One of the C&C Red Alert games...it would work out someone in a network play had the game copied (most of us were legit, but 8 people buying the same game is rare), but you wouldn't know immediately until everyone had at least a construction yard, power plant, refinery and barracks built for everyone, then without warning and for no apparent reason, everyone's buildings exploded at once like everyone had been nuked.
It would've been a good photo to take of everyone's expressions at that exact moment, because it certainly took us by surprise and convinced us to, er, try even harder to crack it. Which we did.
Desktop scenarios exist. It's another way of saying "we want to control what different people can do to different machines in our enterprise". Do you want accountants being able to install software? No. Do you want devs to be able to access accounts? No. Do we want all employees to save data locally? No - the profile needs to be server-side. AD makes light work of all this.
And great, if you can mount/usr directories to NFS locations, that's good, folder redirection can also be done in Active Directory.
I'm trying to point out that organising and administrating wide-sweeping changes to large number of desktops in Windows world is very easy; and most definitely a business requirement. Being able to evolve and manage your network infrastructure is a crucial requirement for most businesses, and the Windows eco-system does a great job at making it quick & easy. Could you push out a patch for a zero-day flaw to a thousand Linux workstations that hour if you needed to? I could in Windows server.
Enterprise networking goes far beyond just logging into a server as I'm sure you know.
As i've said before, obviously it's physically possible to get Linux to do something similar to what Windows AD allows....it's just the effort required to do it.
When it would take 10 minutes to setup these desktop scenarios here for thousands of machines on a network, that's when you'll know it's close.
So obviously the solution is to teach users to click on Accept every time a box comes up. Because that's all that the Vista UAC has done, is train hundreds of thousands of users that when a box pops up, you hit accept to do what you were trying to do. In an alternative universe this would read:
So obviously the solution is to teach users to enter "sudo $application" before running the apps. Because that's all that the Ubuntu sudo has done, is train hundreds of thousands of users that you need to prefix that to do what you were trying to do.
Rebooting in Windows is only done if files needed for patching are in use. So flaws in the shell or GDI for example would almost definitely require a reboot. This is the same in Linux, except that you only "reboot" the particular bit that was patched; the thing is, say you needed to patch X for instance and reboot it, to all intents and purposes that's as good as taking the whole system down (for servers not of course).
Anyway, on the other points, I'm totally aware it's possible in Linux, but it would take a certain amount of setting up to do. In Windows (business versions) this is all hard-coded in. Everything from complete IE configuration, to IPSec profiles, to Wireless network config, to the title-bar in Explorer. Everything. It's an admin dream, it really is - this is a good intro to it - http://technet2.microsoft.com/windowsserver/en/library/7b33dcd6-0ad2-44e8-82f8-962425b6cf8e1033.mspx?mfr=true
My point is just that I've not seen anything pre-built that allows such instant and flexible management of thousands of workstations in Linux, and actually, I'm interested to know how you would do it.
Yeah, i'm sure some or even most of the stuff you can do in AD is possible in Linux, but it's just the ease of it.
For example, you need to urgently patch 2000 workstations and several servers you don't have physical access to and are in use during office hours at the very least. The servers can't come down all at once so must be staged to maintain service, and the workstations must gracefully give anyone logged on a 30 minute warning before rebooting after patching is done - updates normally being a weekend job.
Afterwards, you need to see a report number of machines patched, and any that failed for whatever reason.
This would be a 10 minute procedure in Windows land. Create/modify the policies up in the Active Directory; force a group-policy update if it's urgent; then sign onto the WSUS server the next morning to see the patch status report. It's oh so easy.
Speaking as someone who's had to administer many many machines at once, I can't say I consider Linux as a viable solution until I could:
- Lock-down user desktops with varying levels of security restrictions depending on their login Organisational Unit (i.e Accounts, Developers, etc) - Auto-mount specific network shares
- Centrally configure a patch management system (WSUS equivalent) for each workstations' software updates.
- Deploy & install automatically software packages depending on OU.
- Set automatically firewall policies
- Brand each machine with company screensaver, etc, etc.
All that I can do in Windows and much more....the policies are defined on the AD; you join the AD, and your machines magically become assimilated according to the will of the Administrator. Any option you can set on a machine level, can be overridden at the domain level, and that is real power. And that's before we even start on software compatibility & application support.
As far as I know, this is impossible in Linux, hence it's not business ready IMHO.
Note: Don't read this as "I think Linux is shit" because I don't think that; just that there really are areas, shockingly, that Linux really isn't as good as Windows in. This is one of them.
Steam is the first online content distribution system that's genuinely made it easier to buy a game rather than pirate it.
New games are purchased, downloaded, activated and constantly patched all automatically and in no time at all...it's step in the right direction in combating piracy; just make it easier to NOT pirate ffs rather than just stuffing games full of anti-piracy nastiness.
I had a boss that named the wireless network "Virus". On asking him about this, he explained "it's to scare off hackers - they won't connect if they think they'll get a virus". Ah, ok.
It's probably worth pointing out he wasn't aware you could "secure" a wireless point with a basic WPA key at least - it was completely open, anyone could walk right in, assuming they beat the fear of the "virus" that was.
We had a headless linux server that one day started beeping constantly for no apparent reason. With every intention on fixing it, after a couple of weeks of it still running ok, we just assumed the speaker had died so just ignored it (the server room being sealed away as it was). Then one day we had to move the servers to another room, went to pick the machine up, and "Jesus! This thing is boiling!".
It was some ancient AMD chip that we literally couldn't buy new fans for any more, so we just snipped the speaker cable and let it carry on.
Naturally, the Linux guys claimed if it had been Windows, we'd be looking at a dead server at this point in time:)
it's more a problem when you start phonetically swapping letters around
For example, 'que' becomes 'k', 'para' becomes 'pa' ec, miss off accents (like in the example I provided); it's not uncommon to mash a sentence beyond what can be reasonably translated.
Nero, oh how you have fallen from grace. Nero 3 was tight, efficient, and not cluttered.
I tried Nero 5 or 6 (the latest) only a few weeks ago. It installed all sorts of shit (why does every fucking program have the audacity to associate ITSELF with every media type on the planet, regardless of it's original function in the first place?).
I got rid of it ASAP when I realised it was trying to become my new media centre too, and was indexing every file on the disc spiking the CPU around 80% on average. The cheek.
It's claws go deep, deep into your system; it comes with tens of utterly useless other bloated apps, all because you just want to burn CD's now & then.
Such a shame; it used to be the tool to use for burning CDs
I've noticed recently it's wanted to update itself about once every two weeks, which would be fine if it was a FireFox type update - nice and clean, restart app & done, but instead the update mechanism is something like the following:
Click on "omg! Update me!" big window. Browse through newly openeded browser window. No, just the free one, no shitty MP3's thanks. Download. Click install. No ffs, don't take control over all my media types. No, keep your shitty ad-ware. Die Winamp agent; if you're not the default for everything it's for a reason. Yeah, same settings as last time (it's an update ffs). Oh right, you changed a bunch of setting anyway, thanks.
There's just a tonne of questions that are so unnecessary for a minor update, which seem to come thick & fast these days. Thanks a bunch AOL; you've created the least smooth updating process i've seen in a while.
Windows Update still uses ActiveX. If it is off by default, it means Vista machines won't be updated. No it doesn't. Vista Windows update is its own application. At least pretend you know something about Vista.
but every OS will at some point have to relinquish admin controls to any given application at some point, at which point all the above protections become irrelevant. Half Windows' problems stem from the fact most developers are used to writing the HKEY_LocalMachine by default, and C:\windows\system32 without hindrance; hence UAC makes more appearances than it should.
What happens if you never give true admin rights to apps? Well, you computer turns into a kiosk suddenly; inconfigurable and useless. What happens when any or some admin are given to any application? Your protections suddenly mean nothing; that's the principals of how rootkits works.
Having the malware say "Please run me with 'sudo installthisscreensaverlol'" isn't anything like "Click the the "yes" button to the next security prompt?
The only cracks is the armour are the users, them being the one's that say "Yes, this unsigned potentially dangerous piece of software that inexplicably wants admin rights to my machine can do whatever it wants."
You know what, I did a couple of years back for VS2005; some of the functionality was real nice, but I found it dragged the IDE into the ground. Has it got any better since?
Slashdot Mirror
It's Visual Studio (plus add-ins) arm-in-arm with the Team Foundation Server that's really selling I'd say.
TFS is not cheap, no really it's not, and yet it sells very well.
One of the C&C Red Alert games...it would work out someone in a network play had the game copied (most of us were legit, but 8 people buying the same game is rare), but you wouldn't know immediately until everyone had at least a construction yard, power plant, refinery and barracks built for everyone, then without warning and for no apparent reason, everyone's buildings exploded at once like everyone had been nuked.
It would've been a good photo to take of everyone's expressions at that exact moment, because it certainly took us by surprise and convinced us to, er, try even harder to crack it. Which we did.
I have to say FireFox 3 has some features I can't believe have been missing up until this point. The awesome bar, looks awesome.
In fact, i find it amazing most areas of browsers haven't been "just searchable" like FireFox 3 is now, having seen how much sense this makes.
Good job guys, you're setting a high bar for the rest to follow (no doubt).
The French made their TGV go much faster than 300Mph on normal tracks by basically giving it bigger wheels - 352Mph to be precise.
http://news.bbc.co.uk/1/hi/world/europe/6521295.stm
Why pay so much for a technology giving you so little? MagLev isn't cheap. You could just copy the French...........ah what am I saying...
Desktop scenarios exist. It's another way of saying "we want to control what different people can do to different machines in our enterprise". Do you want accountants being able to install software? No. Do you want devs to be able to access accounts? No. Do we want all employees to save data locally? No - the profile needs to be server-side. AD makes light work of all this.
/usr directories to NFS locations, that's good, folder redirection can also be done in Active Directory.
And great, if you can mount
I'm trying to point out that organising and administrating wide-sweeping changes to large number of desktops in Windows world is very easy; and most definitely a business requirement. Being able to evolve and manage your network infrastructure is a crucial requirement for most businesses, and the Windows eco-system does a great job at making it quick & easy. Could you push out a patch for a zero-day flaw to a thousand Linux workstations that hour if you needed to? I could in Windows server.
Enterprise networking goes far beyond just logging into a server as I'm sure you know.
Badly written apps are not the fault of the OS. It's a rare day I see UAC on my boxen.
As i've said before, obviously it's physically possible to get Linux to do something similar to what Windows AD allows....it's just the effort required to do it.
When it would take 10 minutes to setup these desktop scenarios here for thousands of machines on a network, that's when you'll know it's close.
Rebooting in Windows is only done if files needed for patching are in use. So flaws in the shell or GDI for example would almost definitely require a reboot. This is the same in Linux, except that you only "reboot" the particular bit that was patched; the thing is, say you needed to patch X for instance and reboot it, to all intents and purposes that's as good as taking the whole system down (for servers not of course).
Anyway, on the other points, I'm totally aware it's possible in Linux, but it would take a certain amount of setting up to do. In Windows (business versions) this is all hard-coded in. Everything from complete IE configuration, to IPSec profiles, to Wireless network config, to the title-bar in Explorer. Everything. It's an admin dream, it really is - this is a good intro to it - http://technet2.microsoft.com/windowsserver/en/library/7b33dcd6-0ad2-44e8-82f8-962425b6cf8e1033.mspx?mfr=true
My point is just that I've not seen anything pre-built that allows such instant and flexible management of thousands of workstations in Linux, and actually, I'm interested to know how you would do it.
Yeah, i'm sure some or even most of the stuff you can do in AD is possible in Linux, but it's just the ease of it.
For example, you need to urgently patch 2000 workstations and several servers you don't have physical access to and are in use during office hours at the very least.
The servers can't come down all at once so must be staged to maintain service, and the workstations must gracefully give anyone logged on a 30 minute warning before rebooting after patching is done - updates normally being a weekend job.
Afterwards, you need to see a report number of machines patched, and any that failed for whatever reason.
This would be a 10 minute procedure in Windows land. Create/modify the policies up in the Active Directory; force a group-policy update if it's urgent; then sign onto the WSUS server the next morning to see the patch status report. It's oh so easy.
Speaking as someone who's had to administer many many machines at once, I can't say I consider Linux as a viable solution until I could:
- Lock-down user desktops with varying levels of security restrictions depending on their login Organisational Unit (i.e Accounts, Developers, etc)
- Auto-mount specific network shares
- Centrally configure a patch management system (WSUS equivalent) for each workstations' software updates.
- Deploy & install automatically software packages depending on OU.
- Set automatically firewall policies
- Brand each machine with company screensaver, etc, etc.
All that I can do in Windows and much more....the policies are defined on the AD; you join the AD, and your machines magically become assimilated according to the will of the Administrator. Any option you can set on a machine level, can be overridden at the domain level, and that is real power. And that's before we even start on software compatibility & application support.
As far as I know, this is impossible in Linux, hence it's not business ready IMHO.
Note: Don't read this as "I think Linux is shit" because I don't think that; just that there really are areas, shockingly, that Linux really isn't as good as Windows in. This is one of them.
Steam is the first online content distribution system that's genuinely made it easier to buy a game rather than pirate it.
New games are purchased, downloaded, activated and constantly patched all automatically and in no time at all...it's step in the right direction in combating piracy; just make it easier to NOT pirate ffs rather than just stuffing games full of anti-piracy nastiness.
I had a boss that named the wireless network "Virus". On asking him about this, he explained "it's to scare off hackers - they won't connect if they think they'll get a virus". Ah, ok.
It's probably worth pointing out he wasn't aware you could "secure" a wireless point with a basic WPA key at least - it was completely open, anyone could walk right in, assuming they beat the fear of the "virus" that was.
speek lyke dis, an it wont
We had a headless linux server that one day started beeping constantly for no apparent reason. With every intention on fixing it, after a couple of weeks of it still running ok, we just assumed the speaker had died so just ignored it (the server room being sealed away as it was). Then one day we had to move the servers to another room, went to pick the machine up, and "Jesus! This thing is boiling!".
:)
It was some ancient AMD chip that we literally couldn't buy new fans for any more, so we just snipped the speaker cable and let it carry on.
Naturally, the Linux guys claimed if it had been Windows, we'd be looking at a dead server at this point in time
it's more a problem when you start phonetically swapping letters around
For example, 'que' becomes 'k', 'para' becomes 'pa' ec, miss off accents (like in the example I provided); it's not uncommon to mash a sentence beyond what can be reasonably translated.
....que nadie entendeis cuando escribes asi;
Especialmente cuando deja a deletrear palabras correctamente asi que no traducen.
Interesting, that.
God, how could I forget.
Nero, oh how you have fallen from grace. Nero 3 was tight, efficient, and not cluttered.
I tried Nero 5 or 6 (the latest) only a few weeks ago. It installed all sorts of shit (why does every fucking program have the audacity to associate ITSELF with every media type on the planet, regardless of it's original function in the first place?).
I got rid of it ASAP when I realised it was trying to become my new media centre too, and was indexing every file on the disc spiking the CPU around 80% on average. The cheek.
It's claws go deep, deep into your system; it comes with tens of utterly useless other bloated apps, all because you just want to burn CD's now & then.
Such a shame; it used to be the tool to use for burning CDs
I've noticed recently it's wanted to update itself about once every two weeks, which would be fine if it was a FireFox type update - nice and clean, restart app & done, but instead the update mechanism is something like the following:
Click on "omg! Update me!" big window.
Browse through newly openeded browser window.
No, just the free one, no shitty MP3's thanks.
Download. Click install.
No ffs, don't take control over all my media types.
No, keep your shitty ad-ware.
Die Winamp agent; if you're not the default for everything it's for a reason.
Yeah, same settings as last time (it's an update ffs).
Oh right, you changed a bunch of setting anyway, thanks.
There's just a tonne of questions that are so unnecessary for a minor update, which seem to come thick & fast these days. Thanks a bunch AOL; you've created the least smooth updating process i've seen in a while.
but every OS will at some point have to relinquish admin controls to any given application at some point, at which point all the above protections become irrelevant.
Half Windows' problems stem from the fact most developers are used to writing the HKEY_LocalMachine by default, and C:\windows\system32 without hindrance; hence UAC makes more appearances than it should.
What happens if you never give true admin rights to apps? Well, you computer turns into a kiosk suddenly; inconfigurable and useless. What happens when any or some admin are given to any application? Your protections suddenly mean nothing; that's the principals of how rootkits works.
Having the malware say "Please run me with 'sudo installthisscreensaverlol'" isn't anything like "Click the the "yes" button to the next security prompt?
I don't see there's much difference.
The only cracks is the armour are the users, them being the one's that say "Yes, this unsigned potentially dangerous piece of software that inexplicably wants admin rights to my machine can do whatever it wants."
There's a difference between the prompts when the exes are signed or not, for example here - http://www.autoitscript.com/autoit3/docs/intro/autoit_on_vista.htm
You know what, I did a couple of years back for VS2005; some of the functionality was real nice, but I found it dragged the IDE into the ground. Has it got any better since?