It would be very easy for someone to say one "solution" is more expensive than another, especially when they don't specify what hardware they used for the comparison. What about SunFire V20 and V40z's, they can compete in the same space as x86 machines running Linux. If IBM is really serious they should release the full study and not a 9 page "Executive Summary".
One of the guys at work was comparing a particluar location today using Google Maps and MSN Earth and noticed MSN's imagery was at least 10 years old for the location he was looking at. I wonder if Microsoft is using some of the TerraServer imagery and superimposing street info without having to update the imagery (and spend a lot of money in the process)?
then you would know that that the guy who posted is a known troll and despite the efforts of Alan and other Sun employees who monitor OSNews this guy was still "foaming at the mouth". In fact one of the trolls posted his "parting shot" was to call Solaris users "nazis"! I think all of the posts in question have been pulled, because I could not find them.
The problem with OSNews is that it seems to attract the "bottom feeder" users who have little real experience and tend to bitch and whine like children rather than to respond with well thought out arguments and present facts. I have caught people using FUD and outright lies to support their "positions" that Linux is better than Solaris. Well see...
There is another article out there where Solaris 10 was reviewed by an actual Solaris administrator and not some Linux user:
http://www.osnews.com/story.php?news_id=9865
If you need a GUI to set up a network interface, maybe you need to go back to Windows, because you aren't going to be doing it over a serial link! Solaris was built with Enterprise computing in mind, not "making it easy" for people who don't want to type.
And if that is the quality of articles from PC Magazine nowadays, I'm glad I don't read it anymore! Because I thought "yet another whiny Linux zealot bitching about Solaris" article, what bullshit. If PC Magazine is going to review Solaris, do it right or don't do it at all!
I read this "review" when it showed up on OSNews and thought "yet another Linux/BSD/whatever user attempts to use Solaris and fails". Everybody seems to focus on what Sun is pimping (DTrace, Zones, Predictive Self Healing), what about actually using the OS?
I have been using (and beta testing) Solaris 10 since August 2003, and there is a lot more to it than DTrace, Zones, and Predictive Self Healing. There are several password security improvements, a new installation metacluster (Reduced Networking Support), a new installation method (WAN Boot), the ability to wrap RPC connections so that connections get logged (TCP Wrappers). And so you don't have to download a ton of software, GCC, gmake, webmin, GIMP, and other tools are part of the Full Distribution installation.
The problem with "reviews" is trying to meet the insaitable demand for "information" and not actually providing anything other than a rehash of publicity materials. How about everybody being paitient and hold off for a "quality" review.
I always like managers that think IT can be "cut to the quick" to save money. So what I would do instead of killing myself cutting costs is ask for more money. When management screams why (which they will), justify it through a careful analysis of problems that can be solved by spending money and show cost savings through reduced effort, etc.
My opinion is once you "OK" budget cuts, management will always see you as the "sucker" to go to when they need some quick bucks. Nothing ventured, nothing gained.
I find the comment about RHEL 4 will be released being evaluated at Common Criteria EAL 4 interesting, considering RHEL is not listed as a product in under evaluation yet (http://niap.nist.gov/cc-scheme/in_evaluation.html )! That should take about six months mimimally, so when are we looking at RHEL 4 being released?
I am sure other people have commented on Microsoft's "let's remove functionality to reduce the cost" so that if anyone actually needs the functionality of XP Home or Professional they have to cough up more money! You don't have to be a Harvard economist to see what Microsoft is doing here. I hope the people of Malysia and Thailand see through Microsoft's crap and tell them to shove Windows XP Starter Edition.
It wouldn't take a Class Action lawsuit to get management to recognize that their actions is causing their product to suffer through abusing their staff. So much managerial bullshit, all about profit. If they actually have to pay their employees overtime, that would cut into profits. We can't have that!!!
I was working at NMCI when EDS was trying to sell the concept to both the Army and the Air Force. The Air Force chose not to have a Civilian Contractor "own" the network. I am willing to bet that the Air Force retains full control of the various networks.
Also Linux is not a good fit for applications such as Global Command and Control System (GCCS) which is a Unix/Windows product (Solaris servers, Windows clients and servers). This is of course if the AF chose to port the applications to another OS, which would take years (look up Common Operating Environment) to meet all of the usability requirements, nevermind the security ones. All I can say is putting your eggs in one basket is not a good idea.
In Dan O'Dowd's mentioning of Linux "only" receiving CC EAL 2 is somewhat incorrect. RedHat Enterprise Linux Advanced Server got CC EAL2, SuSe Enterprise Linux was evaluated at EAL 3+. This is roughly the equivalent of TCSEC C2, and can be deployed in a classified environment. I guess he needs to check http://niap.nist.gov/cc-scheme/vpl/vpl_assur_lvl.h tml more regularly and actually read it!
That if Microsoft has that much money to spend on think tanks and spin doctors, if they spent that much money on improving their products instead of spreading FUD where would they be today!
This guy has it right, I carried Nikon gear (in excess of $20,000) in the US and various foreign countries. If you look like you mean business, people will leave you alone. And if you look like an easy mark, well stand by!
Obviously the MPAA/RIAA cannot get "directly" into the schools, so they use Junior Achievement to get in under the guise as "business education". How much of a "bone" did they throw JA to allow this?
Second, once the school finds out what the "topic of the day" is for JA, why do they allow it at all? Unless the teachers are mindless sheep, this kind of "eduation" should not be allowed!
Concerned parents should be asking some hard questions of both the School Boards and Junior Achievement about this, because if they are not going to show both sides of the issue, they should not be there at all!
First most Enterprise installations do not use Linux, they use Windows, Solaris, HP-UX, AIX, etc. Not all of these OS' support Mandatory Access Control or Role Based Access Control.
Second is it even necessary, root as a role is nice, but that does not necessarily stop the box from being owned. It just means that the root user has a "leash" put on him or her. And so will the users and applications, and depending on how much "control" you want, some applications might not work at all! An example is when we were looking at the CAPP/EAL4+ installation of AIX 5L 5.2 IBM's documentation clearly stated that "some applcations and commands might not work for all users in a CAPP/EAL4+ installation". Not all applications are written to work in this type of environment, and there are costs to consider, the operating systems and applications designed to work in a MAC environment cost more, much more.
And along with MAC is the auditing of virtually everything being audited (this is the most important part of MAC next to limiting access based on security labels). This is overkill for a business environment, and an administrative nightmare of constantly changing roles and security labels. A sane security policy that is enforcable and backed up by management makes far more sense than a draconian rule set to limit access to systems and data.
I don't know if any of you read SysAdmin or Dr. Dobbs Journal (I get both) and the Microsof tFUD machine doesn't stop at OpenOffice. In my latest issue of SysAdmin was a pack containing a 180 day time crippled copy of Windows Server 2003 and a "Learning Resource" CD.
I went through part of the CD before I raised the "bullshit flag" over the following:
1. Poor Plug and Play support based on Solaris 2.6 and an equally ancient version of Linux. Did not mention HP-UX, IRIX, or AIX.
2. The only way to have a remote desktop similar to Terminal Services was to use VNC, what about a remote X session?
Microsoft would not get in so much trouble over this stuff if they simply told the truth. Or are they expecting Linux and Unix admins and developers to "jump ship" for some crippleware (not including "Windows Services for Unix" which Microsoft had to Interix to develop!
I remember reading about something similar to this using florinert and liquid nitrogen. It must be nice to have more money than sense, because for the amount of money they spend on the cooling equipment, they could have bought "bleeding edge" hardware. But I am not an overclocker either.
This not only affects Linux, but any Open Source application. The last Government contract I worked on, we wanted to deploy an Open Source monitoring agent since the deployment of a "major vendor" product was not going to happen for some time. The response from IA (Information Assurance) basically was "has it passed Common Criteria evaluation and can you show us proof?" The answer was no, so the app was not deployed. We even provided the source code for "review".
I think the tools are already in place within segments of the US Government to stop the deployment of OSS by simply pointing to http://niap.nist.gov and saying "It's not on the Approved List". Most OSS does not have the deep pockets of IBM and Oracle to afford CC evaluation (SuSe and RedHat respectively). Now whether Microsoft had anything to do with this I cannot say, but I think it is not simply a matter of development models, but security models as well. And even in the case of a OSS product sucessfully passing CC evaluation, some agencies are not happy. Read the latest version of the DISA Unix STIG and see what they say about SuSe Linux (they complained that no US (NSA) Protection Profiles were used in the evaluation. So does that mean it is less secure and should not be used?
Some Governments could simply point to the US and say "we won't adopt OSS because the US doesn't". Just a thought
Hasn't Microsoft learned from the lessons of Outlook, why should contact information be tied to the File System? It is not enough that personal information can be harvested in a variety of ways now, lets create a new one! So the next generation of worms will not only look at your contact list in your favorite e-mail client, but the file system for anything that could be missed!
And what kind of security controls are going to be placed on this "feature", hopefully it is Mandatory Access Control (yeah, I'm dreaming but what the Hell, it's Friday)!!
Slashdot Mirror
Read about Frank Snepp and his book about Vietnam "Decent Interval" http://www.franksnepp.com/, particularly this http://www.franksnepp.com/court.htm/.
I wonder if Cary would be saying that if the RIAA was named in several lawsuits and was facing the the bad press Sony is currently getting?
It would be very easy for someone to say one "solution" is more expensive than another, especially when they don't specify what hardware they used for the comparison. What about SunFire V20 and V40z's, they can compete in the same space as x86 machines running Linux. If IBM is really serious they should release the full study and not a 9 page "Executive Summary".
When she get's off the phone long enough to use a computer at all!
One of the guys at work was comparing a particluar location today using Google Maps and MSN Earth and noticed MSN's imagery was at least 10 years old for the location he was looking at. I wonder if Microsoft is using some of the TerraServer imagery and superimposing street info without having to update the imagery (and spend a lot of money in the process)?
I wonder if HP is going to port the code from HP-UX for Linux to create vPars on their hardware, or is that going to be an HP-UX "only" feature?
The problem with OSNews is that it seems to attract the "bottom feeder" users who have little real experience and tend to bitch and whine like children rather than to respond with well thought out arguments and present facts. I have caught people using FUD and outright lies to support their "positions" that Linux is better than Solaris. Well see ...
http://www.osnews.com/story.php?news_id=9865
If you need a GUI to set up a network interface, maybe you need to go back to Windows, because you aren't going to be doing it over a serial link! Solaris was built with Enterprise computing in mind, not "making it easy" for people who don't want to type.And if that is the quality of articles from PC Magazine nowadays, I'm glad I don't read it anymore! Because I thought "yet another whiny Linux zealot bitching about Solaris" article, what bullshit. If PC Magazine is going to review Solaris, do it right or don't do it at all!
I read this "review" when it showed up on OSNews and thought "yet another Linux/BSD/whatever user attempts to use Solaris and fails". Everybody seems to focus on what Sun is pimping (DTrace, Zones, Predictive Self Healing), what about actually using the OS?
I have been using (and beta testing) Solaris 10 since August 2003, and there is a lot more to it than DTrace, Zones, and Predictive Self Healing. There are several password security improvements, a new installation metacluster (Reduced Networking Support), a new installation method (WAN Boot), the ability to wrap RPC connections so that connections get logged (TCP Wrappers). And so you don't have to download a ton of software, GCC, gmake, webmin, GIMP, and other tools are part of the Full Distribution installation.
The problem with "reviews" is trying to meet the insaitable demand for "information" and not actually providing anything other than a rehash of publicity materials. How about everybody being paitient and hold off for a "quality" review.
The show is over according to the information on this page: http://www.mansfieldtourism.com/CVB_Site/Pages/ele ctro.htm/
My opinion is once you "OK" budget cuts, management will always see you as the "sucker" to go to when they need some quick bucks. Nothing ventured, nothing gained.
I find the comment about RHEL 4 will be released being evaluated at Common Criteria EAL 4 interesting, considering RHEL is not listed as a product in under evaluation yet (http://niap.nist.gov/cc-scheme/in_evaluation.html )! That should take about six months mimimally, so when are we looking at RHEL 4 being released?
I am sure other people have commented on Microsoft's "let's remove functionality to reduce the cost" so that if anyone actually needs the functionality of XP Home or Professional they have to cough up more money! You don't have to be a Harvard economist to see what Microsoft is doing here. I hope the people of Malysia and Thailand see through Microsoft's crap and tell them to shove Windows XP Starter Edition.
It wouldn't take a Class Action lawsuit to get management to recognize that their actions is causing their product to suffer through abusing their staff. So much managerial bullshit, all about profit. If they actually have to pay their employees overtime, that would cut into profits. We can't have that!!!
Also Linux is not a good fit for applications such as Global Command and Control System (GCCS) which is a Unix/Windows product (Solaris servers, Windows clients and servers). This is of course if the AF chose to port the applications to another OS, which would take years (look up Common Operating Environment) to meet all of the usability requirements, nevermind the security ones. All I can say is putting your eggs in one basket is not a good idea.
In Dan O'Dowd's mentioning of Linux "only" receiving CC EAL 2 is somewhat incorrect. RedHat Enterprise Linux Advanced Server got CC EAL2, SuSe Enterprise Linux was evaluated at EAL 3+. This is roughly the equivalent of TCSEC C2, and can be deployed in a classified environment. I guess he needs to check http://niap.nist.gov/cc-scheme/vpl/vpl_assur_lvl.h tml more regularly and actually read it!
That if Microsoft has that much money to spend on think tanks and spin doctors, if they spent that much money on improving their products instead of spreading FUD where would they be today!
This guy has it right, I carried Nikon gear (in excess of $20,000) in the US and various foreign countries. If you look like you mean business, people will leave you alone. And if you look like an easy mark, well stand by!
Obviously the MPAA/RIAA cannot get "directly" into the schools, so they use Junior Achievement to get in under the guise as "business education". How much of a "bone" did they throw JA to allow this?
Second, once the school finds out what the "topic of the day" is for JA, why do they allow it at all? Unless the teachers are mindless sheep, this kind of "eduation" should not be allowed!
Concerned parents should be asking some hard questions of both the School Boards and Junior Achievement about this, because if they are not going to show both sides of the issue, they should not be there at all!
First most Enterprise installations do not use Linux, they use Windows, Solaris, HP-UX, AIX, etc. Not all of these OS' support Mandatory Access Control or Role Based Access Control.
Second is it even necessary, root as a role is nice, but that does not necessarily stop the box from being owned. It just means that the root user has a "leash" put on him or her. And so will the users and applications, and depending on how much "control" you want, some applications might not work at all! An example is when we were looking at the CAPP/EAL4+ installation of AIX 5L 5.2 IBM's documentation clearly stated that "some applcations and commands might not work for all users in a CAPP/EAL4+ installation". Not all applications are written to work in this type of environment, and there are costs to consider, the operating systems and applications designed to work in a MAC environment cost more, much more.
And along with MAC is the auditing of virtually everything being audited (this is the most important part of MAC next to limiting access based on security labels). This is overkill for a business environment, and an administrative nightmare of constantly changing roles and security labels. A sane security policy that is enforcable and backed up by management makes far more sense than a draconian rule set to limit access to systems and data.
According to this article in PC World, Adrian Lamo's sentencing has been delayed until June:
http://www.snpx.com/cgi-bin/news5.cgi?target=www.I wonder if the the NY Times or the Feds decided to change the terms of the plea agreement at the last minute?
I don't know if any of you read SysAdmin or Dr. Dobbs Journal (I get both) and the Microsof tFUD machine doesn't stop at OpenOffice. In my latest issue of SysAdmin was a pack containing a 180 day time crippled copy of Windows Server 2003 and a "Learning Resource" CD.
I went through part of the CD before I raised the "bullshit flag" over the following:
1. Poor Plug and Play support based on Solaris 2.6 and an equally ancient version of Linux. Did not mention HP-UX, IRIX, or AIX.
2. The only way to have a remote desktop similar to Terminal Services was to use VNC, what about a remote X session?
Microsoft would not get in so much trouble over this stuff if they simply told the truth. Or are they expecting Linux and Unix admins and developers to "jump ship" for some crippleware (not including "Windows Services for Unix" which Microsoft had to Interix to develop!I remember reading about something similar to this using florinert and liquid nitrogen. It must be nice to have more money than sense, because for the amount of money they spend on the cooling equipment, they could have bought "bleeding edge" hardware. But I am not an overclocker either.
This not only affects Linux, but any Open Source application. The last Government contract I worked on, we wanted to deploy an Open Source monitoring agent since the deployment of a "major vendor" product was not going to happen for some time. The response from IA (Information Assurance) basically was "has it passed Common Criteria evaluation and can you show us proof?" The answer was no, so the app was not deployed. We even provided the source code for "review".
I think the tools are already in place within segments of the US Government to stop the deployment of OSS by simply pointing to http://niap.nist.gov and saying "It's not on the Approved List". Most OSS does not have the deep pockets of IBM and Oracle to afford CC evaluation (SuSe and RedHat respectively). Now whether Microsoft had anything to do with this I cannot say, but I think it is not simply a matter of development models, but security models as well. And even in the case of a OSS product sucessfully passing CC evaluation, some agencies are not happy. Read the latest version of the DISA Unix STIG and see what they say about SuSe Linux (they complained that no US (NSA) Protection Profiles were used in the evaluation. So does that mean it is less secure and should not be used?
Some Governments could simply point to the US and say "we won't adopt OSS because the US doesn't". Just a thought
Hasn't Microsoft learned from the lessons of Outlook, why should contact information be tied to the File System? It is not enough that personal information can be harvested in a variety of ways now, lets create a new one! So the next generation of worms will not only look at your contact list in your favorite e-mail client, but the file system for anything that could be missed!
And what kind of security controls are going to be placed on this "feature", hopefully it is Mandatory Access Control (yeah, I'm dreaming but what the Hell, it's Friday)!!