RedHat: huge and completely free testing and bug-fixing population I dunno about completely free, but there's plenty of ways to make that level of testing much more expensive, exorbitantly more expensive.
Enterprise Customers: get software that is stable and advanced that would otherwise be exorbitantly more expensive. There is a major difference between 5-nines and 4-nines. The difference is not in what it does but in what it does not do. Also 5-nines tends to go together with heavier loads, which further compounds the difference.
Testers and bug-finders: get to play with the bleeding edge. If you're fast enough you might find a bug before anybody else does.
Freeloaders: might run into something "interesting" occasionally.
Unless it's botched badly, looks like win-win-win-win.
Algoritmic complexity of your libraries/templates/whatever your favorite language calls them is not something the compiler even cares about. Your programmers, on the other hand, should.
Otherwise it's like an engineer trying to design a bridge and has never even heard of "Strength of Materials".
"In the long run, I believe that we must find better mechanisms to ensure that our most vulnerable citizens--our children--are not being constantly tempted to infringe the copyrights..."
Oh, there is. There is. Just don't show them any of this dangerous copyrighted material.
But Novell still has customers, intends to keep them, and even get more customers.
There are reasons that enterprise-class customers will pay good money for the same bits that hackers download for free, plus a scrap of paper that vaguely mentions something about support. If it breaks, the hackers expect to fix it themselves, whereas the enterprise-class customers expect someone else to fix it without being told to Read The Fine Manual.
A program has inputs and outputs. A program is a function from its input space into its output space. A program is supposed to preserve interesting properties of its input space into properties of its output space.
No, man. I need to be able to look at a patch and know exactly what it does, so that I can tell in advance if it's going to break something. I need the diffs between the patch and the original source so that if it does break something, my developers can immediately know what changed and how to work around it. I need to be able to apply them individually without requiring a reboot of the server, just a restart of the daemon (ahem... service) in question.
Well put. Otherwise you're flying blind.
At the extreme, *nix allows you to compile or install the new software and then shutdown and restart the service. It might even be possible to do this on a busy server without anybody noticing anything.
Typical *nix admin, thinking that posting on Slashdot is 'working hard as usual'.
Actually not far from the truth. Once set up, *nix tends to pretty much take care of itself. I don't think Microsoft has factored this into their TCO studies.
Right. Design problems? User error. Administration error. Pilot error. Ever notice how Microsoft software always subtly shifts any possible blame ohnto somewhere else. Anywhere else. Read them sometimes when you actually know what is going on.
What else can they do? That is Microsoft's problem, not my problem.
Microsoft sells its products as if 12 y/o can administrate it Well Microsoft does make it easy to set up something as long as you do everything Microsoft's way (although a hard disk installation of Knoppix is aruguably much simpler and easier). Get into something complicate or where you want to do things your way, and you discover that OpenBSD is actually user-friendly (but don't tell anybody).
The difference between perception and reality makes a big crack for all the malware. The idea of hiding all pertinent information possible and then expecting expert knowledge from the user if something does go amis ought to be preposterous, but Microsoft has been doing it for a long time and seems to be intent on doing more and more of it. By some counts, Linux has many more security issues than Microsoft, but the Microsoft exploits seem to accomplish something and the Linux exploits never seem to do much of anything.
In language, what is correct is a matter of widespread adoption, not what someone says is 'correct'.
Partially correct. It also depends on who has adopted it.
Abreviating 1024 as k is convenient even if incorrect. A baker's dozen is 13. Have you ever heard of a baker's gross? How many is a baker's half-dozen?
IMNSHO gibi and mebi are not pedantic, just ridiculous. Decimal places do not add straight.
Ok Slashdot id# 15259, unless someone has swiped your identity and managed to keep your style and biases, your posts are representative of you and are, to the extent that it matters, trustworthy. If someone has swiped your identity, almost certainly something will be "out of character". You might be doing it all in preparation for some dastardly deed, but even if so, you will not waste all that effort on something cheap and irrelevant.
Similarly, it's much more plausible that it's really legitimate, particularly if he's been around for a while with a bias that patched and secured Win98 machines are better than unpatched and vulnerable Win98 machines. It's not what he says today that matters, but what he said 2-3 years ago. Any hint of mischief and most likely something will show up in this Slashdot article/commentary. With EOL on Win98 it makes sense that somebody would do something at least similar.
Now if you do have sensitive stuff and would be a prime target, and further if you would have to explain your actions if something did go amis, it's a bit too risky getting anything from unvetted sources. If you're a relative nobody like me, it's safe enough. If you do have sensitive stuff you would be more likely to be a producer of such rather than a consumer. There's a bit of risk in publishing your set of patches but if you've forgotten anything material, it's more likely that some good guy will inform you. If unpublished, I suspect the bad guys have means of finding out anyway and a not-so-pleasant way of informing you.
There's an interesting race between (an excellent job of doing the wrong thing) and (a lousy job of doing the right thing). The race is in identifying just how lousy a job of doing the right thing breaks even with a perfect job of doing the wrong thing.
I found programming to be tedious beyond all measure. And you must be able to think of the forest while dealing with the trees in excruciating detail.
[open source] is not dominant (as of yet). Personally though, I think it eventually _will be_.... moving its way up the food-chaing slowly but certainly.
"The maturity levels of open source for enterprise use are perceived to be:... Low for enterprise software (ERP, CRM), collaborative software etc."
That's where the real payout for open source lies, IMNSHO. The path is long hard and slow. The skills and software that are required are extremely difficult. There are no quick and easy fixes. The software needs to be trustworthy, not just my use of my software, but your use as it affects him which indirectly affects me. So much talk about Supply Chain seems to believe that there's only ONE link in the chain. We need to be able to trust the entire infrastructure, and that's not possible with multiple disparate proprietary "solutions". Oddly enough, this is where the hackers and big business are very much on the same side. The common enemy is bugs, with "security holes" being the least of the problems.
"The only ones using Windows are we journalists and the suits."
Technically correct but it comes off as so stilted that nobody uses the form, at least not for a long time. And I'm an old fart. Language doesn't really follow grammar. Grammar attempts to explain the regularity that is found in language. What I find more interesting is the "is us" where "is" is singular and "us" is plural. The journalist is definitely using the language to slant an objective statement of "We journalists and the suits are using Windows" into a Microsoft bash. "The only ones [you can almost hear the "still"] using Windows is ["ones" is plural, but lets diminish the scope. Also connotes a degree of cohesiveness among the journalists to refer to them in the singular.]
Something very tricky with one-time passwords, IIRC. Seems like all Linux and most OpenBSD users would have been unaffected. It seems to me that the design level of OpenBSD is remote administration of the box where an intervening router is owned by a competent enemy.
That single remote hole (as opposed to no remote hole) means that security does matter and cannot be taken for granted. Uber secure? I'd grant them that. Secure? Probably not, but they're working on that. Secure means that I can run unpatched vulnerable software with impunity. Security does not mean that I have to try playing catch-up with the latest security "fixes".
Back in the day I remeber Microsoft recommending you change the screen saver to the black screen instead of one of those OpenGL screen savers on your Windows NT SQL server because the screen saver would bury your processor.
Hehe, screensavers are one of the key reasons my company's standard is now Linux on the servers. (even if it's still Microsoft on the desktops.) Old Dell PPro with an intensive Screen Saver going. Completely responsive. Hit the mouse and the normal screen is back before the mouse has quit moving. Ever watch NT4 recover from an OpenGL screen saver?
What's efficient is not having to have a monitor, keyboard and mouse connected to every server.
So IMO, what lies ahead for linux is more users...and I don't believe that is limited to the server.
Right. What is needed is something substantial that Linux can do that Microsoft Windows cannot do to make it worth the effort to switch. From W98 to NT4 to XP there's not a lot of effective difference, except that XP tends to be more annoying. What I think will happen is that customers will start sending stuff in Open/Star Office and you gotta be able to read what your customers write. Take away the veneer of polish and Microsoft comes off as broken. That's not enough to make it worthwhile switching until.... Part of the reason for the doldrums in IT is that there's no particular advantage in having the latest and greatest. I'm typing this on NT4 on a 400MHz Gateway with a 19" monitor. My "other" computer is XP on a 2.4GHz Dell with a 21" monitor. Much better computer but it only matters for some long-running legacy dBASE stuff. I have no idea what or how, but methinks that when Linux does break out it will be by taking advantage of modern hardware to do something useful (becoming essential) that is unthinkable with Microsoft on current hardware. Possible involving jailed multi-users on a single desktop. If a system actually is secure, I can run software with security holes with impunity. I can click on anything because that anything has only the ability to wreck itself, not me or anything else of mine. It's very worthwhile finding and fixing bugs, including security holes, primarily because they can cause lots of damage when they are excercised accidently. Ever wonder why the "malware" actually does so little damage?
Open standards exist when your competition is using your standards. When I can download a Java SDK from IBM instead of from SUN, that's open standards. When a monopoly has some standards bodies as lap-dogs, that's not open standards.
Fedora is the beta testing grounds for what will later become a release of Redhat. In other words, you are doing beta testing for a product which you will have to pay for.
More like doing beta testing for a product which somebody else will have to pay for.
What you're selling is your phone number. RTFM doesn't do the customer any good if the customer doesn't know what a FM is, or even WHICH FM to R. Even if most of the customers can do it all themselves, it's nice to have that phone number in case of emergencies.
You'll find that you're better off in many cases with OSS, with many less dollars lost. Yes, but how does megacorp have its cake and eat it too? How does megacorp take advantage of the inherent efficiencies of OSS? OSS can be had cheap, very cheap, but the real advantage is on the high end.
You've paid good money for whatever. That entitles your manager to call your salesman's manager and give him/her an earful. Not that it will do a lot of good, but at least it's something. The vendor has certain responsibilities whether the vendor likes it or not. These responsibilities are tied to the money paid and in reality override whatever legalese is in the EULA or whatever. Satisfied customers are your best salesmen. Dissatisfied customers do not tend to keep it to themselves. It takes something like ten satisfied customers to balance one dissatisfied customer. A very dissatisfied customer, or a dissatisfied prominent customer carries a lot of clout. "Never buy another piece of software" is explicit only at the very end of a nasty downhill slide.
Corporations, businesses, most of us really, like to feel in control. With OSS, the developer(s)/maintainer(s) are very much in control and are subject only to their own whims. They have no requirement to be reasonable by anyone's standard of reasonableness. (I did not say anyone else's. Intentionally.) By buying foo, by whatever name they choose to call it, corporations buy a sense of control and help ensure the viability of something they depend on. I'd also suspect that corporations have a moral sense that freeloading is not a viable long-term plan.
ummm, they need it more then others. There the ones working on multi-million dollar deal, mergers, stock changing decisions. Nope. They buy a second laptop, not shown on IT's budget, with or without password, and keep it in a locked drawer along with other more sensitive material. If they're working on something sensitive, they'd be pretty dumb to expose it to all the administrators in IT. The machine that is in IT's turf doesn't have sensitive information.
When I worked at a Fortune 70, we found that no employee over Sr Manager level could remember a password, even if written down where they could see it.
That's what they have secretaries for. Seriously, you don't really think that senior management will let IT dictate hoops for them to jump through. With a very few exceptions, senior management does not need high security. I suspect in (almost) all cases, physical security is much more important than computer system security.
Slashdot Mirror
RedHat: huge and completely free testing and bug-fixing population
I dunno about completely free, but there's plenty of ways to make that level of testing much more expensive, exorbitantly more expensive.
Enterprise Customers: get software that is stable and advanced that would otherwise be exorbitantly more expensive. There is a major difference between 5-nines and 4-nines. The difference is not in what it does but in what it does not do. Also 5-nines tends to go together with heavier loads, which further compounds the difference.
Testers and bug-finders: get to play with the bleeding edge. If you're fast enough you might find a bug before anybody else does.
Freeloaders: might run into something "interesting" occasionally.
Unless it's botched badly, looks like win-win-win-win.
Algoritmic complexity of your libraries/templates/whatever your favorite language calls them is not something the compiler even cares about. Your programmers, on the other hand, should.
Otherwise it's like an engineer trying to design a bridge and has never even heard of "Strength of Materials".
"In the long run, I believe that we must find better mechanisms to ensure that our most vulnerable citizens--our children--are not being constantly tempted to infringe the copyrights..."
Oh, there is. There is.
Just don't show them any of this dangerous copyrighted material.
That never stopped SCO.
But Novell still has customers, intends to keep them, and even get more customers.
There are reasons that enterprise-class customers will pay good money for the same bits that hackers download for free, plus a scrap of paper that vaguely mentions something about support. If it breaks, the hackers expect to fix it themselves, whereas the enterprise-class customers expect someone else to fix it without being told to Read The Fine Manual.
It comes of age when no-name browsers on no-name hardware are as good and fast as you care to have them.
A program has inputs and outputs.
A program is a function from its input space into its output space.
A program is supposed to preserve interesting properties of its input space into properties of its output space.
Looks like mathematics to me.
No, man. I need to be able to look at a patch and know exactly what it does, so that I can tell in advance if it's going to break something. I need the diffs between the patch and the original source so that if it does break something, my developers can immediately know what changed and how to work around it. I need to be able to apply them individually without requiring a reboot of the server, just a restart of the daemon (ahem... service) in question.
Well put.
Otherwise you're flying blind.
At the extreme, *nix allows you to compile or install the new software and then shutdown and restart the service. It might even be possible to do this on a busy server without anybody noticing anything.
Typical *nix admin, thinking that posting on Slashdot is 'working hard as usual'.
Actually not far from the truth. Once set up, *nix tends to pretty much take care of itself. I don't think Microsoft has factored this into their TCO studies.
In essence, all this I blame on... well not me.
Right.
Design problems? User error. Administration error. Pilot error.
Ever notice how Microsoft software always subtly shifts any possible blame ohnto somewhere else. Anywhere else. Read them sometimes when you actually know what is going on.
What else can they do? That is Microsoft's problem, not my problem.
Microsoft sells its products as if 12 y/o can administrate it
Well Microsoft does make it easy to set up something as long as you do everything Microsoft's way (although a hard disk installation of Knoppix is aruguably much simpler and easier). Get into something complicate or where you want to do things your way, and you discover that OpenBSD is actually user-friendly (but don't tell anybody).
The difference between perception and reality makes a big crack for all the malware. The idea of hiding all pertinent information possible and then expecting expert knowledge from the user if something does go amis ought to be preposterous, but Microsoft has been doing it for a long time and seems to be intent on doing more and more of it. By some counts, Linux has many more security issues than Microsoft, but the Microsoft exploits seem to accomplish something and the Linux exploits never seem to do much of anything.
The Big Lie. Something so preposterous that it leaves your opponents speechless.
In language, what is correct is a matter of widespread adoption, not what someone says is 'correct'.
Partially correct. It also depends on who has adopted it.
Abreviating 1024 as k is convenient even if incorrect. A baker's dozen is 13. Have you ever heard of a baker's gross? How many is a baker's half-dozen?
IMNSHO gibi and mebi are not pedantic, just ridiculous. Decimal places do not add straight.
Why should I trust him?
Ok Slashdot id# 15259, unless someone has swiped your identity and managed to keep your style and biases, your posts are representative of you and are, to the extent that it matters, trustworthy. If someone has swiped your identity, almost certainly something will be "out of character". You might be doing it all in preparation for some dastardly deed, but even if so, you will not waste all that effort on something cheap and irrelevant.
Similarly, it's much more plausible that it's really legitimate, particularly if he's been around for a while with a bias that patched and secured Win98 machines are better than unpatched and vulnerable Win98 machines. It's not what he says today that matters, but what he said 2-3 years ago. Any hint of mischief and most likely something will show up in this Slashdot article/commentary. With EOL on Win98 it makes sense that somebody would do something at least similar.
Now if you do have sensitive stuff and would be a prime target, and further if you would have to explain your actions if something did go amis, it's a bit too risky getting anything from unvetted sources. If you're a relative nobody like me, it's safe enough. If you do have sensitive stuff you would be more likely to be a producer of such rather than a consumer. There's a bit of risk in publishing your set of patches but if you've forgotten anything material, it's more likely that some good guy will inform you. If unpublished, I suspect the bad guys have means of finding out anyway and a not-so-pleasant way of informing you.
There's an interesting race between (an excellent job of doing the wrong thing) and (a lousy job of doing the right thing). The race is in identifying just how lousy a job of doing the right thing breaks even with a perfect job of doing the wrong thing.
I found programming to be tedious beyond all measure.
And you must be able to think of the forest while dealing with the trees in excruciating detail.
[open source] is not dominant (as of yet). Personally though, I think it eventually _will be_. ... moving its way up the food-chaing slowly but certainly.
... Low for enterprise software (ERP, CRM), collaborative software etc."
"The maturity levels of open source for enterprise use are perceived to be:
That's where the real payout for open source lies, IMNSHO. The path is long hard and slow. The skills and software that are required are extremely difficult. There are no quick and easy fixes. The software needs to be trustworthy, not just my use of my software, but your use as it affects him which indirectly affects me. So much talk about Supply Chain seems to believe that there's only ONE link in the chain. We need to be able to trust the entire infrastructure, and that's not possible with multiple disparate proprietary "solutions". Oddly enough, this is where the hackers and big business are very much on the same side. The common enemy is bugs, with "security holes" being the least of the problems.
"The only ones using Windows are we journalists and the suits."
Technically correct but it comes off as so stilted that nobody uses the form, at least not for a long time. And I'm an old fart.
Language doesn't really follow grammar. Grammar attempts to explain the regularity that is found in language.
What I find more interesting is the "is us" where "is" is singular and "us" is plural. The journalist is definitely using the language to slant an objective statement of "We journalists and the suits are using Windows" into a Microsoft bash. "The only ones [you can almost hear the "still"] using Windows is ["ones" is plural, but lets diminish the scope. Also connotes a degree of cohesiveness among the journalists to refer to them in the singular.]
Something very tricky with one-time passwords, IIRC. Seems like all Linux and most OpenBSD users would have been unaffected.
It seems to me that the design level of OpenBSD is remote administration of the box where an intervening router is owned by a competent enemy.
That single remote hole (as opposed to no remote hole) means that security does matter and cannot be taken for granted.
Uber secure? I'd grant them that.
Secure? Probably not, but they're working on that.
Secure means that I can run unpatched vulnerable software with impunity.
Security does not mean that I have to try playing catch-up with the latest security "fixes".
Back in the day I remeber Microsoft recommending you change the screen saver to the black screen instead of one of those OpenGL screen savers on your Windows NT SQL server because the screen saver would bury your processor.
....
Hehe, screensavers are one of the key reasons my company's standard is now Linux on the servers. (even if it's still Microsoft on the desktops.) Old Dell PPro with an intensive Screen Saver going. Completely responsive. Hit the mouse and the normal screen is back before the mouse has quit moving. Ever watch NT4 recover from an OpenGL screen saver?
What's efficient is not having to have a monitor, keyboard and mouse connected to every server.
So IMO, what lies ahead for linux is more users...and I don't believe that is limited to the server.
Right. What is needed is something substantial that Linux can do that Microsoft Windows cannot do to make it worth the effort to switch. From W98 to NT4 to XP there's not a lot of effective difference, except that XP tends to be more annoying. What I think will happen is that customers will start sending stuff in Open/Star Office and you gotta be able to read what your customers write. Take away the veneer of polish and Microsoft comes off as broken. That's not enough to make it worthwhile switching until
Part of the reason for the doldrums in IT is that there's no particular advantage in having the latest and greatest. I'm typing this on NT4 on a 400MHz Gateway with a 19" monitor. My "other" computer is XP on a 2.4GHz Dell with a 21" monitor. Much better computer but it only matters for some long-running legacy dBASE stuff. I have no idea what or how, but methinks that when Linux does break out it will be by taking advantage of modern hardware to do something useful (becoming essential) that is unthinkable with Microsoft on current hardware. Possible involving jailed multi-users on a single desktop.
If a system actually is secure, I can run software with security holes with impunity. I can click on anything because that anything has only the ability to wreck itself, not me or anything else of mine. It's very worthwhile finding and fixing bugs, including security holes, primarily because they can cause lots of damage when they are excercised accidently. Ever wonder why the "malware" actually does so little damage?
Open standards exist when your competition is using your standards.
When I can download a Java SDK from IBM instead of from SUN, that's open standards.
When a monopoly has some standards bodies as lap-dogs, that's not open standards.
Fedora is the beta testing grounds for what will later become a release of Redhat. In other words, you are doing beta testing for a product which you will have to pay for.
More like doing beta testing for a product which somebody else will have to pay for.
I dont think this is the logo that will get them international respect as an alternative to microsoft office.
Compared to a bunch of office workers falling all over each other?
What you're selling is your phone number. RTFM doesn't do the customer any good if the customer doesn't know what a FM is, or even WHICH FM to R. Even if most of the customers can do it all themselves, it's nice to have that phone number in case of emergencies.
You'll find that you're better off in many cases with OSS, with many less dollars lost.
Yes, but how does megacorp have its cake and eat it too? How does megacorp take advantage of the inherent efficiencies of OSS? OSS can be had cheap, very cheap, but the real advantage is on the high end.
You've paid good money for whatever. That entitles your manager to call your salesman's manager and give him/her an earful. Not that it will do a lot of good, but at least it's something. The vendor has certain responsibilities whether the vendor likes it or not. These responsibilities are tied to the money paid and in reality override whatever legalese is in the EULA or whatever. Satisfied customers are your best salesmen. Dissatisfied customers do not tend to keep it to themselves. It takes something like ten satisfied customers to balance one dissatisfied customer. A very dissatisfied customer, or a dissatisfied prominent customer carries a lot of clout. "Never buy another piece of software" is explicit only at the very end of a nasty downhill slide.
Corporations, businesses, most of us really, like to feel in control. With OSS, the developer(s)/maintainer(s) are very much in control and are subject only to their own whims. They have no requirement to be reasonable by anyone's standard of reasonableness. (I did not say anyone else's. Intentionally.) By buying foo, by whatever name they choose to call it, corporations buy a sense of control and help ensure the viability of something they depend on. I'd also suspect that corporations have a moral sense that freeloading is not a viable long-term plan.
ummm, they need it more then others. There the ones working on multi-million dollar deal, mergers, stock changing decisions.
Nope. They buy a second laptop, not shown on IT's budget, with or without password, and keep it in a locked drawer along with other more sensitive material. If they're working on something sensitive, they'd be pretty dumb to expose it to all the administrators in IT. The machine that is in IT's turf doesn't have sensitive information.
When I worked at a Fortune 70, we found that no employee over Sr Manager level could remember a password, even if written down where they could see it.
That's what they have secretaries for. Seriously, you don't really think that senior management will let IT dictate hoops for them to jump through. With a very few exceptions, senior management does not need high security. I suspect in (almost) all cases, physical security is much more important than computer system security.