Thats not problem, if they do anything illegal, sush as downloading child porn. They first it's a matter for the law inforcent, and then they will shurely loose there work over it.
Having a filter, only makes a false security around it and it hurst and damage the trust of the empolyees. Then it however clever it is it won't ever stop the one that are clever of at least intrested in getting around doing what they like.
Take a little comarision with life outside the computers, that what you always should do. Do you think that a strip search is good everyime you gets to work (someone might carry with them narcotics). Do you think tapping every phonecall is appropriate, someone might give out secrets or actually doing something even more illigal that way.
Just becaus it's new and relative easy to look at dosn't mean thats it's right. At the moment we are at a crossroad, either we tries to take a little protections around our privacy or we risk loosing even more of it as phonecalls gets into computers and electronity too.
Re:Overlooking Elementary Security
on
Triangle Boy Lives
·
· Score: 0, Redundant
I have a better idea, don't care:)
Make shure the users gets all software and internet connections they whants. That way there is no problem no-one will ever need this software.
The scaring part is that it indicated that this decoy mey destroj or interrupt the com puter that uses it. I other word that may add a virus to the decoy. But still it's not clear from the article what they may do.
But they to rembember most ot the price for that software arn't actually going into the part of accontability but to the fact the it's sertanly are highly specialies software that are used bu a limited set of users. I have been working on other locations where we only have one custumer (Swedish Airforce) and we where repsonsible for our software. Failiture in this kinds of locations are a big thing. But still most of the cost, almost all of it, came from the fact that the software was very complex.
Axctually I would guss that in any morden car today there are more code than in Linux or Windows XP. Almost all of then have several difeent computers running several different OS:es. Today may of them also has one or more different java engines. On all this there runs several parts of highly specialised software, all that could have maybe even more serius bugs that windows. ANd finding out what fails could be en even more comples thing that in userland software, there you have a runtime debugger, a loot of meomry and almost no realtime dependencies.
And yet still in most cases the fix dosn't have to be shedulled on the consumers timeline. 8 hours are a very short time. That time span i don't thing ever sould be called upon in this case. My guess that in most sistuation about a mounth is a better guess. Look at cars, toys and so on. When a car manifacturerer finds a flaw with some major part they have to fix it. But if you are getting ready for a big inportant trip, they are not responsible to get the fix done before your trip. Actually they could easely say thet the fix will be availbe as soon as they have developed it. And then you could get in line to get the fix installed.
The main problem with speed limits is that they seldom hold true for all day, all wether and especially not all traffic. (I will have exampes in km/h as I don't know your limits in miles).
Around here several, large roads 6 lanes have limits of 70 this is good and othen need during the rush hours. But then other times of the day in good light, dry road and no traffic around this is realy stupid. It could as well be 90 or 110 as most highways are. There is also very little chance of running over any kind to or from schooll on these location (especially around 10pm.)
If speed limit should be correct they usally have to be changed several times aday else they probably are wrong. The sad part is that the only place where you can make this desition is n the car on the road that is one of the few places where you have the needed information. Sadly to many have shown that they can't make this desition in the car.
Seens like a good rule, but I don't by that think you meen that if a person is found shoot by your gun you are automaticly going to jail for murder until until you can show that someone else did the crime. Thats actually what it seems like you are doing in this cases. Having the cvar owner responsible.
Here the cameras have to identify the driver. Because the driver is the one guilty of the crime. This costs a loot of money and time and red-light cameras are not that popular yet, the police dosn't have time to do this work.
Well actually there code is probablyonly linked against lgpl:ed code. But thats not the issue here, they have GPL:ed code in the distrubution (for example the linux kernel) and then they have to also distribute the code for linux. This is in my optionin maybe one of the problems with GPL, they can't just say it's an unmodified kernel from ftp.kernel.org, they also has to offer a download, or put on the CD.
Hell even OpenBSD has been accused for the same violation of GPL. I think it was 2.8 or 2.9 when space on one of the cd's got low emacs-source was removed. (It was still on the ftp-site) but apperently it was not a "good" enught offer and not explicity stated so the war began...
You probably too are an 1) Idiot, or 2) a greather ashole. This isn't a pissing contest. Keep in mind the orignal author of the comment has absolutly right. FSF fight for there rights, actually THE rights OF the probrammers that have written GPL'ed software. No one less no one more, as it comes to freedom they have no special rights to that word. Actually I shure think what they talk about is a restricted freedom, shurly more restricted that bsd-copyrighted software.
Acually only the source to the gpl, and lgpled parts of the binaries has to be released. That may leave a unsuable system. Or at least a less usable system.
Adn that the distribution doesn't contanin non-gpl source code. I guess that Lindows contains a loot of software and not all may be under GPL. Then the beta-testers has to be very carefull, so that they don't distribute the wrong binaries. (Especially problems with lgpl software.)
Actually if using better technical sulutions to web-casting (multicast) you shouldn't ba able to tell the number of listeners. Actually at the moment it's in most cases possible but that might not be true ot that long.
The other nice thing with this kind of solutions is that the bandwith needed if far/far lower.
> This means that, by and large, interface designers should IGNORE THE DEVELOPERS!
The developers are HOPEFULLY users them too, I think that developing for them self is one of the most important details in the so called open source community. If it wasn't for that there wouldn't have been any Linux, *BSD, Emacs, Vim, etc. In that case we would only have Solarism AIX, Windows.
> All WinXP asked me was, essentially, "What is your Country and TimeZone".
You must have been lucky, or rather unlucky. It asks aloot more questuions, yeterday my father called me in panic as he tried to get XP installed. (It basicly needsthe same infomation as any Linux installation)
Where you are in the world, (timezone, locales etc.) SOme basics of how to format the hard disk (use entire disk for OpenBSD Yes/[No]) and the basic network information. (IP/DHCP...)
> Why would MS complain about Sony unless they did something to provoke it? MS has > employees demonstrating XBOX's, right? What if that was because MS read the rules > and decided to bring a bunch of employees down to man the stations, only to find Sony > stations unmanned so the public could play. I'd be mad about that. That means MS had to pay > more people to come down.
If it's only about the few goins, then MS is realy stupid, every scare inch of the stands are probably costing a loot more that all the presons being down there. Especially as both Microsoft and Sony has quite good locations.
The main thing that disturbs me is thet most places showing someting "game" related, is letting users test there products. ATI, Nvidia, Hercules have (os had) a loot of computers were one could test and look atthe gaming performace of some games on there new graphics cards. Why didn't MS complaing about these stands? Is it becaues of the "Desinged for Windows" logo on these products?
One could just hope that the Messe fixes there rules and that playing and having fun at the messe is allowed next year. If one can't touch or feel the products what use is it? Testing and comparing stuff that comes in the future is the whole mean of the show.
Actually I could add a loot of more locvations that leted you test gaming, Nokia, Motorola, Ericsson. All phones does ahve new cool games and thats inportant, not being able to test the new comming stuff whould make the mess unusefull. Actually the microsoft stand was one of the least applying as one didn't had any chance of getting any handson look of any new intressting products. Actually the only thing even close to new I found there was the XBox and that was behind glass showing a demo. A real disapoitment...
It's tiny in comarison to all the rest that Sony did display, video, dvd, Plasma screen, sound systems, I actually missed the PS/2 prat of there boot, twice.
The Amiga OS is as secure as OpenVMS, or rater much more secure Bugtraq has 3 for VMS and only one mention of Amiga (and thats is in an unreleted comment part of the patch code). But thats not a good whay to compare systems at all.
The last part of your comment seams to be a loot uninformed. Yes not every service is activeted ion a default OpenBSD installation, but one common discusition of the OpenBSD mailing lista are why the **** is that service activeted for? It's not needed and the anser usally is that the system has to be usable to the most users.
When it comes to bind the 4.x version in OpenBSD probably is a loot more secure that any other bind version installed anyware, OpenBSD faq has a small note about bind and dns (6.8.3.2.1 on http://www.openbsd.org/faq/faq6.html#DNS).
Did you read the atricle? It clearly states that they DON'T have to use the IP to identify the user. They question to Microsoft send out an uniqe identifyer for the insalltion.
> As part of downloading the information about songs and movies from the Web site,' > the program also transmits an identifier number unique to each user on the computer. > That creates the possibility that user habits could be tracked and sold for marketing purposes.
Usign this number in company with web-updates and net reqistartion the IP is irrelevant tracking of users is realy easy. And the DB is worth a loot...
> On a system like Windows,hard things are hard and easy things are easy, whereas in a system like UNIX, > hard things are hard and easy things are hard, too.
No, on windows easy thinks are hard, and hard things are easy, maybe too easy because you miss soem detalis. If you look into a corperate enviroment, windows administraors runns arouns doing easy installtions. Thats easy tasks, they should not need all this running arouns, yes, sysem like SMS might help the situations al little but still there are aloot of thinks that still ain't taken case of. The Un*x like solutions this these problems with automatically configuring clients, Suns utters in the early 90's the network is the computer. Is far better and here easy things like installing a patch/new software too all clients, are easy.
These configurations formats are actually a very little part of the problem, or soulution. Yes that might be something to think about working with a few clients, but as the number of installations grows the probbles gets smaller (i.e. the number of configuratios-files remains relatively constant while the number of instances and other problems grew.
> Does it meet the priorities of a buying public, who want either to be able to configure their > UNIX systems themselves or to hire cheap labor to do it for them?
Hireing cheap staff to administer your computer systems is othen BIG problem, one problem that the easy look of administering Windows shurely in my eyes has pointed out. A loot of companies thinks that handeling a Windows installations is so easy that anyperson could do it, and then they will choose andbody, usally the one that takes the smallest sallary and already is in the organisation. Giving that person a few hours aweek to pend on administering the sysetm. Still don't figuring out that he has installed IIS and got the code red and Nimda virus.
This love for cheap labor is other a big problem, knowledge costs. But it often are a good investment.
> To analogize the traditional situation in UNIX background but vital details will escape you ... loot of language talk removed... > until you put in the effort to master Portuguese.
What I'm trying to tell you is that the language is not the main problem. It's realtive easy to thet the hang of. There is a good dictonary and hrase book that will translate all the words to understandibla language. The problem is that you have to understand the hard sience behind each configuration. A problem that are discussed sometimes in the same papaer as the language itself. Even if you under stand the common language of all science (english) it's stll nor easy to read scientific reports from differnt areas, you need a loot of knowledge to understand the implications of a report of theretical physics and a loot of different knowledge to understand one in philosyphy. Even if both are written in english.
The same way, understanding HTML doens't make you understand XML putted out from word, or Parole SGML, or docbook. Even if all these are based on the SGML standards. I don't actuially beleve that a singel format will do anything good.
The hard part, and thethinks that still will be hard how ever you do it is understanding the implications bethind that click. To add a new doamin might be easy, thats an easy task. I think that DNS should be an easy task, but there are some mighty complex thinks in the protcoll that might have some effecte on the security of all hosts in the network. These little thinks has to be considerd, in the initsial setup. Understadning the impact of these setting are not always, even mostly not, trivial. There are reasons why use djbdns, what problems might djbdns have for your installtions. Is BIND better? What version of BIND suites out need, BIND 9, BIND 8, BIND 4? To solve all these problems has to be tought about, if one doesn't there might, or will, be problems. How does the DNS work with the webcache? There are a loot of hard questions needing good answers, especially when you need a secure enviroment, and as you have DNS you probably are connected to the internet and then a secure enviromant is needed.
To take the web-server and it's following problems with cgi, server-applets, evential database connectiosn and so on need a loot more thinking. Should ll servers e the same? What impact does that have? And so on. Of cource in a ISP enviroment, adding singels servers for a new costumer might be not problems, all these things are probably taken care of earlier (or at least they should have been taken care of ealier) and adding web-servers, mail-servers, user-accounts, and a loot more stuff could be done easyly from the order taking personell without knowing anything about configuration. But thats a speciall case.
Yes, just that example is easy. Byt the there are about 1000 more thinks to think about in this situation. Should the server accept old compability passwords? I'm talking about the old stuff that is so easy to sniff of the network and could be burteforces in a day or two? This settings are not easy to find and change in Windows NT4 which was the last version of Windows I have worked with as administrator. Configuring this and the security guidelines for NT has a lot of regedit working. Doing a good work configuring a secure Windows enviroment does call for some regedit hacking.
But still there are a loot of differences between installing and configuring different applications (servers) as you state, in Windows each application has it's own speciel written software for confguring. To combina all these into one program that are configured from a configuration I don't think will be an easy task. That will limit the configurations to hadle with simple graphics, simple checkbuttons, simple radio buttons and so on.The real help is from specil written tools that take this one more step ahead. For firewall configurations you might want a network map. For the mail configuration there are several oher thinks to think about. For the editor there a re yet other things. I can't think of all good possibilites as they differ between most applications and this is the problem.
Administering and configuring an Microsoft server, or for that part a Mac, is not easy. It's as hard as installing and configuring an Unix server. Maybe it's prettier but the hard configurations is still hard no matter how much time that are put into it. I personaly perfere a combination of user interface (not necesarry graphcal, think curses) and a good backend with files and commands. IBM has a good work in this area with smit, smitty, and chfs:)
And I still don't beleve that one could from a XML based or and other type of format make a smart easy GUI for configuring in a intuitive way both a firewall, an editor, a mailer and a web-server. That GUI may look good but won't help the user, each task is so different that a good userinterface needs to be customised for that application if it should help the user.
Compare to RegEdit is it easy to configure applications from regedit? That is the tool that you are describing.
There is no problems (besides a loot of work) to create the systems. But to make complex installations easy and working for everybody and especially novices, that's hard, or maybe real hard.
If we look at sendmail, how does one make configurations for relaying mail, delevering. There are aloot of complex things that has to be configured and installed to a secure default. Maybe sendmail should be avoided to configure this easy way. Sendmail is a very complex pice of software that aybe shouldn't be used if the user don't dig into understanding what it could do. (There are several other good replacement's for the functionality used by the most users.)
Good solutions maybe is someware between, selecting good software for GUI users and ignoring the rest.
On the other hand, this services are actually hard, i.e. they need knowledge to be configured correctly. This is tha case in Windows as well as in Unix. The GUI dosn't take a way the complexity it mealy hides it sometimes. This is and has always bween the problem with many Windows installations, the administator don't know what they are doing, the just point and click. They don't ask them self the relevant questions, what does this checkbox mean, what iompact does it have.
Administing servers and systems is hard, no GUI will take that part away. The main erason for this is that every organisation, and every installation is different in some sence. This means that configuration is relevant, and usally need a loot of knowledge.
Then user insyaslltion/configurations doesn't need to be that complicated. (Actually most bad examples I think of in this case comes from the Windows world.)
Slashdot Mirror
Thats not problem, if they do anything illegal, sush as downloading child porn. They first it's a matter for the law inforcent, and then they will shurely loose there work over it.
Having a filter, only makes a false security around it and it hurst and damage the trust of the empolyees. Then it however clever it is it won't ever stop the one that are clever of at least intrested in getting around doing what they like.
Take a little comarision with life outside the computers, that what you always should do. Do you think that a strip search is good everyime you gets to work (someone might carry with them narcotics). Do you think tapping every phonecall is appropriate, someone might give out secrets or actually doing something even more illigal that way.
Just becaus it's new and relative easy to look at dosn't mean thats it's right. At the moment we are at a crossroad, either we tries to take a little protections around our privacy or we risk loosing even more of it as phonecalls gets into computers and electronity too.
I have a better idea, don't care :)
Make shure the users gets all software and internet connections they whants. That way there is no problem no-one will ever need this software.
The scaring part is that it indicated that this decoy mey destroj or interrupt the com puter that uses it. I other word that may add a virus to the decoy. But still it's not clear from the article what they may do.
But they to rembember most ot the price for that software arn't actually going into the part of accontability but to the fact the it's sertanly are highly specialies software that are used bu a limited set of users. I have been working on other locations where we only have one custumer (Swedish Airforce) and we where repsonsible for our software. Failiture in this kinds of locations are a big thing. But still most of the cost, almost all of it, came from the fact that the software was very complex.
Axctually I would guss that in any morden car today there are more code than in Linux or Windows XP. Almost all of then have several difeent computers running several different OS:es. Today may of them also has one or more different java engines. On all this there runs several parts of highly specialised software, all that could have maybe even more serius bugs that windows. ANd finding out what fails could be en even more comples thing that in userland software, there you have a runtime debugger, a loot of meomry and almost no realtime dependencies.
And yet still in most cases the fix dosn't have to be shedulled on the consumers timeline. 8 hours are a very short time. That time span i don't thing ever sould be called upon in this case. My guess that in most sistuation about a mounth is a better guess. Look at cars, toys and so on. When a car manifacturerer finds a flaw with some major part they have to fix it. But if you are getting ready for a big inportant trip, they are not responsible to get the fix done before your trip. Actually they could easely say thet the fix will be availbe as soon as they have developed it. And then you could get in line to get the fix installed.
But then it's not speed that kill thats distance.
The main problem with speed limits is that they seldom hold true for all day, all wether and especially not all traffic. (I will have exampes in km/h as I don't know your limits in miles).
Around here several, large roads 6 lanes have limits of 70 this is good and othen need during the rush hours. But then other times of the day in good light, dry road and no traffic around this is realy stupid. It could as well be 90 or 110 as most highways are. There is also very little chance of running over any kind to or from schooll on these location (especially around 10pm.)
If speed limit should be correct they usally have to be changed several times aday else they probably are wrong. The sad part is that the only place where you can make this desition is n the car on the road that is one of the few places where you have the needed information. Sadly to many have shown that they can't make this desition in the car.
Seens like a good rule, but I don't by that think you meen that if a person is found shoot by your gun you are automaticly going to jail for murder until until you can show that someone else did the crime. Thats actually what it seems like you are doing in this cases. Having the cvar owner responsible.
Here the cameras have to identify the driver. Because the driver is the one guilty of the crime. This costs a loot of money and time and red-light cameras are not that popular yet, the police dosn't have time to do this work.
Well actually there code is probablyonly linked against lgpl:ed code. But thats not the issue here, they have GPL:ed code in the distrubution (for example the linux kernel) and then they have to also distribute the code for linux. This is in my optionin maybe one of the problems with GPL, they can't just say it's an unmodified kernel from ftp.kernel.org, they also has to offer a download, or put on the CD.
Hell even OpenBSD has been accused for the same violation of GPL. I think it was 2.8 or 2.9 when space on one of the cd's got low emacs-source was removed. (It was still on the ftp-site) but apperently it was not a "good" enught offer and not explicity stated so the war began...
You probably too are an 1) Idiot, or 2) a greather ashole. This isn't a pissing contest. Keep in mind the orignal author of the comment has absolutly right. FSF fight for there rights, actually THE rights OF the probrammers that have written GPL'ed software. No one less no one more, as it comes to freedom they have no special rights to that word. Actually I shure think what they talk about is a restricted freedom, shurly more restricted that bsd-copyrighted software.
Acually only the source to the gpl, and lgpled parts of the binaries has to be released. That may leave a unsuable system. Or at least a less usable system.
Adn that the distribution doesn't contanin non-gpl source code. I guess that Lindows contains a loot of software and not all may be under GPL. Then the beta-testers has to be very carefull, so that they don't distribute the wrong binaries. (Especially problems with lgpl software.)
Actually if using better technical sulutions to web-casting (multicast) you shouldn't ba able to tell the number of listeners. Actually at the moment it's in most cases possible but that might not be true ot that long.
The other nice thing with this kind of solutions is that the bandwith needed if far/far lower.
> This means that, by and large, interface designers should IGNORE THE DEVELOPERS!
The developers are HOPEFULLY users them too, I think that developing for them self is one of the most important details in the so called open source community. If it wasn't for that there wouldn't have been any Linux, *BSD, Emacs, Vim, etc. In that case we would only have Solarism AIX, Windows.
> All WinXP asked me was, essentially, "What is your Country and TimeZone".
You must have been lucky, or rather unlucky. It asks aloot more questuions, yeterday my father called me in panic as he tried to get XP installed. (It basicly needsthe same infomation as any Linux installation)
Where you are in the world, (timezone, locales etc.) SOme basics of how to format the hard disk (use entire disk for OpenBSD Yes/[No]) and the basic network information. (IP/DHCP...)
Well not $120 rater 77 euro for all 8days at the entrace, (I guess thats about 70$) or 34 euro for a single day. (at the entrance).
But I agree to get the most out of the event one needs planning and a Palm with 3 meg free memory.
/ Balp
> Why would MS complain about Sony unless they did something to provoke it? MS has
> employees demonstrating XBOX's, right? What if that was because MS read the rules
> and decided to bring a bunch of employees down to man the stations, only to find Sony
> stations unmanned so the public could play. I'd be mad about that. That means MS had to pay
> more people to come down.
If it's only about the few goins, then MS is realy stupid, every scare inch of the stands are probably costing a loot more that all the presons being down there. Especially as both Microsoft and Sony has quite good locations.
The main thing that disturbs me is thet most places showing someting "game" related, is letting users test there products. ATI, Nvidia, Hercules have (os had) a loot of computers were one could test and look atthe gaming performace of some games on there new graphics cards. Why didn't MS complaing about these stands? Is it becaues of the "Desinged for Windows" logo on these products?
One could just hope that the Messe fixes there rules and that playing and having fun at the messe is allowed next year. If one can't touch or feel the products what use is it? Testing and comparing stuff that comes in the future is the whole mean of the show.
Actually I could add a loot of more locvations that leted you test gaming, Nokia, Motorola, Ericsson. All phones does ahve new cool games and thats inportant, not being able to test the new comming stuff whould make the mess unusefull. Actually the microsoft stand was one of the least applying as one didn't had any chance of getting any handson look of any new intressting products. Actually the only thing even close to new I found there was the XBox and that was behind glass showing a demo. A real disapoitment...
It's tiny in comarison to all the rest that Sony did display, video, dvd, Plasma screen, sound systems, I actually missed the PS/2 prat of there boot, twice.
/ Balp
The Amiga OS is as secure as OpenVMS, or rater much more secure Bugtraq has 3 for VMS and only one mention of Amiga (and thats is in an unreleted comment part of the patch code). But thats not a good whay to compare systems at all.
The last part of your comment seams to be a loot uninformed. Yes not every service is activeted ion a default OpenBSD installation, but one common discusition of the OpenBSD mailing lista are why the **** is that service activeted for? It's not needed and the anser usally is that the system has to be usable to the most users.
When it comes to bind the 4.x version in OpenBSD probably is a loot more secure that any other bind version installed anyware, OpenBSD faq has a small note about bind and dns (6.8.3.2.1 on http://www.openbsd.org/faq/faq6.html#DNS).
/ Balp
Did you read the atricle? It clearly states that they DON'T have to use the IP to identify the user. They question to Microsoft send out an uniqe identifyer for the insalltion.
> As part of downloading the information about songs and movies from the Web site,'
> the program also transmits an identifier number unique to each user on the computer.
> That creates the possibility that user habits could be tracked and sold for marketing purposes.
Usign this number in company with web-updates and net reqistartion the IP is irrelevant tracking of users is realy easy. And the DB is worth a loot...
/ Balp
I don't aggree, on aloot of thinks:
...
> On a system like Windows,hard things are hard and easy things are easy, whereas in a system like UNIX,
> hard things are hard and easy things are hard, too.
No, on windows easy thinks are hard, and hard things are easy, maybe too easy because you miss soem detalis. If you look into a corperate enviroment, windows administraors runns arouns doing easy installtions. Thats easy tasks, they should not need all this running arouns, yes, sysem like SMS might help the situations al little but still there are aloot of thinks that still ain't taken case of. The Un*x like solutions this these problems with automatically configuring clients, Suns utters in the early 90's the network is the computer. Is far better and here easy things like installing a patch/new software too all clients, are easy.
These configurations formats are actually a very little part of the problem, or soulution. Yes that might be something to think about working with a few clients, but as the number of installations grows the probbles gets smaller (i.e. the number of configuratios-files remains relatively constant while the number of instances and other problems grew.
> Does it meet the priorities of a buying public, who want either to be able to configure their
> UNIX systems themselves or to hire cheap labor to do it for them?
Hireing cheap staff to administer your computer systems is othen BIG problem, one problem that the easy look of administering Windows shurely in my eyes has pointed out. A loot of companies thinks that handeling a Windows installations is so easy that anyperson could do it, and then they will choose andbody, usally the one that takes the smallest sallary and already is in the organisation. Giving that person a few hours aweek to pend on administering the sysetm. Still don't figuring out that he has installed IIS and got the code red and Nimda virus.
This love for cheap labor is other a big problem, knowledge costs. But it often are a good investment.
> To analogize the traditional situation in UNIX background but vital details will escape you
... loot of language talk removed
> until you put in the effort to master Portuguese.
What I'm trying to tell you is that the language is not the main problem. It's realtive easy to thet the hang of. There is a good dictonary and hrase book that will translate all the words to understandibla language. The problem is that you have to understand the hard sience behind each configuration. A problem that are discussed sometimes in the same papaer as the language itself. Even if you under stand the common language of all science (english) it's stll nor easy to read scientific reports from differnt areas, you need a loot of knowledge to understand the implications of a report of theretical physics and a loot of different knowledge to understand one in philosyphy. Even if both are written in english.
The same way, understanding HTML doens't make you understand XML putted out from word, or Parole SGML, or docbook. Even if all these are based on the SGML standards. I don't actuially beleve that a singel format will do anything good.
The hard part, and thethinks that still will be hard how ever you do it is understanding the implications bethind that click. To add a new doamin might be easy, thats an easy task. I think that DNS should be an easy task, but there are some mighty complex thinks in the protcoll that might have some effecte on the security of all hosts in the network. These little thinks has to be considerd, in the initsial setup. Understadning the impact of these setting are not always, even mostly not, trivial. There are reasons why use djbdns, what problems might djbdns have for your installtions. Is BIND better? What version of BIND suites out need, BIND 9, BIND 8, BIND 4? To solve all these problems has to be tought about, if one doesn't there might, or will, be problems. How does the DNS work with the webcache? There are a loot of hard questions needing good answers, especially when you need a secure enviroment, and as you have DNS you probably are connected to the internet and then a secure enviromant is needed.
To take the web-server and it's following problems with cgi, server-applets, evential database connectiosn and so on need a loot more thinking. Should ll servers e the same? What impact does that have? And so on. Of cource in a ISP enviroment, adding singels servers for a new costumer might be not problems, all these things are probably taken care of earlier (or at least they should have been taken care of ealier) and adding web-servers, mail-servers, user-accounts, and a loot more stuff could be done easyly from the order taking personell without knowing anything about configuration. But thats a speciall case.
Yes, just that example is easy. Byt the there are about 1000 more thinks to think about in this situation. Should the server accept old compability passwords? I'm talking about the old stuff that is so easy to sniff of the network and could be burteforces in a day or two? This settings are not easy to find and change in Windows NT4 which was the last version of Windows I have worked with as administrator. Configuring this and the security guidelines for NT has a lot of regedit working. Doing a good work configuring a secure Windows enviroment does call for some regedit hacking.
But still there are a loot of differences between installing and configuring different applications (servers) as you state, in Windows each application has it's own speciel written software for confguring. To combina all these into one program that are configured from a configuration I don't think will be an easy task. That will limit the configurations to hadle with simple graphics, simple checkbuttons, simple radio buttons and so on.The real help is from specil written tools that take this one more step ahead. For firewall configurations you might want a network map. For the mail configuration there are several oher thinks to think about. For the editor there a re yet other things. I can't think of all good possibilites as they differ between most applications and this is the problem.
Administering and configuring an Microsoft server, or for that part a Mac, is not easy. It's as hard as installing and configuring an Unix server. Maybe it's prettier but the hard configurations is still hard no matter how much time that are put into it. I personaly perfere a combination of user interface (not necesarry graphcal, think curses) and a good backend with files and commands. IBM has a good work in this area with smit, smitty, and chfs :)
And I still don't beleve that one could from a XML based or and other type of format make a smart easy GUI for configuring in a intuitive way both a firewall, an editor, a mailer and a web-server. That GUI may look good but won't help the user, each task is so different that a good userinterface needs to be customised for that application if it should help the user.
Compare to RegEdit is it easy to configure applications from regedit? That is the tool that you are describing.
There is no problems (besides a loot of work) to create the systems. But to make complex installations easy and working for everybody and especially novices, that's hard, or maybe real hard.
If we look at sendmail, how does one make configurations for relaying mail, delevering. There are aloot of complex things that has to be configured and installed to a secure default. Maybe sendmail should be avoided to configure this easy way. Sendmail is a very complex pice of software that aybe shouldn't be used if the user don't dig into understanding what it could do. (There are several other good replacement's for the functionality used by the most users.)
Good solutions maybe is someware between, selecting good software for GUI users and ignoring the rest.
/Balp
On the other hand, this services are actually hard, i.e. they need knowledge to be configured correctly. This is tha case in Windows as well as in Unix. The GUI dosn't take a way the complexity it mealy hides it sometimes. This is and has always bween the problem with many Windows installations, the administator don't know what they are doing, the just point and click. They don't ask them self the relevant questions, what does this checkbox mean, what iompact does it have.
Administing servers and systems is hard, no GUI will take that part away. The main erason for this is that every organisation, and every installation is different in some sence. This means that configuration is relevant, and usally need a loot of knowledge.
Then user insyaslltion/configurations doesn't need to be that complicated. (Actually most bad examples I think of in this case comes from the Windows world.)