Encrypted filesystems require your boot partition have the encryption keys unencrypted so that they can be read, which sort of mitigates the whole point.
Not necessarily. The boot partition can keep a copy of your encryption keys stored in an encrypted format, which then requires a second set of keys to decrypt. So this way your system starts to boot, then tries to mount the encrypted filesystem, but first requires a passphrase to decrypt the keys. Of course, ideally you would want a token-based system, but there are some ways to make effective encryption of the filesystem.
In today's modern environment where just about everything will have two or more CPU cores available, the actual encryption/decryption overhead isn't that big of a concern. Our biggest concern with implementing a FDE solution for our mobile devices was key recovery in the event that someone lost their keys/passphrase. We're using PGPs Whole Disk Encryption, and it allows us to specify a second "account" or passphrase that has access to the decryption keys, so even if our user loses his keys and/or passphrase we can still get in.
Which means it will cost $1000-$2000 just for CPUs and motherboard. AMD's and Intel's quad cores will cost a grand also, which limits all of this to people with more money than sense.
If they're going to allow dual processors, why not let people use the $150 2.0GHz dual cores? Then the whole thing will come in under $500 and have much wider appeal.
The target price is under $1000 for the CPUs and (presumably) board. That really doesn't price it out the range of people who were previously buying Athlon FX and Intel EE CPUs. Keep in mind that this is a high-end enthusiast-class platform, rather than the future of AMD's mainstream computing. If you just want dual CPU dual cores, you can buy an Opteron 200-series workstation for less probably. You won't get 4 PCI-E x16 slots and 12 SATA ports, but who needs that anyways? Or, you could just wait until 3Q of 07 and get a native quad core CPU.
Would it be great if they made it cheaper so that everyone could have one? Absolutely. But then they would be cannibalizing the sales of their other higher-end CPUs (why buy a $700 FX-series when you can spend $300 on low end X2 CPUs and get more performance?).
With two CPU chips with 2 cores each, shouldn't that be called "2X2"?
It was explained awhile back, but 4x4 isn't directly related to the core count. Otherwise, why wouldn't a dual CPU workstation class system with dual core CPUs be considered 4x4?
4x4 actually is in reference to 4 CPU cores and 4 video cards, at least that is the way that it was explained to me.
Sounds like someone at 20th Century Fox has been listening to George Lucas. $200 million dollar movies just don't make sense these days. There was an interesting writeup about a related topic on Techdirt this morning too, here. Wil Wheaton also had some interesting comments about Lucas' comments on his blog awhile back here.
The reality is, there are many more distribution models than there used to be, meaning that you don't have to take a chance with a huge budget picture to get a hit/return on investment. In fact, if you have a really good product, your fans may very well prefer that you not make a big budget blockbuster movie and instead release a series of smaller, less expensive "films" distributed through an alternative medium, because they can get more content.
Now whether that was Fox/Universal's thinking on this, or if they just got cold feet due to the dollar signs, either way it is pretty strong evidence that we are standing on the cusp of a potentially huge paradigm shift in the way that movies are made and distributed. I suspect that all it would take is one big name hit to be released in this fashion to get the snowball really rolling.
Don't get carried away. I think I read here last week that MS aren't going to allow Vista to run inside a virtual machine - am I correct? And there's Vista messing up the boot sector too. It looks like this is not a two-way street.
This is incorrect. The low-end versions of Vista (according to the current version of the EULA) aren't allowed to be run in a VM, but the higher-end versions not only can be run in a VM, but they will include a new version of Virtual PC and licensing to allow you to run up to 4 instances simultaneously.
Regardless, Microsoft has already made Virtual Server free if you run Windows 2003 R2, and Virtual PC has been free for awhile. How big of a step is it to release the specs for your VHD file? And how likely is it that it had already been reverse engineered by someone else to begin with?
The same for Socket 7 really, the later "Super 7" boards did not support the 50Mhz and 60Mhz bus speeds to run many of the sub-166Mhz chips, nor did they put out the right voltages. Most of the early Socket 7 boards did not support anything with the dual voltages, meaning that they basically were only good for 200Mhz or less.
You're right. Now that I think of it, I seem to recall soldering resistors to an old Socket 7 board in order to get the correct voltages for a specific CPU, but I suspect that not many people would have bothered with that.
If I had to make an honest guess what is keeping the AMD fanboys away, it's the sockets.
I'm not so sure about that. I've heard other people say it, but it never made much sense to me. Sure, they kept Socket 7 rolling for a long time, even after Intel went with a SECC instead. But there were architectural reasons for Intel's switch away from sockets, and AMD didn't have those same reasons and so they kept them. With Socket A, it's techinically true that the Socket A form factor lasted many years, but the reality is that Socket A was not 100% compatible across that entire time. A Socket A CPU from the introduction of Socket A would not work in a Socket A motherboard from the last generation of Socket A boards, and the reverse is also true. Because while they kept the socket and pin counts the same, they changed things like the FSB, voltage, etc which rendered previous CPUs incompatible.
AMD is in the race to stay alive as a company but they are not in the race to have the top CPU of 2006/2007, which is what really matters.
Matters to whom? Fanboys?
AMD is a business, not a sports team. Making money is the goal, not winning everything. AMD is still making money, gaining market share, and keeping average selling prices high. To me, that sounds like success.
And what's this business about 2007? Judging by my calendar, they have 14 months from now to come out on top for 2007. And from what I have seen of their roadmaps, it looks like 2H 2007 they should be, if not back on top, at least neck and neck with Intel on the "super top performing every fanboy must have one" scale.
If I were a large PC seller (Dell, HP etc) I would be thinking the same thing....being able to trade off two companies against each other gets me a better price. If Intel were the only CPU provider you probably wouldn't be able to buy a PC for less than $1500.
I remember about 11 years ago when I bought a 486DX2 desktop PC that cost (with 15" monitor) about $2500. I'm sure that competition in the CPU space (as well as others) is probably one of the biggest factors in the reduction in CPU prices.
Because they didn't have to. AMD has less fab capacity than Intel, and since their core business was making CPUs instead of core logic chipsets, why would they want to devote precious space and resources to making chipsets? Also, why would they to get into the business of competing with other chipset providers? Sure, Intel does it, but it causes Intel a certain amount of grief and requires a certain degree of careful dancing in order to do it without causing all sorts of political and legal problems.
AMD has designed chipsets in the past, but usually only when they absolutely had to in order to get a platform out the door. It seems to me that there was an AMD 760 chipset for one of the Athlon lines for awhile.
I think you're slightly right, but mostly wrong. Your analogy is correct, if you fail you can't help anyone. That is why you have to take care of yourself first. After that, however, making a rule about putting your kids or your spouse first seems insane. They are people. Treat them as such. Sometimes one will need you more than the other and sometimes it will be the other way around.
Well, I'll not mince words by saying that "I think that most marriage counselors." Let me just say that when my wife and I were in counseling, we were explicitly told that when you are working on relationships, the relationship with your spouse comes first, then children second. At first it is counterintuitive to put your kids second, but the best way that you can provide a safe, stable, and reassuring environment for your children to grow up in is to ensure that the primary relationship in the family/household is stable and healthy. If the parents are in sync, then they will be able to work together to provide for the kids, and the kids will have a strong example to emulate. If the parents are not in sync and their relationship is out of whack, it can create stress and uncertainty for the spouses which will be translated to the children.
Like the previous poster said, it's hard to be an effective parenting team when you're divorced. At that point your family has already disintegrated.
I have one PC (originally from 1996) that got two replacements each for CPU, mainboard and harddisk.
The harddisk changes were for capacity, 1GByte => 6.3 GByte => 45 GByte.
CPU/mainboard were changed for performance the first time (P133 => Athlon), due to a defect the second time.
Now I don't personally have many scruples to pirate Windows, but as a legit user of Vista I'd have a problem under similar circumstances.
Was there are retail version of an OS installed on this machine, or was it OEM? You might have a problem, you might not. It depends almost entirely on what Microsoft considers a transfer to another machine. Would these changes be enough to trip up product activation on Windows XP? Probably once. Maybe not twice. I also suspect very strongly that if you call Microsoft support asking to re-activate your OS install that was disabled when hardware was replaced due to failure, they would probably do it for you. I've heard plenty of stories of people using OEM versions of XP Pro (which can't be transferred at all, since they are OEM) who got re-activated by calling support and claiming that they had a hardware failure and had to install a new mainboard.
All I'm saying is that this is a bit of a storm in a teacup right now. Overall these changes are minimal at best, and there are some licensing changes that are actually beneficial to the end user.
"TechWeb has posted an article regarding Vista's new license and how it allows you to only move it to another device once. How will this work for people who build their PCs? I have no intention of purchasing a new license every time I swap out motherboards. 'The first user of the software may reassign the license to another device one time. If you reassign the license, that other device becomes the "licensed device," reads the license for Windows Vista Home Basic, Home Premium, Ultimate, and Business. In other words, once a retail copy of Vista is installed on a PC, it can be moved to another system only once.
How do you define moving to another system? What constitutes "another system"? If you swap out a video card does that make this a new system? Probably not. If you look at Windows XP and it's product activation, there are several things that can be changed as often as you wish without it being considered a new system that requires activation. There are some items that, between them as a group, can only be changed a couple of times before Windows will disable the system (CPU, mainboard, hard disk). This sounds pretty much like the same thing, so I'm not sure why people are making a stink about it now, other than the fact that the surest way to get lots of hits right now is to either extoll the virtues of or condemn Vista.
I guess that in theory, with previous retail versions of Windows you could remove it and re-install it on different machines as much as you wanted, but in practice how many people actually did that? Most home users certainly didn't. Lots of enthusiasts didn't either. If you buy a retail copy of Vista for your current PC, then pitch your current PC and build a new PC, then you might want to transfer your OS. Or perhaps if your PC died completely, you might want to transfer the license, and you would be allowed to do so once under this license. Now if you decided to add additional PCs, you would need more licenses anyway, right? When you consider that most consumers buy a PC with an OEM version of Windows already installed, and that many enthusiasts who build already buy the cheaper OEM versions, who really buys retail? Keeping in mind how many hardware changes it takes to trip up Product Activation now, how many people out there are likely to buy retail copies of Vista AND trip product activation more than once? Very few I suspect.
Elsewhere in the license, Microsoft forbids users from installing Vista Home Basic and Vista Home Premium in a virtual machine. "You may not use the software installed on the licensed device within a virtual (or otherwise emulated) hardware system," the legal language reads. Vista Ultimate and Vista Business, however, can be installed within a VM.'"
There are very few home users who could even tell you what a VM is, let alone install an OS into one. And those of us who are likely to use virtualization at home (and I'm one of them who currently does do this) would likely also need/already have the business version of Vista (or in today's world, XP Pro). More to the point, when I run virtualization at home it's not usually to run a second instance of my main OS. Usually it's so that I can test some new Linux distro, or to keep an older version of Windows around for compatibility purposes. Right now I run one of the Vista RCs as a host OS, and have Windows XP Pro, Ubuntu, and Windows Server 2003 running in virtual machines. So what's the big deal here? If you get the Business edition, you are allowed to run up to 4 virtual instances of Vista on the same machine using the same license, whereas with XP Pro you were permitted only a second instance. So this sounds like a net improvement to me. If for some reason you need to maintain two separate Vista Home Edition installs on the same machine, you can still dual boot.
"For instance, Home Basic users can't copy ISOs to their hard drives, can't run in a virtualized environment, and can only share files and printers to a maximum of 5 networ
Why should anything be wrong with the AM2 platform?
Nothing.
It is just an evolutionary step for the AMD.
I agree, nothing went wrong. The only point that I think that the article was right on was cost. Since the performance difference between the current generation of AM2 processors and 939 processors is so small (or almost negligible), the average consumer is buying based on price. And since 939 processors and systems are still available, though less "desirable" from being "older tech", the prices are usually better on 939.
There isn't anything confusing about the naming conventions of the CPU, at least not any more confusing than they were on 939. The AM2 versus 940 "confusion" statement is a red herring, because they're not both called socket 940, and I have yet to see an AM2 product advertised as 940.
The only real "problem" that AM2 has is that for the average consumer who buys a PC, then throws it out and buys a new one in 3 years, is the fact that AM2 doesn't add anything spectacular in this generation of chips. Sure, hardware support for virtualization is great for those few of us professionals who use virtualization, but the average user doesn't care. And while DDR2 is the new standard, and will undoubtedly have more benefit in the future at higher speeds (and with later revs of the AM2 CPU's memory controller), it wasn't really necessary at today's performance levels. The Athlon 64 went from a a very low latency (due to the integrated memory controller), medium bandwidth memory technology to a medium latency, high bandwidth memory technology. You wouldn't expect much change, except in extremely bandwidth-limited situations. On the other hand, the Intel line of CPUs went from a medium latency medium bandwidth memory techology (using an external memory controller) to a medium latency high bandwidth technology, so you would expect an improvement.
Hardware virtualization may be slower right now, but both the hardware and the software supporting it are new. Give it a few iterations and it will be equal to software virtualization.
It may or may not be faster eventually, but that doesn't matter. What matters is that small changes in the hardware make it possible to stop having to depend on costly, proprietary, and complex software--like that sold by VMware.
Maybe I'm crazy, but I just don't see that happening anytime soon in the mainstream. When they talk about "hardware-based" virtualization, they are really talking about "hardware assisted" virtualization, in that the CPU has some features built in to assist with accelerating virtualization. There still needs to be some sort of host OS or software (call it a hypervisor, mini-kernel, whatever) that provides access to the rest of the hardware (storage, memory, etc) and manages accesses by the guest OSes. What would it take to do all of that in hardware? My guess is new kinds of memory, storage, etc that also support virtualization, or a BIOS that actually manages it for you, but a BIOS is just software anyway.
I seriously doubt that we'll get to a purely hardware virtualization ever (for hetergenous operating systems), if for nothing other than the fact that there are so many potential issues with guest operating systems that the hypervisor/host OS needs to handle.
Step 1, make sure that these PC's always use the same IP address. Set it statically if you can, and while you're at it, set up a DHCP reservation for their MAC addreses to give them that same address. That way if they switch it to DHCP they get the same thing.
Step 2, set up a rule on your firewall for those two addresses that basically says 'allow http and https traffic from these IP addresses only if they are going to this specified address (the web site that they need)'. Put a rule immediately after that one that says 'deny all traffic from these IP addresses to any other IP addresses'.
Now they should have free roam of the internal network, but only be allowed web access to that one external site. If you want to get even more paranoid, you can configure the ports on their network switch to only allow traffic from their IP addresses, in case the users get the idea of statically setting a different IP address on the same subnet than the one that you gave them. Of course, these users shouldn't have the ability to change the IP address configuration for their PCs if they aren't running as admin. You don't let them run as admin, do you?
I don't believe that Windows XP has the same settings for IP security that you can put on Windows 2000 and later, otherwise that would be an option. If you really wanted to get detailed and make it secure, you could change all of the Windows Firewall settings to block everything except necessary traffic to necessary hosts, but then it gets really tedious, but I know that Windows firewall settings can be set with Group Policy.
They even had the ringtone as a downloadable ringtone there (you can't of course hear it at all if you're over 25 or so, as you age you lose the ability to hear in those outlier frequency ranges).
Well, I must have dog hearing, because I'm 33 and could hear it. And it's incredibly annoying (as in painful to my ears). The funny thing is, I spent my younger years listening to rock music cranked up as loud as it would go, and used to frequently work on racecar engines without ear protection. My wife thinks I'm half-deaf, but it must just be the lower frequencies that I can't hear as well.
At first, when I saw the 4MB numbers, I was worried because Opterons are 2x1MB L2. But once I dug into the real specs and saw that the majority of the Intel line is only 2MB L2 shared cache, I was less worried.
You're right about that. It's interesting that almost all of the early benchmarks were done with the 4MB cache models, whereas the benchmarks on the 2MB cache models didn't come until later (if at all). The same with retail availability. The only Conroe CPUs available now (outside of buying a new box from Dell) are the 4MB versions. The 2MB versions will supposedly come on August 7th. After seeing some of the benchmarks on the 2MB models, it becomes apparent just how important that 4MB of cache really is, as the 2MB versions don't deliver anywhere near the thrashing to AMD that the 4MB models do.
I just read a review on Inetl new C2 chips and from the specs, it apparently is faster by almost an order of magnitude than anything AMD has (im not a intel fan boy as everthing i have right now runs AMD)
Anyway, the most interesting thing about these C2 chisp is how much cooler they are at the same time. I've read on article that said they were able to run them fanless.
One, they are not an order of magnitude faster. I have seen some benchmarks on the Core 2 Duo CPUs versus Athlon X2 CPUs, and in a clock for clock comparison they Core 2 Duo were up to 20% faster in some integer operations. Floating point performance was almost equal, as was memory access. 20% is not an order of magnitude.
Two, we are talking about server CPUs, not desktop CPUs. That means that we need to be comparing Xeon CPUs with Opteron CPUs, not Core 2 and Athlon.
Three, the new Core 2 and Xeon CPUs may be faster one on one, clock for clock, than an Athlon X2 or Opteron, but they still have the same old problem that has haunted Intel CPUs since the birth of the Athlon 64: the FSB. Putting 4+ MB of cache onto the Xeon and Core 2 CPUs helps alleviate some of the FSB bottlenecks (for memory access), but they still can't touch the Hypertransport interconnect for performance. And where this really comes into play is in scalability. If you put two or four Intel CPUs into the same server, they share the FSB. If you put two or four Opteron CPUs into the same server, they each have a dedicated connection to the memory, etc. Opteron-based servers scale much much better than Xeon-based servers. This is especially important now that people are pushing virtualization more and more. Instead of buying 10 small servers to handle 10 different tasks, they're buying a single 4-way server and running 10 virtual servers on it to save money and make better use of the CPU and memory resources that they have.
It's not impossible to do, but it does take a lot of hard work. First, learn everything that you can about what you want to do, and expect to start low on the totem pole. If you lack a degree or certification, then resume experience (or having good contacts) will be your only hope. I got started professionally in IT in the years just before Y2K, so everyone was always hiring, and I got a job as a PC Technician through a "consulting" company that did staff augmentation. After a couple of years and numerous assignments I was able to demonstrate competency and a wide range of technical knowledge, and began getting placements as a junior-level server admin. I continued working and learning, yadda yadda yadda, until I started getting more senior-level jobs (like as a consultant on large Exchange migrations, etc). If you work hard and learn everything that you can, you will continue building useful resume experience. Working at numerous jobs via consulting companies really helps here. If you keep at it you'll eventually be able to get that cool sysadmin job that you want. I've worked for organizations ranging from small nonprofits to Fortune 50 companies. At the moment I'm the senior engineer for a small company with an IT staff of eight people and make about $75k (in central Ohio). Granted, that's not riches beyond your wildest dreams, but for someone with no degree and no certifications who was largely self-taught that's pretty good.
If your goal is to get into development or some other more specialized area, then the barrier to entry is much higher. You might want to consider working on some OSS pojects to build experience and get your name out there. What I have found in life is that degrees and certs really only demonstrate a basic level of training and competence. Once you have the degree/cert, you still are fairly useless until you have accumulated some experience working in the real world. Some people are able to accumulate the experience without the degree, and as long as they can get past pre-screening for a job (where HR usually weeds out people who don't meet the paper requirements) then they can usually do quite well. That's why consulting companies are a good place to work, as their customers rarely ask to see anything other than experience. But if you have neither experience nor a degree/certs, prepare to start at the bottom and work your way up. Usually it's faster just to get the degree.
I notice that you listed a slew of desktop apps that you run on Windows.
I'm not sure that this is really about the desktop, though. Sure, there are some really nice open-source desktop apps out there, but with the average Windows user being only slightly smarter than a budgie, retraining them to switch from Office, Photoshop, etc to OOo, GIMP, etc isn't all that likely. At least not anytime soon. And then there are the power users who actually use features on the proprietary apps that aren't available on OSS alternatives.
I personally think that the future of OSS on Windows has a lot more to do with the backend. For example, my company was a little tight on money recently but needed a new helpdesk ticketing system (we have about 400 users). I looked at several different commercial and OSS solutions, and we decided that we could save a lot of money by going open source. Then when we looked at our options we discovered only a handful that run on Windows, so we went with RT. Interestingly enough, RT runs just fine on Apache/MySQL on Windows, and it's a pretty good system on top of that. Next we needed some sort of instant-messaging solution that was restricted to within the company only and was logged. A little bit of looking around and I came across the Spark/Wildfire combination. One of our developers was building a web-based records-tracking application (we are a medical facility) and needed a back-end database. Rather than shelling out $10,000 on a pair of SQL Server CPU licenses (or even more on Oracle) we made it work with MySQL. All of these experiences have shown us ways that we can save substantial amounts of money and still have good tools to work with by going the open-source route. Now we're evaluating some other open source apps that don't run on Windows, so I've got a couple of Linux test boxes in my lab. Eventually we'll be running a pretty highly mixed environment. Maybe one day we'll even swap our desktop apps out for free alternatives, but that's not where most businesses are considering using open source on Windows.
No kidding. A friend of mine wanted to wipe a hard disk from within Windows. Something that you could do with a simple 'dd' comand in Linux/BSD. Everthing he found cost like $20. He ended up finding a crack for one of the programs just so he could do the wipe. I suggested a Linux boot CD, but for some reason he had to do all this without rebooting (don't ask). It is just sad. There really isn't enough OSS software for Windows. There may be "a lot" but there isn't enough. There are just so many things that Windows can't do out of the box... stuff I totally take for granted in Linux.
Two points:
1. There is no such thing as "out of the box" with Linux. Every distro is different and comes with different tools. Most of the tools are open source, so if you know what you're looking for you can get it for gratis from any number of well-known (within the industry/community) sites. Windows isn't much different. It comes with a standard set of user tools/applets, and not a whole lot for developing and administering systems. But if you're know what you're looking for, you can usually get it for gratis from Microsoft, or possibly another community/industry site. In either case, if you're not that familiar with the community then you're going to have trouble finding and getting what you need. I do believe that the fact that most Linux users tend to be more technically proficient than Windows users does have a lot to do with the difficulty of finding what you need. With Linux you have a smaller community of more highly knowledgable users, whereas with Windows you have a smaller community of more highly knowledgable users surrounded by millions of clueless brain-turds.
2. If you want to wipe a hard disk with Windows, it's not that hard. There are a number of free utilities that will do the trick. I recently needed similar functionality and ended up using a free BartPE plugin called COPYWIPE to do it. The biggest problem that you have with wiping utilities that run in Windows is that Windows typically runs from a computer with a single partition that is actively in use by the system. With Linux you typically have multiple partitions and disks, so wiping one while your OS is running from another isn't such a big issue. But there are plenty of free Windows utilities if you know where to look (like free disk imaging software, free partition resizing software, etc).
3. It is absolutely true that there are more $20-type of utilities for Windows that for Linux, but I think that has more to do with the mentality of the developers than the OS. If you're using Linux, you are benefitting from all of that free software, so it is easy to see the value of contributing to the community. If you are using Windows you are seeling the value of selling software, so when you write that cool utility you will be more inclined to make a little money on the side. Besides, have you ever tried to actually sell Linux-based software? Assuming that you don't have to deal with any GPL issues, you still have to contend with potential customers who are resistant to paying for software. So if you want to make money from selling a cool app odds are you will write it for Windows (which has the largest potential customer base anyways.
But I think that will slowly change as more people become accustomed to using OSS on Windows.
He wouldn't need a method to install patches/applications. His core applications would "just work" and he wouldn't have to worry about patching/upgrading every day. Using a Linux OS his core system would be fundamentally secure. He could apply updates if desired, but they wouldn't be mandatory to maintain a secure system.
I see that you post has been appropriately modded as a Troll, but I think I'll take the bait anyway. Either you are unfamiliar with Linux, or you are blinded by religious fervor, because Linux and Linux-based applications that are commonly included in distributions DO have security holes that need patched. Such security holes are part of all software, because software is written by humans who make mistakes.
I don't know if you actually monitor any security mailing lists or web sites, but I see quite a few alerts and advisories about Linux and Linux-based applications. Granted, there is no industry-wide "Linux patch Tuesday" like there is with Windows, and I'm not going to get into which OS has more security patches, but the security holes are still out there. And anyone who thinks that switching from Windows to another operating system (Linux, OSX, or whatever) removes the need to install security patches is only fooling themselves, and probably running an incredibly insecure non-windows machine as well.
If it's just a browser for accessing the web, I'd install linux (running Firefox) on those computers. You can access any research material online in this configuration.
Brilliant. Now all he needs is a way to simplify and automate the process of downloading and installing OS patches to Windows, which is what he actually asked about (not "which OS and browser should I use"). I would recommend WSUS (as most people who actually addressed his question did). Mainly becuase it's free if you already have a Windows server, it's based on the Windows update technology, is extremely easy and simple to set up, and it deploys updates not just of the OS but also for other Microsoft applications.
Sure he could switch to Linux. But if he had the skills or desire to build and maintain Linux workstations, he probably would have already thought of that. And even with Linux, you still have to have a method to distribute and install patches to the OS and applications, so you haven't actually solved the root problem.
Slashdot Mirror
Encrypted filesystems require your boot partition have the encryption keys unencrypted so that they can be read, which sort of mitigates the whole point.
Not necessarily. The boot partition can keep a copy of your encryption keys stored in an encrypted format, which then requires a second set of keys to decrypt. So this way your system starts to boot, then tries to mount the encrypted filesystem, but first requires a passphrase to decrypt the keys. Of course, ideally you would want a token-based system, but there are some ways to make effective encryption of the filesystem.
In today's modern environment where just about everything will have two or more CPU cores available, the actual encryption/decryption overhead isn't that big of a concern. Our biggest concern with implementing a FDE solution for our mobile devices was key recovery in the event that someone lost their keys/passphrase. We're using PGPs Whole Disk Encryption, and it allows us to specify a second "account" or passphrase that has access to the decryption keys, so even if our user loses his keys and/or passphrase we can still get in.
Which means it will cost $1000-$2000 just for CPUs and motherboard. AMD's and Intel's quad cores will cost a grand also, which limits all of this to people with more money than sense. If they're going to allow dual processors, why not let people use the $150 2.0GHz dual cores? Then the whole thing will come in under $500 and have much wider appeal.
The target price is under $1000 for the CPUs and (presumably) board. That really doesn't price it out the range of people who were previously buying Athlon FX and Intel EE CPUs. Keep in mind that this is a high-end enthusiast-class platform, rather than the future of AMD's mainstream computing. If you just want dual CPU dual cores, you can buy an Opteron 200-series workstation for less probably. You won't get 4 PCI-E x16 slots and 12 SATA ports, but who needs that anyways? Or, you could just wait until 3Q of 07 and get a native quad core CPU.
Would it be great if they made it cheaper so that everyone could have one? Absolutely. But then they would be cannibalizing the sales of their other higher-end CPUs (why buy a $700 FX-series when you can spend $300 on low end X2 CPUs and get more performance?).
With two CPU chips with 2 cores each, shouldn't that be called "2X2"?
It was explained awhile back, but 4x4 isn't directly related to the core count. Otherwise, why wouldn't a dual CPU workstation class system with dual core CPUs be considered 4x4?
4x4 actually is in reference to 4 CPU cores and 4 video cards, at least that is the way that it was explained to me.
Sounds like someone at 20th Century Fox has been listening to George Lucas. $200 million dollar movies just don't make sense these days. There was an interesting writeup about a related topic on Techdirt this morning too, here. Wil Wheaton also had some interesting comments about Lucas' comments on his blog awhile back here.
The reality is, there are many more distribution models than there used to be, meaning that you don't have to take a chance with a huge budget picture to get a hit/return on investment. In fact, if you have a really good product, your fans may very well prefer that you not make a big budget blockbuster movie and instead release a series of smaller, less expensive "films" distributed through an alternative medium, because they can get more content.
Now whether that was Fox/Universal's thinking on this, or if they just got cold feet due to the dollar signs, either way it is pretty strong evidence that we are standing on the cusp of a potentially huge paradigm shift in the way that movies are made and distributed. I suspect that all it would take is one big name hit to be released in this fashion to get the snowball really rolling.
Don't get carried away. I think I read here last week that MS aren't going to allow Vista to run inside a virtual machine - am I correct? And there's Vista messing up the boot sector too. It looks like this is not a two-way street.
This is incorrect. The low-end versions of Vista (according to the current version of the EULA) aren't allowed to be run in a VM, but the higher-end versions not only can be run in a VM, but they will include a new version of Virtual PC and licensing to allow you to run up to 4 instances simultaneously.
Regardless, Microsoft has already made Virtual Server free if you run Windows 2003 R2, and Virtual PC has been free for awhile. How big of a step is it to release the specs for your VHD file? And how likely is it that it had already been reverse engineered by someone else to begin with?
The same for Socket 7 really, the later "Super 7" boards did not support the 50Mhz and 60Mhz bus speeds to run many of the sub-166Mhz chips, nor did they put out the right voltages. Most of the early Socket 7 boards did not support anything with the dual voltages, meaning that they basically were only good for 200Mhz or less.
You're right. Now that I think of it, I seem to recall soldering resistors to an old Socket 7 board in order to get the correct voltages for a specific CPU, but I suspect that not many people would have bothered with that.
If I had to make an honest guess what is keeping the AMD fanboys away, it's the sockets.
I'm not so sure about that. I've heard other people say it, but it never made much sense to me. Sure, they kept Socket 7 rolling for a long time, even after Intel went with a SECC instead. But there were architectural reasons for Intel's switch away from sockets, and AMD didn't have those same reasons and so they kept them. With Socket A, it's techinically true that the Socket A form factor lasted many years, but the reality is that Socket A was not 100% compatible across that entire time. A Socket A CPU from the introduction of Socket A would not work in a Socket A motherboard from the last generation of Socket A boards, and the reverse is also true. Because while they kept the socket and pin counts the same, they changed things like the FSB, voltage, etc which rendered previous CPUs incompatible.
AMD is in the race to stay alive as a company but they are not in the race to have the top CPU of 2006/2007, which is what really matters.
Matters to whom? Fanboys?
AMD is a business, not a sports team. Making money is the goal, not winning everything. AMD is still making money, gaining market share, and keeping average selling prices high. To me, that sounds like success.
And what's this business about 2007? Judging by my calendar, they have 14 months from now to come out on top for 2007. And from what I have seen of their roadmaps, it looks like 2H 2007 they should be, if not back on top, at least neck and neck with Intel on the "super top performing every fanboy must have one" scale.
If I were a large PC seller (Dell, HP etc) I would be thinking the same thing....being able to trade off two companies against each other gets me a better price. If Intel were the only CPU provider you probably wouldn't be able to buy a PC for less than $1500.
I remember about 11 years ago when I bought a 486DX2 desktop PC that cost (with 15" monitor) about $2500. I'm sure that competition in the CPU space (as well as others) is probably one of the biggest factors in the reduction in CPU prices.
Why doesn't AMD have a chipset, anyway?
Because they didn't have to. AMD has less fab capacity than Intel, and since their core business was making CPUs instead of core logic chipsets, why would they want to devote precious space and resources to making chipsets? Also, why would they to get into the business of competing with other chipset providers? Sure, Intel does it, but it causes Intel a certain amount of grief and requires a certain degree of careful dancing in order to do it without causing all sorts of political and legal problems.
AMD has designed chipsets in the past, but usually only when they absolutely had to in order to get a platform out the door. It seems to me that there was an AMD 760 chipset for one of the Athlon lines for awhile.
I think you're slightly right, but mostly wrong. Your analogy is correct, if you fail you can't help anyone. That is why you have to take care of yourself first. After that, however, making a rule about putting your kids or your spouse first seems insane. They are people. Treat them as such. Sometimes one will need you more than the other and sometimes it will be the other way around.
Well, I'll not mince words by saying that "I think that most marriage counselors." Let me just say that when my wife and I were in counseling, we were explicitly told that when you are working on relationships, the relationship with your spouse comes first, then children second. At first it is counterintuitive to put your kids second, but the best way that you can provide a safe, stable, and reassuring environment for your children to grow up in is to ensure that the primary relationship in the family/household is stable and healthy. If the parents are in sync, then they will be able to work together to provide for the kids, and the kids will have a strong example to emulate. If the parents are not in sync and their relationship is out of whack, it can create stress and uncertainty for the spouses which will be translated to the children.
Like the previous poster said, it's hard to be an effective parenting team when you're divorced. At that point your family has already disintegrated.
I have one PC (originally from 1996) that got two replacements each for CPU, mainboard and harddisk. The harddisk changes were for capacity, 1GByte => 6.3 GByte => 45 GByte. CPU/mainboard were changed for performance the first time (P133 => Athlon), due to a defect the second time. Now I don't personally have many scruples to pirate Windows, but as a legit user of Vista I'd have a problem under similar circumstances.
Was there are retail version of an OS installed on this machine, or was it OEM? You might have a problem, you might not. It depends almost entirely on what Microsoft considers a transfer to another machine. Would these changes be enough to trip up product activation on Windows XP? Probably once. Maybe not twice. I also suspect very strongly that if you call Microsoft support asking to re-activate your OS install that was disabled when hardware was replaced due to failure, they would probably do it for you. I've heard plenty of stories of people using OEM versions of XP Pro (which can't be transferred at all, since they are OEM) who got re-activated by calling support and claiming that they had a hardware failure and had to install a new mainboard.
All I'm saying is that this is a bit of a storm in a teacup right now. Overall these changes are minimal at best, and there are some licensing changes that are actually beneficial to the end user.
"TechWeb has posted an article regarding Vista's new license and how it allows you to only move it to another device once. How will this work for people who build their PCs? I have no intention of purchasing a new license every time I swap out motherboards. 'The first user of the software may reassign the license to another device one time. If you reassign the license, that other device becomes the "licensed device," reads the license for Windows Vista Home Basic, Home Premium, Ultimate, and Business. In other words, once a retail copy of Vista is installed on a PC, it can be moved to another system only once.
How do you define moving to another system? What constitutes "another system"? If you swap out a video card does that make this a new system? Probably not. If you look at Windows XP and it's product activation, there are several things that can be changed as often as you wish without it being considered a new system that requires activation. There are some items that, between them as a group, can only be changed a couple of times before Windows will disable the system (CPU, mainboard, hard disk). This sounds pretty much like the same thing, so I'm not sure why people are making a stink about it now, other than the fact that the surest way to get lots of hits right now is to either extoll the virtues of or condemn Vista.
I guess that in theory, with previous retail versions of Windows you could remove it and re-install it on different machines as much as you wanted, but in practice how many people actually did that? Most home users certainly didn't. Lots of enthusiasts didn't either. If you buy a retail copy of Vista for your current PC, then pitch your current PC and build a new PC, then you might want to transfer your OS. Or perhaps if your PC died completely, you might want to transfer the license, and you would be allowed to do so once under this license. Now if you decided to add additional PCs, you would need more licenses anyway, right? When you consider that most consumers buy a PC with an OEM version of Windows already installed, and that many enthusiasts who build already buy the cheaper OEM versions, who really buys retail? Keeping in mind how many hardware changes it takes to trip up Product Activation now, how many people out there are likely to buy retail copies of Vista AND trip product activation more than once? Very few I suspect.
Elsewhere in the license, Microsoft forbids users from installing Vista Home Basic and Vista Home Premium in a virtual machine. "You may not use the software installed on the licensed device within a virtual (or otherwise emulated) hardware system," the legal language reads. Vista Ultimate and Vista Business, however, can be installed within a VM.'"
There are very few home users who could even tell you what a VM is, let alone install an OS into one. And those of us who are likely to use virtualization at home (and I'm one of them who currently does do this) would likely also need/already have the business version of Vista (or in today's world, XP Pro). More to the point, when I run virtualization at home it's not usually to run a second instance of my main OS. Usually it's so that I can test some new Linux distro, or to keep an older version of Windows around for compatibility purposes. Right now I run one of the Vista RCs as a host OS, and have Windows XP Pro, Ubuntu, and Windows Server 2003 running in virtual machines. So what's the big deal here? If you get the Business edition, you are allowed to run up to 4 virtual instances of Vista on the same machine using the same license, whereas with XP Pro you were permitted only a second instance. So this sounds like a net improvement to me. If for some reason you need to maintain two separate Vista Home Edition installs on the same machine, you can still dual boot.
"For instance, Home Basic users can't copy ISOs to their hard drives, can't run in a virtualized environment, and can only share files and printers to a maximum of 5 networ
Why should anything be wrong with the AM2 platform? Nothing. It is just an evolutionary step for the AMD.
I agree, nothing went wrong. The only point that I think that the article was right on was cost. Since the performance difference between the current generation of AM2 processors and 939 processors is so small (or almost negligible), the average consumer is buying based on price. And since 939 processors and systems are still available, though less "desirable" from being "older tech", the prices are usually better on 939.
There isn't anything confusing about the naming conventions of the CPU, at least not any more confusing than they were on 939. The AM2 versus 940 "confusion" statement is a red herring, because they're not both called socket 940, and I have yet to see an AM2 product advertised as 940.
The only real "problem" that AM2 has is that for the average consumer who buys a PC, then throws it out and buys a new one in 3 years, is the fact that AM2 doesn't add anything spectacular in this generation of chips. Sure, hardware support for virtualization is great for those few of us professionals who use virtualization, but the average user doesn't care. And while DDR2 is the new standard, and will undoubtedly have more benefit in the future at higher speeds (and with later revs of the AM2 CPU's memory controller), it wasn't really necessary at today's performance levels. The Athlon 64 went from a a very low latency (due to the integrated memory controller), medium bandwidth memory technology to a medium latency, high bandwidth memory technology. You wouldn't expect much change, except in extremely bandwidth-limited situations. On the other hand, the Intel line of CPUs went from a medium latency medium bandwidth memory techology (using an external memory controller) to a medium latency high bandwidth technology, so you would expect an improvement.
Hardware virtualization may be slower right now, but both the hardware and the software supporting it are new. Give it a few iterations and it will be equal to software virtualization.
It may or may not be faster eventually, but that doesn't matter. What matters is that small changes in the hardware make it possible to stop having to depend on costly, proprietary, and complex software--like that sold by VMware.
Maybe I'm crazy, but I just don't see that happening anytime soon in the mainstream. When they talk about "hardware-based" virtualization, they are really talking about "hardware assisted" virtualization, in that the CPU has some features built in to assist with accelerating virtualization. There still needs to be some sort of host OS or software (call it a hypervisor, mini-kernel, whatever) that provides access to the rest of the hardware (storage, memory, etc) and manages accesses by the guest OSes. What would it take to do all of that in hardware? My guess is new kinds of memory, storage, etc that also support virtualization, or a BIOS that actually manages it for you, but a BIOS is just software anyway.
I seriously doubt that we'll get to a purely hardware virtualization ever (for hetergenous operating systems), if for nothing other than the fact that there are so many potential issues with guest operating systems that the hypervisor/host OS needs to handle.
Step 1, make sure that these PC's always use the same IP address. Set it statically if you can, and while you're at it, set up a DHCP reservation for their MAC addreses to give them that same address. That way if they switch it to DHCP they get the same thing. Step 2, set up a rule on your firewall for those two addresses that basically says 'allow http and https traffic from these IP addresses only if they are going to this specified address (the web site that they need)'. Put a rule immediately after that one that says 'deny all traffic from these IP addresses to any other IP addresses'. Now they should have free roam of the internal network, but only be allowed web access to that one external site. If you want to get even more paranoid, you can configure the ports on their network switch to only allow traffic from their IP addresses, in case the users get the idea of statically setting a different IP address on the same subnet than the one that you gave them. Of course, these users shouldn't have the ability to change the IP address configuration for their PCs if they aren't running as admin. You don't let them run as admin, do you? I don't believe that Windows XP has the same settings for IP security that you can put on Windows 2000 and later, otherwise that would be an option. If you really wanted to get detailed and make it secure, you could change all of the Windows Firewall settings to block everything except necessary traffic to necessary hosts, but then it gets really tedious, but I know that Windows firewall settings can be set with Group Policy.
I always thought the opposite was true. Here is a wiki quote that also supports that:
Just make sure that the article that you are quoting wasn't edited by Stephen Colbert...
They even had the ringtone as a downloadable ringtone there (you can't of course hear it at all if you're over 25 or so, as you age you lose the ability to hear in those outlier frequency ranges).
Well, I must have dog hearing, because I'm 33 and could hear it. And it's incredibly annoying (as in painful to my ears). The funny thing is, I spent my younger years listening to rock music cranked up as loud as it would go, and used to frequently work on racecar engines without ear protection. My wife thinks I'm half-deaf, but it must just be the lower frequencies that I can't hear as well.
At first, when I saw the 4MB numbers, I was worried because Opterons are 2x1MB L2. But once I dug into the real specs and saw that the majority of the Intel line is only 2MB L2 shared cache, I was less worried.
You're right about that. It's interesting that almost all of the early benchmarks were done with the 4MB cache models, whereas the benchmarks on the 2MB cache models didn't come until later (if at all). The same with retail availability. The only Conroe CPUs available now (outside of buying a new box from Dell) are the 4MB versions. The 2MB versions will supposedly come on August 7th. After seeing some of the benchmarks on the 2MB models, it becomes apparent just how important that 4MB of cache really is, as the 2MB versions don't deliver anywhere near the thrashing to AMD that the 4MB models do.
I just read a review on Inetl new C2 chips and from the specs, it apparently is faster by almost an order of magnitude than anything AMD has (im not a intel fan boy as everthing i have right now runs AMD) Anyway, the most interesting thing about these C2 chisp is how much cooler they are at the same time. I've read on article that said they were able to run them fanless.
One, they are not an order of magnitude faster. I have seen some benchmarks on the Core 2 Duo CPUs versus Athlon X2 CPUs, and in a clock for clock comparison they Core 2 Duo were up to 20% faster in some integer operations. Floating point performance was almost equal, as was memory access. 20% is not an order of magnitude.
Two, we are talking about server CPUs, not desktop CPUs. That means that we need to be comparing Xeon CPUs with Opteron CPUs, not Core 2 and Athlon.
Three, the new Core 2 and Xeon CPUs may be faster one on one, clock for clock, than an Athlon X2 or Opteron, but they still have the same old problem that has haunted Intel CPUs since the birth of the Athlon 64: the FSB. Putting 4+ MB of cache onto the Xeon and Core 2 CPUs helps alleviate some of the FSB bottlenecks (for memory access), but they still can't touch the Hypertransport interconnect for performance. And where this really comes into play is in scalability. If you put two or four Intel CPUs into the same server, they share the FSB. If you put two or four Opteron CPUs into the same server, they each have a dedicated connection to the memory, etc. Opteron-based servers scale much much better than Xeon-based servers. This is especially important now that people are pushing virtualization more and more. Instead of buying 10 small servers to handle 10 different tasks, they're buying a single 4-way server and running 10 virtual servers on it to save money and make better use of the CPU and memory resources that they have.
It's not impossible to do, but it does take a lot of hard work. First, learn everything that you can about what you want to do, and expect to start low on the totem pole. If you lack a degree or certification, then resume experience (or having good contacts) will be your only hope. I got started professionally in IT in the years just before Y2K, so everyone was always hiring, and I got a job as a PC Technician through a "consulting" company that did staff augmentation. After a couple of years and numerous assignments I was able to demonstrate competency and a wide range of technical knowledge, and began getting placements as a junior-level server admin. I continued working and learning, yadda yadda yadda, until I started getting more senior-level jobs (like as a consultant on large Exchange migrations, etc). If you work hard and learn everything that you can, you will continue building useful resume experience. Working at numerous jobs via consulting companies really helps here. If you keep at it you'll eventually be able to get that cool sysadmin job that you want. I've worked for organizations ranging from small nonprofits to Fortune 50 companies. At the moment I'm the senior engineer for a small company with an IT staff of eight people and make about $75k (in central Ohio). Granted, that's not riches beyond your wildest dreams, but for someone with no degree and no certifications who was largely self-taught that's pretty good.
If your goal is to get into development or some other more specialized area, then the barrier to entry is much higher. You might want to consider working on some OSS pojects to build experience and get your name out there. What I have found in life is that degrees and certs really only demonstrate a basic level of training and competence. Once you have the degree/cert, you still are fairly useless until you have accumulated some experience working in the real world. Some people are able to accumulate the experience without the degree, and as long as they can get past pre-screening for a job (where HR usually weeds out people who don't meet the paper requirements) then they can usually do quite well. That's why consulting companies are a good place to work, as their customers rarely ask to see anything other than experience. But if you have neither experience nor a degree/certs, prepare to start at the bottom and work your way up. Usually it's faster just to get the degree.
I notice that you listed a slew of desktop apps that you run on Windows.
I'm not sure that this is really about the desktop, though. Sure, there are some really nice open-source desktop apps out there, but with the average Windows user being only slightly smarter than a budgie, retraining them to switch from Office, Photoshop, etc to OOo, GIMP, etc isn't all that likely. At least not anytime soon. And then there are the power users who actually use features on the proprietary apps that aren't available on OSS alternatives.
I personally think that the future of OSS on Windows has a lot more to do with the backend. For example, my company was a little tight on money recently but needed a new helpdesk ticketing system (we have about 400 users). I looked at several different commercial and OSS solutions, and we decided that we could save a lot of money by going open source. Then when we looked at our options we discovered only a handful that run on Windows, so we went with RT. Interestingly enough, RT runs just fine on Apache/MySQL on Windows, and it's a pretty good system on top of that. Next we needed some sort of instant-messaging solution that was restricted to within the company only and was logged. A little bit of looking around and I came across the Spark/Wildfire combination. One of our developers was building a web-based records-tracking application (we are a medical facility) and needed a back-end database. Rather than shelling out $10,000 on a pair of SQL Server CPU licenses (or even more on Oracle) we made it work with MySQL. All of these experiences have shown us ways that we can save substantial amounts of money and still have good tools to work with by going the open-source route. Now we're evaluating some other open source apps that don't run on Windows, so I've got a couple of Linux test boxes in my lab. Eventually we'll be running a pretty highly mixed environment. Maybe one day we'll even swap our desktop apps out for free alternatives, but that's not where most businesses are considering using open source on Windows.
No kidding. A friend of mine wanted to wipe a hard disk from within Windows. Something that you could do with a simple 'dd' comand in Linux/BSD. Everthing he found cost like $20. He ended up finding a crack for one of the programs just so he could do the wipe. I suggested a Linux boot CD, but for some reason he had to do all this without rebooting (don't ask). It is just sad. There really isn't enough OSS software for Windows. There may be "a lot" but there isn't enough. There are just so many things that Windows can't do out of the box... stuff I totally take for granted in Linux.
Two points:
1. There is no such thing as "out of the box" with Linux. Every distro is different and comes with different tools. Most of the tools are open source, so if you know what you're looking for you can get it for gratis from any number of well-known (within the industry/community) sites. Windows isn't much different. It comes with a standard set of user tools/applets, and not a whole lot for developing and administering systems. But if you're know what you're looking for, you can usually get it for gratis from Microsoft, or possibly another community/industry site. In either case, if you're not that familiar with the community then you're going to have trouble finding and getting what you need. I do believe that the fact that most Linux users tend to be more technically proficient than Windows users does have a lot to do with the difficulty of finding what you need. With Linux you have a smaller community of more highly knowledgable users, whereas with Windows you have a smaller community of more highly knowledgable users surrounded by millions of clueless brain-turds. 2. If you want to wipe a hard disk with Windows, it's not that hard. There are a number of free utilities that will do the trick. I recently needed similar functionality and ended up using a free BartPE plugin called COPYWIPE to do it. The biggest problem that you have with wiping utilities that run in Windows is that Windows typically runs from a computer with a single partition that is actively in use by the system. With Linux you typically have multiple partitions and disks, so wiping one while your OS is running from another isn't such a big issue. But there are plenty of free Windows utilities if you know where to look (like free disk imaging software, free partition resizing software, etc). 3. It is absolutely true that there are more $20-type of utilities for Windows that for Linux, but I think that has more to do with the mentality of the developers than the OS. If you're using Linux, you are benefitting from all of that free software, so it is easy to see the value of contributing to the community. If you are using Windows you are seeling the value of selling software, so when you write that cool utility you will be more inclined to make a little money on the side. Besides, have you ever tried to actually sell Linux-based software? Assuming that you don't have to deal with any GPL issues, you still have to contend with potential customers who are resistant to paying for software. So if you want to make money from selling a cool app odds are you will write it for Windows (which has the largest potential customer base anyways. But I think that will slowly change as more people become accustomed to using OSS on Windows.
He wouldn't need a method to install patches/applications. His core applications would "just work" and he wouldn't have to worry about patching/upgrading every day. Using a Linux OS his core system would be fundamentally secure. He could apply updates if desired, but they wouldn't be mandatory to maintain a secure system.
I see that you post has been appropriately modded as a Troll, but I think I'll take the bait anyway. Either you are unfamiliar with Linux, or you are blinded by religious fervor, because Linux and Linux-based applications that are commonly included in distributions DO have security holes that need patched. Such security holes are part of all software, because software is written by humans who make mistakes.
I don't know if you actually monitor any security mailing lists or web sites, but I see quite a few alerts and advisories about Linux and Linux-based applications. Granted, there is no industry-wide "Linux patch Tuesday" like there is with Windows, and I'm not going to get into which OS has more security patches, but the security holes are still out there. And anyone who thinks that switching from Windows to another operating system (Linux, OSX, or whatever) removes the need to install security patches is only fooling themselves, and probably running an incredibly insecure non-windows machine as well.
If it's just a browser for accessing the web, I'd install linux (running Firefox) on those computers. You can access any research material online in this configuration.
Brilliant. Now all he needs is a way to simplify and automate the process of downloading and installing OS patches to Windows, which is what he actually asked about (not "which OS and browser should I use"). I would recommend WSUS (as most people who actually addressed his question did). Mainly becuase it's free if you already have a Windows server, it's based on the Windows update technology, is extremely easy and simple to set up, and it deploys updates not just of the OS but also for other Microsoft applications.
Sure he could switch to Linux. But if he had the skills or desire to build and maintain Linux workstations, he probably would have already thought of that. And even with Linux, you still have to have a method to distribute and install patches to the OS and applications, so you haven't actually solved the root problem.