, CRSF, Java/PDF exploits are usually techniques that (to a varying degree) work, regardless of the operating system.
Slashdot Mirror
Having this included by default in the log means that even if the application logging sucks you still can get some useful info. The process IDs you see in those application logs are because someone decided they would be useful and so logged them.
I guess you are right, but the process IDs on the application log are one of the parameters of the xml entry, so it is not a custom field. Probably the system isn't always logging the IDs.
That was a run-time error. It only shows up while the program runs. I could write a program that'll only show this error half the time it runs. So how's that a parsing error?
It is a parsing error because the code/bytecode is only parsed when executed. That also happens with other dynamic languages such as PHP. But even picking up on your example, are you saying that a windows version of Python won't produce the same error?
I've used it a lot and "windows event viewer" logging is crap and crappier than it should be. That's why my applications by default log to text files instead of the windows event logger.
I never really have had any serious problems with it, but you do raise some valid points and probably you've had to deal with more complex problems than I. But while I _do_ love the simplicity of textlogs, I've seen many many useless log messages in unix systems.
Not a vaid example to extend to extend to all linux Network code, where you would replace it with something involving NFS in a non window environment.
You usually cannot replace 100% of windows desktops for various reasons (and in some environments you'll find decade-old Apple computers, archaic unix systems, etc), so SMB is the lowest common denominator. But from your post I guess (I may be wrong) you never really had to deploy NFS or have an idea why the alternative to Samba in pure-unix environments often is AFS or GFS2, and not NFS, so I see no point in continuing this further.
You come off as a well practiced windows admin who has picked up linux from the internet in the past 5 or so years or no the right person to make these argument
While I do perform windows administration (since NT3.5 and before TCP/IP was commonplace, but not relevant), I have more than 10 years of experience deploying and maintaining unix operating systems (mostly BSD, but also some Linux and some Solaris) in commercial environments. And "I picked up" Linux in 1996. So, I'm technologically old, but is any of this relevant?
ask your self how much expertise he had or if he was trolling.
This is slashdot. I prefer to ask myself if he raised a valid point or not. And he did. How much expertise is enough for you? And how do you measure it? By years? If someone has fedora on their laptop for the past 6 years, does that count as "unix administration" skills? (I don't think so) And the Linux admins, are they that much better on average than everyone else? I don't think so. Fact is, everyone has different backgrounds and different experiences. That is what makes this discussions interesting - I may learn something new.
Like you ask for proof above, prove it, This is subjective.
Maybe. But I'm still waiting for you to provide similar funcionality to AD (management-wise) for unix. And it's not like it doesn't exist - Novell had something somewhat similar - but check the price. As an example, do you know one of the major problems in using eg. Firefox in large scale desktop networks? Yup, is the fact that you can't lock down the browser easily and in a centralized fashion. How do I prove it? Well, next time you go to a bank that has windows desktops, ask the teller what he can and can't do with his browser. If you never used this kind of funcionality, you probably never looked for what's available, what works good on paper but fails in production, and the cost of the commercial versions.
Cost wise you need less linux admins to windows ones, see the Munich linux roll out.
I find it funny how you cherry pick the examples of others, but fail to give actual insight in your own examples. The Munich rollout started in 2003, and was "complete" in 2011 (75% of total desktops migrated). They took 8 years to get to this point, and they are still migrating the 3000 desktops remaining, so we have different ideas of what is "success". One of the reasons for the migration was, and citing an interview "There was, according to Schießl, no common directory, no common user management, no common hardware or software management. ". Is that a relevant example for this discussion? Doubtful.
You could, however, picked some successful examples, such as Brazil's Federal Government, Extremadura (Spain), or even IBM. Each case is a case, there is no magic bullet, and a lot of work is made to ensure there is no relevant loss of funcionality.
Whats the metric for easy?
One of my metrics for easy is not having to mess around the samba code to try to understand why it isn't working as advertised, when users are waiting for it to work. Or performing regular maintenance and upgrading, and suddenly having things stop working and you have no idea why. If it is easy, the required skill level is always inferior. If you think I'm trolling, go have a look on samba's bugzilla.
Sorry, you're right (ia64 IS itanium, my bad)
Sorry for the late reply, but let me start by saying I share the +1 awesome idea of the other guy :) your post and your work is awesome, respect :D
.005% THD transistorized amplifiers. And the funny thing is, they will even plug in effect pedals between the preamp and the guitar - effect pedals that use ampops, transistors and crappy, crappy, CRAPPY power adapters. I'd like to receive your feedback on that one - do you think effect pedals are evil, or a source of random noise?
:D (yeah your pics are awesome) I'm a big metal fan. The "norm" is to have hi-quality mics pointed at the valve guitar amps, and then have the unique sound propagated to whole stadiums via transistorized amplifiers. I see no problem there :)
:)
I'm not an expert on valve amplifiers, but I do recognize shitty transistorized works when I see one. My last post was based on what I've seen from maintenance schematics from big brands like marshall. Crappy crappy designs. Guitar and bass players usually don't know shit about both good sound and electronics, so if a given amplifier happens to produce a more suitable tone, they'll be all over that - usually that warm fuzzy sound is a valve amplifier, and there is little to no incentive into having DSP's (the rack-mount appliances you mentioned, not the ICs I mentioned) cannibalizing that market and taking advantage of those
Regarding louder
Btw, thanks for the schematics, it is rare to find such an insightful post here
I guess Itanium users would have to choose b/w FreeBSD and Debian
AFAIK (and I've checked http://www.freebsd.org/where.html) there is no FreeBSD itanium port.
I mentioned OpenBSD mostly because not only I'm a fan, but also because of the securtiy myth. You don't really need capiscum in OpenBSD when systrace does almost the same job. The problem is, OpenBSD is crap as a simple user desktop, and has no MAC framework. OpenBSD desktops are as vulnerable to attacks as everyone else.
OpenVMS still alive and well. It doesn't matter what the vendor says. If you can still buy official support, it is alive. And OpenVMS isn't UNIX, so while it is more secure than OpenBSD, the latter holds a pretty good track record among unixes.
If one is going to look beyond Windows for this reason, seems to me that the above would be the best combination.
You shouldn't. Try smartcard auth. Or any kind of centralized auth besides kerberos. And the lack of MAC. And the lack of desktop-friendly applications. If you need windows, and need to replace it, you need windows.
Linux logging facilities give you specific, text-based error messages indicating what the problem is and when/where it occurred without needing to look up some esoteric (and numeric) error code on Microsoft's web site to even guess what the problem might be related to.
Since you said you are a windows administrator, I'll treat you like one.
There are several popular logging programs used in Linux, but let's assume we are using the "de facto" unix standard, syslogd. Well, syslogd has no saying about the quality, insightfulness, or truthness of the messages it is ordered to log. The same applies (mostly) to windows. While I do prefer the traditional text-based logging of unix systems, the quality of the logs vary greatly from application to application. Almost as in windows, where some special applications (SQL Server, PostgreSQL, etc) have their own text-based logs for troubleshooting.
Syslog doesn't give me nothing - the application logging does. And I can tell you, there are some shitty applications out there. The other day, I had a openvpn server simply not working. The client and server were in different timezones, so the certificate was "in the future". It didn't work. No log entry, it just didn't work. No error message whatsoever. And don't even get me started on eg. samba problems. The last time I had a serious samba issue I had to analyze the source to find out that it was a registry option in windows (related to performance of applications in network shares). The unix logs were as useless as the windows ones. Try postfix. or openldap. or whatever, because I had applications silently failing in every environment.
As an aside, I have never had a Linux system give me an error that included the text "The operation completed successfully" [google.com]. I'll leave that google search for you to laugh at.
I've had a "security update" for a given distro (ubuntu) upgrade my kernel to one with a non-functional intel ethernet driver. That's right - intel ethernet driver. Intel, not those new marvell chips. It took me half an hour to understand why the machine was off the nework until someone said it installed some updates, Thank god it wasn't a server.
But hey, you seem to think I don't have a clue of what I'm talking about. I guess I'm pretty skilled for a dumb guy.
I guess i take that back then but your argument is what?
My argument is that, for management sake (and less steps directly translates to less errors, less technicians and so forth), Windows networks as a whole are easier to maintain (desktop-wise) than *nix-based ones. And that the tools available are businesss oriented, and not nerd-oriented.
My understand that the article was arguing a network of linux desktops and admin would be more secure than a windows one. The article seems to mean that windows desktops are security hole.
I didn't reply to the article itself. The article is an ugly mess of concepts, starting with the fact that dropbox is mostly OS-agnostic. Somewere along this thread, the extrapolation that linux is somewhat more secure than windows was made, without presenting any kind of proof. As someone else said it, it is and irrelevant question, since it depends of the system administrator (and not of the operating system).
No idea, i have no training.
That is the problem. You replied aggressively to someone without even having a vague idea of what you're talking about (the original thread I replied to). Some days ago, someone was modded down because it said that the best way of perform linux upgrading (regarding to a linux usage in google article) was to re-image the system. That is the correct/best bet way of doing it, regardless of what you or others think. Shit happens. In all flavors and all platforms. Knowing it is half the battle. The problem here, is that experience/insight is buried by zealotry/false beliefs. Sometimes, the linux folks seem a lot like a religion.
I trust those packages because I know that if they do have a problem it will come out soon enough
So, the "because someone else may look at them" approach. It didn't work for Debian.
after which Ubuntu is sure to start losing users in droves, and go bankrupt.
Canonical (the Ubuntu company isn't named ubuntu) does not have a clear business model, and it is (as a sustainable business) bankrupt today. Can you please explain to me the difference between having zero paying users or one million of those?
Ubuntu has a good business reason
Oh god, please tell me, I really want to know! Because the company isn't run as a profitable business.
And that's what makes me trust them to keep it safe, and also that once a problem has been identified, that they will act to fix it.
1) Canonical has ZERO control over the repositories they push the sources from, so they can't really guarantee that - as an example, there is a cgi php bug that is only really fixed in 5.4, which is incompatible with a ton of existing php code. 2) every other vendor does that (fixing bugs), including Microsoft.Can I get security updates for my Linux 8 year old system install? doubtful.
The same for organisations like Mozilla or OpenOffice and it's forks: they run a business based on people trusting their software to do what it says it does
I want some of what you're taking. Mozilla is sustained mostly by Google trough the search engine in firefox, and OpenOffice doesn't have a commercial model at all, being a shared effort project.
And that "trusting in people you don't really know for stuff to be ok" is called social engineering. Look it up.
I have no idea how I'm supposed to solve this one since I have neither the source for CRM nor psychic powers.
If you really want an answer, you can create a crash dump of your application and analyze it with a debugger (just as you'd do with any unix), and try to understand why it failed. It is not easy, but the same applies to debugging of unix applications.
Or you could repair/reinstall it.
What's the process ID of the nfssvr in this Windows Server 2008 log: http://technet.microsoft.com/en-us/library/cc731909(v=ws.10).aspx [microsoft.com] Or this log: http://www.petri.co.il/images/ie7_on_ex2003_1.gif [petri.co.il]
Both of them are system logs, not application logs. Please tell me what advantage would you get from knowing what was the process id at the time of execution, since (usually) you can't have services with the same name running at the same time. And both of the error messages are quite clear on the problem and what went wrong (but sometimes you can really get some cryptic messages).
Here http://imgur.com/C2pFB you have an example of process id on the application log.
As for the "object reference" errors, in other systems/programming languages you get way more useful error messages like: (...)
You example is apples and oranges. The errors you mentioned are _parsing errors_, not runtime errors. Try with a compiled language.
In contrast I see my colleagues working till late at night wrestling with "Object reference not set to an instance of an object.", and it's not always their code they're having to fix. Maybe there's a way of turning on debugging symbols so that message is replaced with something a lot more useful, but so far they seem to get the same useless error message even with debugging on.
I don't know your colleagues nor their expertise in programming, but those kind of errors are language-dependant and not platform-dependant, and are usually easily by static analysis tools or avoided altogether with good programming practices (by the description, it reminds me of some common bugs of VB applications that were mostly solved by using "option explicit on").
FWIW I do write windows programs/services that log more informative "syslog style" error messages (with process AND thread ID- makes debugging multithreaded stuff easier), but Microsoft's own stuff doesn't do it.
Not all available software for linux/unix is that nice, also. It is true that you can tune up or down verbosity, but - as an example - postfix, samba and openvpn are god-awful to troubleshoot only by loggin in complex problems.
for example if there is a problem with an email message amongst a bunch of Microsoft Exchange servers, figuring out the path it took and where the message had problems, and why is so much more difficult than with postfix, qmail etc.
I'd say you never really had problems with qmail :D I have limited experience with Exchange (but a lot of experience with postfix), but I must say that what you describe is pretty much the experience my colleagues have reported me. From that limited experience, half of the problems arise from incompetent system administrators that don't understand the SMTP protocol. If you can access the message, you can easily examine the path taken. But hey, maybe your problems are more complex - I don't know.
Sometimes it seems to me that Microsoft's stuff was designed by some smart people, but the coding was outsourced to India or wherever. So the outsource coders will write in logging (and other features) as defined in the requirements in the easiest/cheapest way, which often turns out to be almost useless. But they don't care - they are not ever going to use what they write!
Maybe. But many applications have separate logging (SQL Server, PostgreSQL, MySQL) to help with that. I'm not saying Windows logging is perfect, but it is not the unusable pile of crap everyone that never tried to use it say it is. I've had issues with cryptic message logs in both unix and windows (eg. try to run openvpn with certificates from "the future" - different timezones - a
On Linux, I can combine grep, awk and perl to turn logs into useful information. On Windows I can browse them through an annoying GUI.
No argument there. I also prefer the flexibility of unix-style logging.
I have never, ever, had a Windows server problem that was easier to diagnose than the most pathological Linux server issue I've had.
Do you have an easy way to monitor, as an example, disk I/O, cpu usage and memory allocation of a given process, for a period of time (let's say 12h)? Or can you easily verify if a network bandwidth problem is directly related to hardware problems, such as a deficient network card generating too much interrupt requests? Or can you extract disk usage statistics (both TPS and bandwidth) over a large period of time, so you can determine if the storage is the bottleneck of a given system? You probably can (I guess now there are some probes similar to DTrace), but it is a couple of clicks away in any windows version >=2000. And yes, it has helped me many times diagnosing faulty hardware or detecting resource starvation in some operations ("the database was slow. now it seems fine" - why was the database slow? that kind of diagnostics).
They don't tell you where or what. You don't even get the process ID of the stuff that's logging the error.
You do get the process ID, accompanied by a bunch of other stuff (such as vendor error codes, the binary path, etc).
You can't even easily sort by date then by error type - sorting by error ID causes the date sort to no longer be in order. So what's the frigging point of the stupid fancy log UI?
But you can easily discard non-relevant information, or create a custom view for a given error ID. And the available info isn't limited by default to 7 days. And you can export the available info to XML (granted, not as easy to work as textfiles).
That crappy attitude to useless logs goes all the way up to the app level with useless messages like "Object reference not set to an instance of an object."
And in other systems, this is different how? How more helpful are messages about segfaults before a core dump? And if you _do_ have debug information, firing up the debugger will give you detailed information about what went wrong. Just like any other system.
Or you can use other IDE, such as SharpDevelop. That is what I actually use for C# development.
As everyone else here is saying if your admin is not up to it then any argument about OS security is irrelevant.
Maybe you aren't reading the same thread as I. Very few people are actually saying that, and it is a shame, because it is the truth.
I don't know the best way to do this but I (no admin training) could get something this working on linux.
Shure you can. On linux or on any other unix operating system. But can you do it in under a minute, or without logging on the machine (suppose it's 7pm and the user already left the building), or that instead of 2 or 3 accounts, you have to enforce 50 or 100 with different schedule requirements? The easy answer is to have your linux desktop authenticate on a Windows Server (or some other directory service that can provide you that funcionality). But the cheapest, easier to use solution I know of is Windows - and you can even train a monkey to perform that specific task.
Don't try to argue that windows has better networking admin than *NIX without researching (do you know you could have done in linux?), i would guess that some *NIX probably did something like it first and probably can still do the equivalent better but in a *NIX way.
Given that my work envolves maintaining heterogeneous infrastructures (bsd/linux/windows/osx/etc) on corporate networks, covering both server and desktop integration, i'd say I have a pretty good idea. And while I do prefer unix on the server (even if it requires me to use samba), many of the issues I solve/work around wouldn't exist on a windows-only network, or could be easily done by someone with superficial tech knowledge.
I'm betting even an OpenBSD workstation is prone to become compromised once it's handed over to the average "user", who'll want to download and install unvetted software (etc.)
OpenBSD security is (at least partially) a myth. Don't get me wrong, I'm an OpenBSD user (less and less these days) and enthusiast, and their base network services are usually rock-solid. But the lack of some sort of MAC, compartimentalization/virtualization support and the occasional local kernel hole (as any other unix system) is a bit of a letdown.
And really, what do I know about the majority of the smaller software packages in the Ubuntu Software Center?
I've been saying the same ad nauseum. They say it's more secure because the connection between your computer and the package server is verified and encrypted, but when you ask what kind of guarantee the user has that some package wasn't built using tainted source or on a compromised server, the arguments quickly fade away.
All the examples you mentioned are people that really don't know how to use computers, regardless of the operating system. They probably don't mind if rendered fonts appear a bit funny, if some keyboard shortcuts are different (or semi-useless), if LibreOffice has some limitations when comparing to MS Office, or if the cornerstone application of their business doesn't run on that given operating system. Those are the kind of users that need a browser and a wordprocessor, and use them 2 times a week.
Picking on your example, those are also the people that usually know how to use a touch-based smartphone without a problem - I can easily install and configure "complex" unix systems (or use my windows desktop), but usually have great difficulty using a smartphone for anything but texting and calling. Does that mean that the interface is bad, or that just It wasn't designed for people like me?
You could never convince him that a free alternative to anything could be better
Define "free". Most corporate Linux distros I've seen aren't free, and often their pricing isn't that far from Microsoft. Some unix vendors (such as IBM and SUN/Oracle) will probably have much more expensive solutions. Because, you know, not everyone is spending a ton of money on server-grade hardware to install CentOS or whatever, without any kind of insurance that eg. the thousand-dollar fabric adapter will work with the manufacturer driver as advertised.
And since there's these successful and widely popular companies selling the widget for lots of money and making a killing,
That also happens in the linux/unix ecosystem. And you also have the opposite, companies without a clear revenue model that give away their product (such as Canonical). If a motocycle manufacturer started giving away motorcycles, and charged only the maintenance, probably would have some legal problems - in many places, you can't sell the product for less than it costs to manufacture it. The OSS software ecosystem is hard to understand for an outsider (as usually many decision makers are), and the similar business models they can use to compare say the product is worthless or has hidden fees. Can you blame them? Maybe. Maybe the problem is on the label of the product, and not on "the customer". Point is, it's not that simple.
But the main issue/what Linux advocates tend to forget is that the technology behind a given platform is less and less relevant each day. There has been a paradigm shift from resource-based to service-based systems. Linux is very popular as an infrastructure operating system (hosting, storage, firewall, virtualization, etc), and Windows is very popular as a services/frontend operating system - aplicational software, intranet portals, document management systems, etc. Users tend to interact more with Windows (because it's what they see on their end), and recognize it more easily, than all those linux-based technologies that they also use, but are locked away on some datacenter. I haven't seen a pure windows network in years.
Microsoft spends a lot of money on getting people hooked on their technologies
Thats how commercial unix go to be such a big success. Most of big vendors of unix products did the same.
including getting most universities to teach their crap
While I agree with you, I don't see linux as a viable alternative. Is just a different kind of crap. There are some operating systems built for reasearch/teach environments that are more suited to teach operating systems design than both windows or linux.
CTOs get bribed. Those bribes determine what technology they buy.
So are you saying that most/all CTOs that choose some tech you don't approve of are being bribed, but none of those who pick the tech you do approve aren't bribed? Can you really stand by your argumentation with a straight face?
The FSF doesn't have much money to waste on bribes, but many corporations do.
As a personal opinion, I think the FSF does more damage than good to OSS in general. Mixing software/tools and politics isn't usually a good idea, specially when the frontman has almost zero experience in actually working on a company. But given your nickname, I'd guess we have different views on the subject.
Right on the spot.
Why is it FUD? I often see in my servers maillog a ton of blocked spam sent from compromised unix/linux servers. It's still not that difficult to find RedHat 7.x installations on the wild, with a vulnerable OpenSSH. And don't even get me started on vulnerable ProFTPDs, stupid user passwords, vulnerable web stack (apache/php/python/java/whatever) and so on and so on. The same way you'll find a _ton_ of Windows servers with vulnerable IIS (old versions) and the stupid stupid habit of having RDP open to the world.
The argument that "Linux is more secure" is a shitty one. Is there anything more secure than Linux? Of course there is - OpenBSD, for example. Is there anything more secure than OpenBSD? Of course there is - OpenVMS, for example. Can OpenBSD (the example I'm more familiar with) be vulnerable to external threats if you load additional third-party software? Yeah, shure. They can all be made insecure by adding needed software or an incompetent administrator.
Working with both unix and windows, I'd say one of the big advantages of windows is how well it integrates with windows servers, and how easily (assuming you don't run into a random bug or design flaw) you can manage granular permissions of your users (the people from sales cannot change the wallpaper, plug in USB devices or write to "my documents", but the sales manager can do it on machine X, Y and Z), add and remove privileges (there will be an external audit and the guys need to be able to login into the accounting machines from 9am to 5pm, but only thursdays and fridays for a month). If you run a managed, well filtered and secure large-scale desktop network, you'll learn to apreciate those tools (and to have every hiccup you'll have) - and all the perimeter appliances probably will run some sort of unix.
So, I'd say you are probably a Linux administrator, and not a windows one. Windows also have logging facilities, and a pretty complete statistics monitor to help you diagnose/troubleshoot problems (and probably can gather metrics with far more detail than you would on a Linux system). That said, there are some issues an lot of badly designed software out there. But unfortunely, that's not Windows-specific.
The security concern on Linux isn't malware, it's remote exploits of one of the services that are installed, by default, to be accessible from the Internet.
Virtually everyone in a first-world country uses a router with a built-in firewall and/or NAT. Maybe with IPv6 this will be a problem, but for now, those ports are only accessible from the internet if you specifically say so.
The security concern on Linux isn't malware
...And browser plugins such as Java. And insecure permissions (such as running the browser with the ID of the user). And browser vulnerabilities. And the false sense of security of using an operating system that "doesn't need an antivirus" to surf the internet.
Android is (usually) not used as a desktop operating system, and not everyone uses it to store valuable information or even to connect to the internet. Also, the Android application ecosystem can't hold a candle to Windows, both in variety and quality. I'd bet that 99% of all that Windows malware is directly related with pirated/cracked applications, and not "worms/virus on the wild".
The last couple of years, the relevant threats are usually online and not even Windows-related. Phishing, social engineering, CRSF, Java/PDF exploits are usually techniques that (to a varying degree) work, regardless of the operating system.