From out of the void, and with utter confidence, the voice of HerculesMO uttered: "If you don't know how to administer or set up the machine, don't blame the software. Blame your stupidity or lack of willingness to learn." Ah, so. It is my incompetence that has led the Microsoft developers to omit the button that is missing. I can see this clearly now. I will retire to the hills and valleys of this great land, armed with a trunk laden with Microsoft Press products. Once I have learned to never the blame The Way, or the Dao, and have punished myself for my lack of faith, I may again show myself on Slashdot. Before I go, I ask this: How may I automate log analysis with a Web interface? In 100 lines of code or less, please. Thank you master.
So when the aliens pulled you into the mother ship, did they do things to ya? Like experiments? Like, sexctial things? "...and then all administrative tasks become idiot proof." You have made a grave mistake: underestimating the capabilities of idiots. "With a click, I can give them a mailbox on Exchange and Group Policy determines who they can send to, who they can't, and what time they are allowed to do it." What if you need to do something that there isn't a button for? Whoops. You're up shit creek. "...they still have the most robust (if not fucked up) operating system in the world." Funny, I HAVEN'T drank the kool aid, and I'm looking at you waiting for the cuckoo bird to pop out of your forehead. Maybe this post came from an alternate universe. Windows works robustly in your dimension, eh? Do you post to Slashdot in a 4-D browser? In our universe here on planet Earth, my Windows Server machines are steaming piles of doody. Makes me want to stick a letter opener in my thigh to distract me from the pain. Glad things are different where you are. I'll come visit you sometime when I need a BREAK FROM REALITY.
Um, I run the OpenBSD base system, plus Mozilla Suite, plus KOffice, plus GAIM. I have never had my data stolen. I have never had my system hijacked by inert automated packets flying around on the internet sent by automated code running on Windows machines. I don't run a local firewall. So how does vulnerabilities that pop up sometimes in big open source applications that DON'T ALLOW ME TO GET HACKED make my machine less secure than a Windows box? This is why no one believes ANYTHING that ANYONE from Microsoft says. STOP LYING and maybe someone will start listening someday. In the meanwhile the lemmings that believe what they say deserve their status on the Darwin food chart.
Exactly. If he knew what he was talking about, then he would know that everything installed in OpenBSD in the base tree IS audited. Which includes Perl, Apache, and Sendmail. Instead of dismissing OpenBSD with lies about exploit numbers and pointing to lack of features (at least OpenBSD ships with some development environments), maybe they should look harder at how a secure system that is secure in the REAL WORLD does what they do.
Question one: "The key things about the SDL is that we basically have to update it every six months because the threat landscape changes..." This is bad. You are still chasing vulnerabilities. As Marcus Ranum says: 10 check for vulnerabilities 20 if vulnerable patch 30 goto 10 This is a vicious circle that you will never escape, and you will always be behind. Think DEFAULT DENY. "The user can configure their system to either ask them if they want to escalate, or ask for a password when the system tries to elevate them." This is sudo. Good idea. But does it really always prompt before escalating? Does application code have the ability to use Administrator privileges without calling the 'caniescalate.askme' call? "We have also gone through all of the system services in Vista to see which ones have admin privilege, verify which ones really need it, and for the ones that don't, remove it." Why do services have to run as admin? Can't they fork or run an unpriveleged thread, that communicates with the privileged portion to do its important functions? What about jails? These things are all old ideas in Unix. "...we have taken the anti-spyware technology that we acquired from GIANT Company Software, improved it and integrated it into the operating system in something called Windows Defender." If your code was written securely there would be no such thing. Period. Life is too short to look at the other questions, moving on...
I did some research on the net before I bought my USB PrismII device. It took a couple hours and I didn't get stuck with a Windows-only device. On the downside, I use a Mac, and tho my device (D-Link DWL122) came with a Mac driver, it was almost unusable. Unfortunately Airports were dropped from the Apple site TWO DAYS before I decided I needed wifi, and were going for $200 on eBay. Since my Clamshell iBook goes for $350 on eBay, that was right out. The D-Link was $30, but only wanted to do http traffic. SSH caused a kernel crash in less than a minute. Nice. Fortunately D-Link concealed on a foreign version of their site (Taiwan or somewhere) a newer release driver for OS X. That made it usable, though I have some scripts that help keep it from freezing the machine (can't sleep the laptop without ifconfig down first). I ended up running Yellow Dog Linux based of Fedora Core 1. After having to compile my own linux-wlan-ng driver and supporting configuration binaries, I had wifi that wouldn't crash my machine, and performed better than the OSX driver. It still went down sometimes. Later I used Ubuntu, which came with everything I needed, but I still had to configure my scripts to set up the card. Still went down sometimes. I am currently running Mandrake LE 2005 PPC, which came with the driver but no configuration binaries. I compiled just the binaries, and got it working. Still goes down. My solution is a script that ifconfig down's (otherwise you may have critical hot unplug issues), unloads the module, tells the user to unplug the device and replug it, reloads the module, and runs dhclient again. I usually only have to do this once per boot, so if it runs for days I'm fine.
If I was smarter I could make my script do whatever unplugging and replugging the device does to avoid interaction, but I don't care that much. One other issue that I had on all of these distros: dhclient doesn't know how to talk to devices that don't have names like ethx. I understand that you can set up an alias to take care of this, but I gave up on that. If you get the latest dhcp from ISC, it will compile easily on anything. Then you can just dhclient wlan0 and you are up and running. OpenBSD macppc now supports a lot of devices. Frankly I've been testing it and it NEVER GOES DOWN. Not only that, but the tiny bsd.rd installer supports installing the os OVER USB WIFI devices:) How freaking sweet is that! No compiling anything, just boom, it works.
Two issues related to Java on Macs (may change with the Intel version):
You have to get your Java from Apple. I was stuck all through OSX 10.3.x with an old Java. Sun doesn't offer a build. Apple did bundle an update with OSX 10.4.
Gosling mentioned in an interview that he builds the latest Java on his Linux box, and copies the JARs over to his PowerBook. Somehow I haven't found enough spare time to try to do that myself. However I think Gosling slowly tried this over a long period of time that he spent using X tunneling to use his native Linux build of Java on the Linux box, and experimenting with the individual JARs one at a time. Theoretically I would think using a slightly older JVM with a newer environment would not be a problem, except for the Cocoa hooks. Maybe you can use X for the gui stuff? As I said, don't know, haven't tried. Lots of people have failed to make this work, though I don't know how much effort they put into it. Netbeans works fine on OSX BTW, there is a release on their site.
Why should Sony be held accountable? As long their EULA says they are not, they are not. Just like when Melissa hit seven years ago, and Microsoft got in no trouble at all for letting businesses the world over get torpedoed. Bull!@#t.
Well, rub a lamp dude. No one is going to make Microsoft do much of anything. Unfortunately Java as a platform is only more secure than the rest of the Windows environment, not imminently secure. Using tools like Mozilla and the Java platform raises the exploit bar a little, but there's still a lot of bad software out there. Several layers of 'trustedness' between the Web, the different classes in an application, and the operating system would make it much harder for something coming in from the Web to make Bad Things Happen. Maybe someday they will implement such things in the native Windows environment? The question is, why hasn't Microsoft recompiled their stuff with buffer safe libraries? The fax viewer code was just a dumb design, allowing data in an image file to tell the system to make calls. Those things are harder to find. But not if you're as big as Microsoft. There should be a way to modify their automatic documentation generation code to help them find calls and methods that are possibly exploitable, then just run down the list. Maybe a good outcome of all this is that in the future, or at least after.NET, instead of making a bazillion API calls available, 20% of which ever get used, they will focus on basic code safety. Small languages like Python and even Perl have 'got 'er done' for years, and most Visual Studio developers only use a similarly small subset of available calls to do their work. I'm sure it's fun for the high level theoreticians at Microsoft to flesh out those APIs, but we need to stop the bleeding and make the calls safe first.
That's a fine idea. Problem is I doubt the Slashdot readers are pharmaceutical marketing companies looking to buy email addresses and HR data. There is a lot of demand out there for this information, and as long as that's true, someone will supply. The tough part is how do you stop it? Legislation? Who would enforce it? Our law enforcement system, even at the federal level, would never make a dent. Network security teams could report abusers, but it would take so long to put together enough proof to do anything legally that no one will put the resources into it. It's a tough problem.
Has anybody looked into the idea that companies (such as pharmaceutical marketers) are paying Microsoft to not fix vulnerabilities? This is something that I've wondered about often, but never read anything about. A "Halloween Document" on this would be very interesting... A lot of users have asked me over the years if Microsoft is paid by antivirus companies not to fix vulnerabilities. This is apparently an easy leap of logic for the most untechnical folks. We know that pharmaceutical marketers are using bots to crawl and reap email addresses, as the Perl developer that tried to blow the whistle on them last year had his computers confiscated by the cops, who were sent by his employer to ensure a cover-up (stop their ex-employee from publishing company secrets using some kind of Industrial Espionage legislation). Sigh.
I guess only communists who use software developed with a carcinogenic license can use RPC1 drives. This isn't the only hardware Microsoft is abandoning with Vista. Are we surprised? Microsoft makes no bones about admitting that they like to push the hardware requirements to feed the hardware market.
Oh yeah, Jedit is quite a nice programmer's editor, and the OSX port is delightful. Gosling uses it. It knows Python syntax highlighting, don't know about launching your app from the editor...
IDLE comes with Python, and is easy to set up on OSX. The editor is pretty good, debugging is pretty good. Unfortunately you can't actually test a Tk app within IDLE, since IDLE is Tk... So you have to drop to a prompt and launch your app from there. It has nice syntax highlighting and editing is usual WYSIWYG. There is a nice installer to get the pieces you need like bsddb. There is a pythonmac-sig mailing list where folks discuss such things.
Well, we already have The Church of Emacs, 'twould be easy to unite behind that. vi'ers put your feelings aside for privacy's sake! That's s ache, not socky. I think this is a Chicken Little story. If anybody's worried, then if folks started requiring TPM IDs some of us will just start a TPM Anonymizer service. After all, if it uses packets to talk, you can fake it. Go in Peace, my Children.
I agree. What really kills me about the scenario in the paper is that there are 1,000 ways not to screw up the situation they were in. So an app made some MySQL 4.1 calls? Why not rewrite the queries to use 3.x syntax? Problem solved. Everyone who uses MySQL has run into this before. Or, if there was no way around it, why would you clobber/usr/bin/gcc with your built from source version? That is sure to break your distro. Why not put it in/usr/local? Building the entire toolchain from source and clobbering your -release version is a recipe for pain. For one more 'step back from the situation' idea, why would you try to run an app on a distribution that doesn't support it? If this is a third-party app, it was developed and released on some -release version of some distro. Why not give it what it wants and run it on that distro, or use another app. Apparently the Windows admins were not asked to run Vista-only binaries on NT4 servers. Would they have been more or less successful than the Linux admins? They would have been screwed, in exactly the same way the Linux admins were. Dumb.
a) You will make hiring mistakes, the world is much much bigger than people that you 'know and trust'. How will you ever know if there are better programmers out there if you only hire 'known and trusted'? b) Everyone in the same room? Are you serious? Look, the teams should be able to meet in one place individually. c) Would be nice. d) Middle management head shrink nonsense, chick chick, deleted. e) Yup. f) Being firm is fine, although being able to disagree in a folksy, "c'mon, aw shucks" manner seems to make fewer hurt feelings. But someone has to make decisions without some kind of passive agressive manipulation bullshit. g) No thanks, no more 'tips' required. But thanks for passing down your wisdom, oh great one. Snarf!
A quick read of the report shows that the real losers here seem to be the Administrators. Some of the Linux admins "could not meet business requirements", and some were judged as failures by not using vendor-supplied solutions. Isn't one of the points of running Linux servers the freedom to use solutions NOT supplied by the vendor? Is it even possible for the Microsoft admins to make changes that aren't fed from the vendor? When the only tool you have is the "Upgrade" button, and the button doesn't work, what then? The advantage of Linux in administration is the flexibility to Make It Happen, even if the vendor sends you something broken. I know good admins on Microsoft, and good ones on UNIX. They seem to Make It Happen no matter what, because that is their job. Making It Happen sometimes include custom fixes, that are documented, so you can undo them when the vendor comes through (hopefully) later. So the Final Question is, why was it bad for the Linux admins to stray from vendor-supplied fixes, and why is the lack of flexibility on the Microsoft side a "win"?
Ahh, it's just a way to say that if you have a little of something divided into infinite badness, your little bit of something is a drop in the bucket. I use this as a joke at work: if b=botnet infected computers, and h=happiness, then lim b->oo h/b = 0 happiness.
In fact, lim v->oo s/v = 0, where s=security and v=variables in your environment. No real security, but you try.
I cringe when I see all those books at the local computer mart with titles like "TCP/IP Security" with a cheesy rainbox-colored logo beside it that says "Made Easy" in an italic font. Publishers actually think people trying to secure networks will be fooled by a logo that belongs on a home decorating book or manual can opener package?
Having ranted, I'm sure the O'Reilly book is probably good. It certainly helps to get on top of things if you can at least sort all of your marbles into buckets, instead of watching them roll around randomly underfoot.
Yes, let's step back from this for a sec. I'm three car payments behind. But I really feel sorry for you, that they made you change your name on a game or whatever. Snot nosed bed wetting pansy ass she girl panty waste.
Well, I hate to rain on yer parade, Fancylads. But Andy Hertzfeld uses a 20" iMac. A little over a grand. He recently wrote the CMS for folklore.org on it and a book. And of course, he coded up a large part of the Mac system on an Apple II...
Is it just me, or is every day a Skype day lately? Here's a preview of headlines for next week: SKYPE TAKES DUMP, KINDA GREENISH BROWN. SKYPE WOKE UP THIS MORNING. SKYPE HAD CHEERIOS FOR BREAKFAST. 4 OUT OF 5 SKYPES USE CREST. I have a cell phone, wake me up when I can use VOIP the same way. YAWN.
Slashdot Mirror
From out of the void, and with utter confidence, the voice of HerculesMO uttered: "If you don't know how to administer or set up the machine, don't blame the software. Blame your stupidity or lack of willingness to learn."
Ah, so. It is my incompetence that has led the Microsoft developers to omit the button that is missing. I can see this clearly now. I will retire to the hills and valleys of this great land, armed with a trunk laden with Microsoft Press products. Once I have learned to never the blame The Way, or the Dao, and have punished myself for my lack of faith, I may again show myself on Slashdot.
Before I go, I ask this: How may I automate log analysis with a Web interface? In 100 lines of code or less, please. Thank you master.
So when the aliens pulled you into the mother ship, did they do things to ya? Like experiments? Like, sexctial things?
"...and then all administrative tasks become idiot proof."
You have made a grave mistake: underestimating the capabilities of idiots.
"With a click, I can give them a mailbox on Exchange and Group Policy determines who they can send to, who they can't, and what time they are allowed to do it."
What if you need to do something that there isn't a button for? Whoops. You're up shit creek.
"...they still have the most robust (if not fucked up) operating system in the world."
Funny, I HAVEN'T drank the kool aid, and I'm looking at you waiting for the cuckoo bird to pop out of your forehead. Maybe this post came from an alternate universe. Windows works robustly in your dimension, eh? Do you post to Slashdot in a 4-D browser?
In our universe here on planet Earth, my Windows Server machines are steaming piles of doody. Makes me want to stick a letter opener in my thigh to distract me from the pain. Glad things are different where you are. I'll come visit you sometime when I need a BREAK FROM REALITY.
Um, I run the OpenBSD base system, plus Mozilla Suite, plus KOffice, plus GAIM. I have never had my data stolen. I have never had my system hijacked by inert automated packets flying around on the internet sent by automated code running on Windows machines. I don't run a local firewall. So how does vulnerabilities that pop up sometimes in big open source applications that DON'T ALLOW ME TO GET HACKED make my machine less secure than a Windows box? This is why no one believes ANYTHING that ANYONE from Microsoft says. STOP LYING and maybe someone will start listening someday. In the meanwhile the lemmings that believe what they say deserve their status on the Darwin food chart.
Exactly. If he knew what he was talking about, then he would know that everything installed in OpenBSD in the base tree IS audited. Which includes Perl, Apache, and Sendmail. Instead of dismissing OpenBSD with lies about exploit numbers and pointing to lack of features (at least OpenBSD ships with some development environments), maybe they should look harder at how a secure system that is secure in the REAL WORLD does what they do.
Question one: "The key things about the SDL is that we basically have to update it every six months because the threat landscape changes..."
This is bad. You are still chasing vulnerabilities. As Marcus Ranum says:
10 check for vulnerabilities
20 if vulnerable patch
30 goto 10
This is a vicious circle that you will never escape, and you will always be behind. Think DEFAULT DENY.
"The user can configure their system to either ask them if they want to escalate, or ask for a password when the system tries to elevate them."
This is sudo. Good idea. But does it really always prompt before escalating? Does application code have the ability to use Administrator privileges without calling the 'caniescalate.askme' call?
"We have also gone through all of the system services in Vista to see which ones have admin privilege, verify which ones really need it, and for the ones that don't, remove it."
Why do services have to run as admin? Can't they fork or run an unpriveleged thread, that communicates with the privileged portion to do its important functions? What about jails? These things are all old ideas in Unix.
"...we have taken the anti-spyware technology that we acquired from GIANT Company Software, improved it and integrated it into the operating system in something called Windows Defender."
If your code was written securely there would be no such thing. Period.
Life is too short to look at the other questions, moving on...
I did some research on the net before I bought my USB PrismII device. It took a couple hours and I didn't get stuck with a Windows-only device. :) How freaking sweet is that! No compiling anything, just boom, it works.
On the downside, I use a Mac, and tho my device (D-Link DWL122) came with a Mac driver, it was almost unusable. Unfortunately Airports were dropped from the Apple site TWO DAYS before I decided I needed wifi, and were going for $200 on eBay. Since my Clamshell iBook goes for $350 on eBay, that was right out.
The D-Link was $30, but only wanted to do http traffic. SSH caused a kernel crash in less than a minute. Nice. Fortunately D-Link concealed on a foreign version of their site (Taiwan or somewhere) a newer release driver for OS X. That made it usable, though I have some scripts that help keep it from freezing the machine (can't sleep the laptop without ifconfig down first).
I ended up running Yellow Dog Linux based of Fedora Core 1. After having to compile my own linux-wlan-ng driver and supporting configuration binaries, I had wifi that wouldn't crash my machine, and performed better than the OSX driver. It still went down sometimes. Later I used Ubuntu, which came with everything I needed, but I still had to configure my scripts to set up the card. Still went down sometimes. I am currently running Mandrake LE 2005 PPC, which came with the driver but no configuration binaries. I compiled just the binaries, and got it working. Still goes down. My solution is a script that ifconfig down's (otherwise you may have critical hot unplug issues), unloads the module, tells the user to unplug the device and replug it, reloads the module, and runs dhclient again. I usually only have to do this once per boot, so if it runs for days I'm fine.
If I was smarter I could make my script do whatever unplugging and replugging the device does to avoid interaction, but I don't care that much.
One other issue that I had on all of these distros: dhclient doesn't know how to talk to devices that don't have names like ethx. I understand that you can set up an alias to take care of this, but I gave up on that. If you get the latest dhcp from ISC, it will compile easily on anything. Then you can just dhclient wlan0 and you are up and running.
OpenBSD macppc now supports a lot of devices. Frankly I've been testing it and it NEVER GOES DOWN. Not only that, but the tiny bsd.rd installer supports installing the os OVER USB WIFI devices
Can't they just do some searches, and then look up hosts on Netcraft? I'm sure there are even better ways than that, but duh...
Two issues related to Java on Macs (may change with the Intel version):
You have to get your Java from Apple. I was stuck all through OSX 10.3.x with an old Java. Sun doesn't offer a build. Apple did bundle an update with OSX 10.4.
Gosling mentioned in an interview that he builds the latest Java on his Linux box, and copies the JARs over to his PowerBook. Somehow I haven't found enough spare time to try to do that myself. However I think Gosling slowly tried this over a long period of time that he spent using X tunneling to use his native Linux build of Java on the Linux box, and experimenting with the individual JARs one at a time. Theoretically I would think using a slightly older JVM with a newer environment would not be a problem, except for the Cocoa hooks. Maybe you can use X for the gui stuff? As I said, don't know, haven't tried. Lots of people have failed to make this work, though I don't know how much effort they put into it. Netbeans works fine on OSX BTW, there is a release on their site.
Why should Sony be held accountable? As long their EULA says they are not, they are not. Just like when Melissa hit seven years ago, and Microsoft got in no trouble at all for letting businesses the world over get torpedoed. Bull!@#t.
Well, rub a lamp dude. No one is going to make Microsoft do much of anything. Unfortunately Java as a platform is only more secure than the rest of the Windows environment, not imminently secure. Using tools like Mozilla and the Java platform raises the exploit bar a little, but there's still a lot of bad software out there. .NET, instead of making a bazillion API calls available, 20% of which ever get used, they will focus on basic code safety. Small languages like Python and even Perl have 'got 'er done' for years, and most Visual Studio developers only use a similarly small subset of available calls to do their work. I'm sure it's fun for the high level theoreticians at Microsoft to flesh out those APIs, but we need to stop the bleeding and make the calls safe first.
Several layers of 'trustedness' between the Web, the different classes in an application, and the operating system would make it much harder for something coming in from the Web to make Bad Things Happen. Maybe someday they will implement such things in the native Windows environment?
The question is, why hasn't Microsoft recompiled their stuff with buffer safe libraries? The fax viewer code was just a dumb design, allowing data in an image file to tell the system to make calls. Those things are harder to find. But not if you're as big as Microsoft. There should be a way to modify their automatic documentation generation code to help them find calls and methods that are possibly exploitable, then just run down the list.
Maybe a good outcome of all this is that in the future, or at least after
That's a fine idea. Problem is I doubt the Slashdot readers are pharmaceutical marketing companies looking to buy email addresses and HR data. There is a lot of demand out there for this information, and as long as that's true, someone will supply.
The tough part is how do you stop it? Legislation? Who would enforce it? Our law enforcement system, even at the federal level, would never make a dent. Network security teams could report abusers, but it would take so long to put together enough proof to do anything legally that no one will put the resources into it. It's a tough problem.
Has anybody looked into the idea that companies (such as pharmaceutical marketers) are paying Microsoft to not fix vulnerabilities? This is something that I've wondered about often, but never read anything about. A "Halloween Document" on this would be very interesting...
A lot of users have asked me over the years if Microsoft is paid by antivirus companies not to fix vulnerabilities. This is apparently an easy leap of logic for the most untechnical folks. We know that pharmaceutical marketers are using bots to crawl and reap email addresses, as the Perl developer that tried to blow the whistle on them last year had his computers confiscated by the cops, who were sent by his employer to ensure a cover-up (stop their ex-employee from publishing company secrets using some kind of Industrial Espionage legislation). Sigh.
I guess only communists who use software developed with a carcinogenic license can use RPC1 drives.
This isn't the only hardware Microsoft is abandoning with Vista. Are we surprised? Microsoft makes no bones about admitting that they like to push the hardware requirements to feed the hardware market.
Oh yeah, Jedit is quite a nice programmer's editor, and the OSX port is delightful. Gosling uses it. It knows Python syntax highlighting, don't know about launching your app from the editor...
IDLE comes with Python, and is easy to set up on OSX. The editor is pretty good, debugging is pretty good. Unfortunately you can't actually test a Tk app within IDLE, since IDLE is Tk... So you have to drop to a prompt and launch your app from there. It has nice syntax highlighting and editing is usual WYSIWYG. There is a nice installer to get the pieces you need like bsddb. There is a pythonmac-sig mailing list where folks discuss such things.
Well, we already have The Church of Emacs, 'twould be easy to unite behind that. vi'ers put your feelings aside for privacy's sake!
That's s ache, not socky.
I think this is a Chicken Little story. If anybody's worried, then if folks started requiring TPM IDs some of us will just start a TPM Anonymizer service. After all, if it uses packets to talk, you can fake it.
Go in Peace, my Children.
I agree. What really kills me about the scenario in the paper is that there are 1,000 ways not to screw up the situation they were in. /usr/bin/gcc with your built from source version? That is sure to break your distro. Why not put it in /usr/local? Building the entire toolchain from source and clobbering your -release version is a recipe for pain.
So an app made some MySQL 4.1 calls? Why not rewrite the queries to use 3.x syntax? Problem solved. Everyone who uses MySQL has run into this before.
Or, if there was no way around it, why would you clobber
For one more 'step back from the situation' idea, why would you try to run an app on a distribution that doesn't support it? If this is a third-party app, it was developed and released on some -release version of some distro. Why not give it what it wants and run it on that distro, or use another app.
Apparently the Windows admins were not asked to run Vista-only binaries on NT4 servers. Would they have been more or less successful than the Linux admins? They would have been screwed, in exactly the same way the Linux admins were. Dumb.
a) You will make hiring mistakes, the world is much much bigger than people that you 'know and trust'. How will you ever know if there are better programmers out there if you only hire 'known and trusted'?
b) Everyone in the same room? Are you serious? Look, the teams should be able to meet in one place individually.
c) Would be nice.
d) Middle management head shrink nonsense, chick chick, deleted.
e) Yup.
f) Being firm is fine, although being able to disagree in a folksy, "c'mon, aw shucks" manner seems to make fewer hurt feelings. But someone has to make decisions without some kind of passive agressive manipulation bullshit.
g) No thanks, no more 'tips' required. But thanks for passing down your wisdom, oh great one. Snarf!
A quick read of the report shows that the real losers here seem to be the Administrators. Some of the Linux admins "could not meet business requirements", and some were judged as failures by not using vendor-supplied solutions.
Isn't one of the points of running Linux servers the freedom to use solutions NOT supplied by the vendor? Is it even possible for the Microsoft admins to make changes that aren't fed from the vendor?
When the only tool you have is the "Upgrade" button, and the button doesn't work, what then? The advantage of Linux in administration is the flexibility to Make It Happen, even if the vendor sends you something broken.
I know good admins on Microsoft, and good ones on UNIX. They seem to Make It Happen no matter what, because that is their job. Making It Happen sometimes include custom fixes, that are documented, so you can undo them when the vendor comes through (hopefully) later.
So the Final Question is, why was it bad for the Linux admins to stray from vendor-supplied fixes, and why is the lack of flexibility on the Microsoft side a "win"?
Ahh, it's just a way to say that if you have a little of something divided into infinite badness, your little bit of something is a drop in the bucket. I use this as a joke at work: if b=botnet infected computers, and h=happiness, then lim b->oo h/b = 0 happiness.
security != easy.
In fact, lim v->oo s/v = 0, where s=security and v=variables in your environment. No real security, but you try.
I cringe when I see all those books at the local computer mart with titles like "TCP/IP Security" with a cheesy rainbox-colored logo beside it that says "Made Easy" in an italic font. Publishers actually think people trying to secure networks will be fooled by a logo that belongs on a home decorating book or manual can opener package?
Having ranted, I'm sure the O'Reilly book is probably good. It certainly helps to get on top of things if you can at least sort all of your marbles into buckets, instead of watching them roll around randomly underfoot.
Yes, let's step back from this for a sec. I'm three car payments behind. But I really feel sorry for you, that they made you change your name on a game or whatever. Snot nosed bed wetting pansy ass she girl panty waste.
Well, I hate to rain on yer parade, Fancylads. But Andy Hertzfeld uses a 20" iMac. A little over a grand. He recently wrote the CMS for folklore.org on it and a book. And of course, he coded up a large part of the Mac system on an Apple II...
Yeah, "GOOGLESUN MAKES FLOWERS GROW" will be next. But I keep reading, bumping against the lightbulb like a mindless moth.
Is it just me, or is every day a Skype day lately? Here's a preview of headlines for next week: SKYPE TAKES DUMP, KINDA GREENISH BROWN. SKYPE WOKE UP THIS MORNING. SKYPE HAD CHEERIOS FOR BREAKFAST. 4 OUT OF 5 SKYPES USE CREST.
I have a cell phone, wake me up when I can use VOIP the same way.
YAWN.