Only it's not easy... It may be easy to get it "barely working"... but is that really the ideal situation? Without competent staff running them, windows machines deteriorate and collapse pretty quickly, as they become bogged down in crap and infected with malware. Unix machines if setup competently to start with, will just remain running but they too might benefit from occasional maintenence.
Until systems are easily useable in a safe secure and stable manner, neither situation is suitable for unskilled staff. OSX gets closest in this regard.
It would make a lot of sense for Oracle to produce a complete dedicated package that didn't require an OS already be installed. Most Oracle database systems are dedicated machines anyway, so having the entire package supported by a single vendor instead does make a lot of sense. No more Database vendor blaming the OS vendor:)
They don't need to, they do so to keep up their excessive lifestyles. The same thing happens to any industry, where once a select few could charge a premium, after a while market pressure drives the profit margins down. An average PC used to cost a few thousand, nowadays they cost a fraction.
And a number of the open-source apps in which vulnerabilities were found are not considered largeproduction-ready... For instance some of the vulnerabilities in prerelease betas of firefox etc.
Thats slightly different in the case of firefox... If something is a 0.x, beta prerelease version of something, then vulnerabilities shouldn't really be counted. You use a beta product at your own risk. There are also plenty of security issues in microsoft's beta versions, but they too are not counted unless the issue remains in the final release. Anything which is marked as development/beta code is bound to have bugs, some of which may be security related.
Those previous statistics also failed to take into account that most of the vulnerabilities in apps for linux, can also exist if those same apps are installed on windows... Apps such as Apache for instance, can easily be installed on windows and most of the issues found will affect any platform running the software.
That's just chrooting, any serious unix user has been setting up chroot environments for years for many different purposes, i too have several chroot environments on my laptop...
The reason for virtualization is to solve different problems: true isolation between nodes (with vservers other users can often bind to your ips etc) resource limitation ability to run differently-configured kernels, or even different operating systems
And MSOffice for mac weighed in at 600+mb, not sure about the windows version, and didn't include a drawing program or a database by default (tho it did have a mail client which openoffice doesn't).
No point complaining about size when the nearest competitor is much larger... If you don't like downloading 75mb of openoffice, you can always buy a copy on CD.
We have a large number of T42s, and recently acquired some T43s... The T42s had intel network cards, while the T43s have cheaper broadcom cards, which consume more cpu while transferring, have trouble negotiating with some types of switches, and begin losing packets much sooner when the cable length gets too long.
But your poor, therefore in the eyes of the commercial software makers your scum, you are unworthy of having their products. If piracy is your only way of affording games, then your unworthy of playing them.
Software is artificially priced very high. As someone who was very poor as a child, i can sympathise with the situation. My parents only bought me a computer on the basis that i could pirate the games, they could barely afford the machine let alone the extortionate price that games cost.
They don't want you playing old games, they want you to buy the latest ones and ditch the old stuff... That way in a few years time, they can relabel the old games as "classics", update the copy protection scheme and sell them to you again.
And pirates have had superior versions for years... I remember the copy protection schemes on the amiga, usually required you to input a particular word from the printed manual (you dont even get printed manuals nowadays, games cost more but the publishers are too cheap to print a manual).. It got so annoying, especially if you lost the manual, that i went and obtained pirate copies of games i'd bought legitimately.... And while i was there, i got pirate copies of other games too.
I like the way CUPS handles itself... The drivers are on the server, the client doesn't need to know or care about the specifics of the printer... It just needs to know the paper size, porttrait/landscape and wether or not to print in color. The client sends the print job to the server in a standard form (postscript i believe) and the server converts it to whatever the printer requires. The server has the drivers, the clients don't need any drivers... I use this method to print from linux and other unixes, to a printer which has no native linux drivers... I run CUPS on MacOSX (which does have supported drivers) and have the printer physically connected to the mac. Also if you turn broadcasting on, any cups clients on your local network will automatically detect and configure the printer on the server, absoloutely no configuration needed on the clients.
Strictly speaking, windows was never designed to run remote terminals... By using it in this way you are wedging an application into a role it was neither designed nor intended to perform. Windows NT was intended to be a single user workstation OS - one user sitting at the console.
You can publish a single app, but be very carefull what apps you publish... If you publish any of the msoffice apps, or anything which can bring up help pages using IE, then your pretty much wasting your time and may as well give them a full desktop anyway.
You really need to publish custom-designed kiosk style apps, and if your having to write the apps from scratch anyway there are much better ways you could provide them than letting a native binary execute on one of your servers... Java springs to mind, the client will handle the load and the bulk of the code won't be running on your system so you've a much smaller footprint to keep secure.
Anyway, setup a citrix environment and get a half decent pentest company in, whatever you do to citrix it will always get broken, this isn't a fault of citrix but a direct result of the fact windows was always designed to be single-user. Having conducted or watched over 50 penetration tests on citrix environments at all kinds of different companies, i can hand on heart say not one of them managed to keep it secure.
So i assume you also won't trust the security of your server to an even greater degree to an OS that's had security issues in the past... So, what OS are you running?
The trouble with the inbuilt windows remote desktop support, is that although it encrypts the data stream, it doesn't verify the authenticity of the host your connecting to... This makes it trivial to man in the middle, and there will be no warning (unlike ssh for instance, which will tell you the host key has changed). There are point and click tools available (google for cain + abel, available from oxid.it i believe) for doing this too. Aside from that, remote desktop is a lot more bandwidth hungry than citrix, and will be unuseable over slower links.
A better alternative would be NX (www.nomachine.com), it's protocol independant tunnelling/compression, so you can use it with remote desktop, citrix, vnc and X11. and it tunnels everything over SSH, so therefore benefits from the authentication capabilities of ssh.
One other thing, remote desktop happily gives away the OS version and potentially your internal domain name it's using before you authenticate... NX doesn't show you anything until authentication has succeeded
Yes, if you really want to... I assume your talking about the menu bar (which can be configured to hide itself anyway).. but what your not considering is that under windows or x11 the menu is inside of the window itself, whereas with osx it's always in the same place at the top of the screen, so appwindow+menubar on osx is equivalent to appwindow (with included menubar) on windows or x11.
And those who love to tinker are more likely to try linux instead... So microsoft will hopefully end up losing to both sides. All we need really, is a way for linux to run OSX apps and vice-versa so whichever you choose, you still get a full choice of apps.
The ulimit command is what you need, you can limit the amount of memory a process or user can use, but beware, the effect of hitting the limit is the same as completely running out of memory, malloc()s will fail and the program may crash if it's not written to cope with such a situation.
AMD had such a feature too, an auto shutdown if the processor got too hot... The problem tom's hardware identified was that this feature only checked the temperature every couple of seconds, so while it could cope with a fan dying and the cpu/heatsink gradually heating up, it couldn't cope with the sudden rise in temperature associated with total removal of the heatsink.
Dell couldn't possibly be a leader in 64bit computing... They're an intel-only shop, and intel was the last company to come to the 64bit party... IA64 came long after sparc/ppc/alpha/mips/hppa etc were 64bit, and their clones of amd's 64bit extensions obviously came out long after amd's original 64bit chips.
USB was intel perhaps, but microsoft were very late in supporting it... It wasn't until win95c that usb support came as standard, and even then it was pretty half-assed support... I have an Alpha from 1996 with USB support too. And a whole load of intel boards which supported usb but noone had any idea what the connectors were for, often the connectors weren't even wired to the outside of the case at all.
Well ofcourse IE alone will be faster and use less memory than having IE and Firefox loaded simultaneously. If you want a fair comparison, try using a platform where IE isn't preloaded with the OS.
IE/mac and IE/Solaris were always much slower to load than other browsers on the same platforms..
Only it's not easy...
It may be easy to get it "barely working"... but is that really the ideal situation? Without competent staff running them, windows machines deteriorate and collapse pretty quickly, as they become bogged down in crap and infected with malware.
Unix machines if setup competently to start with, will just remain running but they too might benefit from occasional maintenence.
Until systems are easily useable in a safe secure and stable manner, neither situation is suitable for unskilled staff. OSX gets closest in this regard.
It would make a lot of sense for Oracle to produce a complete dedicated package that didn't require an OS already be installed. Most Oracle database systems are dedicated machines anyway, so having the entire package supported by a single vendor instead does make a lot of sense. No more Database vendor blaming the OS vendor :)
They don't need to, they do so to keep up their excessive lifestyles. The same thing happens to any industry, where once a select few could charge a premium, after a while market pressure drives the profit margins down.
An average PC used to cost a few thousand, nowadays they cost a fraction.
And a number of the open-source apps in which vulnerabilities were found are not considered largeproduction-ready... For instance some of the vulnerabilities in prerelease betas of firefox etc.
Thats slightly different in the case of firefox...
If something is a 0.x, beta prerelease version of something, then vulnerabilities shouldn't really be counted. You use a beta product at your own risk.
There are also plenty of security issues in microsoft's beta versions, but they too are not counted unless the issue remains in the final release. Anything which is marked as development/beta code is bound to have bugs, some of which may be security related.
Those previous statistics also failed to take into account that most of the vulnerabilities in apps for linux, can also exist if those same apps are installed on windows...
Apps such as Apache for instance, can easily be installed on windows and most of the issues found will affect any platform running the software.
That's just chrooting, any serious unix user has been setting up chroot environments for years for many different purposes, i too have several chroot environments on my laptop...
The reason for virtualization is to solve different problems:
true isolation between nodes (with vservers other users can often bind to your ips etc)
resource limitation
ability to run differently-configured kernels, or even different operating systems
And MSOffice for mac weighed in at 600+mb, not sure about the windows version, and didn't include a drawing program or a database by default (tho it did have a mail client which openoffice doesn't).
No point complaining about size when the nearest competitor is much larger... If you don't like downloading 75mb of openoffice, you can always buy a copy on CD.
We have a large number of T42s, and recently acquired some T43s... The T42s had intel network cards, while the T43s have cheaper broadcom cards, which consume more cpu while transferring, have trouble negotiating with some types of switches, and begin losing packets much sooner when the cable length gets too long.
But your poor, therefore in the eyes of the commercial software makers your scum, you are unworthy of having their products.
If piracy is your only way of affording games, then your unworthy of playing them.
Software is artificially priced very high. As someone who was very poor as a child, i can sympathise with the situation. My parents only bought me a computer on the basis that i could pirate the games, they could barely afford the machine let alone the extortionate price that games cost.
They don't want you playing old games, they want you to buy the latest ones and ditch the old stuff... That way in a few years time, they can relabel the old games as "classics", update the copy protection scheme and sell them to you again.
And pirates have had superior versions for years... I remember the copy protection schemes on the amiga, usually required you to input a particular word from the printed manual (you dont even get printed manuals nowadays, games cost more but the publishers are too cheap to print a manual).. It got so annoying, especially if you lost the manual, that i went and obtained pirate copies of games i'd bought legitimately.... And while i was there, i got pirate copies of other games too.
It also forces you to install and run your games as a privileged user...
It seems that proprietary vendors invest more in the copy protection schemes than they do in the actual software...
I like the way CUPS handles itself...
The drivers are on the server, the client doesn't need to know or care about the specifics of the printer... It just needs to know the paper size, porttrait/landscape and wether or not to print in color.
The client sends the print job to the server in a standard form (postscript i believe) and the server converts it to whatever the printer requires.
The server has the drivers, the clients don't need any drivers... I use this method to print from linux and other unixes, to a printer which has no native linux drivers...
I run CUPS on MacOSX (which does have supported drivers) and have the printer physically connected to the mac. Also if you turn broadcasting on, any cups clients on your local network will automatically detect and configure the printer on the server, absoloutely no configuration needed on the clients.
Strictly speaking, windows was never designed to run remote terminals... By using it in this way you are wedging an application into a role it was neither designed nor intended to perform. Windows NT was intended to be a single user workstation OS - one user sitting at the console.
You can publish a single app, but be very carefull what apps you publish...
If you publish any of the msoffice apps, or anything which can bring up help pages using IE, then your pretty much wasting your time and may as well give them a full desktop anyway.
You really need to publish custom-designed kiosk style apps, and if your having to write the apps from scratch anyway there are much better ways you could provide them than letting a native binary execute on one of your servers... Java springs to mind, the client will handle the load and the bulk of the code won't be running on your system so you've a much smaller footprint to keep secure.
Anyway, setup a citrix environment and get a half decent pentest company in, whatever you do to citrix it will always get broken, this isn't a fault of citrix but a direct result of the fact windows was always designed to be single-user.
Having conducted or watched over 50 penetration tests on citrix environments at all kinds of different companies, i can hand on heart say not one of them managed to keep it secure.
So i assume you also won't trust the security of your server to an even greater degree to an OS that's had security issues in the past...
So, what OS are you running?
The trouble with the inbuilt windows remote desktop support, is that although it encrypts the data stream, it doesn't verify the authenticity of the host your connecting to...
This makes it trivial to man in the middle, and there will be no warning (unlike ssh for instance, which will tell you the host key has changed). There are point and click tools available (google for cain + abel, available from oxid.it i believe) for doing this too.
Aside from that, remote desktop is a lot more bandwidth hungry than citrix, and will be unuseable over slower links.
A better alternative would be NX (www.nomachine.com), it's protocol independant tunnelling/compression, so you can use it with remote desktop, citrix, vnc and X11. and it tunnels everything over SSH, so therefore benefits from the authentication capabilities of ssh.
One other thing, remote desktop happily gives away the OS version and potentially your internal domain name it's using before you authenticate... NX doesn't show you anything until authentication has succeeded
Yes, if you really want to...
I assume your talking about the menu bar (which can be configured to hide itself anyway).. but what your not considering is that under windows or x11 the menu is inside of the window itself, whereas with osx it's always in the same place at the top of the screen, so appwindow+menubar on osx is equivalent to appwindow (with included menubar) on windows or x11.
And those who love to tinker are more likely to try linux instead... So microsoft will hopefully end up losing to both sides.
All we need really, is a way for linux to run OSX apps and vice-versa so whichever you choose, you still get a full choice of apps.
The ulimit command is what you need, you can limit the amount of memory a process or user can use, but beware, the effect of hitting the limit is the same as completely running out of memory, malloc()s will fail and the program may crash if it's not written to cope with such a situation.
AMD had such a feature too, an auto shutdown if the processor got too hot... The problem tom's hardware identified was that this feature only checked the temperature every couple of seconds, so while it could cope with a fan dying and the cpu/heatsink gradually heating up, it couldn't cope with the sudden rise in temperature associated with total removal of the heatsink.
Dell couldn't possibly be a leader in 64bit computing... They're an intel-only shop, and intel was the last company to come to the 64bit party...
IA64 came long after sparc/ppc/alpha/mips/hppa etc were 64bit, and their clones of amd's 64bit extensions obviously came out long after amd's original 64bit chips.
USB was intel perhaps, but microsoft were very late in supporting it... It wasn't until win95c that usb support came as standard, and even then it was pretty half-assed support...
I have an Alpha from 1996 with USB support too. And a whole load of intel boards which supported usb but noone had any idea what the connectors were for, often the connectors weren't even wired to the outside of the case at all.
Well ofcourse IE alone will be faster and use less memory than having IE and Firefox loaded simultaneously. If you want a fair comparison, try using a platform where IE isn't preloaded with the OS.
IE/mac and IE/Solaris were always much slower to load than other browsers on the same platforms..