what is the TCO of Commercial Software: purchase, upkeep and license management
You're not talking about commercial software. You're talking about closed source software. There are plenty of people working for Open Source commercial groups that resent this perpetual mistake, innocently made though it is.
I'm going to say this again, until I'm blue in the face:
Commercial software houses have their users by the short hairs
No they don't. Closed source software houses have their users by the short hairs. Commercial Open Source software houses, like Red Hat, Caldera, Akopia, Eazel, etc, are quite fine, I think you'll find.
I already do use comercial software and don't pay for it. Red Hat is a 400 million dollar company.
Oh wait...you meant CLOSED SOURCE commercial software, as opposed to Open Source commercial software.
Why are so many people confused between whether something has source code available and whether it is commercial? They have nothing to do with each other.
b) They are mentioned explicitly in a company's site license, as an inspector to ensure software legitimacy If you order a lot of closed source software in high volume, especially Microsoft Open License Plan, or Microsoft Select software, b) is indeed the case.
If you don't comply, they can revoke your existing licenses and then charge you with theft. Under the DMCA, they also have the right to remotely disable any software covered under the license agreement so that it is no longer functional.
Eazel-install is yet another app that uses ACLs as it permission system. Again, because Linux rwxs permissions aren't good enough.
Yay. Another security implementation on Linux because the default one sucks. Another front to fight the cracksers on. Besides Squid and Samba, which also use their own ACLs scheme because rwxs isn't good enough. Can we *please* move towards POSIX ACLs in a future kernel?
After all, I keep hearing your politicians talk about the American people, and you tell me that you are an American [and if being American means you are allowed to vote].
So lets have government for all *Americans*. That means folk from the USA, Canada, Mexico, Purerto Rico, Cuba...
Oh wait! Perhaps you guys were actually meaning to day USA the whole time you were talking about America?
If I lived in the other American countries I'd probably get real angry about this, but being Australian I just find the arrogance amusing.
Luckily where I come from, our country is our continent:-).
the new edition has simplified this and now covers two commercial UNIX systems (Solaris 2.7 and HP/UX 11.00) and two free operating systems
Red hat is a 400 million dollar company. That doesn't sound like a non-commerical entity to me. There's continual misunderstanding within and without Open Source community that being open or closed source is equivalent to being commercial or non-commercial. They have nothing to do with each other, whatsoever.
Some examples
Open Source, Commercial: Red Hat Linux
Open Source, Non-Commercial: Tomsrtbt Closed Source, Commercial: Windows 2000
Closed Source, Non-Commercial: PowerArchiver
As a both a user and administrator of SSH for a number of client sites where this is the primary method of remote access, it would seem there may be a specific issue with your sshd rather than ssh itself, which in my own experiences, hasn't crashed in a solid year of use at six main sites. Try another implementation or updated packages for the same implementation. The bug should go away. freessh.org will provide you with some starters.
In fact, sshd has been just a little more reliable than inet / xinet / telnetd in my experiences.
S/Key is reasonable, but the effort required to administer compared to making SSH a standard part of your environment is much preferred.
As above, just because something is popular doesn't mean it should be allowed outside your network.
And if your firewall admin is allowing Telnet traffic outside your firewall, fire him. Seriously. My work inherits a lot of clients that have has lovely, stable Linux machines, administered remotely via Telnet by their former admin. The machine's acting funny and needs some maintenance, and the old administrator is out of town. They call my work instead. We get out on site and attempt some security updates. `Sorry, I can't find your RPM database' says Red Hat. I look in the usual place/var/[whatever]...somehow tab completion doesn't work. Oh....wait a sec....most of/var has been deleted. And there's an account called w007 in/etc/passwd. Joy.
At more conservative places, Telnet isn't allowed even on the intranet. At no place should it be allowed on the internet. I will scream till I'm black and blue just because Telnet is ubiquitous does not mean it should be allowed in to your network . You wouldn't do it with SMB, why do it with Telnet? Because it's `Unixy'? That's very worrying.
And yes, even user account passwords matter.
If you're an admin, you should have permission to install apps on your Windows box. If you're not, your admin should have installed putty, terraterm, etc. for you
Because telnet is much more ubiquitous than ssh/scp True, though I doubt that's insightful. Just because Telnet is popular doesn't mean it should be allowed to travel inside or (horror) outside your network. SMB is popular too, you know. Would you like that going to the outside world?
If your admin is allowing telnet traffic through the firewall, fire him. Seriously.
If your point haired boss won't install a freeware SSHD or client, then he can purchase a comerical one from Check Point, SSH Corporation, or a stack of other closed source vendors. SSH was originally a semi-open product, and later a closed one. Its only through the brains of Open Source developers thjat the protocol was fully reverse engineered and documented.
Congratulations. You're having a pissing contest over a legacy app that sends password hashes in clear text over your network, has no redeeming features, has been completely replaced on all platforms free of charge by SSH, and is generally regarded as a flaming pile of insecure poo.
Keep arguing. Whichever of your operating systems encourages Telnet servers more, I'll make a note NOT to use.
You don't get his point [and neither did the moderator]. He's being sarcastic. The first guy said Windows 2000 didn't have a tlenet client [because he couldn't find it in his start menu]. The second guy said there is one, and by the same logic as the first guy, Linux didn't have a telnet client either because the KDE menu doesn't specifically say `telnet client'
either.
I certainly don't agree with Microsoft's entie point, but they do have one - there are vast quantities of Linux distributions and Unixes which both install and turn on things like Telnet servers by default.
Why? There is absolutely no reason for having a Telnet server anywhere within your network. It sends its content [including password hashes] in plain text. Everyone knows this. SSH and SCP servers and clients are available for every platform free of charge. Everyone knows that too. So why the hell do any distributions even ship with a Telnetd, much less install it, much less turn it on by default? Just because it was popular or a good idea years ago doesn't mean it's useful today. The only thing telnet should be used for is talking to mail, web and other services during troubleshooting.
Telnet is a plague on your network, and a weakness in an OS vendor that should be providing modern tools and telling you how to use them instead.
------------
Your subject title is actually a very good answer to your question. Microsofts security system is not entirely Windows based - if you recall an aticle entitled `Unix at the Empire' a few months ago, or talk to those who have knowledge of MS internal security, there is a lot of ipfilter based OpenBSD firewalls.
Though, as Microsoft are often in the habit of eating their own dog food, they might beusing their new Internet Security and Acceleration [ISA} Server, the replacement to shitty old proxy server. This eliminates much of the nastiness [and non-firewallness] of PS, and is about -3 months old. This incident would damage the launch severely is MS told anyone what they were using.
I'd suspect, with regards to security, they do the testing in a closed environment for quite some time.
But your point is nevertheless a good one - while we don't know what MS use internally, the habit of people calling Outlook Viruses `email viruses', when they only affect a specific client, is misleading.
* Quicktime for Linux does [rare] MJPEG encoded Quicktime for Linux
* Xanim doesn't fully support MPEG1
* SMPEG is also only MPEG 1 based
* XMovie does MPEG2
* AviFile is an interface for MS-MPEG4, among others
* Livid [library] and OMS [player] plays DVD movies
* RealPlayer plays RealMedia content and nothing else
Each of these libraries implements the same features over and over again. Different rendering modes, resampling for screen sizes, fullscreen mode, player interfaces and skinning, plugins [visualization, etc] etc.
This is a massive duplication of effort and [unlike similar duplications of effort] neither project covers the full spectrum of whats ouyt there [compare this to KDE - GNOME, which both happily run whatever apps are out there providing the libraries are installed].
We need to put a standard for pluggable codecs / extensions [an extension being a parent for other codecs - eg, the AviFile version of WINE, or a non-Real interface for RealPlayer codec]. Perhaps integrate it into SDL if appropriate.
The result would be a standard api [which a number of players could be used on top of] suitable for Audio and Video, and easily extensible. Can the developers of all the projects mentioned in this thread start please talking to each other?
Aviplay is actually a Linux iomplementation of...welll....aviplay, a Windows multimedia API made by Microsoft. It uses small chunks of Windows based source code to provide the environment a Windows based codec expects, then provides a native Linux interface for players [most notably aviplay player] to plug into. It works surprisingly well.
Here's the full list os supported codecs...note the Microsoft ones.
ATI VCR-2
Cinepak®
DivX;-)
Indeo® Video 3.2, 4.1, 5.0
Microsoft MPEG-4
Motion JPEG ( based on rather slow libjpeg, so not yet very usable )
Audio:
DivX;-) Audio
Microsoft GSM 6.10
IMA ADPCM
MSN Audio
MPEG Layer-1,2,3 Audio
PCM
On an unrelated note - RealPlayer for Linux is version 7 and won't play any of the recent media streams. Time to add Real to your Book of Grudges again.
Like most people, I'm not from the US. This is the second time of heard of this concept - the other was a Violent Femmes song with the line `this will go down on your permanent record'.
So is it true? Does the US government actually maintain a public record of what you did in high school? Who is it available to? And why isn't there an outcry in the demo
I have a bnrother that's a very high performing legal student, and will someday make vast quantities of money. He's a straight A student and always has been, but was expelled from his secondary school for helping another kid procure some marijuana. That's a single, out of character incident, and it would be incredible if that would follow him round for life.
Any Stateside people wish to explain this concept?
True, but on the other hand there are those who don't want to improve any aspect of Linux for fear that it would be similar to Windows, and therefore bad. These folks generally aren't helping the cause. Who says because Windows isn't stable, that it doesn't have some good ideas? I know both the GNOME and KDE camps have drawn a few innovative ideas.
There's a line between advocacy and stubborness. More often than not, the `k33p L1nu> l33t' crown do more damage than the Windows user wishing Linux was just a little more polished.
Not really. Linux reliability comes from its Openness. Solaris/Sparc takes an order of magnitude longer to produce bug fixes and security updates than Open Source OSs. If you believe ZDNet, 58 days versus 5, IIRC. I won't say anything about AS/400 or VMS as I don't have any experience with them.
It's an old adage that "the source code is the best documentation," and it's hard to argue otherwise. If I really want to know how a certain function call works, or how the kernel is talking to the hardware, I can dig out the glibc or kernel sources and see for myself...
Most people don't want to know how something works. They want to know how to use it. Being a technical person, you might have difficulty seeing that. Just because I own a car, it doesn't mean I should have to be a mechanic. Chances are I just want to drive.
The Total Cost of Ownership argument in favour of Linux isn't about licensing costs. These are insignificant [around 3% or server owndership costs].
What the biggest cost of owning a server is is downtime. Wasted invetment on equipment, payroll charges for employees to do nothing, decreased value of goodwill [an intangible asset in itself], overtime for staff to catch up with their business, and most importantly LOST BUSINESS. Downtime isn't actually included in MSs TCO metrics. Too bad - at work, and for most clients, reliability is reason they're dumping their existing systems and moving to stable, easy to use Linux distributions, most notably e-smith for low end services, and Red Hat for the more advanced stuff.
Sorry to be blunt: but here's my argument for Linux. Fuck price. Use Linux because its reliable
Slashdot Mirror
1.) Write a simple commercial application
Better yet. Write a simple closed source applciation. Your plan won't work if its a commercial Opern Source application.
what is the TCO of Commercial Software: purchase, upkeep and license management
You're not talking about commercial software. You're talking about closed source software. There are plenty of people working for Open Source commercial groups that resent this perpetual mistake, innocently made though it is.
I'm going to say this again, until I'm blue in the face:
Commercial software houses have their users by the short hairs
No they don't. Closed source software houses have their users by the short hairs. Commercial Open Source software houses, like Red Hat, Caldera, Akopia, Eazel, etc, are quite fine, I think you'll find.
I already do use comercial software and don't pay for it. Red Hat is a 400 million dollar company.
Oh wait...you meant CLOSED SOURCE commercial software, as opposed to Open Source commercial software.
Why are so many people confused between whether something has source code available and whether it is commercial? They have nothing to do with each other.
----
b) They are mentioned explicitly in a company's site license, as an inspector to ensure software legitimacy
If you order a lot of closed source software in high volume, especially Microsoft Open License Plan, or Microsoft Select software, b) is indeed the case.
If you don't comply, they can revoke your existing licenses and then charge you with theft. Under the DMCA, they also have the right to remotely disable any software covered under the license agreement so that it is no longer functional.
If you live in the US, that is.
Eazel-install is yet another app that uses ACLs as it permission system. Again, because Linux rwxs permissions aren't good enough.
Yay. Another security implementation on Linux because the default one sucks. Another front to fight the cracksers on. Besides Squid and Samba, which also use their own ACLs scheme because rwxs isn't good enough. Can we *please* move towards POSIX ACLs in a future kernel?
After all, I keep hearing your politicians talk about the American people, and you tell me that you are an American [and if being American means you are allowed to vote].
:-).
So lets have government for all *Americans*. That means folk from the USA, Canada, Mexico, Purerto Rico, Cuba...
Oh wait! Perhaps you guys were actually meaning to day USA the whole time you were talking about America?
If I lived in the other American countries I'd probably get real angry about this, but being Australian I just find the arrogance amusing.
Luckily where I come from, our country is our continent
the new edition has simplified this and now covers two commercial UNIX systems (Solaris 2.7 and HP/UX 11.00) and two free operating systems
Red hat is a 400 million dollar company. That doesn't sound like a non-commerical entity to me. There's continual misunderstanding within and without Open Source community that being open or closed source is equivalent to being commercial or non-commercial. They have nothing to do with each other, whatsoever.
Some examples
Open Source, Commercial: Red Hat Linux
Open Source, Non-Commercial: Tomsrtbt
Closed Source, Commercial: Windows 2000
Closed Source, Non-Commercial: PowerArchiver
----
I don't. Konqueror / KDE2.
As a both a user and administrator of SSH for a number of client sites where this is the primary method of remote access, it would seem there may be a specific issue with your sshd rather than ssh itself, which in my own experiences, hasn't crashed in a solid year of use at six main sites. Try another implementation or updated packages for the same implementation. The bug should go away. freessh.org will provide you with some starters.
In fact, sshd has been just a little more reliable than inet / xinet / telnetd in my experiences.
S/Key is reasonable, but the effort required to administer compared to making SSH a standard part of your environment is much preferred.
As above, just because something is popular doesn't mean it should be allowed outside your network. /var/[whatever]...somehow tab completion doesn't work. Oh....wait a sec....most of /var has been deleted. And there's an account called w007 in /etc/passwd. Joy.
And if your firewall admin is allowing Telnet traffic outside your firewall, fire him. Seriously. My work inherits a lot of clients that have has lovely, stable Linux machines, administered remotely via Telnet by their former admin. The machine's acting funny and needs some maintenance, and the old administrator is out of town. They call my work instead. We get out on site and attempt some security updates. `Sorry, I can't find your RPM database' says Red Hat. I look in the usual place
At more conservative places, Telnet isn't allowed even on the intranet. At no place should it be allowed on the internet. I will scream till I'm black and blue just because Telnet is ubiquitous does not mean it should be allowed in to your network . You wouldn't do it with SMB, why do it with Telnet? Because it's `Unixy'? That's very worrying.
And yes, even user account passwords matter.
If you're an admin, you should have permission to install apps on your Windows box. If you're not, your admin should have installed putty, terraterm, etc. for you
-----
Because telnet is much more ubiquitous than ssh/scp
True, though I doubt that's insightful. Just because Telnet is popular doesn't mean it should be allowed to travel inside or (horror) outside your network. SMB is popular too, you know. Would you like that going to the outside world?
There's a plethora of free Linux / Unix / Windows based SSH and SCP clients available, as well as a stack of commercial ones.
And if the Windows telnet app is shitty [the Win2K version is a little better], you'll end up using third party software anyway.
If your admin is allowing telnet traffic through the firewall, fire him. Seriously.
If your point haired boss won't install a freeware SSHD or client, then he can purchase a comerical one from Check Point, SSH Corporation, or a stack of other closed source vendors. SSH was originally a semi-open product, and later a closed one. Its only through the brains of Open Source developers thjat the protocol was fully reverse engineered and documented.
Congratulations. You're having a pissing contest over a legacy app that sends password hashes in clear text over your network, has no redeeming features, has been completely replaced on all platforms free of charge by SSH, and is generally regarded as a flaming pile of insecure poo.
Keep arguing. Whichever of your operating systems encourages Telnet servers more, I'll make a note NOT to use.
You don't get his point [and neither did the moderator]. He's being sarcastic. The first guy said Windows 2000 didn't have a tlenet client [because he couldn't find it in his start menu]. The second guy said there is one, and by the same logic as the first guy, Linux didn't have a telnet client either because the KDE menu doesn't specifically say `telnet client'
either.
I certainly don't agree with Microsoft's entie point, but they do have one - there are vast quantities of Linux distributions and Unixes which both install and turn on things like Telnet servers by default.
Why? There is absolutely no reason for having a Telnet server anywhere within your network. It sends its content [including password hashes] in plain text. Everyone knows this. SSH and SCP servers and clients are available for every platform free of charge. Everyone knows that too. So why the hell do any distributions even ship with a Telnetd, much less install it, much less turn it on by default? Just because it was popular or a good idea years ago doesn't mean it's useful today. The only thing telnet should be used for is talking to mail, web and other services during troubleshooting.
Telnet is a plague on your network, and a weakness in an OS vendor that should be providing modern tools and telling you how to use them instead.
------------
Your subject title is actually a very good answer to your question. Microsofts security system is not entirely Windows based - if you recall an aticle entitled `Unix at the Empire' a few months ago, or talk to those who have knowledge of MS internal security, there is a lot of ipfilter based OpenBSD firewalls.
Though, as Microsoft are often in the habit of eating their own dog food, they might beusing their new Internet Security and Acceleration [ISA} Server, the replacement to shitty old proxy server. This eliminates much of the nastiness [and non-firewallness] of PS, and is about -3 months old. This incident would damage the launch severely is MS told anyone what they were using.
I'd suspect, with regards to security, they do the testing in a closed environment for quite some time.
But your point is nevertheless a good one - while we don't know what MS use internally, the habit of people calling Outlook Viruses `email viruses', when they only affect a specific client, is misleading.
* Quicktime for Linux does [rare] MJPEG encoded Quicktime for Linux
* Xanim doesn't fully support MPEG1
* SMPEG is also only MPEG 1 based
* XMovie does MPEG2
* AviFile is an interface for MS-MPEG4, among others
* Livid [library] and OMS [player] plays DVD movies
* RealPlayer plays RealMedia content and nothing else
Each of these libraries implements the same features over and over again. Different rendering modes, resampling for screen sizes, fullscreen mode, player interfaces and skinning, plugins [visualization, etc] etc.
This is a massive duplication of effort and [unlike similar duplications of effort] neither project covers the full spectrum of whats ouyt there [compare this to KDE - GNOME, which both happily run whatever apps are out there providing the libraries are installed].
We need to put a standard for pluggable codecs / extensions [an extension being a parent for other codecs - eg, the AviFile version of WINE, or a non-Real interface for RealPlayer codec]. Perhaps integrate it into SDL if appropriate.
The result would be a standard api [which a number of players could be used on top of] suitable for Audio and Video, and easily extensible. Can the developers of all the projects mentioned in this thread start please talking to each other?
---
Aviplay is actually a Linux iomplementation of...welll....aviplay, a Windows multimedia API made by Microsoft. It uses small chunks of Windows based source code to provide the environment a Windows based codec expects, then provides a native Linux interface for players [most notably aviplay player] to plug into. It works surprisingly well.
;-)
;-) Audio
Here's the full list os supported codecs...note the Microsoft ones.
ATI VCR-2
Cinepak®
DivX
Indeo® Video 3.2, 4.1, 5.0
Microsoft MPEG-4
Motion JPEG ( based on rather slow libjpeg, so not yet very usable )
Audio:
DivX
Microsoft GSM 6.10
IMA ADPCM
MSN Audio
MPEG Layer-1,2,3 Audio
PCM
On an unrelated note - RealPlayer for Linux is version 7 and won't play any of the recent media streams. Time to add Real to your Book of Grudges again.
Like most people, I'm not from the US. This is the second time of heard of this concept - the other was a Violent Femmes song with the line `this will go down on your permanent record'.
So is it true? Does the US government actually maintain a public record of what you did in high school? Who is it available to? And why isn't there an outcry in the demo
I have a bnrother that's a very high performing legal student, and will someday make vast quantities of money. He's a straight A student and always has been, but was expelled from his secondary school for helping another kid procure some marijuana. That's a single, out of character incident, and it would be incredible if that would follow him round for life.
Any Stateside people wish to explain this concept?
True, but on the other hand there are those who don't want to improve any aspect of Linux for fear that it would be similar to Windows, and therefore bad. These folks generally aren't helping the cause. Who says because Windows isn't stable, that it doesn't have some good ideas? I know both the GNOME and KDE camps have drawn a few innovative ideas.
There's a line between advocacy and stubborness. More often than not, the `k33p L1nu> l33t' crown do more damage than the Windows user wishing Linux was just a little more polished.
Not really. Linux reliability comes from its Openness. Solaris/Sparc takes an order of magnitude longer to produce bug fixes and security updates than Open Source OSs. If you believe ZDNet, 58 days versus 5, IIRC. I won't say anything about AS/400 or VMS as I don't have any experience with them.
They mean the Windows NT `family' - including NT5 / Windows 2000.
It's an old adage that "the source code is the best documentation," and it's hard to argue otherwise. If I really want to know how a certain function call works, or how the kernel is talking to the hardware, I can dig out the glibc or kernel sources and see for myself...
Most people don't want to know how something works. They want to know how to use it. Being a technical person, you might have difficulty seeing that. Just because I own a car, it doesn't mean I should have to be a mechanic. Chances are I just want to drive.
I disagree with both you and Gartner.
The Total Cost of Ownership argument in favour of Linux isn't about licensing costs. These are insignificant [around 3% or server owndership costs].
What the biggest cost of owning a server is is downtime. Wasted invetment on equipment, payroll charges for employees to do nothing, decreased value of goodwill [an intangible asset in itself], overtime for staff to catch up with their business, and most importantly LOST BUSINESS. Downtime isn't actually included in MSs TCO metrics. Too bad - at work, and for most clients, reliability is reason they're dumping their existing systems and moving to stable, easy to use Linux distributions, most notably e-smith for low end services, and Red Hat for the more advanced stuff.
Sorry to be blunt: but here's my argument for Linux. Fuck price. Use Linux because its reliable