I've never installed SuSE, most of my experience is with RedHat and a few others. Pulling down updates as part of the install is laudable. Is the installer capable of dialing up an ISP, or does it require network connectivity already be in place? Can this initial update be aborted and done in the background later so you don't have to wait forever to get to the first login? I'm not bashing, just curious.
As for the bashing, if you're going to claim I'm posting nonsense and imply I'm foolish, at least be polite enough to point out what part of my post you think is nonsense. Your comments on the SuSE installer don't seem particulary relevant to my previous comment
Linux distros are caught in the same argument. If a *nix distro (OSX falls in that definition), includes a vulnerable service or program then I consider that flaw to be a Distro vulnerability.
If the XYZ linux distro kept including old, buggy versions of Apache, Bind, etc would you consider that a third-party problem or a distro problem?
It's kinda like Ford claiming the Explorer is perfectly safe, but those third-party Firestone tires we included are not our problem. Oh wait, they did claim that. Nevermind.
I for one would enjoy seeing a wide-spread Linux or Mac virus just to dispel the myth that they are unhackable instead of simply better secured than windows. I think there is some truth to the statement about hackers not targeting Macs. One big priority of hackers is getting large botnets, something just not possible with Macs as there are so few of them. Naturally Symantec would love to see this as well in order to open up new markets.
You missed the point I was trying to make that IIS does have advantages over Apache - primarily in ease of management. If you neglect to keep up on patches, both IIS and Apache suffer from security and stability issues. Properly patched and updated, I don't see a huge difference in security between the two. I don't see a clear cut winner for which one is "superior".
As a current network admin, I can understand the Navy's efforts to standardize software. There is a rediculous amount of redundant development work going on in the Navy. We have too many software guys (including at my site) that love to reinvent the wheel and develop in-house software when a suitable product can be bought off the shelf. Plus, there is also a huge potential cost saving in buying DOD-wide software licenses.
The problem is that this high-minded ideal of standardization ignores that some commands really do have unique software requirements that can't be met with the approved apps or even off-the-shelf products.
The same policies that are trying to enforce standardization for the sake of reduced costs and better compatibility (for example getting every using the same recent version of Office) also make it very difficult to get leading edge software approved.
One of NMCI's problems is that they are contractually required to enforce all of the Navy IT policies that everyone has been ignoring for years. That includes only running Navy approved software. Sorry no more potentially back-door loaded freeware for you.
I agree NMCI has it's problems. I am an NMCI user. I'm also a govt site rep so I see more than just the users perspective. Once some of the major issues are sorted out, it will improve in both usability and flexibility. Speed will continue to be an issue because the Navy has not put any emphasis on speed. Usability is not the number 1 item on the priority list. Security and the ability to understand what the Navy is spending on IT are the top two requirements.
Since when are NMCI and OSS software mutually exclusive? The Navy Approved Software (DADMS) list does have a fair amount of OSS software listed.
As for your comment "Developed can't access email without logging out..." - that's just plain false. You can either run Outlook and put in your normal account credentials when prompted, or simply use the runas command (think su). I'm always logged in with my regular account and use runas for anything that needs admin rights. No need to wait 15-minutes to log in/out.
I use both Apache and IIS. If you ignore security, stability and some flexibility, IIS has some distinct advantages over Apache.
For starters, it's far more user friendly with a nice mangement GUI. I know there are third-party and distro specific add-ons to manage Apache with a GUI, but that's not a straight Apache installation. Any idiot can setup IIS. It takes a slightly more savvy idiot willing to edit conf files or a 3d party GUI add-on to get Apache running properly.
I find IIS's security simpler to manage. It doesn't have nearly the depth of security options you can put in an htaccess or realms, but most users want simple. What could be simpler than having access permissions tied to the file permissions? Apache does not have any built-in tools for creating and managing access files.
Microsoft has targeted IIS towards the average sysadmin skill set and I think done it fairly well. I think they need to do more work in the security area. Specifically, things like including the IISLockdown tool functionality in the gui with some sane defaults. Some of the lockdown tool settings have been rolled into the newer versions, but it's still not all rolled in yet. I'd love to see a checkbox titled "deny access to IP addresses outside the US".
Slashdot Mirror
I've never installed SuSE, most of my experience is with RedHat and a few others. Pulling down updates as part of the install is laudable. Is the installer capable of dialing up an ISP, or does it require network connectivity already be in place? Can this initial update be aborted and done in the background later so you don't have to wait forever to get to the first login? I'm not bashing, just curious.
As for the bashing, if you're going to claim I'm posting nonsense and imply I'm foolish, at least be polite enough to point out what part of my post you think is nonsense. Your comments on the SuSE installer don't seem particulary relevant to my previous comment
They still need hacked machines to send out their phishing emails and spam, right?
Linux distros are caught in the same argument. If a *nix distro (OSX falls in that definition), includes a vulnerable service or program then I consider that flaw to be a Distro vulnerability. If the XYZ linux distro kept including old, buggy versions of Apache, Bind, etc would you consider that a third-party problem or a distro problem?
It's kinda like Ford claiming the Explorer is perfectly safe, but those third-party Firestone tires we included are not our problem. Oh wait, they did claim that. Nevermind.
I for one would enjoy seeing a wide-spread Linux or Mac virus just to dispel the myth that they are unhackable instead of simply better secured than windows. I think there is some truth to the statement about hackers not targeting Macs. One big priority of hackers is getting large botnets, something just not possible with Macs as there are so few of them. Naturally Symantec would love to see this as well in order to open up new markets.
You missed the point I was trying to make that IIS does have advantages over Apache - primarily in ease of management. If you neglect to keep up on patches, both IIS and Apache suffer from security and stability issues. Properly patched and updated, I don't see a huge difference in security between the two. I don't see a clear cut winner for which one is "superior".
As a current network admin, I can understand the Navy's efforts to standardize software. There is a rediculous amount of redundant development work going on in the Navy. We have too many software guys (including at my site) that love to reinvent the wheel and develop in-house software when a suitable product can be bought off the shelf. Plus, there is also a huge potential cost saving in buying DOD-wide software licenses.
The problem is that this high-minded ideal of standardization ignores that some commands really do have unique software requirements that can't be met with the approved apps or even off-the-shelf products.
The same policies that are trying to enforce standardization for the sake of reduced costs and better compatibility (for example getting every using the same recent version of Office) also make it very difficult to get leading edge software approved.
One of NMCI's problems is that they are contractually required to enforce all of the Navy IT policies that everyone has been ignoring for years. That includes only running Navy approved software. Sorry no more potentially back-door loaded freeware for you.
I agree NMCI has it's problems. I am an NMCI user. I'm also a govt site rep so I see more than just the users perspective. Once some of the major issues are sorted out, it will improve in both usability and flexibility. Speed will continue to be an issue because the Navy has not put any emphasis on speed. Usability is not the number 1 item on the priority list. Security and the ability to understand what the Navy is spending on IT are the top two requirements.
Since when are NMCI and OSS software mutually exclusive? The Navy Approved Software (DADMS) list does have a fair amount of OSS software listed.
As for your comment "Developed can't access email without logging out..." - that's just plain false. You can either run Outlook and put in your normal account credentials when prompted, or simply use the runas command (think su). I'm always logged in with my regular account and use runas for anything that needs admin rights. No need to wait 15-minutes to log in/out.
I use both Apache and IIS. If you ignore security, stability and some flexibility, IIS has some distinct advantages over Apache. For starters, it's far more user friendly with a nice mangement GUI. I know there are third-party and distro specific add-ons to manage Apache with a GUI, but that's not a straight Apache installation. Any idiot can setup IIS. It takes a slightly more savvy idiot willing to edit conf files or a 3d party GUI add-on to get Apache running properly. I find IIS's security simpler to manage. It doesn't have nearly the depth of security options you can put in an htaccess or realms, but most users want simple. What could be simpler than having access permissions tied to the file permissions? Apache does not have any built-in tools for creating and managing access files. Microsoft has targeted IIS towards the average sysadmin skill set and I think done it fairly well. I think they need to do more work in the security area. Specifically, things like including the IISLockdown tool functionality in the gui with some sane defaults. Some of the lockdown tool settings have been rolled into the newer versions, but it's still not all rolled in yet. I'd love to see a checkbox titled "deny access to IP addresses outside the US".