If you want to transition to OSS, start with new deployments where there is no legacy cruft to support... Try Moodle instead of blackboard for new deployments, it will save a fair bit of money and make it more accessible to students many of whom will have macs, linux or mobile devices like iphones.
Simultaneously, work on promoting open standards, have open standards used as the official protocols for communication with the university... And provide software to students/staff, in the form of full applications and plugins for proprietary applications to enable use of these formats. Open formats are easier to sell than fully replacing existing software, you are making your education more accessible and future proofing.
Also consider repurposing old hardware that the university considers too slow to run the current microsoft wares, make a few more computer labs and put light weight linux distributions on them... Be sure to set them up well, so that they're faster and more reliable than the current microsoft offerings and you will get students using them in preference. Also offer a free or very cheap CD containing the same software. Load a lot of OSS software on them, make sure the machines have a more complete stack than the windows based ones... At our university, only a small number of the windows and mac systems had photoshop due to cost, but all the linux boxes had gimp which was more than adequate for pretty much everyone outside of specialized graphic design classes.
Once you have some acceptance, are using open formats consider converting some of the newer workstations to dual boot configurations and let students choose what they want to use... If the proprietary format stumbling blocks have been overcome and the machines are configured properly, the linux option will be considerably quicker and more reliable making students choose it.
Above all, don't force the issue, give users a choice and prove why the OSS one is the better choice. Once you remove the proprietary format stumbling blocks, it's very hard to argue against OSS.
What has MS spooked about Linux and not Apple, is that Apple is a traditional competitor who they know how to deal with... Linux on the other hand, represents an evolution which renders their business model obsolete. If linux attains sufficient market share, then it will entirely break their lockin and show users that they don't need to pay for software.
People very rarely do proper risk assessments when it comes to software, the regular rules just get thrown out the window... Otherwise, who would buy proprietary software at all? Software from a single source, with no backup? In any other market, big business and government wouldn't touch something like that at all.
Ahh, a government security auditor, my condolences...
You will find that security fixes get rolled out very very slowly, because they are waiting for the patches to pass through various accreditation schemes... It can often take months before a patch is approved to be installed, because installing a non accredited patch removes accreditation from the rest of the system. The accreditation system is claimed to improve security, but all it really does is allow people to shift blame.
If you need to make your own fix, then the support you're already getting obviously isn't good enough... Making your own fix is for when there is noone else to do it for you. It's nice to have the option, even if you never have to use it.
No, Apache and Linux are cheaper (go look at commercially available web hosting plans), and therefore more readily picked up by people who just want to quickly get a site up... These people often have no idea about security, and won't choose decent passwords for their site, and will install any kind of poorly written applications, often not even installing the latest versions. It is often these apps rather than the server itself that gets hacked. If windows hosting were cheaper and prebuilt webapps were more widely available for it, then these users would be using windows instead and you'd have exactly the same problems.
Most people don't run their own webserver, so they won't be able to configure it... And a windows web server will be less secure out of the box than most linux distros because it has lots of network listening services completely unrelated to web serving enabled by default.
The majority of web servers are linux systems running apache, so it stands to reason that they would also account for the majority of hacks... Also linux hosting is cheaper, and therefore far more likely to be used for small casual sites where there is not a significant effort being made towards security.
On the other hand, when attrition.org was mirroring defacements a few years ago, windows accounted for just over 20% of web servers, and about 60% of defacements.
When it comes to malicious intent, it is well known that most attacks come from inside... Commercial companies often have rogue employees. The difference as you put it is "trust"... When the general public are contributing, their patches won't be trusted and are more likely to be thoroughly reviewed, this happens a lot less inside of companies. There are also more potential reviewers of open code, including end users whose priorities will obviously differ. If intentional sabotage is found inside a company, they will try to silently fix it, they won't admit to the public that intentional sabotage was discovered.
Which brings one of the most important points, commercial vendors will do everything they can to protect themselves, they will put their own interests above anything else... OSS on the other hand is written by the same people who use it.
If your machine is a desktop, why does it need any open ports at all? A typical end user should have nothing open, they only need to initiate outbound connections... A business desktop may need a remote admin service, but this should be restricted to a specific range on the internal network of the company. Windows boxes with a handful of ports open by default on every install is insanely stupid, 99% of users have absolutely no need to offer these services to the internet.
The problem is that every vendor writes their own binary installation program... On OSX the problem is considerably less, since a lot of apps are a click and drag install, just put them where you want (in your homedir if you aren't admin)... On Linux the situation is generally even better, binary installers are very rare, most programs can be installed from distribution specific packages (rpm, deb etc), so they use a single centralised install program which aside from performing the install, also maintains a database of what's installed.
As a non admin, the system should still give you the ability to install applications under your own account... The system should also give the admin the ability to take away the above ability from normal users.
On unix it works this way, most applications can be installed locally using the --prefix option to the configure script, and if the admin mounts the home and temporary directories with noexec flags then users won't be able to run anything not installed by the admin.
I'm rather disappointed he just wore a plain black mask and regular clothes... The story would have sounded a lot better if he had gone in a full klingon costume.
"right" is doubtful, "working" is more accurate... they spent a lot of time on the conversion, had to use considerably more hardware to achieve a similar level of performance, and the leaked internal report indicated that from a financial and technical perspective it wasn't a viable move, even considering they didn't pay for any of the software and had the highest levels of support also available for free... the conversion was entirely politically driven.
If you give people too much freedom, then they will use that freedom to take yours away...
If you let people run wild with no rules, then the strongest will become dictators and everyone else will be subjugated or killed.
BSD gives people too much freedom, because they can now take the free bsd code and close it up... GPL ensures that the code will remain at a constant level of freedom.
Society is the same, we are not free to go around killing people or forcing others to be our slaves, we sacrifice some of this freedom to ensure that everyone gets the same slightly reduced level of freedom.
Complete freedom only benefits the very few who can take advantage of the system at the expense of the rest.
A popup blocker was a useful feature, and IE was horrendously behind the times not having one... And a firewall (ie packet filter) is a standard part of every other os out there (usually built in to the kernel), so again ms were horrendously behind the times by not having one.
What's really needed, is for distros to produce a ready to use out of the box setup of samba and associated tools with a gui or preferably web based frontend for management...
If you had to build windows from source yourself it wouldn't be at all easy to setup active directory, so why expect linux users to do the same, just leave the option open for those who want to.
A knowledgeable unix sysadmin will do the same thing... But here's the thing, most sysadmins are not knowledgeable, and will screw everything up. Most of the incompetent sysadmins claim to know windows, and admit knowing nothing about unix, so they stick with windows but only do a completely incompetent job resulting in constant problems.
Competent windows sysadmins cost just as much and are just as hard to find as competent unix sysadmins,
You get far less incompetent unix sysadmins because the incompetent people have often never even heard of it, or are too lazy to have ever bothered trying.
Goes to show the immaturity of the market... There is a severe shortage of good staff, and a severe shortage of worthwhile certifications... If you can't get good staff, you end up hiring bad ones instead, and most of the certifications are run by vendors and are designed to promote products.
I believe the purpose behind openchange is exactly that... You create plugins (or a proxy type server) to allow arbitrary clients to talk to exchange, and you create a server that supports the exchange protocols as well as the applicable standard protocols.
If you have a standards compliant server, then you can gradually move users off of proprietary clients.
Plenty of people are proficient in linux/samba based setups... As for support, take your pick, once samba4/openchange hit production you'll have all the major linux distributions supporting it so you can buy corporate support from them, and i wouldn't be surprised to see sun and apple supporting it too.
Proprietary software gives you one option for support, open source gives you lots of options, choice is good.
Yes, but MS can also dictate to RIM... If blackberry stopped supporting exchange, i imagine RIM would suffer far more than MS... Also, MS are a competitor, they have their own, albeit inferior, mobile devices.
You (or someone else) can pirate the games once when you have access to a fast connection, and then continue using them indefinitely whether you have a connection or not. Downloading several gigs of data on a home connection is often much cheaper than downloading a few kb on a cellphone.
And if your friend already has pirated versions, then you can copy his discs without needing to download separate cracked binaries.
Or you could just buy pirated copies from people selling them on the street.
And why should developing nations get a crippled version? That's actually quite insulting...
Yes but now they can only be infected with 3 viruses, and then subsequent ones will fail to install!
If you want to transition to OSS, start with new deployments where there is no legacy cruft to support... Try Moodle instead of blackboard for new deployments, it will save a fair bit of money and make it more accessible to students many of whom will have macs, linux or mobile devices like iphones.
Simultaneously, work on promoting open standards, have open standards used as the official protocols for communication with the university... And provide software to students/staff, in the form of full applications and plugins for proprietary applications to enable use of these formats.
Open formats are easier to sell than fully replacing existing software, you are making your education more accessible and future proofing.
Also consider repurposing old hardware that the university considers too slow to run the current microsoft wares, make a few more computer labs and put light weight linux distributions on them... Be sure to set them up well, so that they're faster and more reliable than the current microsoft offerings and you will get students using them in preference. Also offer a free or very cheap CD containing the same software.
Load a lot of OSS software on them, make sure the machines have a more complete stack than the windows based ones... At our university, only a small number of the windows and mac systems had photoshop due to cost, but all the linux boxes had gimp which was more than adequate for pretty much everyone outside of specialized graphic design classes.
Once you have some acceptance, are using open formats consider converting some of the newer workstations to dual boot configurations and let students choose what they want to use... If the proprietary format stumbling blocks have been overcome and the machines are configured properly, the linux option will be considerably quicker and more reliable making students choose it.
Above all, don't force the issue, give users a choice and prove why the OSS one is the better choice. Once you remove the proprietary format stumbling blocks, it's very hard to argue against OSS.
What has MS spooked about Linux and not Apple, is that Apple is a traditional competitor who they know how to deal with...
Linux on the other hand, represents an evolution which renders their business model obsolete. If linux attains sufficient market share, then it will entirely break their lockin and show users that they don't need to pay for software.
People very rarely do proper risk assessments when it comes to software, the regular rules just get thrown out the window... Otherwise, who would buy proprietary software at all? Software from a single source, with no backup? In any other market, big business and government wouldn't touch something like that at all.
Ahh, a government security auditor, my condolences...
You will find that security fixes get rolled out very very slowly, because they are waiting for the patches to pass through various accreditation schemes... It can often take months before a patch is approved to be installed, because installing a non accredited patch removes accreditation from the rest of the system. The accreditation system is claimed to improve security, but all it really does is allow people to shift blame.
If you need to make your own fix, then the support you're already getting obviously isn't good enough...
Making your own fix is for when there is noone else to do it for you.
It's nice to have the option, even if you never have to use it.
No, Apache and Linux are cheaper (go look at commercially available web hosting plans), and therefore more readily picked up by people who just want to quickly get a site up...
These people often have no idea about security, and won't choose decent passwords for their site, and will install any kind of poorly written applications, often not even installing the latest versions. It is often these apps rather than the server itself that gets hacked. If windows hosting were cheaper and prebuilt webapps were more widely available for it, then these users would be using windows instead and you'd have exactly the same problems.
Most people don't run their own webserver, so they won't be able to configure it... And a windows web server will be less secure out of the box than most linux distros because it has lots of network listening services completely unrelated to web serving enabled by default.
The majority of web servers are linux systems running apache, so it stands to reason that they would also account for the majority of hacks...
Also linux hosting is cheaper, and therefore far more likely to be used for small casual sites where there is not a significant effort being made towards security.
On the other hand, when attrition.org was mirroring defacements a few years ago, windows accounted for just over 20% of web servers, and about 60% of defacements.
When it comes to malicious intent, it is well known that most attacks come from inside... Commercial companies often have rogue employees. The difference as you put it is "trust"... When the general public are contributing, their patches won't be trusted and are more likely to be thoroughly reviewed, this happens a lot less inside of companies. There are also more potential reviewers of open code, including end users whose priorities will obviously differ.
If intentional sabotage is found inside a company, they will try to silently fix it, they won't admit to the public that intentional sabotage was discovered.
Which brings one of the most important points, commercial vendors will do everything they can to protect themselves, they will put their own interests above anything else... OSS on the other hand is written by the same people who use it.
A recording of your voice maybe, but a signature really doesn't prove a thing...
If your machine is a desktop, why does it need any open ports at all?
A typical end user should have nothing open, they only need to initiate outbound connections... A business desktop may need a remote admin service, but this should be restricted to a specific range on the internal network of the company.
Windows boxes with a handful of ports open by default on every install is insanely stupid, 99% of users have absolutely no need to offer these services to the internet.
The problem is that every vendor writes their own binary installation program...
On OSX the problem is considerably less, since a lot of apps are a click and drag install, just put them where you want (in your homedir if you aren't admin)...
On Linux the situation is generally even better, binary installers are very rare, most programs can be installed from distribution specific packages (rpm, deb etc), so they use a single centralised install program which aside from performing the install, also maintains a database of what's installed.
As a non admin, the system should still give you the ability to install applications under your own account...
The system should also give the admin the ability to take away the above ability from normal users.
On unix it works this way, most applications can be installed locally using the --prefix option to the configure script, and if the admin mounts the home and temporary directories with noexec flags then users won't be able to run anything not installed by the admin.
I'm rather disappointed he just wore a plain black mask and regular clothes...
The story would have sounded a lot better if he had gone in a full klingon costume.
I believe that americas army and ut2 are available natively for linux and mac anyway, and therefore don't need to be used under vmware...
"right" is doubtful, "working" is more accurate...
they spent a lot of time on the conversion, had to use considerably more hardware to achieve a similar level of performance, and the leaked internal report indicated that from a financial and technical perspective it wasn't a viable move, even considering they didn't pay for any of the software and had the highest levels of support also available for free... the conversion was entirely politically driven.
If you give people too much freedom, then they will use that freedom to take yours away...
If you let people run wild with no rules, then the strongest will become dictators and everyone else will be subjugated or killed.
BSD gives people too much freedom, because they can now take the free bsd code and close it up...
GPL ensures that the code will remain at a constant level of freedom.
Society is the same, we are not free to go around killing people or forcing others to be our slaves, we sacrifice some of this freedom to ensure that everyone gets the same slightly reduced level of freedom.
Complete freedom only benefits the very few who can take advantage of the system at the expense of the rest.
A popup blocker was a useful feature, and IE was horrendously behind the times not having one...
And a firewall (ie packet filter) is a standard part of every other os out there (usually built in to the kernel), so again ms were horrendously behind the times by not having one.
What's really needed, is for distros to produce a ready to use out of the box setup of samba and associated tools with a gui or preferably web based frontend for management...
If you had to build windows from source yourself it wouldn't be at all easy to setup active directory, so why expect linux users to do the same, just leave the option open for those who want to.
A knowledgeable unix sysadmin will do the same thing...
But here's the thing, most sysadmins are not knowledgeable, and will screw everything up.
Most of the incompetent sysadmins claim to know windows, and admit knowing nothing about unix, so they stick with windows but only do a completely incompetent job resulting in constant problems.
Competent windows sysadmins cost just as much and are just as hard to find as competent unix sysadmins,
You get far less incompetent unix sysadmins because the incompetent people have often never even heard of it, or are too lazy to have ever bothered trying.
Goes to show the immaturity of the market...
There is a severe shortage of good staff, and a severe shortage of worthwhile certifications...
If you can't get good staff, you end up hiring bad ones instead, and most of the certifications are run by vendors and are designed to promote products.
I believe the purpose behind openchange is exactly that...
You create plugins (or a proxy type server) to allow arbitrary clients to talk to exchange, and you create a server that supports the exchange protocols as well as the applicable standard protocols.
If you have a standards compliant server, then you can gradually move users off of proprietary clients.
Plenty of people are proficient in linux/samba based setups...
As for support, take your pick, once samba4/openchange hit production you'll have all the major linux distributions supporting it so you can buy corporate support from them, and i wouldn't be surprised to see sun and apple supporting it too.
Proprietary software gives you one option for support, open source gives you lots of options, choice is good.
Yes, but MS can also dictate to RIM... If blackberry stopped supporting exchange, i imagine RIM would suffer far more than MS...
Also, MS are a competitor, they have their own, albeit inferior, mobile devices.
You (or someone else) can pirate the games once when you have access to a fast connection, and then continue using them indefinitely whether you have a connection or not. Downloading several gigs of data on a home connection is often much cheaper than downloading a few kb on a cellphone.
And if your friend already has pirated versions, then you can copy his discs without needing to download separate cracked binaries.
Or you could just buy pirated copies from people selling them on the street.