I have about 5000/mnth of income to work with. I have to get paid as well. Our clients have little or no money, so we run things just a little above cost. This kills the obvious solution, which is that we don't charge enough. Our nearest competitor is 100 times more expensive than we are. The end result is that my life here is devoted to squeezing every dollar out of everything we do. Plus any profits are rolled into the rest of the company for our other product developers. Our current costs are 800/month. So a jump to 2000, plus purchasing the hw needed, 50K. is not really an option. I wish it were.
It's too cost prohibitive. Extremely large redundant DBs Extremely High traffic. Level 1 PCI compliance, because we are a payment gateway. Which adds up to more than we make on the services we offer. I have checked every year for colocation services etc, and they are always more than we can afford.
This is actually the way that we are considering doing things. Basically using a rackspace cloud server, for the well connected end point, and then openvpn'n from there. The other option that we have on the table, is a simple roundrobin type DNS server to hit any of our 3 end points. Seems like the later would have less overhead due to not going over the openvpn, but the former would give us a chance to instantly deal with situations where we had to switch IP's w/o for extended periods of time, w/o waiting for the top level nameservers to switch over/add/remove the new IP.
We had a situation in May that caused us to lose power, roads, and t1 for over a week, and had to load up a truck with servers, and drive 30 miles away, to a mold filled basement of a small time ISP. By the time DNS truly switched over, we were ready to move back. It was not a pleasant experience. But I finally have a budget to fix the problem the correct way.
I personally like to reject with the wrong message, such as no route to host. Some statefull IPS systems that you might have in front of the firewall like to keep track of the connections, by issuing a drop, that IPS doesn't know the connection went away. If you're getting pounded, it can actually make the IPS start losing/refusing connections. This includes the legitimate traffic to your web-server. SonicWall works this way. So sending back a BS message lets the IPS know that the connection is bad, and that it should drop it. While at the same time confusing the attacker, that a particular hosts doesn't even exist. "you hope." If you don't have something like that to deal with, then I'm all about the DROP.
The nice thing about the ref-policy is that you can set your machine up so that root has no powers. Or even so root has no powers remotely. It took about a month, but what we ended up with is a situation involving roles that always requires two people in order to preform some change to the system. For example, I can't as the sysadmin, can't upgrade a file or even run 'ps aux' w/o the security admin dropping the enforement. the security admin cannot drop the enforcement remotely, he can only do it if I or the ISO let him into the server closet. I as the sysadmin do not have the ability to change passwords or see the passwd/shadow files. No service can be successfully restarted on the machine w/o a full reboot. The machine cannot reboot w/o an encrypted USB key in the machine that the ISO has in his safe, which is used to decrypt the Data volume. The general idea being that it always takes 2 people to do anything. The ref-policy has a much better ability to assign specific roles to specific users, and the important part being the ability to never allow initrc to be transitioned to by anyone, but the bootloader/kernel. I found that the targedted policies were far to permissive and behind when it came to trying to REALLY lock down a box, where as the ref-policy was under far more aggressive active development.
Obviosuly this is not perfect, but its a frustrating good start.
At last check, the PCI folks still haven't even made up their minds as to virtualization. Our auditor (Security Metrics) made us move our card processor our of our in house virtualization to a dedicated machine, and we were running everything on a mainframe with LPARS, but they were not comfortable with that. Not a big deal, but you'll seee others out there like GSI how advertise the fact that their VMware clouds are PCI-DSS compliant. Given that all of the clouds are VM servers, I don't think you can go with any Cloud solution and really be PCI-DSS compliant.
We do exactly what amazon suggests and run our processing in-house while our app runs in the cloud. This seemed to be a best of breed approach.
As to why we would run/write our own processing software, we are a payment gateway, and that.5 to 1 percent we save on each transaction makes a large difference. Even if it did take 1.5 years to actually become PCI complaint.
As for the web application firewall of requirement 6, you can do either that, or formal code reviews by qualified (which they don't define) individuals or 3rd parties.
Is PCI worth it? Only if your going to be a gateway as far as I can tell. If you just need to process your own sales, use someone else. And don't go through the hassle.
oh, and use a highly modifed version of the SELinux ref-policy for your card processor so that even your admin folks can't get at the data.
I have to agree with this. Either have them setup auditing and show you how it works, and use something like splunk and/or tripwire to verify their actions, or like the parent said, hire an outside auditor. Id suggest at a minimum you have someone onsite who can read/audit the log files. Also make sure that you now how to change the passwords and or ability to connect remotely. so that when they have accomplished the required task, you lock them out. When they need access you restore it. It's just like showing up at the store at 6am with the keys to let a repairman in. what it boils dow to, is make sure YOU have control over their access, and the ability to verify what they have done. They may take your data, but you'll know it, or you'll know that there is something wrong because of missing logs. As a manager, you should always know a little about what your managing. Otherwise you endup buying cases of blinkerfuild for your car.
Hitachi didn't get out of the Mainframe biz. They may have said they did, but they didn't. They've converted their mainfram biz to a hardware based virtualization solution based on intel Itanium and Xenon VT chipsets.
The interface to their blade symphony virtage systems is traight out of their mainframes. Hey've taken a position of doing the mainframe thing but on comodity chips. We bought one of these a year or so ago. it basically scales up to 16 LPARs per blade, with failover and all of the niceities, just jeep adding blades and LUNs to your fiberchannel array, and you can just keep scaling up. The price point for these things come in about the same as VMware intially, but tends to beat them in the long term.
i'd love to see it where i live. Sure the cell companies have my by the tenders, but it's the only thing I can get living out in the country. I get between 800kb - 900kb. That's a far better speed than the 36kb i was getting 2 months ago dialing in to the office. The phone Companies are never going to finish the last mile for DSL, and now that I've been using a verizion modem, I can see why. They make more money on the cell modems than they do on DSL, and there is very little infrastructure to put in place. Why would they bother.
Now I just have to figure out how to sue them for the fact that with their throttling it's actually impossible for me to hit that 50GB limit I'm paying for each month.
They really don't care at the age of 2. At about 5 years of age they can start having some real fun with PBSkids.org. I would suggest that you DON'T get a laptop. Kids like the big screen, and their fine motor skills like big buttons and big mouse movements. In a perfect world, get an iMAC and put tux paint, konegregate.com puzzle games, and some scrolling games on it. Show them how to use textedit and the Start Speaking Text. 5 -7 years of age seems to be when kids really start having fun with them, and not just random pounding. pbskids.org works at about 4. Laptops can be dropped and spilled on.
These are just my observations of what my kid has liked and done.
The flops I've had include "Windows" and Lego mindstorms. He can build things, he just can't put together something by himself that will work. He loves watching the things I put together, but at this age (early 7) they are still easily overwhelmed by blank slates.
I agree with you mostly, But the one thing that I think we all need to remember in the fight between neural interface and large 3D toys, is that once we have those neural interfaces, we will need a 3d world to work in. I've always viewed all of these toys as getting closer to that. You can't just model the world around you and call it an interface. It's extremely inefficient. All of these technologies from 3D gestures to voice control to whatever become extremely useful when trying to deal with vastly dimensional data sets, as opposed to trying to write a term paper. Once you have more than about 4 or 5 variables that your trying to deal with you HAVE to go 3D. You can add some haptic feed back and maybe get a since of how something is behaving, but you have to focus directly on it. Touch is too narrow to be used for correlating distinct variables. It would be like being Hellen Keller. Touch is for dealing with one specific thing at a time. Sight and Sound are more wide band on the other hand. Things can get you attention from a distance without you initially being focused on them. A knocking in the engine, or a flash or bit of movement out of the corner of your eye. You can then evaluate by looking or listening to the sound directly, and then in the end decide whether or not it's worth touching, to get the more subtle details out of it.
There are certain this that centraalization brings to the table. Such as this this guy just came into the hospital unconcious , and we know that when he was in a VA hospital accross the country last week he was given a drug that would interact badly with what we want to give him right now. Or what is the chnage in his cat scan since last week whe he was someplace else and had one.
Obviously not all of this data needs to be centralized, but it's existance should be. We don't know to what level the VA was doing this, but I've met a large number of people who work in it's IT branch, and they love what they do, and are very good at it as well. Sometimes things just go wrong, and sometimes things get pushed out there for beuracratic reasons, but most of the time the VA is very IT savy.
I'm currently in charge of making our buisiness PCI complient. It is a pain in the ass, but it is also the best way I have found to get the accountants to okay larger budgets to get what I need to implement decent security for the rest of the organization. I agree with the comment that compensating controls are the key. There are just certain things that make no sense for an office of 13 people, that make a great deal of sense for 50+. Also one of the things that has been helpful is the self audit for small comapnies. And I can't stress enough the PCI from a tech view, does not force you to do anything you shouldn't really be doing anyway. The other thing to remember is that your entire organization does not have to be PCI complient, only the networks and machines that have access to CC data. Translation VLAN and segmenting are your friends. Or just true physically seperate networks. One thing that I have not seen mentioned above, is that expcect a minimum of 6 months to implement this stuff from scratch, and that's in a perfect world. For almost 3 months we had someone working on the documentation fulltime. I would also suggest that you hire a consultant to help you, or atleast take tripwire up on their offer to audit you when you install their comercail software. Expect a decent website/pos to cost 25K for just hardware and OSS software. (Seperate firewall,webserver,db,and cc processing system) not to mention locking the closet door with that new deadbolt. We opted to not go for the man trap requirement, just finding a contractor who can put in an effective tiger pit with crushing walls proved to difficult.
This artical is a joke. I'm glad to hear that some lady feels that programming is a better palce than her disfunctional childhood, but who really cares? If the study were about disfunctional families and the warm feeling one gets from a computer I might care, but it isn't and I don't.
The Pontiac Solstice GXP produces 130/L stock and with different exhaust can jump to 150/L. No one has craked the ECU yet, but it's expected to be able to do 200HP/L when that gets cracked. I believe it's powers is baesed alot on the direct injection technologey the Ecotech engine uses.
I think you are correct in most regards, however, I think it can depend on the game. Guitar Hero will draw a crowd. But the Wii has the advantage in that most of the games draw a crowd. It's as if they really went for party games with the wii instead of imersive games like the PS3.
This usually happens when a corp (read IBM, SUN) throws a bunch of money on an opensoure project. I would call this quite common now, so I do see this happening with desktop.
This is exactly the problem with linux. "A little opengl" to start improving the desktop/wm is not going to cut it unfortunately. If thats all you have, you'll end up in the same mess as before (incosistent applications that do whatever their "amateur" developers like, no serious usability studies, no professionalism, no COMMON VISION). So how is this going to help the situation ?? I think that this is both a pro and a con with open source. Initialy there is no common vision, just a problem to be solved. People just throwing their ideas into the pile. However, this tends to foster creativity. Groups of developers begin to form, friendly competion etc. Companies began to form around these groups. Money begins to come in etc. Usability studies etc then start happening. Obviously this is almost the exact opposite of the commercial software world. The problems I see I see with this developemnt method are that their is a potentially huge amount of wasted effort and time. But the flip side of this is that developers are not bound to stale ideas from out of date managers/users. One of things I love about Apple is that they have been willing to foster creativity, and try things out. But they also have the benifit of one person in charge to guide them. With a major exception being Appleand possibly Sun and Google, I don't think that most software companies have a common vision, usability studies, or professionalism. I've worked for too many large and small companies, what they have are politics, baggage, and limits.
The thing you and every linux fan and advocate needs to realise is that the ordinary user does not care about compiz,beryl,cube animations and so on. Not anymore. Ubiquitis computing and youth are changing this. The boomers are begining to move out, and people who feel that their lives should be fun and cool are moving in. Cell phones are all flashy functionality for example, and computers are headed that way. How many apple people do you know who are excited by it's upcoming spinning cube? The average user wants a pleasent place to work, not a battle ship.
What he wants is _consistency_ and _user-friendly_ expected and predictable behavior. OSX delivers in spades whilst linux doesn't yet know the meaning of these terms. _consistency_ is a good thing and yes people like know what to expect. But people also want fresh and new. OSX offers a _little_ freshness but is mostly just paint. Just like Vista, Gnome and KDE. OSX is anything but consistant, if you include all of the 3rd party apps for it, Whereas Linux has more. Gnome and KDE are constantly becoming more and more consistant through all of their apps. Whereas Apple has absolutly now control over 3rd party vendors, and can't get their programs behave like their average.
Sorry to take issue with your use of the word amature, but I guess in my head there are bad or good programmers, with some shading in between. And you just can't really tell who's who out here anymore. I've seen stats that say the number of paid developers (directly or indirectly) on linux outways the number volenteer developers. But I've also seen stats the other way too. Too much FUD to filter through.
I mostly agree. I do think it could take some time, and that it is buggy blah blah blah. However, various groups seem to be getting behind axgl whioch is apparently less buggy.
as for:
I don't think that a bunch of amateur developers doing Xgl work are going to beat Apple in innovation any time soon... I can't agree with. These are not amature developers, and it's never a good idea to underestimate the speed with which OSS can catchup/pass a commercial company in inovations and development. Examples include: Linux kernel, Apache, Jboss, Postgres. Most of these are backend systems obviously, and not desktop, but Xgl and Axgl are laying a foundation for people experiment with and build on. When it reaches a watershed where all you need to really know is a little OpenGL to start improving the desktop/wm, I think you'll see an exponetial increase in the number of projects.
You have to remember that things pick up speed at an incredible rate in the OSS world. I believe that Xgl/Axgl/Compriz are just the right kind of seed to get people interested.
I think you will start to see many new Improvements to the desktop in the next year or two. The main reason being the changes in X11. I think you're going to see head to head competition with OSX and Vista now that X.Org is really allwoing Hardware acceleration. True 3d desktops and all sorts of crazy things. There is no HIG for the 3d world. Compriz and what not will trully open up the desktop to innovation that Apple and MS won't be able to compete with after a while. Things have really settled down and caught up with the other platforms over the past 10 years. We've come along way since fvwm. Now is the time to really push into the future, since we are not bound by the rules of marketing and PHB's. Novell and RedHat won't jump too far ahead, but God only knows what the enlightenment folks will do, or other non-commercial groups of coders. To me the only thing really missing from the desktop is good video card support. I'd really like to run compriz with 4 monitors and Xinerama. But it sure feels like the time is comming. Damn! I sound like an optimist don't I? I've been using Linux regularly since 1993, and the differences and improvements since then have been amazing. I can't but hope they will continue to improve, and at an even fater rate. I haven't been dissipointed so far.
Slashdot Mirror
I have about 5000/mnth of income to work with. I have to get paid as well. Our clients have little or no money, so we run things just a little above cost. This kills the obvious solution, which is that we don't charge enough. Our nearest competitor is 100 times more expensive than we are. The end result is that my life here is devoted to squeezing every dollar out of everything we do. Plus any profits are rolled into the rest of the company for our other product developers. Our current costs are 800/month. So a jump to 2000, plus purchasing the hw needed, 50K. is not really an option. I wish it were.
It's too cost prohibitive. Extremely large redundant DBs Extremely High traffic. Level 1 PCI compliance, because we are a payment gateway. Which adds up to more than we make on the services we offer. I have checked every year for colocation services etc, and they are always more than we can afford.
This is actually the way that we are considering doing things. Basically using a rackspace cloud server, for the well connected end point, and then openvpn'n from there. The other option that we have on the table, is a simple roundrobin type DNS server to hit any of our 3 end points. Seems like the later would have less overhead due to not going over the openvpn, but the former would give us a chance to instantly deal with situations where we had to switch IP's w/o for extended periods of time, w/o waiting for the top level nameservers to switch over/add/remove the new IP.
We had a situation in May that caused us to lose power, roads, and t1 for over a week, and had to load up a truck with servers, and drive 30 miles away, to a mold filled basement of a small time ISP. By the time DNS truly switched over, we were ready to move back. It was not a pleasant experience. But I finally have a budget to fix the problem the correct way.
I personally like to reject with the wrong message, such as no route to host. Some statefull IPS systems that you might have in front of the firewall like to keep track of the connections, by issuing a drop, that IPS doesn't know the connection went away. If you're getting pounded, it can actually make the IPS start losing/refusing connections. This includes the legitimate traffic to your web-server. SonicWall works this way. So sending back a BS message lets the IPS know that the connection is bad, and that it should drop it. While at the same time confusing the attacker, that a particular hosts doesn't even exist. "you hope." If you don't have something like that to deal with, then I'm all about the DROP.
gotta say that the Sagan song was better though.
The nice thing about the ref-policy is that you can set your machine up so that root has no powers. Or even so root has no powers remotely. It took about a month, but what we ended up with is a situation involving roles that always requires two people in order to preform some change to the system. For example, I can't as the sysadmin, can't upgrade a file or even run 'ps aux' w/o the security admin dropping the enforement. the security admin cannot drop the enforcement remotely, he can only do it if I or the ISO let him into the server closet. I as the sysadmin do not have the ability to change passwords or see the passwd/shadow files. No service can be successfully restarted on the machine w/o a full reboot. The machine cannot reboot w/o an encrypted USB key in the machine that the ISO has in his safe, which is used to decrypt the Data volume. The general idea being that it always takes 2 people to do anything. The ref-policy has a much better ability to assign specific roles to specific users, and the important part being the ability to never allow initrc to be transitioned to by anyone, but the bootloader/kernel. I found that the targedted policies were far to permissive and behind when it came to trying to REALLY lock down a box, where as the ref-policy was under far more aggressive active development.
Obviosuly this is not perfect, but its a frustrating good start.
At last check, the PCI folks still haven't even made up their minds as to virtualization. Our auditor (Security Metrics) made us move our card processor our of our in house virtualization to a dedicated machine, and we were running everything on a mainframe with LPARS, but they were not comfortable with that. Not a big deal, but you'll seee others out there like GSI how advertise the fact that their VMware clouds are PCI-DSS compliant. Given that all of the clouds are VM servers, I don't think you can go with any Cloud solution and really be PCI-DSS compliant.
We do exactly what amazon suggests and run our processing in-house while our app runs in the cloud. This seemed to be a best of breed approach.
As to why we would run/write our own processing software, we are a payment gateway, and that .5 to 1 percent we save on each transaction makes a large difference. Even if it did take 1.5 years to actually become PCI complaint.
As for the web application firewall of requirement 6, you can do either that, or formal code reviews by qualified (which they don't define) individuals or 3rd parties.
Is PCI worth it? Only if your going to be a gateway as far as I can tell. If you just need to process your own sales, use someone else. And don't go through the hassle.
oh, and use a highly modifed version of the SELinux ref-policy for your card processor so that even your admin folks can't get at the data.
I have to agree with this. Either have them setup auditing and show you how it works, and use something like splunk and/or tripwire to verify their actions, or like the parent said, hire an outside auditor. Id suggest at a minimum you have someone onsite who can read/audit the log files. Also make sure that you now how to change the passwords and or ability to connect remotely. so that when they have accomplished the required task, you lock them out. When they need access you restore it. It's just like showing up at the store at 6am with the keys to let a repairman in. what it boils dow to, is make sure YOU have control over their access, and the ability to verify what they have done. They may take your data, but you'll know it, or you'll know that there is something wrong because of missing logs. As a manager, you should always know a little about what your managing. Otherwise you endup buying cases of blinkerfuild for your car.
Hitachi didn't get out of the Mainframe biz. They may have said they did, but they didn't. They've converted their mainfram biz to a hardware based virtualization solution based on intel Itanium and Xenon VT chipsets.
The interface to their blade symphony virtage systems is traight out of their mainframes. Hey've taken a position of doing the mainframe thing but on comodity chips. We bought one of these a year or so ago. it basically scales up to 16 LPARs per blade, with failover and all of the niceities, just jeep adding blades and LUNs to your fiberchannel array, and you can just keep scaling up. The price point for these things come in about the same as VMware intially, but tends to beat them in the long term.
I like yours better
i'd love to see it where i live. Sure the cell companies have my by the tenders, but it's the only thing I can get living out in the country. I get between 800kb - 900kb. That's a far better speed than the 36kb i was getting 2 months ago dialing in to the office. The phone Companies are never going to finish the last mile for DSL, and now that I've been using a verizion modem, I can see why. They make more money on the cell modems than they do on DSL, and there is very little infrastructure to put in place. Why would they bother.
Now I just have to figure out how to sue them for the fact that with their throttling it's actually impossible for me to hit that 50GB limit I'm paying for each month.
They really don't care at the age of 2. At about 5 years of age they can start having some real fun with PBSkids.org. I would suggest that you DON'T get a laptop. Kids like the big screen, and their fine motor skills like big buttons and big mouse movements. In a perfect world, get an iMAC and put tux paint, konegregate.com puzzle games, and some scrolling games on it. Show them how to use textedit and the Start Speaking Text. 5 -7 years of age seems to be when kids really start having fun with them, and not just random pounding. pbskids.org works at about 4. Laptops can be dropped and spilled on.
These are just my observations of what my kid has liked and done.
The flops I've had include "Windows" and Lego mindstorms. He can build things, he just can't put together something by himself that will work. He loves watching the things I put together, but at this age (early 7) they are still easily overwhelmed by blank slates.
I agree with you mostly, But the one thing that I think we all need to remember in the fight between neural interface and large 3D toys, is that once we have those neural interfaces, we will need a 3d world to work in. I've always viewed all of these toys as getting closer to that. You can't just model the world around you and call it an interface. It's extremely inefficient. All of these technologies from 3D gestures to voice control to whatever become extremely useful when trying to deal with vastly dimensional data sets, as opposed to trying to write a term paper. Once you have more than about 4 or 5 variables that your trying to deal with you HAVE to go 3D. You can add some haptic feed back and maybe get a since of how something is behaving, but you have to focus directly on it. Touch is too narrow to be used for correlating distinct variables. It would be like being Hellen Keller. Touch is for dealing with one specific thing at a time. Sight and Sound are more wide band on the other hand. Things can get you attention from a distance without you initially being focused on them. A knocking in the engine, or a flash or bit of movement out of the corner of your eye. You can then evaluate by looking or listening to the sound directly, and then in the end decide whether or not it's worth touching, to get the more subtle details out of it.
</ramble>
There are certain this that centraalization brings to the table. Such as this this guy just came into the hospital unconcious , and we know that when he was in a VA hospital accross the country last week he was given a drug that would interact badly with what we want to give him right now. Or what is the chnage in his cat scan since last week whe he was someplace else and had one.
Obviously not all of this data needs to be centralized, but it's existance should be. We don't know to what level the VA was doing this, but I've met a large number of people who work in it's IT branch, and they love what they do, and are very good at it as well. Sometimes things just go wrong, and sometimes things get pushed out there for beuracratic reasons, but most of the time the VA is very IT savy.
I'm currently in charge of making our buisiness PCI complient. It is a pain in the ass, but it is also the best way I have found to get the accountants to okay larger budgets to get what I need to implement decent security for the rest of the organization. I agree with the comment that compensating controls are the key. There are just certain things that make no sense for an office of 13 people, that make a great deal of sense for 50+. Also one of the things that has been helpful is the self audit for small comapnies. And I can't stress enough the PCI from a tech view, does not force you to do anything you shouldn't really be doing anyway. The other thing to remember is that your entire organization does not have to be PCI complient, only the networks and machines that have access to CC data. Translation VLAN and segmenting are your friends. Or just true physically seperate networks. One thing that I have not seen mentioned above, is that expcect a minimum of 6 months to implement this stuff from scratch, and that's in a perfect world. For almost 3 months we had someone working on the documentation fulltime. I would also suggest that you hire a consultant to help you, or atleast take tripwire up on their offer to audit you when you install their comercail software. Expect a decent website/pos to cost 25K for just hardware and OSS software. (Seperate firewall,webserver,db,and cc processing system) not to mention locking the closet door with that new deadbolt. We opted to not go for the man trap requirement, just finding a contractor who can put in an effective tiger pit with crushing walls proved to difficult.
This artical is a joke. I'm glad to hear that some lady feels that programming is a better palce than her disfunctional childhood, but who really cares? If the study were about disfunctional families and the warm feeling one gets from a computer I might care, but it isn't and I don't.
Tis is probably redundant, but it's kinda hard to speed read an MP3 while on the phone.
The Pontiac Solstice GXP produces 130/L stock and with different exhaust can jump to 150/L. No one has craked the ECU yet, but it's expected to be able to do 200HP/L when that gets cracked. I believe it's powers is baesed alot on the direct injection technologey the Ecotech engine uses.
Time for a few excursions in Z I guess. Hmmmm, now where did that letter K go?
I think you are correct in most regards, however, I think it can depend on the game. Guitar Hero will draw a crowd. But the Wii has the advantage in that most of the games draw a crowd. It's as if they really went for party games with the wii instead of imersive games like the PS3.
Now, that's a good summary. Thanx
If thats all you have, you'll end up in the same mess as before (incosistent applications that do whatever their "amateur" developers
like, no serious usability studies, no professionalism, no COMMON VISION). So how is this going to help the situation ?? I think that this is both a pro and a con with open source. Initialy there is no common vision, just a problem to be solved. People just throwing their ideas into the pile. However, this tends to foster creativity. Groups of developers begin to form, friendly competion etc. Companies began to form around these groups. Money begins to come in etc. Usability studies etc then start happening. Obviously this is almost the exact opposite of the commercial software world. The problems I see I see with this developemnt method are that their is a potentially huge amount of wasted effort and time. But the flip side of this is that developers are not bound to stale ideas from out of date managers/users. One of things I love about Apple is that they have been willing to foster creativity, and try things out. But they also have the benifit of one person in charge to guide them. With a major exception being Appleand possibly Sun and Google, I don't think that most software companies have a common vision, usability studies, or professionalism. I've worked for too many large and small companies, what they have are politics, baggage, and limits. The thing you and every linux fan and advocate needs to realise is that the ordinary user does not care about compiz,beryl,cube animations and so on. Not anymore. Ubiquitis computing and youth are changing this. The boomers are begining to move out, and people who feel that their lives should be fun and cool are moving in. Cell phones are all flashy functionality for example, and computers are headed that way. How many apple people do you know who are excited by it's upcoming spinning cube? The average user wants a pleasent place to work, not a battle ship. What he wants is _consistency_ and _user-friendly_ expected and predictable behavior. OSX delivers in spades whilst linux doesn't yet know
the meaning of these terms. _consistency_ is a good thing and yes people like know what to expect. But people also want fresh and new. OSX offers a _little_ freshness but is mostly just paint. Just like Vista, Gnome and KDE. OSX is anything but consistant, if you include all of the 3rd party apps for it, Whereas Linux has more. Gnome and KDE are constantly becoming more and more consistant through all of their apps. Whereas Apple has absolutly now control over 3rd party vendors, and can't get their programs behave like their average.
Sorry to take issue with your use of the word amature, but I guess in my head there are bad or good programmers, with some shading in between. And you just can't really tell who's who out here anymore. I've seen stats that say the number of paid developers (directly or indirectly) on linux outways the number volenteer developers. But I've also seen stats the other way too. Too much FUD to filter through.
as for
are going to beat Apple in innovation any time soon... I can't agree with. These are not amature developers, and it's never a good idea to underestimate the speed with which OSS can catchup/pass a commercial company in inovations and development. Examples include: Linux kernel, Apache, Jboss, Postgres. Most of these are backend systems obviously, and not desktop, but Xgl and Axgl are laying a foundation for people experiment with and build on. When it reaches a watershed where all you need to really know is a little OpenGL to start improving the desktop/wm, I think you'll see an exponetial increase in the number of projects.
You have to remember that things pick up speed at an incredible rate in the OSS world. I believe that Xgl/Axgl/Compriz are just the right kind of seed to get people interested.
I think you will start to see many new Improvements to the desktop in the next year or two. The main reason being the changes in X11. I think you're going to see head to head competition with OSX and Vista now that X.Org is really allwoing Hardware acceleration. True 3d desktops and all sorts of crazy things. There is no HIG for the 3d world. Compriz and what not will trully open up the desktop to innovation that Apple and MS won't be able to compete with after a while. Things have really settled down and caught up with the other platforms over the past 10 years. We've come along way since fvwm. Now is the time to really push into the future, since we are not bound by the rules of marketing and PHB's. Novell and RedHat won't jump too far ahead, but God only knows what the enlightenment folks will do, or other non-commercial groups of coders. To me the only thing really missing from the desktop is good video card support. I'd really like to run compriz with 4 monitors and Xinerama. But it sure feels like the time is comming. Damn! I sound like an optimist don't I? I've been using Linux regularly since 1993, and the differences and improvements since then have been amazing. I can't but hope they will continue to improve, and at an even fater rate. I haven't been dissipointed so far.