If you and the CEO truly need administrative privileges, have your domain admin create a standard user account for you in addition to your administrative account (or else just have them give you the password for the local administrator account). Use your standard user account for your normal day-to-day tasks and use Run As... with your administrative account for your network reconfiguration and program installations. It should be no different than on a *nix system- you never run as root unless you absolutely need to.
But seriously, every time I have to go and get rid of a virus off of a Windows machine, I tell the user to download firefox.
Why don't you fix the root cause and change their account to a standard user rather than an administrator? Then they can use any browser they please without fear of inadvertently installing spyware or viruses.
It works fine for me with XP Pro SP2 (fully patched) with IE7 with the phishing filter turned on. I even tried invoking the phishing filter explicitly and also had no problems.
What is so strange about rejecting Microsoft's declaration that "by installing SP2 you agree to let us do whatever we want to your computer, and also change the terms of use at whim despite our having no legal right to do so since WinXP is a commodity product and thus right of first sale applies since it is not technically a licensed product under a work for hire contract but in fact a commodity good"
That seems different than the EULA I accepted when I installed SP2. Will you please point me to the version you're quoting from?
It has never changed. The translations from the original Hebrew are slightly different. Exodus 20:13 in various translations:
NIV: "You shall not murder.
KJV: Thou shalt not kill.
The Message: No murder.
NKJV: "You shall not murder.
It seems as though the most widely agreed upon translation from the original Hebrew is "murder." Despite the various translations, I don't think anyone has ever misunderstood this or any of the other Commandments.
What a lame and ignorant post. What about the lack of turnout at movie theaters? What about the poor DVD rentals and sales? Do movie theaters not employ people? Do movie rental and sales shops not employ people? Unless piracy is actively prosecuted and treated equally as other theft, it will eventually have an incredibly damaging effect on the movie industry, the music industry, and (more personally to me) the software industry.
Consider this: I am confident that a few gallons of milk stolen from the local supermarket won't have an overwhelmingly negative effect on the employees and suppliers of that supermarket. If, however, retail theft is not prosecuted, what's to stop everyone from stealing all the gallons of milk all the time? Why should anyone pay for something that can be obtained for free? That's when the economic impact of the theft is severe.
Face it- whether you like it or not, piracy is theft, just like any other theft. It's wrong from a moral standpoint, and it has negative economic impacts. Make it more personal to yourself- if everyone refused to pay for the burger you served them, you'd be out of a job.
for I would no longer have to fix the broken Windows XP boxes...
If you give them limited user accounts, you would never need to "fix the broken Windows XP boxes" again. I'm a software developer and I run as a limited user account with no problems. I've set up many non-technical users with limited user accounts as well, and they have not experienced any compatibility issues or virus/spyware issues.
Create token is the 'meta' privilege - it lets you create a system level token with *any* privilege and then switch to that context... essentially anyone/thing with that privilige has all rights to the system and you cannot stop them (takes a little work.. it's not got a GUI or anything, but anyone with access to MSDN online could work it out).
You still need the user name and password to be able to create a token to execute code as another user (look at the documentation for LogonUser). To state that anyone with this privilege "has all rights to the system and you cannot stop them" is incorrect.
except for the fact that even VSS needs local admin rights
This isn't my experience- I have a limited user account and have no problems accessing SourceSafe (I'm using 6.0d) Perhaps you don't have write privileges to the database directory.
Also, I guess you haven't seen the various applications that I've seen that won't run with "Run As".
I haven't witnessed this either. Do you have a list?
Also, giving an office user the ability to use "Run As" kind of defeats the purpose
You should never need to give the typical office user an administrative account. I've worked in many different environments with office users having a wide array of modern applications that all function properly with limited privileges. There were a few cases where poorly written software attempted to write to a protected directory or registry key, but modifying the ACLs solved the problem. I have still yet to encounter an office application that requires administrative privileges to function.
Why do you think those outsourcing code outfits turn a good buck?
This is no different than with other platforms. Development costs in other countries are simply far less than what they are in the United States. I can hire somewhere near 50 developers in India for the same cost that I can hire just a few developers in the United States. Now, as developing software is quite different than ditch digging, I realize that throwing more people at a job won't necessarily get it done quicker (and might actually do the opposite), but you can see that if I were to hire just a few developers in India I'd save quite a bit of money.
Yes, I have, and yes, it was. I had one issue with remoting, but adding one attribute to one element in a config file (typeLevelFilter="full", if I remember correctly) resolved the problem (and Microsoft warned of the change). I've also moved from.NET 1.1 to.NET 2.0 without any issue.
I'd like to know why it's almost required to run a separate update network just to keep up with the patching. As an example, it has already been determined that it's simply no longer possible for a home user to keep up with it if they have the misfortune not to have access to broadband (see securityfocus.com). A 56k modem can NOT keep up.
And how is this different than with Linux? The last time I installed Ubuntu, I had to download over 300MB of patches and upgrades!
Or would you suggest we accept the MS updates as-is
For a business user with custom software- of course not, just like I would advise against blindly accepting the myriad of patches for other platforms.
'Run as Administrator' is not exactly a smooth process under Windows. You have to put quite a lot of effort in (read: time/effort/cost) to go secure - and it breaks things as quite a lot of code written for Windows still assumes too high privileges.
I guess I must be special then, because I've never had any significant issues. If I use up to date software by reputable vendors (or if I use well written F/OSS), I don't have a problem. I will admit, though, that "Simpsons Hit and Run" (the single game I have installed on my home machine) did require that I open up write privileges on the program directory (which is simply the fault of lazy or ignorant developers). Aside from that, I run all my office, development (including debugging and deployment), photo and video editing software just fine without any ACL modifications.
1 - you can't get Linux to work on your new hardware
2 - you can't get Linux to work on your old hardware
While that is true, it is certainly not the basis of my argument. My argument is simply that the cost of using Linux in a business is not $0 as the poster I replied to suggested. I've provided ample evidence to justify this. The fact that additional time must be spent researching which hardware is supported for Linux is just one of my many points.
3 - at some point you seem to need namecalling as a way of expressing your opinion I'm no less a Linux "fanboy" than you are a Microserf (OK, I have my doubts but you do seem to realise the existence of other stuff beyond MS so there is hope)
Again, I'll refer you to your previous posts where you attacked the intelligence of anyone who differed with your view (maths education hasn't been quite up to scratch, though, so maybe this isn't that clear to all and I've noticed that few can see reality when it's presented to them). This is the workings of a Linux fanboy- resort to personal attacks when someone presents valid arguments that oppose your beliefs.
Have you ever considered writing a shell plugin that aids in this process? Even a simple little app that you could toss a shortcut to in the user's Send To folder might be worthwhile.
There is always some glue code required to make things work for a company, unless IT drives the business (a very, very bad way to do things but not uncommon, sadly). Simple stuff like logon and backup scripts, code management, that monthly timesheet spreadsheet - it's often hidden effort until you try and upgrade or migrate a company. Try doing any large scale migration without investigating that and you'll pay dearly. But let's leave it out - it's equal for both platforms.
Face it, if you stick entirely with Microsoft products, there is no such glue code. Windows Server (including IIS, MSMQ, AD), XP, Office, Sharepoint, Exchange Server, SQL Server,.NET, BizTalk Server all work flawlessly without needing a full time IT staff. To piece together a similar system on a Linux platform requires significantly more time and effort (which means more money).
$70 per unit at volume is still more expensive than free last time I checked:-) And that discount won't be given under a 1000 units or so, so it's a straight $70k.
That price, of course, includes support. Where have you figured in vendor support in your calculations?
I suggest you download a copy of Ubuntu and actually try it.
I have, and it refused to recognize my wireless card. I could download ndis wrapper and follow a lengthy set of instructions (which include recompiling) the kernel, but again, this is time and money.
That is complete baloney. I've installed proper, workable systems on machines that could no longer support Windows because the "new" version had come up with new and innovative ways of wasting CPU power. As a matter of fact, it's an excellent way of recycling machines (another factor to consider in a refresh cycle). You now need more computing power than was used to send a man to the moon to run a simple word processor - where is all that going?
Your original quote included purchasing new hardware, and then you stated you need to factor in hardware refresh costs for Microsoft platforms. Now you're changing your story as you go. Oh, and for some reason, I can't get Ubuntu and OpenOffice to run on my old PIII 266MHz machine with 32MB RAM.
phone-home facilities (i.e. illegal data taps) - none of it contributing to my bottom line and risking my confidential data. It's a rather well documented Windows issue.
Have you ever considered created limited user accounts? It's a rather well documented best practice for Windows that mitigates this risk no differently than with Linux, Unix, or OS X.
I'd still choose Linux because simple math dictates that it will present a better risk profile than Windows as it's not yet a real hacking target.
I'm actually shocked that a Linux fanboy actually made this comment! I think your comrades might stone you for this!
The other risk vector I mitigate is being raided by FAST or cronies because a rogue member of staff installed something unlicensed and then told the FAST to get the reward.
How is this any different than under any other OS? Users running with limited privileges can still download and run programs that don't need to write to protected areas with any operating system.
Oh, and I get free server software, a web server platform that has proven itself in the world already (also for free)
Apache is also available for Windows for free, and Windows Server ships with IIS.
relational databases (did I mention they were free)
MySQL (even though it's a poor product) is also available for Windows for free. SQL Server 2005 (or its predecessor MSDE) is also available for Windows for free.
a couple of programming languages (sorry to bore you, but
1 desktop = 1x hardware + 1x software suite + 1x share of bespoke integration code + 1x support costs.
With Microsoft, there is no such bespoke integration code. As far as the software suite goes, with volume licensing, customers can get the latest OS and Office for less than $100 (IIRC it can be less than $70). For smaller organizations, Microsoft even offers the "Action Pack" (I know it's a horrible name) that includes 10 licenses for XP, Server 2003, Office 2003, and a boat load of other software for $250. And considering the hardware support for Windows far exceeds that of any Linux distribution, the hardware becomes much cheaper, as the acquisition time does not include matching up hardware with an OS flavor.
And that's without touching matters like hardware refresh cycles (about 50% of an MS driven cycle)
Since when does an installation of Windows require a hardware refresh? In all my experience, I've never witnessed a service pack or a patch for any version of Windows that required new hardware. Sure, if you want to upgrade to a later OS, you might need a faster CPU, more memory, and more disk space to take advantage of the new features, but that same issue spans all platforms.
deployment costs (terminal based systems, you can set up a whole classroom in one (1) hour
It's even easier with Windows- you can deploy software using group policy or more advanced tools such as SMS, plus each Windows installation allows for remote administrative terminal access.
risk management (ever heard of a computer virus?)
Yes, I have:
Linux.Plupi
Lion Worm
Linux.Vit.4096
Ramen
Siilov
etc.
with so much money spent on MS software, maths education hasn't been quite up to scratch
Which software manufacturer is to blame for poor grammar?
I live in the UK and I for one know that I HATE seeing my tax money being spent on M$ Windows in local government and in schools when they could be using Linux for free.
If your local governments and schools were to switch to Linux, how do you think the installation, administration, maintenance, and support would be funded? Sure the software itself might be free, but the support most certainly is not. To say that Linux is "free" for use in an organization is simply not true.
but consider, if you're in a position where you need a certain amount of control over the software you're running, then nothing but F/OSS is going to cut the mustard.
Define "certain amount of control." Your statement is extremely vague. I'm not aware of any user that doesn't require a "certain amount of control" over their software. Most businesses and organizations seem to operate just fine using closed source software. Are you suggesting that this high school needs the ability to modify the source code, or are you suggesting that the high school con only achieve the interoperability between different applications that F/OSS affords? I'm thinking you're meaning the second, but even that can be obtained through closed source solutions as well.
Vendor independance
This can be achieved with closed source as well. I can choose a closed source OS from one vendor and any number of closed source applications from other vendors as well. Writing this in your requirements wouldn't rule out closed source software.
ability to control your own destiny
This sounds like something from The Matrix. I'm not sure what you're trying to convey with this.
freedom from the possibility of foreign government intervention
I hate to break it to you, but there is absolutely no way to guarantee that a foreign government won't assert ownership or control over software despite its license. If I remember correctly, the Soviet Union in the 1980s decided it would not honor any US copyrights. Just because something is a legal contract here (and in the rest of the world) now doesn't mean some irrational government will decide otherwise (for itself, obviously) in the future.
possibility to independantly audit code
Again, this doesn't rule out closed source software. Many vendors will provide licensed source code (Microsoft included).
You can write all of that in your requirements or just 'OSI approved license".
From the requirements you've listed, you would be unnecessarily restricting your solution if you listed "OSI approved license." I will agree with the parent post in saying that any organization (or individual user, for that matter) would be better off choosing the best tools for the job rather than restricting themselves to a 100% open source solution (or a vendor-specific solution as well). Could the best solution be 100% open source products? Absolutely. Could the best solution be a mixture of closed source and open source products? Absolutely. Could the best solution be 100% closed source products? Absolutely.
Slashdot Mirror
If you and the CEO truly need administrative privileges, have your domain admin create a standard user account for you in addition to your administrative account (or else just have them give you the password for the local administrator account). Use your standard user account for your normal day-to-day tasks and use Run As... with your administrative account for your network reconfiguration and program installations. It should be no different than on a *nix system- you never run as root unless you absolutely need to.
It works fine for me with XP Pro SP2 (fully patched) with IE7 with the phishing filter turned on. I even tried invoking the phishing filter explicitly and also had no problems.
It has never changed. The translations from the original Hebrew are slightly different. Exodus 20:13 in various translations:
NIV: "You shall not murder.KJV: Thou shalt not kill.
The Message: No murder.
NKJV: "You shall not murder.
It seems as though the most widely agreed upon translation from the original Hebrew is "murder." Despite the various translations, I don't think anyone has ever misunderstood this or any of the other Commandments.
What a shame.
What a lame and ignorant post. What about the lack of turnout at movie theaters? What about the poor DVD rentals and sales? Do movie theaters not employ people? Do movie rental and sales shops not employ people? Unless piracy is actively prosecuted and treated equally as other theft, it will eventually have an incredibly damaging effect on the movie industry, the music industry, and (more personally to me) the software industry.
Consider this: I am confident that a few gallons of milk stolen from the local supermarket won't have an overwhelmingly negative effect on the employees and suppliers of that supermarket. If, however, retail theft is not prosecuted, what's to stop everyone from stealing all the gallons of milk all the time? Why should anyone pay for something that can be obtained for free? That's when the economic impact of the theft is severe.
Face it- whether you like it or not, piracy is theft, just like any other theft. It's wrong from a moral standpoint, and it has negative economic impacts. Make it more personal to yourself- if everyone refused to pay for the burger you served them, you'd be out of a job.
I can see the Slashdot headline now: "Microsoft declares bankruptcy; credits single idiot's refusal to download IE7 with downfall of company."
Perhaps you shouldn't run as an administrator and blindly accept every ActiveX installation you're prompted with when visiting porn sites.
...and 1% of the memory leaks!
Janitor. He comes in, looks at the screen, empties the trash, and immediately leave the room.
Here: http://support.microsoft.com/kb/839280. It took me about 15 seconds to find this.
I guess this means I shouldn't fart on them anymore.
I haven't witnessed this either. Do you have a list?
You should never need to give the typical office user an administrative account. I've worked in many different environments with office users having a wide array of modern applications that all function properly with limited privileges. There were a few cases where poorly written software attempted to write to a protected directory or registry key, but modifying the ACLs solved the problem. I have still yet to encounter an office application that requires administrative privileges to function.
1- Don't run as an administrator.
2- Back up your profile regularly.
If you ever get bitten by something like this, it's easy to recover from.
This is no different than with other platforms. Development costs in other countries are simply far less than what they are in the United States. I can hire somewhere near 50 developers in India for the same cost that I can hire just a few developers in the United States. Now, as developing software is quite different than ditch digging, I realize that throwing more people at a job won't necessarily get it done quicker (and might actually do the opposite), but you can see that if I were to hire just a few developers in India I'd save quite a bit of money.
Yes, I have, and yes, it was. I had one issue with remoting, but adding one attribute to one element in a config file (typeLevelFilter="full", if I remember correctly) resolved the problem (and Microsoft warned of the change). I've also moved from .NET 1.1 to .NET 2.0 without any issue.
And how is this different than with Linux? The last time I installed Ubuntu, I had to download over 300MB of patches and upgrades!
For a business user with custom software- of course not, just like I would advise against blindly accepting the myriad of patches for other platforms.
I guess I must be special then, because I've never had any significant issues. If I use up to date software by reputable vendors (or if I use well written F/OSS), I don't have a problem. I will admit, though, that "Simpsons Hit and Run" (the single game I have installed on my home machine) did require that I open up write privileges on the program directory (which is simply the fault of lazy or ignorant developers). Aside from that, I run all my office, development (including debugging and deployment), photo and video editing software just fine without any ACL modifications.
While that is true, it is certainly not the basis of my argument. My argument is simply that the cost of using Linux in a business is not $0 as the poster I replied to suggested. I've provided ample evidence to justify this. The fact that additional time must be spent researching which hardware is supported for Linux is just one of my many points.
Again, I'll refer you to your previous posts where you attacked the intelligence of anyone who differed with your view (maths education hasn't been quite up to scratch, though, so maybe this isn't that clear to all and I've noticed that few can see reality when it's presented to them). This is the workings of a Linux fanboy- resort to personal attacks when someone presents valid arguments that oppose your beliefs.
Have you ever considered writing a shell plugin that aids in this process? Even a simple little app that you could toss a shortcut to in the user's Send To folder might be worthwhile.
t ml
Otherwise, this should probably work (but it requires a reboot- I like your method better): http://www.sysinternals.com/Utilities/pendmoves.h
Face it, if you stick entirely with Microsoft products, there is no such glue code. Windows Server (including IIS, MSMQ, AD), XP, Office, Sharepoint, Exchange Server, SQL Server, .NET, BizTalk Server all work flawlessly without needing a full time IT staff. To piece together a similar system on a Linux platform requires significantly more time and effort (which means more money).
That price, of course, includes support. Where have you figured in vendor support in your calculations?
I have, and it refused to recognize my wireless card. I could download ndis wrapper and follow a lengthy set of instructions (which include recompiling) the kernel, but again, this is time and money.
Your original quote included purchasing new hardware, and then you stated you need to factor in hardware refresh costs for Microsoft platforms. Now you're changing your story as you go. Oh, and for some reason, I can't get Ubuntu and OpenOffice to run on my old PIII 266MHz machine with 32MB RAM.
Have you ever considered created limited user accounts? It's a rather well documented best practice for Windows that mitigates this risk no differently than with Linux, Unix, or OS X.
I'm actually shocked that a Linux fanboy actually made this comment! I think your comrades might stone you for this!
How is this any different than under any other OS? Users running with limited privileges can still download and run programs that don't need to write to protected areas with any operating system.
Apache is also available for Windows for free, and Windows Server ships with IIS.
MySQL (even though it's a poor product) is also available for Windows for free. SQL Server 2005 (or its predecessor MSDE) is also available for Windows for free.
Since when does an installation of Windows require a hardware refresh? In all my experience, I've never witnessed a service pack or a patch for any version of Windows that required new hardware. Sure, if you want to upgrade to a later OS, you might need a faster CPU, more memory, and more disk space to take advantage of the new features, but that same issue spans all platforms.
It's even easier with Windows- you can deploy software using group policy or more advanced tools such as SMS, plus each Windows installation allows for remote administrative terminal access.
Yes, I have:
- Linux.Plupi
- Lion Worm
- Linux.Vit.4096
- Ramen
- Siilov
- etc.
Which software manufacturer is to blame for poor grammar?Axl Rose also admitted to eating his own feces while high on cocaine. He's obviously someone whose opinions you should use to back your point.
This can be achieved with closed source as well. I can choose a closed source OS from one vendor and any number of closed source applications from other vendors as well. Writing this in your requirements wouldn't rule out closed source software.
This sounds like something from The Matrix. I'm not sure what you're trying to convey with this.
I hate to break it to you, but there is absolutely no way to guarantee that a foreign government won't assert ownership or control over software despite its license. If I remember correctly, the Soviet Union in the 1980s decided it would not honor any US copyrights. Just because something is a legal contract here (and in the rest of the world) now doesn't mean some irrational government will decide otherwise (for itself, obviously) in the future.
Again, this doesn't rule out closed source software. Many vendors will provide licensed source code (Microsoft included).
From the requirements you've listed, you would be unnecessarily restricting your solution if you listed "OSI approved license." I will agree with the parent post in saying that any organization (or individual user, for that matter) would be better off choosing the best tools for the job rather than restricting themselves to a 100% open source solution (or a vendor-specific solution as well). Could the best solution be 100% open source products? Absolutely. Could the best solution be a mixture of closed source and open source products? Absolutely. Could the best solution be 100% closed source products? Absolutely.