Anyone can easily reduce the attack surface of the linux instances you choose to deploy by simply
a) only compiling in the drivers/kernel features required
b) only installing just enough in userspace to do the job, and
c) running shit with least privilege
Not so easy with windows...
The fact so much cheap crap out there was pushed out by manufacturers that give zero fucks towards basically securing their provided OS is not a reflection on the kernel/OS as a whole.
We still have a sparcstation 10 running something somewhere (and by that I mean noone knows what it does anymore and we can only pinpoint its location down to somewhere in a regional office)
That was a "convenience" on old sparc boxes (think boot net installs) for when you didn't know the mac addresses of your physical cards.
Easily turned off in openboot by setting local-mac-address? = true.
As for networking nowadays, compare the feature set crossbow provides to anything any other vendor provides.
Let me guess, no-one wanted to provide support for the authors ipad or his shadow infrastructure sitting under his desk on 3 year old unsupported equipment.
Some hints for the articles author
Provide a damned business case for the toys (yes, they are toys) and how they are going to improve efficiency/save costs for the organisation as a whole.
Hell if your business case is good Management and IT may agree to supply and roll out the toys.
Senator Steve Fielding (Family First) has a big hard on for filtering out internet porn.
Senator Nick Xenephon (Independant) wants online gambling filtered.
Myself I cynically believe this is a point scoring exercise to get the senators that hold the balance of power in the senate on the governments side.
Why else would you push ahead with something absolutely nobody wants.
No doubt down the track the government will call in this favour
Proxy account wont stop DoS due to excessive lookups by a malicious person on systems configured to use the service on the local network. They will just be performed by the proxy user.
True you have extra potential for anybody from any host to perform lookups and abuse the server (generally the ldap servers are not public to world though), but in my deployments it has been a requirement for free internal access to the information provided.
With a good spread of hub or read-only consumers behind ldap proxies this can be alleviated somewhat.
In my experience the biggest DoS has been due to account lockout settings... but you get that regardless of authentication backend...
Dont use a proxy account for authentication from linux (you need the proxy account on solaris though so ldaps/tls works...).
Ensure that userpassword is readable by no-one (including the proxy user), and use pam_ldap for authentication.
On linux anonymous access is sufficent for NSS lookups, authentication is performed via pam_ldap, which performs an ldap bind as the user that is authenticating.
This also frees you to use any password storage scheme you want.
I hear you, the radeonhd driver is coming along nicely, but the 3D support ain't gonna be there for at least 6 months (best case) or more...
For the moment its nvidia closed source or nothing with newer hardware...
Driver support in linux is pretty damn good nowadays, and most vendors do either provide code or at least help the kernel team with drivers.
That being said, gaming is pretty much not gonna happen on a linux box without using nvidia hardware and the closed source nvidia drivers...
Thank god at least some gaming companies DO do a linux port, such as ID (Wolf, ET, Doom3, QW:ET) and EPIC (ut*), but for the rest it is the pain of wine/cedega/etc...
For gaming it still means keeping a windows partition around for the most part...
IIRC Telstra (Australias biggest telco) once used a similar tactic to beat Microsoft down on their licensing costs by threatening to go with SunRay thin clients for their desktops... the discounts just rolled right in
The compelling reason is: Senior management demands it because they read it was better in CIO Magazine and they don't trust IT's cost/benefit analysis judgment.
Quoted for truth
CIO Magazine has caused so much pain to the techs in our organization we make a point of shredding any copy we see before it gets into PHB hands.
I shudder to think of how many wasted man hours and bad ideas from above we can directly attribute to this publication...
I have no idea of Solaris already has Linux ABI and GNU/Linux API support BrandZ (or whatever it has been rebadged as) lets you run RH linux userspace in a solaris zone on x86...
They rather sink with pkgadd LOL, give me pkgadd over rpm etc any day of the year
Nice to be able to find exactly where a file on your OS came from with a simple
grep filename/var/sadm/install/contents
Plus packaging up anything is a breeze...
$4bn is a bucket of cash, but methinks it wouldn't come close to the _real_ cost of implementing what the Labor Party is proposing...
Then again, why let proper costings in a detailed published policy document (btw, where is it? More policy vapourware...) get in the way of a good 15 second soundbite?
Hard to say. It was a good move for them going Intel considering they couldn't get their Power5 chips shipped quick enough, and they can convert Windows users easier to using their hardware (VPC ran like a dog).
Still, for me the mac did lose some of its magic with the switch... maybe someone should give Jobs a nudge to put together a limited edition, high end successor to the G5 with the Power6 for us PPC nuts... I'd buy one...
TFA is an australian magazine and prices are Recommended Prices in Australian Dollars
You touch on another sore point here, Australian vs US prices
Compare the following, AUD pricing converted to USD for apples to apples comparison
Window Vista Home Premium - Australia 378USD, Amazon.com 238USD
Windows Vista Business - Australia 470USD, Amazon.com 269USD
Windows Vista Ultimate - Australia 624USD, Amazon.com 359USD
NOTE: That is comparing full price to full price.
Lets compare Austalian Upgrade pricing to US full pricing
Window Vista Home Premium - Australia (upgrade) 248USD, Amazon.com (US full) 238USD
Windows Vista Business - Australia (upgrade) 315USD, Amazon.com (US full) 269USD
Windows Vista Ultimate - Australia (upgrade) 411USD, Amazon.com (US full) 359USD
Indeed, we aussies get royally screwed and pay MORE for the upgrade than you do the Full version
Slashdot Mirror
Yeah, would go about as well for us as our war on the emus...
Anyone can easily reduce the attack surface of the linux instances you choose to deploy by simply
a) only compiling in the drivers/kernel features required
b) only installing just enough in userspace to do the job, and
c) running shit with least privilege
Not so easy with windows...
The fact so much cheap crap out there was pushed out by manufacturers that give zero fucks towards basically securing their provided OS is not a reflection on the kernel/OS as a whole.
We still have a sparcstation 10 running something somewhere (and by that I mean noone knows what it does anymore and we can only pinpoint its location down to somewhere in a regional office)
And hot grits
That was a "convenience" on old sparc boxes (think boot net installs) for when you didn't know the mac addresses of your physical cards.
Easily turned off in openboot by setting local-mac-address? = true.
As for networking nowadays, compare the feature set crossbow provides to anything any other vendor provides.
+1. No remote display, no dice.
Oh for some mod points...
Oh for mod points...
Let me guess, no-one wanted to provide support for the authors ipad or his shadow infrastructure sitting under his desk on 3 year old unsupported equipment.
Some hints for the articles author
Provide a damned business case for the toys (yes, they are toys) and how they are going to improve efficiency/save costs for the organisation as a whole.
Hell if your business case is good Management and IT may agree to supply and roll out the toys.
Maybe you are right... though it seemed he did a pretty thorough analysis during the GPLv2 vs v3 flamefest ...
http://busybox.net/~landley/forensics.txt
Who do you think you are kidding.
Senator Steve Fielding (Family First) has a big hard on for filtering out internet porn.
Senator Nick Xenephon (Independant) wants online gambling filtered.
Myself I cynically believe this is a point scoring exercise to get the senators that hold the balance of power in the senate on the governments side.
Why else would you push ahead with something absolutely nobody wants.
No doubt down the track the government will call in this favour
Proxy account wont stop DoS due to excessive lookups by a malicious person on systems configured to use the service on the local network. They will just be performed by the proxy user.
True you have extra potential for anybody from any host to perform lookups and abuse the server (generally the ldap servers are not public to world though), but in my deployments it has been a requirement for free internal access to the information provided.
With a good spread of hub or read-only consumers behind ldap proxies this can be alleviated somewhat.
In my experience the biggest DoS has been due to account lockout settings... but you get that regardless of authentication backend...
Dont use a proxy account for authentication from linux (you need the proxy account on solaris though so ldaps/tls works...).
Ensure that userpassword is readable by no-one (including the proxy user), and use pam_ldap for authentication.
On linux anonymous access is sufficent for NSS lookups, authentication is performed via pam_ldap, which performs an ldap bind as the user that is authenticating.
This also frees you to use any password storage scheme you want.
I hear you, the radeonhd driver is coming along nicely, but the 3D support ain't gonna be there for at least 6 months (best case) or more...
For the moment its nvidia closed source or nothing with newer hardware...
Some facts: - Windows 7 is taking Vista and putting it on a diet while not fundamentally changing the architecture.
So Windows 7 is basically Windows server 2008 with some more shiny shiny?
Driver support in linux is pretty damn good nowadays, and most vendors do either provide code or at least help the kernel team with drivers.
That being said, gaming is pretty much not gonna happen on a linux box without using nvidia hardware and the closed source nvidia drivers...
Thank god at least some gaming companies DO do a linux port, such as ID (Wolf, ET, Doom3, QW:ET) and EPIC (ut*), but for the rest it is the pain of wine/cedega/etc...
For gaming it still means keeping a windows partition around for the most part...
You are probably right on the money there...
IIRC Telstra (Australias biggest telco) once used a similar tactic to beat Microsoft down on their licensing costs by threatening to go with SunRay thin clients for their desktops... the discounts just rolled right in
Stabby Stingray?
/me runs
Quoted for truth
CIO Magazine has caused so much pain to the techs in our organization we make a point of shredding any copy we see before it gets into PHB hands.
I shudder to think of how many wasted man hours and bad ideas from above we can directly attribute to this publication...
$4bn is a bucket of cash, but methinks it wouldn't come close to the _real_ cost of implementing what the Labor Party is proposing... Then again, why let proper costings in a detailed published policy document (btw, where is it? More policy vapourware...) get in the way of a good 15 second soundbite?
Heh, what does?
/me runs
Hard to say. It was a good move for them going Intel considering they couldn't get their Power5 chips shipped quick enough, and they can convert Windows users easier to using their hardware (VPC ran like a dog).
Still, for me the mac did lose some of its magic with the switch... maybe someone should give Jobs a nudge to put together a limited edition, high end successor to the G5 with the Power6 for us PPC nuts... I'd buy one...
TFA is an australian magazine and prices are Recommended Prices in Australian Dollars
You touch on another sore point here, Australian vs US prices
Compare the following, AUD pricing converted to USD for apples to apples comparison
Window Vista Home Premium - Australia 378USD, Amazon.com 238USD
Windows Vista Business - Australia 470USD, Amazon.com 269USD
Windows Vista Ultimate - Australia 624USD, Amazon.com 359USD
NOTE: That is comparing full price to full price.
Lets compare Austalian Upgrade pricing to US full pricing
Window Vista Home Premium - Australia (upgrade) 248USD, Amazon.com (US full) 238USD
Windows Vista Business - Australia (upgrade) 315USD, Amazon.com (US full) 269USD
Windows Vista Ultimate - Australia (upgrade) 411USD, Amazon.com (US full) 359USD
Indeed, we aussies get royally screwed and pay MORE for the upgrade than you do the Full version