It looks like MS are desperately trying to look past their established monopolies, because despite their level of lock-in slowing it down sooner or later they won't be making so much money from their established markets...
Google on the other hand have very little lock-in, although they do have a lot of inertia.
It is still very easy to use a different search engine, but it is much harder to stop using windows.
The problem is that too many workplaces simply want to copy what's being done elsewhere, without actually considering what's appropriate given their own unique criteria (eg staff, line of business, available workspace, relationships between employees and between employees and upper management etc).
I've seen many ridiculous policies introduced by various businesses because "$othercompany does it" when it's a very poor fit...
Chief among these is the idea that simply working longer hours will increase productivity... This may work in extremely mundane roles, but in roles which are taxing either physically or mentally the employees will get tired and subsequently work more slowly, make more mistakes, or usually both.
Auto parts are relatively easy for third parties to reproduce... Many auto manufacturers buy the components for their vehicles on the open market, and a lot of the aftermarket parts are actually from the very same factories. A lot of parts are common across a range of vehicles, and in some jurisdictions auto manufacturers have a legal requirement to provide parts for a certain length of time. Even after that time, replacement parts can be taken from scrapped vehicles and manufacturers of cars likely to become classic often sell their bespoke tooling off to third parties to continue producing classic parts.
Providing security updates for a complex software package is virtually impossible if you don't have the source code.
Hiding insecure machines behind a firewall is not a good plan, in order to actually use it for anything you will need to open holes in the firewall and once something malicious gets inside it won't meet any resistance.
The fact is you are hiding issues, not fixing them... Stuff rarely stays hidden.
What you really need to do, is strip the system down to its bare minimum to decrease the attack surface, but doing this on windows has always been painful. FWIW i run some old unix boxes on this principle, externally facing services like ssh get updated (yes its possible to install a very modern openssh on an ancient os) and other than that there is very little on the host.
Theres a number of problems with your theory tho... Noone runs linux logged in as root and this has never been a default, while many users run windows as admin. Linux makes it much easier to update all your apps, on windows it is painful to update anything that didn't come by default with the os so many people don't bother.
As for IT depts, naivety is the problem... They believe that they should protect their core servers and that workstations are far less important... In a sensible network this would be true, but in a windows domain all it takes is one weak link and its very easy to get domain admin.
There are far too many incompetent admins out there... The market simply expanded much quicker than the talent pool, so you have people with no real interest in the subject managing servers...
As for marketshare, overall linux has more marketshare than windows... The only area where linux lags behind, is on traditional desktops/laptops. Most people have several instances of the linux kernel running in their home and have no idea it's there.
Running services as different users is even implemented poorly on windows... On unix, the root user can simply setuid() to another userid, so it is extremely common and most server processes do exactly this to run with the lowest level of privileges they can. On windows if you go through the official API you must "authenticate" as the user to run the service, which means storing the plaintext password for that account on the box (you can extract it using gsecdump). While the idea of having to authenticate as the user rather than just becoming the user sounds good in theory, in practice the implementation is flawed. And it's even worse if instead of a local user, you are using a domain user - because then you now have a valid domain login having compromised one member system.
To further compound the problem, many services require admin privileges (due either to poor design, or laziness from people who don't understand or want to mess with the convoluted windows security model) and so they are given domain admin users, meaning that once you compromise a single host you now have domain admin and compromise every host in the domain.
A good example is Oracle, a large and complex database which has had its fair share of security problems. On windows 99% of installs run as system, yet i have never seen a unix install running as root. So although a vulnerability in the oracle database itself may affect both platforms, its far more serious on windows.
Once so configured, the update process runs in the background on its own, with no interaction required by the user. You can also assign rights to use the update program without giving full root access.
73 CVEs against linux the kernel, or against overall distributions which include linux? The amount of software that makes up a typical linux distro like redhat or debian eclipses windows... windows is pretty bare bones in terms of what useful applications it comes with.
The underlying security model of NT is more complex, the extra complexity provides no benefit in 99% of cases and for those situations where it would there are always things like selinux. On the other hand, extra complexity makes it harder to understand whats going on, easier to make configuration mistakes and easier for bugs to exist in the implementation.
And then you have serious design flaws in the NT security model, sure many of which have been introduced by the crufty code microsoft ported from the 9x series rather but whats the point having a secure kernel if you're going to load it up with all manner of cruft that bypasses the security features?
You have some really stupid design flaws, like hash passing, and storing of plaintext passwords in memory (google for pass the hash and mimikatz)... These two alone make it orders of magnitude easier to compromise a large windows network than a large unix network. If anyone else released software with flaws like this noone would go anywhere near it, but ms seem to get a free pass.
Legally they should have informed you of their intention and gained permission before they started conducting testing...
Aside from that, they are wanting to ensure that those they do business with are doing their due diligence and not doing anything stupid that would leak their data out to the world. So long as your systems are appropriately configured the attacks will amount to nothing, and its likely you receive similar attacks from random hosts on a daily basis anyway.
Well yes, in an ideal world every host would be able to stand on its own as if connected directly to the internet...
However, there are all manner of terribly insecure services and devices out there that are simply unsuitable for exposure to the public internet, and such things are still being released even today so they can hardly be called dated.
No, they wouldn't... proprietary vendors will only release for a platform which has significant numbers of users, and users wont buy into a platform without the proprietary apps.
And put it in its own separate guest network, which is logically isolated from your own stuff by a firewall, maybe run a print server too (people often want to print boarding passes)... As for funny looks, a browser is a browser and i've never had any problems giving someone a linux livecd, it has both firefox and chrome and most people are perfectly familiar with these applications.
The problem there is that windows applications are primarily closed source, so even if you can recompile existing applications and run them many apps don't come with source code, and the majority of those that do are cross platform and probably already worked on arm based linux long before windows rt existed.
The worst problem is that the brand name *implies* a familiar interface and existing software, leaving users extremely disappointed and frustrated when they find those two factors lacking.
MS seems to have an obsession with putting the windows brand everywhere, they are seemingly too arrogant to realise that their brand is viewed extremely negatively by many and only tolerated because in its core markets users are stuck with it or even completely unaware that alternatives exist.
They are like the east german trabant, a car almost universally derided and yet people still queue up to get one because nothing better is available to them.
In the phone and tablet markets, users are not locked in to windows, non windows systems are well known and widely available.
Windows is a terrible system for office workers, it is expensive, unreliable, insecure... Sure the admins can fix the system once the users have screwed it, but thats a classic case of treating the symptoms... Far better would be to have a system that didn't break in the first place.
Windows is also a terrible platform for gaming, the overhead of the os plus any third party cruft has a significant impact on the performance of games...
Home users are actually better off with a walled garden system like an ipad... A fully featured os is an extremely poor choice for home users, as they will inevitably get it owned. Average users are simply not competent enough with technology (and dont want to be) to safely use such a complex system on a public network.
People buy windows because...
1, they are locked in and have no choice - the costs in both time and money are too high to escape from the lock-in, or a short term view is taken on doing so... 2, they aren't aware anything else exists - try to buy a desktop or laptop, you *might* see apple occasionally but other than that everything comes with windows and its quite an effort to find something that doesnt.
Which is the whole reason it failed... By marketing it as "windows", buyers expected some level of compatibility. The compatibility isn't there, which left buyers feeling misled.
And being able to compile desktop apps wouldn't be much use, 99% of windows desktop apps don't come with source code so most of the apps you could recompile for it would be cross platform open source apps. And if you want to compile cross platform open source apps for ARM you have been able to do that in Linux for many years already.
Once a drive starts failing like that, the worst thing you can do is reboot the box... The drive may continue running for years, but if you shut it off it may never be able to spin up again. Best thing is to get any important data off the drive without shutting it down.
Open source simply leads to boxed commodity software becoming free... Most software developers, even today, are developing bespoke applications for their employers and this would only increase with open source as companies gain the ability to actually modify the software they're using rather than just having to put up with it as-is.
I assume you have a very large number of clusters if you need 3 people to manage it... I manage 4 clusters of kvm based systems (proxmox), also on hp hardware, 2 have storage arrays too, the others are cheaper setups. Managing the virtualization takes up almost none of my time, far more time is spent on the images inside, and since most of my images are linux using kvm saves me a lot of time because all the necessary drivers are built in by default.
If a server costs $15k, and vmware costs $8.6k per server then thats over 50% higher costs per machine just for vmware.
Had he used a free virtualization stack, he could have bought a second lower spec server (or 50% more of the same servers) alongside each higher spec machine to use as the failover capacity his management is refusing to pay for.
You can't do half the things with a unix server that you can do with a mainframe...
You can't do half the things with windows that you can do with a risc unix server...
You can't do half the things with an arm based tablet that you can do with a full size x86 laptop...
When the cheaper product does *enough* and is marketed well, the expensive product gets pushed into a niche, and as the locked in customer base dwindles very few new customers sign up.
Slashdot Mirror
It looks like MS are desperately trying to look past their established monopolies, because despite their level of lock-in slowing it down sooner or later they won't be making so much money from their established markets...
Google on the other hand have very little lock-in, although they do have a lot of inertia.
It is still very easy to use a different search engine, but it is much harder to stop using windows.
The problem is that too many workplaces simply want to copy what's being done elsewhere, without actually considering what's appropriate given their own unique criteria (eg staff, line of business, available workspace, relationships between employees and between employees and upper management etc).
I've seen many ridiculous policies introduced by various businesses because "$othercompany does it" when it's a very poor fit...
Chief among these is the idea that simply working longer hours will increase productivity... This may work in extremely mundane roles, but in roles which are taxing either physically or mentally the employees will get tired and subsequently work more slowly, make more mistakes, or usually both.
Auto parts are relatively easy for third parties to reproduce... Many auto manufacturers buy the components for their vehicles on the open market, and a lot of the aftermarket parts are actually from the very same factories. A lot of parts are common across a range of vehicles, and in some jurisdictions auto manufacturers have a legal requirement to provide parts for a certain length of time. Even after that time, replacement parts can be taken from scrapped vehicles and manufacturers of cars likely to become classic often sell their bespoke tooling off to third parties to continue producing classic parts.
Providing security updates for a complex software package is virtually impossible if you don't have the source code.
I don't use a firewall on my linux or osx desktops... They have fully routable ips, both ipv4 and ipv6.
Most "firewalls" are unix based devices anyway, its only windows boxes that are unsafe to connect to the internet properly.
Hiding insecure machines behind a firewall is not a good plan, in order to actually use it for anything you will need to open holes in the firewall and once something malicious gets inside it won't meet any resistance.
The fact is you are hiding issues, not fixing them... Stuff rarely stays hidden.
What you really need to do, is strip the system down to its bare minimum to decrease the attack surface, but doing this on windows has always been painful. FWIW i run some old unix boxes on this principle, externally facing services like ssh get updated (yes its possible to install a very modern openssh on an ancient os) and other than that there is very little on the host.
Theres a number of problems with your theory tho...
Noone runs linux logged in as root and this has never been a default, while many users run windows as admin.
Linux makes it much easier to update all your apps, on windows it is painful to update anything that didn't come by default with the os so many people don't bother.
As for IT depts, naivety is the problem... They believe that they should protect their core servers and that workstations are far less important... In a sensible network this would be true, but in a windows domain all it takes is one weak link and its very easy to get domain admin.
There are far too many incompetent admins out there... The market simply expanded much quicker than the talent pool, so you have people with no real interest in the subject managing servers...
As for marketshare, overall linux has more marketshare than windows... The only area where linux lags behind, is on traditional desktops/laptops. Most people have several instances of the linux kernel running in their home and have no idea it's there.
Running services as different users is even implemented poorly on windows...
On unix, the root user can simply setuid() to another userid, so it is extremely common and most server processes do exactly this to run with the lowest level of privileges they can.
On windows if you go through the official API you must "authenticate" as the user to run the service, which means storing the plaintext password for that account on the box (you can extract it using gsecdump). While the idea of having to authenticate as the user rather than just becoming the user sounds good in theory, in practice the implementation is flawed. And it's even worse if instead of a local user, you are using a domain user - because then you now have a valid domain login having compromised one member system.
To further compound the problem, many services require admin privileges (due either to poor design, or laziness from people who don't understand or want to mess with the convoluted windows security model) and so they are given domain admin users, meaning that once you compromise a single host you now have domain admin and compromise every host in the domain.
A good example is Oracle, a large and complex database which has had its fair share of security problems. On windows 99% of installs run as system, yet i have never seen a unix install running as root. So although a vulnerability in the oracle database itself may affect both platforms, its far more serious on windows.
Once so configured, the update process runs in the background on its own, with no interaction required by the user.
You can also assign rights to use the update program without giving full root access.
73 CVEs against linux the kernel, or against overall distributions which include linux? The amount of software that makes up a typical linux distro like redhat or debian eclipses windows... windows is pretty bare bones in terms of what useful applications it comes with.
The underlying security model of NT is more complex, the extra complexity provides no benefit in 99% of cases and for those situations where it would there are always things like selinux. On the other hand, extra complexity makes it harder to understand whats going on, easier to make configuration mistakes and easier for bugs to exist in the implementation.
And then you have serious design flaws in the NT security model, sure many of which have been introduced by the crufty code microsoft ported from the 9x series rather but whats the point having a secure kernel if you're going to load it up with all manner of cruft that bypasses the security features?
You have some really stupid design flaws, like hash passing, and storing of plaintext passwords in memory (google for pass the hash and mimikatz)... These two alone make it orders of magnitude easier to compromise a large windows network than a large unix network. If anyone else released software with flaws like this noone would go anywhere near it, but ms seem to get a free pass.
If you store the signature in the same place, then anyone in a position to modify the document can simply generate a new signature too.
Legally they should have informed you of their intention and gained permission before they started conducting testing...
Aside from that, they are wanting to ensure that those they do business with are doing their due diligence and not doing anything stupid that would leak their data out to the world. So long as your systems are appropriately configured the attacks will amount to nothing, and its likely you receive similar attacks from random hosts on a daily basis anyway.
Well yes, in an ideal world every host would be able to stand on its own as if connected directly to the internet...
However, there are all manner of terribly insecure services and devices out there that are simply unsuitable for exposure to the public internet, and such things are still being released even today so they can hardly be called dated.
The Microsoft vacuum cleaner, the first Microsoft product that doesn't suck.
No, they wouldn't...
proprietary vendors will only release for a platform which has significant numbers of users, and users wont buy into a platform without the proprietary apps.
And put it in its own separate guest network, which is logically isolated from your own stuff by a firewall, maybe run a print server too (people often want to print boarding passes)...
As for funny looks, a browser is a browser and i've never had any problems giving someone a linux livecd, it has both firefox and chrome and most people are perfectly familiar with these applications.
The problem there is that windows applications are primarily closed source, so even if you can recompile existing applications and run them many apps don't come with source code, and the majority of those that do are cross platform and probably already worked on arm based linux long before windows rt existed.
The worst problem is that the brand name *implies* a familiar interface and existing software, leaving users extremely disappointed and frustrated when they find those two factors lacking.
MS seems to have an obsession with putting the windows brand everywhere, they are seemingly too arrogant to realise that their brand is viewed extremely negatively by many and only tolerated because in its core markets users are stuck with it or even completely unaware that alternatives exist.
They are like the east german trabant, a car almost universally derided and yet people still queue up to get one because nothing better is available to them.
In the phone and tablet markets, users are not locked in to windows, non windows systems are well known and widely available.
Windows is a terrible system for office workers, it is expensive, unreliable, insecure... Sure the admins can fix the system once the users have screwed it, but thats a classic case of treating the symptoms... Far better would be to have a system that didn't break in the first place.
Windows is also a terrible platform for gaming, the overhead of the os plus any third party cruft has a significant impact on the performance of games...
Home users are actually better off with a walled garden system like an ipad... A fully featured os is an extremely poor choice for home users, as they will inevitably get it owned. Average users are simply not competent enough with technology (and dont want to be) to safely use such a complex system on a public network.
People buy windows because...
1, they are locked in and have no choice - the costs in both time and money are too high to escape from the lock-in, or a short term view is taken on doing so...
2, they aren't aware anything else exists - try to buy a desktop or laptop, you *might* see apple occasionally but other than that everything comes with windows and its quite an effort to find something that doesnt.
Which is the whole reason it failed...
By marketing it as "windows", buyers expected some level of compatibility. The compatibility isn't there, which left buyers feeling misled.
And being able to compile desktop apps wouldn't be much use, 99% of windows desktop apps don't come with source code so most of the apps you could recompile for it would be cross platform open source apps. And if you want to compile cross platform open source apps for ARM you have been able to do that in Linux for many years already.
Once a drive starts failing like that, the worst thing you can do is reboot the box... The drive may continue running for years, but if you shut it off it may never be able to spin up again.
Best thing is to get any important data off the drive without shutting it down.
Open source simply leads to boxed commodity software becoming free... Most software developers, even today, are developing bespoke applications for their employers and this would only increase with open source as companies gain the ability to actually modify the software they're using rather than just having to put up with it as-is.
I assume you have a very large number of clusters if you need 3 people to manage it...
I manage 4 clusters of kvm based systems (proxmox), also on hp hardware, 2 have storage arrays too, the others are cheaper setups.
Managing the virtualization takes up almost none of my time, far more time is spent on the images inside, and since most of my images are linux using kvm saves me a lot of time because all the necessary drivers are built in by default.
If a server costs $15k, and vmware costs $8.6k per server then thats over 50% higher costs per machine just for vmware.
Had he used a free virtualization stack, he could have bought a second lower spec server (or 50% more of the same servers) alongside each higher spec machine to use as the failover capacity his management is refusing to pay for.
You can't do half the things with a unix server that you can do with a mainframe...
You can't do half the things with windows that you can do with a risc unix server...
You can't do half the things with an arm based tablet that you can do with a full size x86 laptop...
When the cheaper product does *enough* and is marketed well, the expensive product gets pushed into a niche, and as the locked in customer base dwindles very few new customers sign up.