What's with the stupid Moonlight examples? Ok, I disagree, because unless you live in a hole you know what Moonlight is. It's taught in high school. EVERYBODY knows what Moonlight is.
Something can only be obvious after one has direct experience with it. For example, it's obvious to me that certain vegetables should be blanched before being served in a pasta dish, or for that matter what "blanched" means - but someone who hasn't worked in a kitchen wouldn't know that, so I would have to explain it to them.
The idea is to consider the audience you're talking to and explain it at the required level. The Slashdot audience is comprised primarily of geeks, and geeks tend to click links and read what they're about.
For the record, BTW, Excel courses are optional, atleast in most Ontario high schools. It's not mandatory learning material like "calculator".
Do I need to say "Saturn the car, not the planet", if I'm talking about a new 4 door sedan?
You're making the assumption that your audience already knows that there is an automotive manufacturer that goes by the name of "Saturn".
These are two *very* different approaches to rendering so by no means would I say that Blender and Moonlight are cut from the same cloth.
This same idea seems to be prevalent on the Windows side of 3D rendering. Most of the people I know who work in graphics design will have two, three, or even four different graphics apps for various purposes. A couple 2D graphics programs, a couple 3D modellers, etc..
When asked why (especially considering the cost of a lot of the software involved - ouch!) they respond that different tools are designed for different purposes. I'd think that actual professional graphics artists who want to switch to Linux on the desktop would more appreciate a choice than being told to pigeon-hole themselves into a single tool.
I'm going to have to agree with Tassach here; WalMart has far more competition (atleast in Canada) than does a BlockBuster. When you're talking movie stores in most of Durham, you find either BlockBuster or Rogers Video. Independant stores are slowly, methodically driven out of their locations to the point where a 30km radius will have six large chains and one indy.
WalMart, however, has to contend with the likes of Zellers, Sears, Canadian Tire, Home Depot (for their hardware sections), and several other retail outlets. They're not in a safe enough position to tell their customers to go somewhere else if they don't like it, and gratuitous sex/nudity seems to be a really hot button for a lot of otherwise (seemingly) amoral customers.
And like it or not, gamers are still a small segment of a very, very large society. Typical lower- and middle-class people looking for a bargain on towels and garden rakes make for a much larger segment, and until gamers account for more than 25% of their overall profits (or some other outrageous figure), I doubt they'll put "hookers and pimps" above the wishes of their target market.
I'm not 'vision impaired' (though I do wear glasses) and I have this set to 12pt. Why? Because I dislike sites like ATI who try to shovel "xx-small" fonts at me.
Almost a best of both worlds situation. Of course, if I don't like the author's font choice I could always disable their ability to change the fonts on my end. We must always remember that every single one of the tags that comprise a web page are OPTIONAL. Merely reccomendations to the browser to suggest what they should do to the content within. I've used a few Italics tags within my comment thus far (and now I've also used bold) - but some of you likely won't see them. Why? Because you can disable such stylistic preferences. I believe the Links/Lynx text-browsers render Italic text in reverse-video, or in a different shade of ${User_Defined_Text_Colour}.
This stuff is all client-side. If you don't like certain tags, (try to) have your browser of choice implement an option to disable them. If it makes the website into a total mess when you do so, don't visit that website.
i can't think of a single retailer who would actually stand behind a claim of morality even at the risk of losing a lot of money.
The issue at stake here, as I see it, is that WalMart is interested in not offending their primary customer base simply to attract a few teens and 20/30-somethings who'll want to buy this one video game. WalMart, for the most part, has a "wholesome" image (or atleast that's the one they shove down our faces in the commercials) and that image is designed to attract the 'happy housewives' of the nation, along with mothers and grandmothers, along with sweet, innocent teenaged girls {nyuk} interested in such strange activities as "power shopping" or some such.
So in short, they're perfectly free to stand behind their morality issue in order to keep the majority of their customer base happy. Losing a few hundred thousand dollars on the sales of one video game is nothing compared to losing a few thousand customers in disgust.
Working in a retail environment, I can tell you that unhappy customers do tell many, many people about how pissed off they are. When it's a huge conglomerate like WalMart they tend to get more incensed and get the media involved. I'm sure they don't want that kind of bad press - bad press that could wind up costing them millions.
but it is ironic that they will usually carry games where you can KILL others but the minute you show some one naked it's vulger.
It's a really strange, and sad state of affairs here in North America. The human body is considered something to cover up, to be ashamed of. But to kill people or speak of mass killing/death is almost acceptable dinner conversation. (Discussing the evening news is relatively commonplace, and more often than not the news involves killing of some form or another. "If it bleeds, it leads." after all).
I'm thinking part of the reason for teenaged pregnancies and STD spreads is the taboo placed on sex.
While I think gratuitous, promiscuous sex (hookers? Pimps?) is a little much, especially for a game intended for wide-spread use, I don't think it's any worse than maiming and killing other players.
{insert obligatory 'video games relating to children killing people, etc.' banter here}
Um... so they total up to it, but I thought every service pack contained all the fixes in the previous ones, so it doesn't really make sense to add them up.
Assuming a business has existing Win2k installations, they would have had to apply each of them as they were released in order to be up-to-date. The only people who don't have to worry about all of them are new installations, in which case they would only need to apply SP3 (if it works for them - I've heard a number of horror stories).
Not to mention it's a service pack for several Windows 2000 versions (though similar, I'm pretty sure a Win 2k Pro only would be smaller).
Regardless, the codebases are doubtless very similar (just different branches for the additional functionality offered in each version). Enterprises would still download the entire service pack to apply it to each of their machines rather than performing the "express install", which is only "express" for one or two Win2k machines. When you have a dozen servers and three hundred workstations, one 100MB download is preferable.
Anyone have any numbers on how much a No-SP Win2k install really need to be up to date? (express download)?
I remember when I installed a vanilla Win2k Pro not too long ago, it took (using the express download from windowsupdate.microsoft.com) somewhere to the tune of 150MB or thereabouts to get the OS up to date (including IE 6, Windows Media Player 7.1, all service packs, security roll-ups, and security/component updates released after the roll-up).
And sometimes only once, when the discoverer posts and then nothing from Microsoft.
I seem to recall a big uproar about Microsoft deciding not to further their efforts to release e-mail vulnerability/patch announcements, opting instead to have users frequent their websites to view the contents of the announcements.
I'm subscribed to just about every Security Focus mailing list that has anything to do with security, viruses, bugs, incidents, events, etc. and I really haven't even seen many (any?) "Visit this URL for details" posts from Microsoft. I'd have to say that they've gone quite mum in recent months.
Of course, when you stop announcing your vulnerabilities in an open forum, then threaten legal action against anybody else who tries to do it for you, that open forum will slowly start to tilt towards the other guys. Sure, Linux/UNIX application vulnerabilities (don't forget that Apache, Sendmail, and BIND still run on FreeBSD et al!) are more popular on the list - but that's because people aren't ALLOWED to publicize Microsoft vulnerabilities!
I know that recent MS EULAs forbid people from disclosing benchmarks relating to the ".NET" suite of applications without Microsoft's prior consent - is it feasible that they've buried something in there about vulnerability disclosure as well?
The thing is, cathedrals are inherently more secure than bazaars. This is in no small part due to the people that frequent each place.
Why, because they don't let anybody peek inside?
Because security through obscurity has worked out so well for Microsoft in recent years, hasn't it?
While there may be a significant number of vulnerabilities that have existed in Linux applications (a rare few in "Linux" itself, I might add), they're almost always fixed in a timely manner. More than can be said for our Cathedral competitor.
Moreover, the security model of even a relatively loosely secured Linux system helps prevent overall system damage and widespread deployment of such vulnerabilities. Consider the spread of CodeRed or Nimda compared to that of Slapper or Ramen. I'm no mathematician, but I do believe we're talking an order of magnitude in difference here. Before somebody reminds me for the umpteenth time that Microsoft is more widespread; let's concentrate on web server vulnerabilities. These guys disagree wholeheartedly.
Also to be considered is the sheer number of updates that appear on the WindowsUpdate site with no big uproar, and the potential number that are buried deep inside their service packs (104MB for XP, 106MB Win2k SP2 with a 17MB "security roll-up" and subsequent SP3, etc.). With atleast a quarter GB of updates to Win2k systems - that's a lot of fixes! The open source community is just a lot more... open about the chinks in our armour, which gives statisticians a field day in coming up with reports and editorials about how bad off we are.
Of course, were I to deploy a mission-critical server installation running Linux, I still have the ability to audit the entire codebase (or hire somebody/a team of somebodies to do it for me). With Windows, that's apparently possible, in a small part, and at a very large price (I understand that enterprises can purchase large chunks of the Windows codebase for a few hundred thousand dollars, but don't quote me on it.) on top of the expense in hiring the programmers. This is not to mention the fleet of tens of thousands of eyes always staring at the code of larger projects day in, day out.
Of course I wouldn't install a GUI on my server - but does Win2k or WinXP give you that option? Of course not.`Microsoft's bread-and-butter is having that GUI shoved in your face at all times with the Internet Explorer icon emblazoned on the desktop and etched forever into the back of your retinas. The Windows Scripting Host and VBS support are all part and parcel with their Master Plan to have integrated desktops with unified interfaces (remember, Microsoft server administration is aimed at monkeys, not trained professionals. (Disclaimer: This isn't to say there aren't talented Microsoft administrators out there, only a comment on the target market of the Windows point-and-shoot interface for servers)).
Interesting to note, BTW, that Windows Professional and Server operating systems ship with RPC, Remote Registry Editing, Background Information Transfer Service (BITS), among other things enabled PER DEFAULT. Microsoft claims to be shifting their focus to security, but quite frankly, the default "Automatic" services list in Windows XP doesn't impress upon me a great feeling of security either.
Remember too that Windows (both the 9x and NT trees) were designed to be single user platforms (the NT tree coming from OS/2 - a single user platform) with multi-user support kludged into place. Only recently is there some form of organization as to where users store their individual documents and settings, but the de facto software installation course sees users installing things throughout the root of the filesystem still, because that's the way it's always been.
With a pretty basic set of hardening scripts (filesystem permissions, firewall rules, etc..) Linux can be made infinitely more secure than Windows, and I believe it will always be more secure if the administrator (behind both the Linux and Windows keyboards) are on the ball. Why? Because I believe OSS vulnerabilities will always be patched sooner, tested by a wider range of people, and applied sooner than the alternative closed-source Windows patches. Also, auditing a patch (diff) file is entirely do-able for one or two programmers in an afternoon - something that makes rapid mass-deployment of patches far more plausible, whereas in the Microsoft world the patch/update method is essentially "Test patch on several machines with similar configuration. If nothing breaks, apply it to the front-line servers."
Morality and security wise, I think I'll stick it out with Linux and let the statisticians throw around all the numbers they want. I'm comfortable right where I am, thankyouverymuch.
I was on www.foxnews.com and if you leave it up for 5 min or so with javascript turned on it pops up. I think its just an add that looks like a windows message.
Gee, I'd forgotten how annoying those popups were since I installed a browser that blocks popups. Alternatively, I could have installed another browser that showcases the same functionality. It's like a whole different WWW without popups.:)
But seriously, this NetBIOS messenger problem is quite real, and is (almost) entirely the fault of the end-user. Putting a Windows machine on the Internet without some form of firewall (software or hardware) is an invitation to get violated in some way or another. All I have to say is, these people are already once lucky - their file and print shares are exposed to the world, so with a bit of password trickery (or exposing one of the many NETBIOS vulnerabilities that exist at various patch levels of each of the Windows OS variants) one can easily access the data and/or send malicious print jobs (hint: MS Paint, black background, 100 copies. Else, SPAM)
There are also cases of people who actually run/administer a firewall that's obviously mis-configured to the point of being futile, so don't expect the mere presence of such a thing to protect you. One individual on the Security Focus Incidents mailing list is reporting this very same 'problem' on his network running Microsoft ISA firewall.
If you're unable (for whatever reason) to install a software firewall, obtain and configure an Internet router. There are dozens (hundreds) on the market, and the vast majority of them (that we've dealt with/sold) come with port forwarding to the internal machines disabled per default. For single-computer owners, SMC makes a one-port Internet router that could simply be installed inline with the users' cable/DSL 'modem' for security and peace of mind. Moreover, it saves the user from having to install annoying PPPoE client software on their machines.
Like the poster before alluded (rather amusingly) to; if you leave your door ajar, don't be surprised when you come home to find people roosting in your house, or that some of your things are missing. Sure, the person may have broken the law, but putting out the welcome mat is just asking for trouble.
To make sure it doesn't restart next time you reboot, go into Control Panel, find the Services applet. Set the Messenger service to startup settings of "Manual" or "Disabled" (as opposed to "Automatic" which restarts it at every boot).
"Manual" will start the service whenever any other service requests it.
PS - See my other post about why this is not a good idea.
I believe shutting down the messenger service will stop them.
Yeah, great idea - shut down the service that allows crackers to send you a banner advertising their illicit activities and force them to work in stealth mode.
That's worse than a band-aid for a broken arm, we're into tumor land here.
Like Norton Anti-Virus? I assume the hundreds of CDs that float around pirated come from China, but I could be wrong. Anyhow, I know of many many local computer OEMs that sell them with systems. They work just the same as regular copies.
The key isn't the CD itself (as far as I can tell, there isn't any discernable difference between our OEM CD and a retail CD), but in the product registration/activation. When you submit your information to them for your free year of updates, they expect (hope) you'll pay for subsequent years. Problem is, you wipe it off your drive and install the next year's version and you've got yourself another free year worth of updates.
Although I agree that you should check the MD5SUMs of all the
software you download, the advisory says that the sendmail FTP server was compromised, the intruders could have easily uploaded new MD5 checksums along with the source code, I am surprised they didn't.
The MD5 Sums are kept on the website as well as in a signed file on the FTP server. If they altered the signed file, the signature would return an error. Besides that, the intruders would also have to update the website to alter that MD5 Sum.
That's a lot of work, and crackers don't seem up to the task, it seems.
I see this as alternative versions of the OS that's hardened more than the typical user might want.
Firstly, Microsoft products are reknowned to be insecure. Outlook's irresponsible display/handling of attachments single-handedly cost the North American economy something to the tune of $6 billion in a single year (Melissa). It continues to cost consumers money, time and time again. Outlook's new default attachment 'protection' policy is almost all-or-none, therefore either you get all attachments enabled, or you have so many disabled that it becomes crippling for home and business users alike.
MS's products are designed from the ground-up to be used and administered by mindless drones. From the sounds of the article, it sounds to me like they've decided to start charging a subscription fee for security updates, or start charging all users a premium per license for security concerns.
The Gartner group has already stated that in their professional opinion, IIS should be re-written from the ground-up.
I think it's about time that people woke up to the fact that Microsoft does not care about them or their companies, and that in the long run Microsoft products are actually MORE expensive.
Think about it - combine the MCSE salaries with the cost of licensing per server per seat with the cost of virus scanning software with the annual subscription costs of virus updates with the cost of large-scale re-installations when a new trojan/worm/virus inevietably finds its way past the detection systems with the cost of server and workstation downtime - then compare that to the cost of installing and administering a proper UNIX network.
This is completely timely on Microsoft's part of course. Now that they have everyone so completely hooked on their products, and CIOs bowing at the feet of the company, they can convince them that they're somehow getting something more special than everyone else because of the premium they're paying for it.
Everybody - make it your mission to train your company CIO. Show them hard facts and figures as to what Microsoft will cost them - demonstrate how their precious bottom line will be affected by the insecure, unstable nature of Microsoft products. The bottom line is all they understand, so give it to them.
You said you didn't mean to insult Samba, but that doesn't sound particularly flattering to me.
Who in the hell has the time to do routine IT crap, and figure out all sorts of bizarre configurations. If you stick to standard configurations you'll be able to find people to run/fix/upgrade/maintain them.
Samba is a standard configuration. You'll find it in smb.conf. As to the people who can run/fix/upgrade your configuration; that would be a UNIX/Linux systems administrator. (All readers who fit that bill and have a resumee handy, please raise a paw)
don't customize for the sake of doing it or to save $500.
It sounds to me like you haven't priced out a Win2k Server with Exchange Server for 10-12 seats, have you? We're talking closer to $6000, not $500, and we still have to build a server and install the OS, which means either the lawyer must do it himself or pay a beanie-wearing MCSE to do it for him.
With about ten hours' worth of labour, I can install and configure a Linux server to replicate the majority of the functionality of a Win2k domain controller running Exchange. That means approximately a 90% savings on the cost of getting the server up and running - assuming the O.P. performs the Windows install/config himself.
This leads to another thought: If you don't want to run non-free software
He didn't say he wanted to avoid using non-free software altogether, only that he's interested in using OSS for his company servers. After having administered an NT4 domain (~1300 users), and with the few Win2k domains I'm presently responsible for, I can perfectly understand why he'd want to use a UNIX/Linux based approach.
What do you do when Windows XP ServicePack 8 stops interacting with your Samba DC?? Do you stop studying for the bar, drop your management duties to figure out how to fix it? Do you have enough money lying around to pay an expert to fix it?
This is why IT managers manage the software/fixes installed on desktop machines. One should never apply a large OS update to their entire network without testing it in a controlled situation first. Thousands of people ran into problems with Win2k SP3, while many thousands of people prepared themselves for it by testing the SP in a test lab so they would know what the outcome would be.
Moreover, wouldn't these guys be apt to find a fix to the "XP Service Pack 8" breakage for you? Open source doesn't always mean "fix it yourself", you know.
Of particular interest (apologies for the redundancy);
"Because it doesn't have access to Microsoft's source code, the Samba team has been forced to develop a suite of testing and debugging tools that systematically interrogate Windows, looking for new features and checking that the old features haven't changed whenever Microsoft brings out a new version of Windows. It's likely that the Samba team now spends more time testing Microsoft's networking software than Microsoft itself."
Thankfully they've changed the way it works to an actual CMOS chip,
I'm working on my second coffee myself - of course I meant to say BIOS.
Non techies complain about acronym overload, sad to say I suffer the same fate.;)
As to my rant, it wasn't (technically) off-topic, it was regarding the strange behaviours of large corporations when it comes to their system BIOSes. IBM has all sorts of weird ideas, and that's what makes FreeBSD on the ThinkPads such a treat to use.
The IBM desktops (PC300**, NetVista, etc.) use a BIOS that's essentially a glorified information source. If it doesn't find your HDD, CDROM, or other installed equipment - you're SOL (this straight from an IBM field tech, BTW). You can change the boot order and a couple of passwords, and of course the date/time, but as to the stuff that really counts, you have to trust in Big Blue.
I haven't totally followed the issue, but I understand that changing the partition identity to that of an OpenBSD partition will allow the present ThinkPad BIOS to boot to "OpenBSD" which is, in fact, FreeBSD. So as long as it's possible to fool the big boys, problem solved. {smile}
Well, yes, as I said in the next sentence, that's what people often just call "the CMOS"
I had one person try to explain to me that you use the CMOS to save settings to the BIOS. No matter how much logic, reason, or explanation I gave him, he adamantly refused to budge on that point. See, he took a year of physics/science courses at a prestigious local institution before attending another college for a networking course. See, he has a home LAN in his house, so he's one of those exspurts.
Worse still were the even more 'green' types standing in the room who, for some reason, trusted him more than they trusted me, so now they all believe that a "BIOS" is some magical piece of hardware where information is stored, and that a "CMOS" is a menu system where you set the date.
Of note is the fact that most of these people refer constantly to "NIC Cards"
I didn't think, however, that Compaq would make systems that would refuse to load the MBR bootloader from disk if there was no setup partition... That seems a just a little too crazy, even for them.
Slashdot Mirror
Something can only be obvious after one has direct experience with it. For example, it's obvious to me that certain vegetables should be blanched before being served in a pasta dish, or for that matter what "blanched" means - but someone who hasn't worked in a kitchen wouldn't know that, so I would have to explain it to them.
The idea is to consider the audience you're talking to and explain it at the required level. The Slashdot audience is comprised primarily of geeks, and geeks tend to click links and read what they're about.
For the record, BTW, Excel courses are optional, atleast in most Ontario high schools. It's not mandatory learning material like "calculator".
You're making the assumption that your audience already knows that there is an automotive manufacturer that goes by the name of "Saturn".When asked why (especially considering the cost of a lot of the software involved - ouch!) they respond that different tools are designed for different purposes. I'd think that actual professional graphics artists who want to switch to Linux on the desktop would more appreciate a choice than being told to pigeon-hole themselves into a single tool.
WalMart, however, has to contend with the likes of Zellers, Sears, Canadian Tire, Home Depot (for their hardware sections), and several other retail outlets. They're not in a safe enough position to tell their customers to go somewhere else if they don't like it, and gratuitous sex/nudity seems to be a really hot button for a lot of otherwise (seemingly) amoral customers.
And like it or not, gamers are still a small segment of a very, very large society. Typical lower- and middle-class people looking for a bargain on towels and garden rakes make for a much larger segment, and until gamers account for more than 25% of their overall profits (or some other outrageous figure), I doubt they'll put "hookers and pimps" above the wishes of their target market.
I'm not 'vision impaired' (though I do wear glasses) and I have this set to 12pt. Why? Because I dislike sites like ATI who try to shovel "xx-small" fonts at me.
Almost a best of both worlds situation. Of course, if I don't like the author's font choice I could always disable their ability to change the fonts on my end. We must always remember that every single one of the tags that comprise a web page are OPTIONAL. Merely reccomendations to the browser to suggest what they should do to the content within. I've used a few Italics tags within my comment thus far (and now I've also used bold) - but some of you likely won't see them. Why? Because you can disable such stylistic preferences. I believe the Links/Lynx text-browsers render Italic text in reverse-video, or in a different shade of ${User_Defined_Text_Colour}.
This stuff is all client-side. If you don't like certain tags, (try to) have your browser of choice implement an option to disable them. If it makes the website into a total mess when you do so, don't visit that website.
So in short, they're perfectly free to stand behind their morality issue in order to keep the majority of their customer base happy. Losing a few hundred thousand dollars on the sales of one video game is nothing compared to losing a few thousand customers in disgust.
Working in a retail environment, I can tell you that unhappy customers do tell many, many people about how pissed off they are. When it's a huge conglomerate like WalMart they tend to get more incensed and get the media involved. I'm sure they don't want that kind of bad press - bad press that could wind up costing them millions.
I'm thinking part of the reason for teenaged pregnancies and STD spreads is the taboo placed on sex.
While I think gratuitous, promiscuous sex (hookers? Pimps?) is a little much, especially for a game intended for wide-spread use, I don't think it's any worse than maiming and killing other players.
{insert obligatory 'video games relating to children killing people, etc.' banter here}
Proof: the sheer number of exploits to all closed-source software.
Here's to hoping you're being sarcastic!
Boy, is that ever over-used.I'm subscribed to just about every Security Focus mailing list that has anything to do with security, viruses, bugs, incidents, events, etc. and I really haven't even seen many (any?) "Visit this URL for details" posts from Microsoft. I'd have to say that they've gone quite mum in recent months.
Of course, when you stop announcing your vulnerabilities in an open forum, then threaten legal action against anybody else who tries to do it for you, that open forum will slowly start to tilt towards the other guys. Sure, Linux/UNIX application vulnerabilities (don't forget that Apache, Sendmail, and BIND still run on FreeBSD et al!) are more popular on the list - but that's because people aren't ALLOWED to publicize Microsoft vulnerabilities!
I know that recent MS EULAs forbid people from disclosing benchmarks relating to the ".NET" suite of applications without Microsoft's prior consent - is it feasible that they've buried something in there about vulnerability disclosure as well?
Because security through obscurity has worked out so well for Microsoft in recent years, hasn't it?
While there may be a significant number of vulnerabilities that have existed in Linux applications (a rare few in "Linux" itself, I might add), they're almost always fixed in a timely manner. More than can be said for our Cathedral competitor.
Moreover, the security model of even a relatively loosely secured Linux system helps prevent overall system damage and widespread deployment of such vulnerabilities. Consider the spread of CodeRed or Nimda compared to that of Slapper or Ramen. I'm no mathematician, but I do believe we're talking an order of magnitude in difference here. Before somebody reminds me for the umpteenth time that Microsoft is more widespread; let's concentrate on web server vulnerabilities. These guys disagree wholeheartedly.
Also to be considered is the sheer number of updates that appear on the WindowsUpdate site with no big uproar, and the potential number that are buried deep inside their service packs (104MB for XP, 106MB Win2k SP2 with a 17MB "security roll-up" and subsequent SP3, etc.). With atleast a quarter GB of updates to Win2k systems - that's a lot of fixes! The open source community is just a lot more ... open about the chinks in our armour, which gives statisticians a field day in coming up with reports and editorials about how bad off we are.
Of course, were I to deploy a mission-critical server installation running Linux, I still have the ability to audit the entire codebase (or hire somebody/a team of somebodies to do it for me). With Windows, that's apparently possible, in a small part, and at a very large price (I understand that enterprises can purchase large chunks of the Windows codebase for a few hundred thousand dollars, but don't quote me on it.) on top of the expense in hiring the programmers. This is not to mention the fleet of tens of thousands of eyes always staring at the code of larger projects day in, day out.
Of course I wouldn't install a GUI on my server - but does Win2k or WinXP give you that option? Of course not.`Microsoft's bread-and-butter is having that GUI shoved in your face at all times with the Internet Explorer icon emblazoned on the desktop and etched forever into the back of your retinas. The Windows Scripting Host and VBS support are all part and parcel with their Master Plan to have integrated desktops with unified interfaces (remember, Microsoft server administration is aimed at monkeys, not trained professionals. (Disclaimer: This isn't to say there aren't talented Microsoft administrators out there, only a comment on the target market of the Windows point-and-shoot interface for servers)).
Interesting to note, BTW, that Windows Professional and Server operating systems ship with RPC, Remote Registry Editing, Background Information Transfer Service (BITS), among other things enabled PER DEFAULT . Microsoft claims to be shifting their focus to security, but quite frankly, the default "Automatic" services list in Windows XP doesn't impress upon me a great feeling of security either.
Remember too that Windows (both the 9x and NT trees) were designed to be single user platforms (the NT tree coming from OS/2 - a single user platform) with multi-user support kludged into place. Only recently is there some form of organization as to where users store their individual documents and settings, but the de facto software installation course sees users installing things throughout the root of the filesystem still, because that's the way it's always been.
With a pretty basic set of hardening scripts (filesystem permissions, firewall rules, etc..) Linux can be made infinitely more secure than Windows, and I believe it will always be more secure if the administrator (behind both the Linux and Windows keyboards) are on the ball. Why? Because I believe OSS vulnerabilities will always be patched sooner, tested by a wider range of people, and applied sooner than the alternative closed-source Windows patches. Also, auditing a patch (diff) file is entirely do-able for one or two programmers in an afternoon - something that makes rapid mass-deployment of patches far more plausible, whereas in the Microsoft world the patch/update method is essentially "Test patch on several machines with similar configuration. If nothing breaks, apply it to the front-line servers."
Morality and security wise, I think I'll stick it out with Linux and let the statisticians throw around all the numbers they want. I'm comfortable right where I am, thankyouverymuch.
Interesting. Somebody re-posted my e-mail. Quite flattering. :)
I agree with a previous poster, Pengaol.org should aquire themselves a lawyer, and perhaps even counter-sue AOL for needless abuse, harassment, etc.
I recall that all of my lower powered machines were lucky to see a 6GB drive, letalone have 2-4GB to spare.
But seriously, this NetBIOS messenger problem is quite real, and is (almost) entirely the fault of the end-user. Putting a Windows machine on the Internet without some form of firewall (software or hardware) is an invitation to get violated in some way or another. All I have to say is, these people are already once lucky - their file and print shares are exposed to the world, so with a bit of password trickery (or exposing one of the many NETBIOS vulnerabilities that exist at various patch levels of each of the Windows OS variants) one can easily access the data and/or send malicious print jobs (hint: MS Paint, black background, 100 copies. Else, SPAM)
There are also cases of people who actually run/administer a firewall that's obviously mis-configured to the point of being futile, so don't expect the mere presence of such a thing to protect you. One individual on the Security Focus Incidents mailing list is reporting this very same 'problem' on his network running Microsoft ISA firewall.
If you're unable (for whatever reason) to install a software firewall, obtain and configure an Internet router. There are dozens (hundreds) on the market, and the vast majority of them (that we've dealt with/sold) come with port forwarding to the internal machines disabled per default. For single-computer owners, SMC makes a one-port Internet router that could simply be installed inline with the users' cable/DSL 'modem' for security and peace of mind. Moreover, it saves the user from having to install annoying PPPoE client software on their machines.
Like the poster before alluded (rather amusingly) to; if you leave your door ajar, don't be surprised when you come home to find people roosting in your house, or that some of your things are missing. Sure, the person may have broken the law, but putting out the welcome mat is just asking for trouble.
PS - See my other post about why this is not a good idea.
That's worse than a band-aid for a broken arm, we're into tumor land here.
That's a lot of work, and crackers don't seem up to the task, it seems.
MS's products are designed from the ground-up to be used and administered by mindless drones. From the sounds of the article, it sounds to me like they've decided to start charging a subscription fee for security updates, or start charging all users a premium per license for security concerns.
The Gartner group has already stated that in their professional opinion, IIS should be re-written from the ground-up.
I think it's about time that people woke up to the fact that Microsoft does not care about them or their companies, and that in the long run Microsoft products are actually MORE expensive.
Think about it - combine the MCSE salaries with the cost of licensing per server per seat with the cost of virus scanning software with the annual subscription costs of virus updates with the cost of large-scale re-installations when a new trojan/worm/virus inevietably finds its way past the detection systems with the cost of server and workstation downtime - then compare that to the cost of installing and administering a proper UNIX network.
This is completely timely on Microsoft's part of course. Now that they have everyone so completely hooked on their products, and CIOs bowing at the feet of the company, they can convince them that they're somehow getting something more special than everyone else because of the premium they're paying for it.
Everybody - make it your mission to train your company CIO. Show them hard facts and figures as to what Microsoft will cost them - demonstrate how their precious bottom line will be affected by the insecure, unstable nature of Microsoft products. The bottom line is all they understand, so give it to them.
With about ten hours' worth of labour, I can install and configure a Linux server to replicate the majority of the functionality of a Win2k domain controller running Exchange. That means approximately a 90% savings on the cost of getting the server up and running - assuming the O.P. performs the Windows install/config himself.
He didn't say he wanted to avoid using non-free software altogether, only that he's interested in using OSS for his company servers. After having administered an NT4 domain (~1300 users), and with the few Win2k domains I'm presently responsible for, I can perfectly understand why he'd want to use a UNIX/Linux based approach.Moreover, wouldn't these guys be apt to find a fix to the "XP Service Pack 8" breakage for you? Open source doesn't always mean "fix it yourself", you know.
Of particular interest (apologies for the redundancy);
Non techies complain about acronym overload, sad to say I suffer the same fate. ;)
As to my rant, it wasn't (technically) off-topic, it was regarding the strange behaviours of large corporations when it comes to their system BIOSes. IBM has all sorts of weird ideas, and that's what makes FreeBSD on the ThinkPads such a treat to use.
The IBM desktops (PC300**, NetVista, etc.) use a BIOS that's essentially a glorified information source. If it doesn't find your HDD, CDROM, or other installed equipment - you're SOL (this straight from an IBM field tech, BTW). You can change the boot order and a couple of passwords, and of course the date/time, but as to the stuff that really counts, you have to trust in Big Blue.
I haven't totally followed the issue, but I understand that changing the partition identity to that of an OpenBSD partition will allow the present ThinkPad BIOS to boot to "OpenBSD" which is, in fact, FreeBSD. So as long as it's possible to fool the big boys, problem solved. {smile}
I had one person try to explain to me that you use the CMOS to save settings to the BIOS. No matter how much logic, reason, or explanation I gave him, he adamantly refused to budge on that point. See, he took a year of physics/science courses at a prestigious local institution before attending another college for a networking course. See, he has a home LAN in his house, so he's one of those exspurts.Worse still were the even more 'green' types standing in the room who, for some reason, trusted him more than they trusted me, so now they all believe that a "BIOS" is some magical piece of hardware where information is stored, and that a "CMOS" is a menu system where you set the date.
Of note is the fact that most of these people refer constantly to "NIC Cards"