I agree, parent poster was just plain wrong when they alluded to no longer needing a CLI with Linux. All of those web-based tools require you to install them from a CLI. Of course if it's a simple LAMP then the LAMP installer with Ubuntu is probably sufficient but who uses a LAMP as a single box? I've never understood that concept which seems to be fairly prevalent in the Linux world. Why would you want a database server and a web server on the same box? Especially with how memory hungry MySQL is.
Well, I use Ubuntu server everyday and its default install doesn't even come with a graphical UI. So I use the CLI for pretty much all administration. For some boxes I'll throw on webmin, for Oracle I'll connect to a remote X-server, usually my laptop but there is a lot of cli there too. Make no mistake, we're talking about administration here and in the administration you expect to use a CLI if you're working with Linux.
There are those of us that appreciate the simplicity of running a few shell scripts for common tasks such as adding extensions to Asterisk but we're not blind to Windows which is inherently far easier to administer. Ease of use comes at a cost so it's not always the right tool for the job, that's why having alternatives is great.
The GNU world likes their small tools and because of this flexibility you'll rarely find a full featured administrative GUI without spending lots of money on time and 3rd party software tools. There is a lot of inherent flexibility but ultimately it means that the CLI isn't going anywhere, nor should it. Even in the Windows world the power of a CLI is finally getting recognized with Powershell. Scripting is the future of administration. Who cares if it's hard to write a script if you only have to do it once?
I don't get it, how is this a flash vulnerability and not sure poor server administration? Uploads on my site don't go into an executable location. Guess it's web 2.0 run amok! In my mind any site that runs user uploaded content is going to be host to any number of problems which is why most sites restrict file types. Sounds to me like this isn't news though. At the very least you should put referral restrictions on folders with user uploaded content to ensure that they can only access it from your domain. Sure it's not perfect but it's a lot better, provided its based on ip address and not domain name that is.
As someone dealing with unencrypted file transfers from OS X I laugh at it being more secure. I'll grant in some ways it's better. For those of us that haven't been running as Administrative users and yes, that includes my grandma, we haven't been worrying about browsing the wrong site for many years now. The advantage for OS X is that it treats it's users like idiots and in reality that's probably a reasonable assumption. Fortunately there are ways to open it up but you're still left with an OS that sucks at playing with others. I'm referring to ever worsening Samba support making file transfers to both Linux and Windows servers absurdly slow, then of course there is the shaky NFS support which has only slightly improved with time. I'll never understand why Apple couldn't use the IPSec transfer abilities like Samba on Linux does. Instead it will just send your username/password and all your data over the pipe in the clear. Yes, real security!
Perhaps because the look and feel then and the look and feel now are still completely different from that of Apple's offerings? I don't think anyone running 7 is confused about what OS they are running. Same with OS X users.
Were you replying to my comment? Because it doesn't sound like you read my comment. I specifically said there are cut-off points where virtual infrastructure doesn't make sense.
Also, the fact that you think the IO of SAN is any different than that of an HP Non-Stop setup is where things get really comical because you're talking about Infiniband which is used in x86 hardware as well. As I said, the threshold is moving into higher and higher workloads.
I'm also not sure where you get your information about Exchange not being IO intensive. Exchange setups easily handle billions of transactions just like the big RDBMS out there. That's why when you evaluate virtual platforms they always ask you about your Exchange environment as well as your database environment. They are both considered to be high IO applications as all they do practically is read and write from disk.
I find the whole concept of your argument funny considering the Non-stop setups were early attempts at abstraction from the hardware to handle failure and be able to spread the load. In essence it was the start of virtual infrastructure. There is a reason Non-Stop isn't primarily part of HP's business anymore, people are achieving what they need to with commodity hardware. Sorry, but you do indeed save a lot of money that way too. Enterprise crap used to cost boat loads, now it is accessible to much smaller players with smaller workloads but the same demands for up-time.
Plenty of room for a Riverbed or Cisco WAAS in between to accelerate transfers as well. Sounds like you and I want to use the tech in similar ways.
For me, I don't mess with BGP yet, I can accomplish what I need through virtual links with OSPF. Won't be as smooth as my per site fail-over since I have two locations on site. It's a temporary setup so I have three locations, a primary at our event, a secondary at our event, and a third back at HQ with a fourth on its way for DR purposes. Sucks moving your network from city to city but at least it makes for some interesting problems.
If your primary and secondary systems are physically located next to each other then they aren't in the category of highly available. Furthermore with storage replication and regular snapshotting you can have your virtual infrastructure at your DR site on the cheap while gaining enterprise availability and most importantly, business continuity.
I'll agree with being skeptical about transparency although how many people already have this? I went with XenServer and Citrix Essentials for it, I already have this fail-over and I can tell you that it works. I physically pulled a blade out of the chassis and sure enough, by the time I got back to my desk the servers were functioning having dropped a whole packet. Further tweaking of the underlying network infrastructure resulted in keeping the packet with just a momentary rise in latency.
Enterprise availability is fast coming to the little guys.
Huh? We have a SAN son, you need more throughput? Add another 4 or 8gig trunk and bam you've added significant bandwidth. With individual blades having dual 8gig HBAs you have quite a bit of IO available to you assuming proper PCI-E. There is a upper limit where you shouldn't be virtualizing infrastructure but that limit is moving ever higher. I don't know about you, but I have a NetApp based storage array with redundant switching gear that is more than capable of keeping up with the IO of having 20 servers on a single physical host and that includes Oracle, Reporting services, Exchange, and a few other high IO applications. My security server recording our multi-megapixel security cameras and a backup Oracle database will stay outside the virtual environment for obvious reasons. Then of course there is our DR setup for basic business continuity.
I think a hybrid approach is the only way but you're right in that the states should be taking the initiatives. Of course Vermont did creating Dr Dinosaur to insure kids in the state. There is not enough funding for such a tiny state to do that for everyone although they are still managing to expand the program.
haha, that level of ignorance is impressive given that California and New York both of economies dwarfing the majority of the red states combined. Texas probably being the only red state capable of standing on its own due to incredible amounts of oil.
The majority of the country was never red even when Bush won the presidency. If you recall Bush won by a small percentage each time winning twice as many states but getting less than half of the electoral votes because the majority of the population is in blue states.
But of course this is all beside the point that Michigan was never a blue state and that Seattle has a great economy. Crime is skyrocketing everywhere, not just in blue states. Take a look at Cleveland, St. Louis, majorly red cities inside of red states and see how well the economy and crime states are doing.
Also keep in mind that under a democratic governor California was wildly successful. Then the republican leadership deregulated the energy sector resulting in Enron and surprise surprise? Enron went bust and California has been in a downward spiral ever since. I do believe they will recover though even those more and more of them are moving into my state which is Arizona. Arizona is another red state who's economy is in the crapper with the state legislature forced to lease the capital building because they planned so poorly.
You'll find that historically you're wildly incorrect. FDR brought us out of the depression and into a period of unprecedented growth. Admittedly Clinton got out of the way of a technology boom fueling the 90's despite Bush Sr getting us into an international conflict and cutting taxes creating a record deficit which Clinton not only reverse but created a surplus with.
I would ask what red states are doing well? Alabama? Georgia? Kentucky? Kansas? Missouri? Sure, they each all have areas that are successful but they are not on the list of top economic earners by any stretch.
Of course I come from Vermont which swings back and forth all the time because we don't care what party a person is with, we care about their message and that they follow through with their word. This is the reason I don't think we're heading for glory with Obama. Yes he's blue but that doesn't mean he's making sane choices when it comes to spending. Imagine what the country could have done with the trillian dollars spent on a pointless war that we needed not get involved with? I'm speaking of course of Iraq, we actually had reason to take out the Taliban.
So the engineer gets to choose where to put the light? Somehow I don't think that's how it went down. Someone in a leadership role told him/her to do it and they did it. A single traffic light isn't really engineered so much as installed.
While yes they all have their shows that are blatantly biased, they weren't so openly hostile towards the Bush administration hosting tea parties and town-hall shouting matches either.
Honestly it doesn't help when Fox is also organizing tea parties promoting this shouting match instead of intelligent debate. You saw it with the town-hall meetings. There were legitimate concerns that needed and still need to be addressed but instead of intelligent debate it just became a shouting match.
Fox has been openly hostile towards the current administration and the irony is that Obama is continuing a lot of Bush policies that they supported while Bush was in office. So it becomes increasingly difficult for many of us to take Fox seriously. Of course a lot of people aren't happy with Obama for maintaining some the programs Bush pushed through. The reality is that both sides want more power and Obama is now exposed to the additional power given to the presidency. Power which was never granted, but taken while our representatives did nothing.
I think many of us lost a lot of respect for all sides. There is a growing rebellion of people that realize that discussion needs to return to the political landscape and not everything is a black or white issue. It will just take some time before I believe politics will reflect this growing irritation.
Of course Vermont has towns with 7,000 people in it and cities with a population of about 2,000 (Vergennes), at some point you realize it's just a city because of how it is zoned and it actually has nothing to do with the population count.
Or you build in multiple redundancies with systems that have to agree in order to make such an important change. Also, who said this network had to be Internet accessible? Maintaining physical security is pretty easy in comparison to Internet security and that is mostly all that would be required. You would probably want to throw in multi-factor authentication and decent encryption just in case a facility did actually get compromised.
This thought that there are tons of super hackers out there is ridiculous too. It's amazing the abilities attributed to secret government agencies and lone hackers of extraordinary skill. There will come a time when these skills are not seen as magic and people will take sensible approaches to security.
That's one high quality test. I remember you either were tested on parallel parking or hill starts. My tester had me do a hill start in an automatic. Gotta love it!
You're right, the first time I encountered them in Sedona I wasn't quite sure what to do with it. Then I saw the yield signs and all was fine. I had no problem with them after that but I saw a lot of people not know that they could go while another car was in the circle and so it would definitely cause major congestion if it's a high traffic area like downtown Phoenix.
I've yet to figure out Arizona drivers. They drive like such crap on the 101 but I was driving up Hayden one day and the light at Shea was out. Everyone automatically did the four-way stop and it was problem free, it wasn't even really backed up.
I would hate to see Mad Max in AZ, there is a lot of firepower here, it would be one bloody event. I mean more than it already is.
Are you asserting that the rich people you know represent the majority of the rich population? Parent didn't state that all rich people were dumb, only the majority. My life echoes his stance as well. I too know some smart rich people but they are by far in the minority. At least in my experience.
Yes, you're missing a lot in terms of performance. Linux in HVM mode is not fast by any stretch. In PV mode however it's near native speed. You get by it in Windows because you install in HVM and the Xen tools will install PV drivers for all your devices. None of this happens on the Linux side. If you don't install then tools then you can't monitor and manage the VM centrally either.
While you're definitely correct that it would make for a more secure and in my opinion less problematic computing landscape it would have broken older applications and traditionally Microsoft doesn't like to break legacy support unlike Apple.
Why developers were so sloppy I'll never understand. Why the registry was even created I can't understand either as there was nothing wrong with the Win3.x method of just storing configs with the applications. Those were the days!
Ubuntu 8.04 came with a Xen kernel, they dropped Xen support after that however in favor of KVM. With the renewed backing by Citrix and subsequent explosion in users I feel this was a very poor decision as us XenServer users are forced to either use Ubuntu 8.04 or we have to create a PV VM and use a Debian kernel. The solution works just fine with very little performance penalty but I suspect it will become a problem given that I have to manually update the kernel when there are updates. So I'll wait for several releases before upgrading a kernel. Fortunately I can snapshot the VM first so I don't risk any permanent damage.
This seems to happen a lot with Ubuntu though. I remember a kernel update broke wired networking on a laptop I had. I had patch the kernel to get it to work. It was working before, new kernel, now it doesn't work, another new kernel a month later and now it works again, magic! Their QA leaves much to be desired but that's what we grow to expect from our workings with Ubuntu. If it didn't have a great community supporting each-others efforts people wouldn't still be dealing with the BS that they have to deal on the Ubuntu side. Debian gives you a lot of the same stuff, just a few generations behind. Slackware, Fedora, CentOS all give you the latest and greatest however and have far fewer issues like these but again, their support communities are not as helpful as the Ubuntu side of the fence.
It all comes down to, want to do something funky with Linux? Okay, here's how you do it on Ubuntu.
The year 2000 called and they gave you security templates based on computer roles to make this whole process a lot easier. Of course in 2009 it's even easier with remote auditing tools and GPO enforcement in Vista/Win7.
It's relatively easy to lock Windows down these days even for starter admins. Vista and Win7 changed this whole landscape drastically as practically every aspect of the interface can be controlled through group policy now.
I would say Linux and Windows are finally at parity in terms of automation too since who wants to do this stuff to every machine? It's fine if you only have 20 but when you have 200 is starts to suck real fast. The main problem is still crappy applications requiring access to protected parts of the registry. If they had stayed within their bounds it would be easy but no they have to have DRM hooks that talk to components deep in the OS. Apple, I'm looking at you here. Of course they are not alone by any stretch either as even Microsoft has been guilty of this practice from time to time. Office however will work just fine without admin privileges.
I'll never understand why Apple developers kept everything in their own app directory and why Windows developers decided to scatter everything everywhere they could. It's especially funny given that you'll have companies producing the same product for both platforms and they only follow good practices on the Apple side of the fence for some reason.
Slashdot Mirror
You mean we're not in The Matrix?
I agree, parent poster was just plain wrong when they alluded to no longer needing a CLI with Linux. All of those web-based tools require you to install them from a CLI. Of course if it's a simple LAMP then the LAMP installer with Ubuntu is probably sufficient but who uses a LAMP as a single box? I've never understood that concept which seems to be fairly prevalent in the Linux world. Why would you want a database server and a web server on the same box? Especially with how memory hungry MySQL is.
Well, I use Ubuntu server everyday and its default install doesn't even come with a graphical UI. So I use the CLI for pretty much all administration. For some boxes I'll throw on webmin, for Oracle I'll connect to a remote X-server, usually my laptop but there is a lot of cli there too. Make no mistake, we're talking about administration here and in the administration you expect to use a CLI if you're working with Linux.
There are those of us that appreciate the simplicity of running a few shell scripts for common tasks such as adding extensions to Asterisk but we're not blind to Windows which is inherently far easier to administer. Ease of use comes at a cost so it's not always the right tool for the job, that's why having alternatives is great.
The GNU world likes their small tools and because of this flexibility you'll rarely find a full featured administrative GUI without spending lots of money on time and 3rd party software tools. There is a lot of inherent flexibility but ultimately it means that the CLI isn't going anywhere, nor should it. Even in the Windows world the power of a CLI is finally getting recognized with Powershell. Scripting is the future of administration. Who cares if it's hard to write a script if you only have to do it once?
I don't get it, how is this a flash vulnerability and not sure poor server administration? Uploads on my site don't go into an executable location. Guess it's web 2.0 run amok! In my mind any site that runs user uploaded content is going to be host to any number of problems which is why most sites restrict file types. Sounds to me like this isn't news though. At the very least you should put referral restrictions on folders with user uploaded content to ensure that they can only access it from your domain. Sure it's not perfect but it's a lot better, provided its based on ip address and not domain name that is.
As someone dealing with unencrypted file transfers from OS X I laugh at it being more secure. I'll grant in some ways it's better. For those of us that haven't been running as Administrative users and yes, that includes my grandma, we haven't been worrying about browsing the wrong site for many years now. The advantage for OS X is that it treats it's users like idiots and in reality that's probably a reasonable assumption. Fortunately there are ways to open it up but you're still left with an OS that sucks at playing with others. I'm referring to ever worsening Samba support making file transfers to both Linux and Windows servers absurdly slow, then of course there is the shaky NFS support which has only slightly improved with time. I'll never understand why Apple couldn't use the IPSec transfer abilities like Samba on Linux does. Instead it will just send your username/password and all your data over the pipe in the clear. Yes, real security!
Perhaps because the look and feel then and the look and feel now are still completely different from that of Apple's offerings? I don't think anyone running 7 is confused about what OS they are running. Same with OS X users.
Were you replying to my comment? Because it doesn't sound like you read my comment. I specifically said there are cut-off points where virtual infrastructure doesn't make sense.
Also, the fact that you think the IO of SAN is any different than that of an HP Non-Stop setup is where things get really comical because you're talking about Infiniband which is used in x86 hardware as well. As I said, the threshold is moving into higher and higher workloads.
I'm also not sure where you get your information about Exchange not being IO intensive. Exchange setups easily handle billions of transactions just like the big RDBMS out there. That's why when you evaluate virtual platforms they always ask you about your Exchange environment as well as your database environment. They are both considered to be high IO applications as all they do practically is read and write from disk.
I find the whole concept of your argument funny considering the Non-stop setups were early attempts at abstraction from the hardware to handle failure and be able to spread the load. In essence it was the start of virtual infrastructure. There is a reason Non-Stop isn't primarily part of HP's business anymore, people are achieving what they need to with commodity hardware. Sorry, but you do indeed save a lot of money that way too. Enterprise crap used to cost boat loads, now it is accessible to much smaller players with smaller workloads but the same demands for up-time.
Plenty of room for a Riverbed or Cisco WAAS in between to accelerate transfers as well. Sounds like you and I want to use the tech in similar ways.
For me, I don't mess with BGP yet, I can accomplish what I need through virtual links with OSPF. Won't be as smooth as my per site fail-over since I have two locations on site. It's a temporary setup so I have three locations, a primary at our event, a secondary at our event, and a third back at HQ with a fourth on its way for DR purposes. Sucks moving your network from city to city but at least it makes for some interesting problems.
If your primary and secondary systems are physically located next to each other then they aren't in the category of highly available. Furthermore with storage replication and regular snapshotting you can have your virtual infrastructure at your DR site on the cheap while gaining enterprise availability and most importantly, business continuity.
I'll agree with being skeptical about transparency although how many people already have this? I went with XenServer and Citrix Essentials for it, I already have this fail-over and I can tell you that it works. I physically pulled a blade out of the chassis and sure enough, by the time I got back to my desk the servers were functioning having dropped a whole packet. Further tweaking of the underlying network infrastructure resulted in keeping the packet with just a momentary rise in latency.
Enterprise availability is fast coming to the little guys.
Huh? We have a SAN son, you need more throughput? Add another 4 or 8gig trunk and bam you've added significant bandwidth. With individual blades having dual 8gig HBAs you have quite a bit of IO available to you assuming proper PCI-E. There is a upper limit where you shouldn't be virtualizing infrastructure but that limit is moving ever higher. I don't know about you, but I have a NetApp based storage array with redundant switching gear that is more than capable of keeping up with the IO of having 20 servers on a single physical host and that includes Oracle, Reporting services, Exchange, and a few other high IO applications. My security server recording our multi-megapixel security cameras and a backup Oracle database will stay outside the virtual environment for obvious reasons. Then of course there is our DR setup for basic business continuity.
I think a hybrid approach is the only way but you're right in that the states should be taking the initiatives. Of course Vermont did creating Dr Dinosaur to insure kids in the state. There is not enough funding for such a tiny state to do that for everyone although they are still managing to expand the program.
haha, that level of ignorance is impressive given that California and New York both of economies dwarfing the majority of the red states combined. Texas probably being the only red state capable of standing on its own due to incredible amounts of oil.
The majority of the country was never red even when Bush won the presidency. If you recall Bush won by a small percentage each time winning twice as many states but getting less than half of the electoral votes because the majority of the population is in blue states.
But of course this is all beside the point that Michigan was never a blue state and that Seattle has a great economy. Crime is skyrocketing everywhere, not just in blue states. Take a look at Cleveland, St. Louis, majorly red cities inside of red states and see how well the economy and crime states are doing.
Also keep in mind that under a democratic governor California was wildly successful. Then the republican leadership deregulated the energy sector resulting in Enron and surprise surprise? Enron went bust and California has been in a downward spiral ever since. I do believe they will recover though even those more and more of them are moving into my state which is Arizona. Arizona is another red state who's economy is in the crapper with the state legislature forced to lease the capital building because they planned so poorly.
You'll find that historically you're wildly incorrect. FDR brought us out of the depression and into a period of unprecedented growth. Admittedly Clinton got out of the way of a technology boom fueling the 90's despite Bush Sr getting us into an international conflict and cutting taxes creating a record deficit which Clinton not only reverse but created a surplus with.
I would ask what red states are doing well? Alabama? Georgia? Kentucky? Kansas? Missouri? Sure, they each all have areas that are successful but they are not on the list of top economic earners by any stretch.
Of course I come from Vermont which swings back and forth all the time because we don't care what party a person is with, we care about their message and that they follow through with their word. This is the reason I don't think we're heading for glory with Obama. Yes he's blue but that doesn't mean he's making sane choices when it comes to spending. Imagine what the country could have done with the trillian dollars spent on a pointless war that we needed not get involved with? I'm speaking of course of Iraq, we actually had reason to take out the Taliban.
So the engineer gets to choose where to put the light? Somehow I don't think that's how it went down. Someone in a leadership role told him/her to do it and they did it. A single traffic light isn't really engineered so much as installed.
While yes they all have their shows that are blatantly biased, they weren't so openly hostile towards the Bush administration hosting tea parties and town-hall shouting matches either.
Honestly it doesn't help when Fox is also organizing tea parties promoting this shouting match instead of intelligent debate. You saw it with the town-hall meetings. There were legitimate concerns that needed and still need to be addressed but instead of intelligent debate it just became a shouting match.
Fox has been openly hostile towards the current administration and the irony is that Obama is continuing a lot of Bush policies that they supported while Bush was in office. So it becomes increasingly difficult for many of us to take Fox seriously. Of course a lot of people aren't happy with Obama for maintaining some the programs Bush pushed through. The reality is that both sides want more power and Obama is now exposed to the additional power given to the presidency. Power which was never granted, but taken while our representatives did nothing.
I think many of us lost a lot of respect for all sides. There is a growing rebellion of people that realize that discussion needs to return to the political landscape and not everything is a black or white issue. It will just take some time before I believe politics will reflect this growing irritation.
Of course Vermont has towns with 7,000 people in it and cities with a population of about 2,000 (Vergennes), at some point you realize it's just a city because of how it is zoned and it actually has nothing to do with the population count.
Or you build in multiple redundancies with systems that have to agree in order to make such an important change. Also, who said this network had to be Internet accessible? Maintaining physical security is pretty easy in comparison to Internet security and that is mostly all that would be required. You would probably want to throw in multi-factor authentication and decent encryption just in case a facility did actually get compromised.
This thought that there are tons of super hackers out there is ridiculous too. It's amazing the abilities attributed to secret government agencies and lone hackers of extraordinary skill. There will come a time when these skills are not seen as magic and people will take sensible approaches to security.
That's one high quality test. I remember you either were tested on parallel parking or hill starts. My tester had me do a hill start in an automatic. Gotta love it!
You're right, the first time I encountered them in Sedona I wasn't quite sure what to do with it. Then I saw the yield signs and all was fine. I had no problem with them after that but I saw a lot of people not know that they could go while another car was in the circle and so it would definitely cause major congestion if it's a high traffic area like downtown Phoenix.
I've yet to figure out Arizona drivers. They drive like such crap on the 101 but I was driving up Hayden one day and the light at Shea was out. Everyone automatically did the four-way stop and it was problem free, it wasn't even really backed up.
I would hate to see Mad Max in AZ, there is a lot of firepower here, it would be one bloody event. I mean more than it already is.
Sounds like you've come to the end of a porn career or something.
Are you asserting that the rich people you know represent the majority of the rich population? Parent didn't state that all rich people were dumb, only the majority. My life echoes his stance as well. I too know some smart rich people but they are by far in the minority. At least in my experience.
Yes, you're missing a lot in terms of performance. Linux in HVM mode is not fast by any stretch. In PV mode however it's near native speed. You get by it in Windows because you install in HVM and the Xen tools will install PV drivers for all your devices. None of this happens on the Linux side. If you don't install then tools then you can't monitor and manage the VM centrally either.
While you're definitely correct that it would make for a more secure and in my opinion less problematic computing landscape it would have broken older applications and traditionally Microsoft doesn't like to break legacy support unlike Apple.
Why developers were so sloppy I'll never understand. Why the registry was even created I can't understand either as there was nothing wrong with the Win3.x method of just storing configs with the applications. Those were the days!
Ubuntu 8.04 came with a Xen kernel, they dropped Xen support after that however in favor of KVM. With the renewed backing by Citrix and subsequent explosion in users I feel this was a very poor decision as us XenServer users are forced to either use Ubuntu 8.04 or we have to create a PV VM and use a Debian kernel. The solution works just fine with very little performance penalty but I suspect it will become a problem given that I have to manually update the kernel when there are updates. So I'll wait for several releases before upgrading a kernel. Fortunately I can snapshot the VM first so I don't risk any permanent damage.
This seems to happen a lot with Ubuntu though. I remember a kernel update broke wired networking on a laptop I had. I had patch the kernel to get it to work. It was working before, new kernel, now it doesn't work, another new kernel a month later and now it works again, magic! Their QA leaves much to be desired but that's what we grow to expect from our workings with Ubuntu. If it didn't have a great community supporting each-others efforts people wouldn't still be dealing with the BS that they have to deal on the Ubuntu side. Debian gives you a lot of the same stuff, just a few generations behind. Slackware, Fedora, CentOS all give you the latest and greatest however and have far fewer issues like these but again, their support communities are not as helpful as the Ubuntu side of the fence.
It all comes down to, want to do something funky with Linux? Okay, here's how you do it on Ubuntu.
The year 2000 called and they gave you security templates based on computer roles to make this whole process a lot easier. Of course in 2009 it's even easier with remote auditing tools and GPO enforcement in Vista/Win7.
It's relatively easy to lock Windows down these days even for starter admins. Vista and Win7 changed this whole landscape drastically as practically every aspect of the interface can be controlled through group policy now.
I would say Linux and Windows are finally at parity in terms of automation too since who wants to do this stuff to every machine? It's fine if you only have 20 but when you have 200 is starts to suck real fast. The main problem is still crappy applications requiring access to protected parts of the registry. If they had stayed within their bounds it would be easy but no they have to have DRM hooks that talk to components deep in the OS. Apple, I'm looking at you here. Of course they are not alone by any stretch either as even Microsoft has been guilty of this practice from time to time. Office however will work just fine without admin privileges.
I'll never understand why Apple developers kept everything in their own app directory and why Windows developers decided to scatter everything everywhere they could. It's especially funny given that you'll have companies producing the same product for both platforms and they only follow good practices on the Apple side of the fence for some reason.