I spend a rather large amount of time earlier this year looking at just this for an assignment, so I'm reasonably up to speed on the idea of biometric chips. The only upside to an embedded RFID chip is that it's much harder to lose your card or leave it at home. The downsides are massive:
* RFID chips are a health risk - they've been known to cause cancers in rats since 1996, and there is evidence of increased cancer risks in large animals too, such as dogs and cats. That's a risk in itself. They also block you from having an MRI scan in the future. * They are hard to lose, but very easy to clone. Once your chip has been cloned you need surgery to change the password! * If the idea takes off, where you do put different RFID chips around your body so they don't clash, or does there need to be a global standard? Do employees need to have the chips removed when they leave the country * You can't remove your staff pass. Ideally, you only wear your staff pass in the office, so people outside the office can't easily copy/clone it. Try taking the RFID chip off on a daily basis... * Companies are already banned from forcing implants on their staff in some states - California and Georgia come to mind.
And this is all before employees turn around and tell employers to go screw themselves over being permanently tagged and scarred by their employer, who can now keep tabs on them after leaving emplyoment...
Jammers don't usually cause a problem for the more sophisticated military. In essence, jamming is just broadcasting a very loud signal on the same frequency as the one you want to jam, so that you drown out the real signal.
The problem with broadcasting loud signals is that they are very good for locking bombs/missiles onto. The Americans have anti radar missiles that home in on radar signals. The Russians (used to?) have an air squadron that just flew around the battlefields dropping bombs on the largest transmitter they could find.
The more sophisticated Jammers only activate when a transmission coming in from the "real" source, but that won't work for GPS, as GPS broadcasts constantly.
So now you have two cruise missiles coming atcha. One targets the jammer, the other hits the target.
IPv6 may offer a range of new features over IPv4, but realistically, people will move to IPv6 for one of two reasons
1. They have run out of IP addresses ( remember the 10.0.0.0 private network is pretty big! ) 2. Everyone else is doing it.
Option 1 is only really going to be a problem for the really big firms, and they will be really careful. All those Corporate apps need retesting with the new IP addresses, and that is a non trivial exercise ( think Y2K all over again!, except you could do it piecemeal ). It's a hard sell to the business : Mr PHB, we'd like to spend a large amount of money retesting all the applications in Globocorp to use a new IP numbering scheme. Nope, you won't get any business benefit.
ISPs may force people of IPv6 at some point, but that's only been an issue in South Korea so far. Everyone else still has enough IP addresses right now.
And until we get a critical mass of people going for Option 1, option 2 is a no go.
I thought the OOXML comments were the most interesting ones in the article. Mundie's answers to the question showed Microsoft's attitude to the ISO approval process. He saw the whole thing as "Well, we almost got enough votes to pass, but hopefully we can persude a few others next time around", not "Well, there are a few technical issues that we need to sort out, and then it should pass"
It's worth comparing this with the ODF ISO approval vote, where not a single "No" vote was cast.
MS see ISO as a little administrative/political hurdle to cross to maintain their document format stranglehold. They have ab-so-lute-ly no interest in using ISO as a way to attain a top quality technical standard, agreed by everyone. Most of the comments about OOXML related to incomplete documentation in the (6000 page!) specification. That's a fair comment, not a dig at MS. If MS actually fixed the fscking spec, more people might vote for it.
Well, after reading TFA, I get the impression that Microsoft hasn't really gone for "active support" as such. What they have said is that they didn't object to ODF going through the standards bodies.
Of course, with ODF being a fairly well documented open standard, there wasn't really any convincing way that they *could* object.
What makes MS very, very scared is widespread ODF adoption. Once state governments started to mandate open standards in government documents, it looked pretty much like ODF would get adopted. Not because ODF was superior, but because they had bothered to go through ANSI/ISO etc.
Since then, there has been a two pronged solution for microsoft. One has been to get OOXML to become a "proper standard", and the other is to browbeat state governments into giving up their policies. The former ran into problems, when IBM and others pointed out to ECMA that the OOXML spec was anything but open.
Microsoft cried foul straight away. Their argument "We didn't object to ODF, why are you objecting to OOXML?". The answer from IBM et al. was -- the OOXML standard sucks, and can only be implemented by someone who has the source code for all versions of MS-Office. It's not open, and until it is, we are not supporting it.
This "announcement" by MS, is nothing more than a warmed over restatement of this position, and mentions some esoteric features of OOXML that are not in ODF.
And you are not the only one who came to that conclusion. I've got a big stack of White Dwarf back episodes from my subscription, and the first editions of WH40K and WHRPG, but lost interest when the rules started changing so you would need to buy more ( relatively expensive ) vehicle miniatures.
Of course, before WD become a large, paid for, GW advert, they used to publish adventures and source material for all sorts of games in the magazine. I can look in the corner of the room now, and see Traveller, AD&D and other game system adventures published in White Dwarf. If that's not making money from derivative works of other peoples IP, I don't know what is. And what's more, they did this quite unashamedly for 10 years, before GW had enough games to fill the pages with adverts for their own games. Talk about hypocrisy.
That all rings a bell. I work in application support/development, one level above the System Administrators who deal with the OS issues. I'm not aware of many big iron applications running on Windows, and in most cases, it's not so much the fabled lack of reliability as an inability to scale. Windows runs okay on a 1 or 2 processor server, but when you are in the land of the 8-12 hyperthreaded server, with 100Gb odd of RAM, you are not in the Windows "sweetspot" (TM). Actually, I'm not sure you are in the Linux zone either, but Solaris handles it well.
I would expect desktops to have a low TCO, because they are kept fairly static from a software POV, and, more importantly, they are kept longer. For the majority of users, server upgrades have a much bigger impact on performance than desktop ones. That would explain my last job, where I started with a machine that was 2 years old on my desk, and left 3.5 years later having the same desktop. In the same 3.5 years, we'd refreshed the production and development servers twice. That's no bad thing -- we were growing the business, and the servers needed to do more. When you are pushing the limits of the servers, having more hardware makes a huge difference.
Most banking applications can fall into one of two categories : the newer Web based ones, where the logic is on a server, or the older terminal access ones, where you log into a server with telnet/X/ and run the program. In any case, the desktop is not stretched, but more server firepower is really welcomed by the users. With Linux not on the desktop, all the machines are servers, and that will raise the TCO.
Incidentally, at my last site, the IT department did not support Linux. There was a mixed Solaris/Windows environment, and, in the mix, Linux sits somewhere in the middle of those two. There was no philosophical objection, but no-one could justify the rollout of a Linux build on cost grounds for a project. If you have solid, standard Solaris and Windows builds, it's hard to justify the engineering effort for a solid, standard Linux build when you can save the engineering costs on your project and use a Sun or Windows box instead. If someone could have got over the hump, and installed a single machine, I think we would have been away....
HSBC was probably a little less controlled, so small projects rolled out their own Linux mix, and now someone is banging the heads together to get everyone on the same hymnsheet.
Ten years ago, we were going through the same process with the corporate intranets, as the miryiad of NCSA, Apache and IIS installations got corralled under corporate control. Take it as a(nother) sign of maturity of the Linux platform...
I'm not at HSBC in London, but I'm not a million miles away, and I'm at another one of those London city like institutions. Having traversed a few of these places, I'll say a few things:
Firstly, every bank I know uses Windows on the desktop, bar one small exception with Mac. Linux is a feature in the data center, along with Windows, Solaris and occasionally some bigger iron. How much effort is put into support and management for a box depends on it's role. The really important servers ( ie. those in the datacenter ) get the backups, and extra firewalls, and super extra security, and fault tolerant failovers, and SCSI RAID arrays and all the other expensive stuff. They are also more likely to be one-offs.
The key to keeping TCO down is to keep machines standard. For example, desktop machines have a standard build with some mechanism to install/update applications automatically ( think apt-get for windows? ). The servers are not so standard. It probably doesn't help that HSBC have multiple Linux Distros. Pick one, and go with it. You should really have no more that two versions of an operating system around. eg. where I am now, we have NT4 and are upgrading to XP ( did you think we'd all gone to Vista in the Fortune 500 -- haha! ). We have Solaris 8, migrating to Solaris 10. On top of this, the hardware varies. Some servers are built to maximize GFlop/$. The dataservers revolve around TpM etc.. A compute engine needs less love and care than a database. Are we comparing like with like: I'd be pretty surpised if the 4 way Oracle dataserver running linux and half the bank's trading operations is not more expensive than a windows desktop.
The article points out that by moving to a single distro, they will lower their Linux TCO, which is true. The blanket "Windows TCO is lower than Linux TCO" needs to be explained and expanded before it becomes useful. ( That won't happen -- HSBC wouldn't release those numbers ).
Can't be bothered to read the article...
on
Lunar Dustbusters
·
· Score: 1
...cos my first thought on seeing the headline was
"People on airless planet report problems breathing"
which doesn't really seem to be pushing back the frontiers of human knowledge....
Being the family "IT Guy", I'm the one who has to purchase and support the families various computers. Now the first computer was for my Dad. He, an ex-corporate exec, wants a Windows computer. Why? Because he doesn't want any of this wierdo Linux stuff that I use at home. It doesn't work like Windows, and he doesn't want to learn something new. It's important to keep antivirus up to date for him too. I've just built him a new PC with XP. Norton AV etc. Time to first trojan installation : 3 days. With a fully patched XP AND fully patched AV. And behind a firewall. Guess who needs to remove all the malware....or work out why computers can't see each other on the home network ( Norton AV blockage ), or why he can't connect to a mail server when travelling ( Norton AV won't allow TLS connections to SMTP servers by default (WTF!!) )
Now my eldest aunt wanted a computer, and my Dad recommended a mac. They're easy to use... until you try to get the printer to work, and the drivers are only for MacOS 9. But it seems to work more or less okay.
Now my youngest aunt was after a computer. I built a Linux machine there. Guess what -- it works. No problems with drivers once it's up and running. No viruses. It's not that I haven't been called, but a blown PSU can't really be blamed on the OS. She's happy, and actually far more productive than my other aunt with the Mac.
Four years so far.... lets talk.
BTW : My Dad's home network sits behind one of the Netgear DG834 thingys which provides DHCP, Firewall, NAT, Wireless access point etc. He thinks it's great and tells all his friends to get one, since it's simple and bombproof. And what does it run on the inside? Yup, Linux.
It's a dangerous move by the telco. Up until now, telecoms companies have tried to argue ( quite rightly IMHO ) that they merely provide the infrastructure, and are not directly responsible for the content of websites that they host.
Here, we have a telecoms company deciding unilateraly to filter a website because they feel like it. If they can filter one, they may find themselves liable to filter all of the others. Imagine the court case
Lawyer: You must block goatse.ca because it is offensive to all mankind
Telco: We can't be expected proactively police and block websites: too much information, freedom of speech, etc, etc,
Lawyer: But what about that time you blocked your union website? You can block "offensive" material when you want to.
Okay, I'm now in my fourth trading support environment, as a consultant, and three of them used perl. One also used python.
The only one that didn't have perl or python insisted on everything in C++. They didn't have *any* C++ programmers, so that the C++ code was effectively unsupported!
In reality, the biggest problem is that Traders are well versed in Excel, and I have met many of them that don't understand what other applications a PC could possibly want. They can be spotted writing letters to their clients in Cell A1.
These traders are wrong, since in reality, behind them is a large mass of (semi) automated order processing, settlement and confirmation systems, most of which are mainframe/minicomputer based, or n-tier client server. You *can't* do that with Excel.
Margins are low in investment banking now, and firms are being pushed to cut costs, especially in IT. Traders are no longer able to swing their big swinging dicks and get what they want. They will get what they are given, and that will start to be the cheapest option -- the spreadsheet widget is a possible flyer.
Admittedly, the quants do design their pricing models in spreadsheets, but this is a prototype, since to trade whatever it is has been designed, the same model must be implemented in the big iron trading systems. The rest of the universe uses excel for looking at data.
Strangley enough, the politicians had very little to do with it. After the Media agencies had got the EUCD passed in without anyone noticing, the UK and other member states were bound to amend their laws.
The job actually fell to the Patent Office to draft the legislation, and it would have been passed as a statutory instrument. That is, parliament would not have had a look in. In addition, due to "lack of time", none of the optional safegaurds available in the EUCD would have been implemented
The law has been delayed in the UK, mostly because people did fax their MP's and got them on board.
This pressure needs to be kept up. As it stands the UK DMCA legislation is far worse than the US one, since we do not have the concept of "fair use", in UK law, or any of the other exemptions that the DMCA provides.
If the throttle is implemented on the same machine as the virus, the virus writers will turn it off.
If it becomes a widespread implementation on the upstream routers, then virus writers will throttle their own connections to 1 per second to evade detection.
This defense was only tested against Nimda, and other viruses may work other ways. Will it stop email virii?
Makes the Warhol worm a bit harder to implement though:-)
I've recently got woody working at home, and had a very easy time of it. What made it easy was an offhand comment about the installation program in a debian newsgroup. Only install the bare minimum at the start ( I installed the base system and X ), and then apt-get everything else when you need it. This is totally unlike other installs I have done, where I just loaded everything I might possibly want at some point.
I installed potato that way from a CDROM, read the APT howto, and upgraded to woody from the net with no problems. If I need to install something that I want, apt-get will retrieve it in no time.
X worked right out of the box, and Windowmaker.
Debian does have a learning curve. There is a "Debian Way", and it is not the Redhat way, or the SuSe way, or the Mandrake Way. Read the website, and understand the thinking behind the distro, and how to maintain it. You need to learn about APT before you can grok Debian. When you do, system maintenance and upgrades become easy.
The UK has had red light cameras for a few years, along with speed cameras. Since the police are allowed to keep the fine money raised, they are really enthusistic about these things.
Of course, they are sold as a Road safety enhancement to the public, since "Speed Kills", although the majority of road accidents are caused by driver error. There is a argument that we now get more accidents, as people brake hard to slow down for the camara, and rear end shunts follow.....
The original speed cameras were rear facing, and you would get a letter asking you who was driving the car when the photo was taken. For a time, you could use the Human Rights Act, and refuse to incriminate yourself. Now the law has stated that Road Safety trumps the right to not self incriminate. Now, you just have to "not remember".
To get around this, we have forward facing cameras coming in now to take a picture of the driver as well. Motorcycles won't be spotted then, as they don't have front facing license plates.
Are the Java VM problems occurring because the Sun VM is buggy, or because the Microsoft VM is incompatible with the Sun VM.
Kinda looks bad for the "Write once, Run anywhere" people. Which would be Sun.
<THEORY subtype="conspiracy"> MS have made the Java VM incompatible. Thus people get upset with the constant fiddling to make Java work, and use.NET instead
<PROOF logic="not perfect" > 1. Sun have already fired lawsuits at MS to stop them doing this. 2. It's the way that Microsoft works. </PROOF> </THEORY>
This is a massively important point. Isn't it 90% of code that runs inside companies, and never sees the light of day.
Hell, in some places I've worked, only a select few developers are allowed to see the really important code, because it contains a major company secret. Do you think this code is then going to be sent to MS or another signing authority to Audit? I don't. And even if it was sent to them, they are only sign it, not audit it, test it or secure it. No one can employ enough staff to actually read all this code. Even MicroSoft. Especially if I have to submit during each edit-compile-test cycle.
So you are going to need the ability to run unsigned code, or the big clients are going to be ignoring windows completely. Welcome back GPL code.
Signing applications says nothing for quality. XP checks the signatures on device drivers for digital signatures. My authorised, signed by MicroSoft, "trusted device driver" for my Soundblaster caused no end of problems for my machine -- it replaced system DLL's with old versions. Much the same principle as Longhorn will work on really, and it hasn't caused the end of the world.
The part you quoted was my from my two line summary of the papers argument, and perhaps I wasn't clear on this.
You are correct, of course, the window of exposure opens once the buggy software is released, becoming much, much wider when an exploit is posted to the net as a whole.
My reference to the Apache incident was more to do with how fast they closed the window, once they were aware of the problem, rather than when the window first opened.
Ross Anderson's argument appears to be based around the trade off between massive peer review ( Good Thing! ) and the ease of finding a flaws if you have the source code ( Not so Good Thing ).
This is certainly true, however there is a large amount of security appears to come from the community / vendor around the code too. Yes, I'm generalising, but open source programmers treat security problems as security issues, rather than as a PR problem. Even though the apache team ( rightly, in my opinion ) criticized ISS for the manner of their reporting, they did also release a full disclosure release, and a suitable, working patch within 36 hours of the issue going public.
I don't see many vendors responding that quickly, although, to be fair, the apache team did know about the vulnerablity already.
It's all about the "Window of Exposure" really. Go to Bruce Scheiners Cryptogram page to see some excellent arguments about peer review, and the whole window of exposure idea.
Make sure that testing starts with each developer, so that they attempt to break all of their code before it goes anywhere.
If you look at the guys with really low bug rates, like the NASA guys running the Shuttle control software, they have very separate test and development teams, and a competitive attitude. The test team "wins" if it finds a bug, and the devlopers don't want to look silly.
Some Extreme Programming techniques, such as paired coding may help too.
Doing something interesting. That's a sure fire way to get me in the zone. It's not too hard for me to acheive, since I can find anything interesting -- even mowing the lawn.
The trick is to stay in the zone for as long as possible. I listen to music on the iPOD, which keeps me out of the flow of conversation in the office around me. Normally rock or dance music, but to be truthful, although something a bit more classical and soothing does make me more productive - I've seen a number of people who swear by Mozart. Listen to internet radio, or a big MP3 collection so you don't have to change CD's / minidiscs etc. Having to pick the next tape can throw you.
Contrary to other many other programmers, I prefer to work during the day, since I don't have the problems getting terminal time. At night, you start to fall asleep. Unless it's really interesting.
Take a break to eat / drink / leak etc when you hit a gumption trap. The distraction nearly always gives you the perspective to get going again. Don't take a break to go to a meeting
Make you desk comfortable. Make your desk big. That way you can fit keyboard, mouse, monitor and the manuals in from of you. Use a good monitor, mouse and keyboard. No good trying to program with a bad back. The chair is probably more important here than the desk. Make sure it has arms. Work in a room with a window.
And finally -- work with a rubber chicken on your desk. Those guys rock at GUI design.
Slashdot Mirror
I spend a rather large amount of time earlier this year looking at just this for an assignment, so I'm reasonably up to speed on the idea of biometric chips. The only upside to an embedded RFID chip is that it's much harder to lose your card or leave it at home. The downsides are massive:
* RFID chips are a health risk - they've been known to cause cancers in rats since 1996, and there is evidence of increased cancer risks in large animals too, such as dogs and cats. That's a risk in itself. They also block you from having an MRI scan in the future.
* They are hard to lose, but very easy to clone. Once your chip has been cloned you need surgery to change the password!
* If the idea takes off, where you do put different RFID chips around your body so they don't clash, or does there need to be a global standard? Do employees need to have the chips removed when they leave the country
* You can't remove your staff pass. Ideally, you only wear your staff pass in the office, so people outside the office can't easily copy/clone it. Try taking the RFID chip off on a daily basis...
* Companies are already banned from forcing implants on their staff in some states - California and Georgia come to mind.
And this is all before employees turn around and tell employers to go screw themselves over being permanently tagged and scarred by their employer, who can now keep tabs on them after leaving emplyoment...
Jammers don't usually cause a problem for the more sophisticated military. In essence, jamming is just broadcasting a very loud signal on the same frequency as the one you want to jam, so that you drown out the real signal.
The problem with broadcasting loud signals is that they are very good for locking bombs/missiles onto. The Americans have anti radar missiles that home in on radar signals. The Russians (used to?) have an air squadron that just flew around the battlefields dropping bombs on the largest transmitter they could find.
The more sophisticated Jammers only activate when a transmission coming in from the "real" source, but that won't work for GPS, as GPS broadcasts constantly.
So now you have two cruise missiles coming atcha. One targets the jammer, the other hits the target.
IPv6 may offer a range of new features over IPv4, but realistically, people will move to IPv6 for one of two reasons
1. They have run out of IP addresses ( remember the 10.0.0.0 private network is pretty big! )
2. Everyone else is doing it.
Option 1 is only really going to be a problem for the really big firms, and they will be really careful. All those Corporate apps need retesting with the new IP addresses, and that is a non trivial exercise ( think Y2K all over again!, except you could do it piecemeal ). It's a hard sell to the business : Mr PHB, we'd like to spend a large amount of money retesting all the applications in Globocorp to use a new IP numbering scheme. Nope, you won't get any business benefit.
ISPs may force people of IPv6 at some point, but that's only been an issue in South Korea so far. Everyone else still has enough IP addresses right now.
And until we get a critical mass of people going for Option 1, option 2 is a no go.
I thought the OOXML comments were the most interesting ones in the article. Mundie's answers to the question showed Microsoft's attitude to the ISO approval process. He saw the whole thing as "Well, we almost got enough votes to pass, but hopefully we can persude a few others next time around", not "Well, there are a few technical issues that we need to sort out, and then it should pass"
It's worth comparing this with the ODF ISO approval vote, where not a single "No" vote was cast.
MS see ISO as a little administrative/political hurdle to cross to maintain their document format stranglehold. They have ab-so-lute-ly no interest in using ISO as a way to attain a top quality technical standard, agreed by everyone. Most of the comments about OOXML related to incomplete documentation in the (6000 page!) specification. That's a fair comment, not a dig at MS. If MS actually fixed the fscking spec, more people might vote for it.
Well, after reading TFA, I get the impression that Microsoft hasn't really gone for "active support" as such. What they have said is that they didn't object to ODF going through the standards bodies.
Of course, with ODF being a fairly well documented open standard, there wasn't really any convincing way that they *could* object.
What makes MS very, very scared is widespread ODF adoption. Once state governments started to mandate open standards in government documents, it looked pretty much like ODF would get adopted. Not because ODF was superior, but because they had bothered to go through ANSI/ISO etc.
Since then, there has been a two pronged solution for microsoft. One has been to get OOXML to become a "proper standard", and the other is to browbeat state governments into giving up their policies. The former ran into problems, when IBM and others pointed out to ECMA that the OOXML spec was anything but open.
Microsoft cried foul straight away. Their argument "We didn't object to ODF, why are you objecting to OOXML?". The answer from IBM et al. was -- the OOXML standard sucks, and can only be implemented by someone who has the source code for all versions of MS-Office. It's not open, and until it is, we are not supporting it.
This "announcement" by MS, is nothing more than a warmed over restatement of this position, and mentions some esoteric features of OOXML that are not in ODF.
And you are not the only one who came to that conclusion. I've got a big stack of White Dwarf back episodes from my subscription, and the first editions of WH40K and WHRPG, but lost interest when the rules started changing so you would need to buy more ( relatively expensive ) vehicle miniatures.
Of course, before WD become a large, paid for, GW advert, they used to publish adventures and source material for all sorts of games in the magazine. I can look in the corner of the room now, and see Traveller, AD&D and other game system adventures published in White Dwarf. If that's not making money from derivative works of other peoples IP, I don't know what is. And what's more, they did this quite unashamedly for 10 years, before GW had enough games to fill the pages with adverts for their own games. Talk about hypocrisy.
That all rings a bell. I work in application support/development, one level above the System Administrators who deal with the OS issues. I'm not aware of many big iron applications running on Windows, and in most cases, it's not so much the fabled lack of reliability as an inability to scale. Windows runs okay on a 1 or 2 processor server, but when you are in the land of the 8-12 hyperthreaded server, with 100Gb odd of RAM, you are not in the Windows "sweetspot" (TM). Actually, I'm not sure you are in the Linux zone either, but Solaris handles it well.
I would expect desktops to have a low TCO, because they are kept fairly static from a software POV, and, more importantly, they are kept longer. For the majority of users, server upgrades have a much bigger impact on performance than desktop ones. That would explain my last job, where I started with a machine that was 2 years old on my desk, and left 3.5 years later having the same desktop. In the same 3.5 years, we'd refreshed the production and development servers twice. That's no bad thing -- we were growing the business, and the servers needed to do more. When you are pushing the limits of the servers, having more hardware makes a huge difference.
Most banking applications can fall into one of two categories : the newer Web based ones, where the logic is on a server, or the older terminal access ones, where you log into a server with telnet/X/ and run the program. In any case, the desktop is not stretched, but more server firepower is really welcomed by the users. With Linux not on the desktop, all the machines are servers, and that will raise the TCO.
Incidentally, at my last site, the IT department did not support Linux. There was a mixed Solaris/Windows environment, and, in the mix, Linux sits somewhere in the middle of those two. There was no philosophical objection, but no-one could justify the rollout of a Linux build on cost grounds for a project. If you have solid, standard Solaris and Windows builds, it's hard to justify the engineering effort for a solid, standard Linux build when you can save the engineering costs on your project and use a Sun or Windows box instead. If someone could have got over the hump, and installed a single machine, I think we would have been away....
HSBC was probably a little less controlled, so small projects rolled out their own Linux mix, and now someone is banging the heads together to get everyone on the same hymnsheet.
Ten years ago, we were going through the same process with the corporate intranets, as the miryiad of NCSA, Apache and IIS installations got corralled under corporate control. Take it as a(nother) sign of maturity of the Linux platform...
I'm not at HSBC in London, but I'm not a million miles away, and I'm at another one of those London city like institutions. Having traversed a few of these places, I'll say a few things:
Firstly, every bank I know uses Windows on the desktop, bar one small exception with Mac. Linux is a feature in the data center, along with Windows, Solaris and occasionally some bigger iron. How much effort is put into support and management for a box depends on it's role. The really important servers ( ie. those in the datacenter ) get the backups, and extra firewalls, and super extra security, and fault tolerant failovers, and SCSI RAID arrays and all the other expensive stuff. They are also more likely to be one-offs.
The key to keeping TCO down is to keep machines standard. For example, desktop machines have a standard build with some mechanism to install/update applications automatically ( think apt-get for windows? ). The servers are not so standard. It probably doesn't help that HSBC have multiple Linux Distros. Pick one, and go with it. You should really have no more that two versions of an operating system around. eg. where I am now, we have NT4 and are upgrading to XP ( did you think we'd all gone to Vista in the Fortune 500 -- haha! ). We have Solaris 8, migrating to Solaris 10. On top of this, the hardware varies. Some servers are built to maximize GFlop/$. The dataservers revolve around TpM etc.. A compute engine needs less love and care than a database. Are we comparing like with like: I'd be pretty surpised if the 4 way Oracle dataserver running linux and half the bank's trading operations is not more expensive than a windows desktop.
The article points out that by moving to a single distro, they will lower their Linux TCO, which is true. The blanket "Windows TCO is lower than Linux TCO" needs to be explained and expanded before it becomes useful. ( That won't happen -- HSBC wouldn't release those numbers ).
...cos my first thought on seeing the headline was
"People on airless planet report problems breathing"
which doesn't really seem to be pushing back the frontiers of human knowledge....
Okay, here's a story.
Being the family "IT Guy", I'm the one who has to purchase and support the families various computers. Now the first computer was for my Dad. He, an ex-corporate exec, wants a Windows computer. Why? Because he doesn't want any of this wierdo Linux stuff that I use at home. It doesn't work like Windows, and he doesn't want to learn something new. It's important to keep antivirus up to date for him too. I've just built him a new PC with XP. Norton AV etc. Time to first trojan installation : 3 days. With a fully patched XP AND fully patched AV. And behind a firewall. Guess who needs to remove all the malware....or work out why computers can't see each other on the home network ( Norton AV blockage ), or why he can't connect to a mail server when travelling ( Norton AV won't allow TLS connections to SMTP servers by default (WTF!!) )
Now my eldest aunt wanted a computer, and my Dad recommended a mac. They're easy to use... until you try to get the printer to work, and the drivers are only for MacOS 9. But it seems to work more or less okay.
Now my youngest aunt was after a computer. I built a Linux machine there. Guess what -- it works. No problems with drivers once it's up and running. No viruses. It's not that I haven't been called, but a blown PSU can't really be blamed on the OS. She's happy, and actually far more productive than my other aunt with the Mac.
Four years so far.... lets talk.
BTW : My Dad's home network sits behind one of the Netgear DG834 thingys which provides DHCP, Firewall, NAT, Wireless access point etc. He thinks it's great and tells all his friends to get one, since it's simple and bombproof. And what does it run on the inside? Yup, Linux.
It's a dangerous move by the telco. Up until now, telecoms companies have tried to argue ( quite rightly IMHO ) that they merely provide the infrastructure, and are not directly responsible for the content of websites that they host.
Here, we have a telecoms company deciding unilateraly to filter a website because they feel like it. If they can filter one, they may find themselves liable to filter all of the others. Imagine the court case
Lawyer: You must block goatse.ca because it is offensive to all mankind
Telco: We can't be expected proactively police and block websites: too much information, freedom of speech, etc, etc,
Lawyer: But what about that time you blocked your union website? You can block "offensive" material when you want to.
Telco: Um...
You steal from goods from the store, the store puts up prices on the goods.
You steal from the Insurance company, the Insurance Company puts up insurance prices
You "steal" music from the Record Companies, the government puts up PC prices
The argument doesn't follow.
The only one that didn't have perl or python insisted on everything in C++. They didn't have *any* C++ programmers, so that the C++ code was effectively unsupported!
In reality, the biggest problem is that Traders are well versed in Excel, and I have met many of them that don't understand what other applications a PC could possibly want. They can be spotted writing letters to their clients in Cell A1.
These traders are wrong, since in reality, behind them is a large mass of (semi) automated order processing, settlement and confirmation systems, most of which are mainframe/minicomputer based, or n-tier client server. You *can't* do that with Excel.
Margins are low in investment banking now, and firms are being pushed to cut costs, especially in IT. Traders are no longer able to swing their big swinging dicks and get what they want. They will get what they are given, and that will start to be the cheapest option -- the spreadsheet widget is a possible flyer.
Admittedly, the quants do design their pricing models in spreadsheets, but this is a prototype, since to trade whatever it is has been designed, the same model must be implemented in the big iron trading systems. The rest of the universe uses excel for looking at data.
The job actually fell to the Patent Office to draft the legislation, and it would have been passed as a statutory instrument. That is, parliament would not have had a look in. In addition, due to "lack of time", none of the optional safegaurds available in the EUCD would have been implemented
The law has been delayed in the UK, mostly because people did fax their MP's and got them on board.
This pressure needs to be kept up. As it stands the UK DMCA legislation is far worse than the US one, since we do not have the concept of "fair use", in UK law, or any of the other exemptions that the DMCA provides.
If the throttle is implemented on the same machine as the virus, the virus writers will turn it off.
:-)
If it becomes a widespread implementation on the upstream routers, then virus writers will throttle their own connections to 1 per second to evade detection.
This defense was only tested against Nimda, and other viruses may work other ways. Will it stop email virii?
Makes the Warhol worm a bit harder to implement though
I installed potato that way from a CDROM, read the APT howto, and upgraded to woody from the net with no problems. If I need to install something that I want, apt-get will retrieve it in no time.
X worked right out of the box, and Windowmaker.
Debian does have a learning curve. There is a "Debian Way", and it is not the Redhat way, or the SuSe way, or the Mandrake Way. Read the website, and understand the thinking behind the distro, and how to maintain it. You need to learn about APT before you can grok Debian. When you do, system maintenance and upgrades become easy.
The UK has had red light cameras for a few years, along with speed cameras. Since the police are allowed to keep the fine money raised, they are really enthusistic about these things.
Of course, they are sold as a Road safety enhancement to the public, since "Speed Kills", although the majority of road accidents are caused by driver error. There is a argument that we now get more accidents, as people brake hard to slow down for the camara, and rear end shunts follow.....
The original speed cameras were rear facing, and you would get a letter asking you who was driving the car when the photo was taken. For a time, you could use the Human Rights Act, and refuse to incriminate yourself. Now the law has stated that Road Safety trumps the right to not self incriminate. Now, you just have to "not remember".
To get around this, we have forward facing cameras coming in now to take a picture of the driver as well. Motorcycles won't be spotted then, as they don't have front facing license plates.
Are the Java VM problems occurring because the Sun VM is buggy, or because the Microsoft VM is incompatible with the Sun VM.
.NET instead
Kinda looks bad for the "Write once, Run anywhere" people. Which would be Sun.
<THEORY subtype="conspiracy">
MS have made the Java VM incompatible. Thus people get upset with the constant fiddling to make Java work, and use
<PROOF logic="not perfect" >
1. Sun have already fired lawsuits at MS to stop them doing this.
2. It's the way that Microsoft works.
</PROOF>
</THEORY>
Consume.net does this in the UK. Click on the "nodes" link from the main page.
This is a massively important point. Isn't it 90% of code that runs inside companies, and never sees the light of day.
Hell, in some places I've worked, only a select few developers are allowed to see the really important code, because it contains a major company secret. Do you think this code is then going to be sent to MS or another signing authority to Audit? I don't. And even if it was sent to them, they are only sign it, not audit it, test it or secure it. No one can employ enough staff to actually read all this code. Even MicroSoft. Especially if I have to submit during each edit-compile-test cycle.
So you are going to need the ability to run unsigned code, or the big clients are going to be ignoring windows completely. Welcome back GPL code.
Signing applications says nothing for quality. XP checks the signatures on device drivers for digital signatures. My authorised, signed by MicroSoft, "trusted device driver" for my Soundblaster caused no end of problems for my machine -- it replaced system DLL's with old versions.
Much the same principle as Longhorn will work on really, and it hasn't caused the end of the world.
You are correct, of course, the window of exposure opens once the buggy software is released, becoming much, much wider when an exploit is posted to the net as a whole.
My reference to the Apache incident was more to do with how fast they closed the window, once they were aware of the problem, rather than when the window first opened.
This is certainly true, however there is a large amount of security appears to come from the community / vendor around the code too. Yes, I'm generalising, but open source programmers treat security problems as security issues, rather than as a PR problem. Even though the apache team ( rightly, in my opinion ) criticized ISS for the manner of their reporting, they did also release a full disclosure release, and a suitable, working patch within 36 hours of the issue going public.
I don't see many vendors responding that quickly, although, to be fair, the apache team did know about the vulnerablity already.
It's all about the "Window of Exposure" really. Go to Bruce Scheiners Cryptogram page to see some excellent arguments about peer review, and the whole window of exposure idea.
If you look at the guys with really low bug rates, like the NASA guys running the Shuttle control software, they have very separate test and development teams, and a competitive attitude. The test team "wins" if it finds a bug, and the devlopers don't want to look silly.
Some Extreme Programming techniques, such as paired coding may help too.
I channel surf during the adverts. Sue me.
Doing something interesting. That's a sure fire way to get me in the zone. It's not too hard for me to acheive, since I can find anything interesting -- even mowing the lawn.
The trick is to stay in the zone for as long as possible. I listen to music on the iPOD, which keeps me out of the flow of conversation in the office around me. Normally rock or dance music, but to be truthful, although something a bit more classical and soothing does make me more productive - I've seen a number of people who swear by Mozart. Listen to internet radio, or a big MP3 collection so you don't have to change CD's / minidiscs etc. Having to pick the next tape can throw you.
Contrary to other many other programmers, I prefer to work during the day, since I don't have the problems getting terminal time. At night, you start to fall asleep. Unless it's really interesting.
Take a break to eat / drink / leak etc when you hit a gumption trap. The distraction nearly always gives you the perspective to get going again. Don't take a break to go to a meeting
Make you desk comfortable. Make your desk big. That way you can fit keyboard, mouse, monitor and the manuals in from of you. Use a good monitor, mouse and keyboard. No good trying to program with a bad back. The chair is probably more important here than the desk. Make sure it has arms. Work in a room with a window.
And finally -- work with a rubber chicken on your desk. Those guys rock at GUI design.