RE: [OS:N:] OSN - what are the best desktop systems foreducational use?

[Jeremy Hogan <jhogan redhat com>]

On Wed, 2003-11-05 at 17:24, Brian E. Adams wrote:
> The security point is almost moot.  Sure MS is the biggest target right now,
> but what if you get your Linux dreams and these pukes have nothing better to
> do than to attack Linux.  

It's harder to infect due mostly to privileges and default privileges,
not because people don't try. Unix has been around longer than Windows,
and is still pretty well all over the net. I would suppose that makes
for a large target body, and if it was worth trying people have tried
it. there's a whole class of exploit that's not able to spread it's love
because the system just won't let it.

But you're right, I became aware of how good MS security had gotten when
my 8 year old daughter got to see her first porn due to the admin
messaging port being left on by default on her friend's XP machine and a
spammer's pop-up exploit. 

It's good to hear, though, that it's almost moot.  I wish I could have
just told her that instead of the conversation I had to have with her.
Likewise for her friend's parents, now happily running Red Hat, while
the point gets more moot. Well, there's always next time, as you know.

The *real* reason MS has more exploits is due to MS not caring to
address security until it became a threat to the bottom line and drew a
big showy mandate from the big man as to how much effort would be poured
into security.

> 
> Open Source does not, in and of itself, mean more secure.  

No, you're right, it doesn't. Linux is more secure due to Unix ancestry.
Being Open Source means it can be opened for third party/friendly
analysis, though. 

> Sure, there may
> be more *opportunity* for someone to discover a bug from a source code
> review, but from the Linux users I've worked with (and I see plenty in the
> enterprise space), they are not looking at source code.  

No, but the developers making the software are. Oh. I forgot, you only
acknowledge this nebulous cloud of developers, they must be the only
folks you can count on. I forgot the MS line was that "no one can tell
you the Linux road map." Only a company with proprietary interests could
support a customer. The MS line is to never mention a vendor other than
IBM, and proceed to marginalize their support of it.

Red Hat does meticulous security audits, complies with CERT regs,
participates in the larger, general security community, and provides
it's customers security errata. 

IBM, last I heard, and Novell, and Sun also had pretty significant Linux
initiatives. Apple has a ton of Open Source software running. 

I don't know. Maybe they just don't care about security. Darn, forgot
again, MS doesn't acknowledge competing software companies by name.

Oh, I know, the customers! I know that Amazon cares about security. So
does Morgan Stanley. As does AOL (ha, I can mention them, they only
*used* to be competitors to MS)!

But, I bet those guys only wanted something cheap...

Wait... the DoD, CIA and NSA are running and testing and contributing to
the security of Linux. Surely *they* must know about security. And they
*all* have money to buy whatever works for them!

And Mitre, and organization widely know for supporting said allegedly
security conscious folks issues a report recommending more use of OSS.

Still... Brutus says he was ambitious, and Brutus is an honorable man.

> They just install,
> deploy and pray...  If it doesn't work, they use their *paid support* to get
> answers and fixes.  That's where the cost difference just doesn't make
> sense. 

So because MS charges *all* users for support (wrapped into the license
fee) whether they use it or not, that makes it better? Well we have all
levels of support entitlements, including one in the boxed set. None
include a model where you pay and decrement to zero. You get *unlimited*
incidents throughout the life of your support contract. I guess this
means it's better than better. 

This, like many MS arguments, is predicated on willing suspension of
disbelief, and a nice chain of logic where the answer is always: Pay Us.

First it assumes no one, anywhere, has a commercial interest in Linux,
or in supporting it. It's only developed in shadowy darkness by strange
people you don't know. So pay us.
 
This argument assumes that all admins deploy and pray and to begin their
Linux journey. They couldn't have, you know, learned something about
Linux from the bevy of on-line docs? And download it, and try allll
sorts of neat stuff before they even *chose* a vendor? So pay us.

It thusly assumes that the mighty army of MCSEs are all incapable of
adapting their skills. Nice way to talk about your supporters, but I'll
bite and suggest that investing in employee training is a good practice
and is a static cost in either world. So pay us.

As is support, so if I'm going to pay the same, or less, I'll take more
uptime, and more architectures. And control of when I upgrade. And
freedom from a single vendor, and the option to own what I pay for.

>  The two platforms are almost equal when you figure TCO in large
> orgs.  Where Linux seems to be winning is in small orgs with little IT
> budget.  

"Linux" is winning all over... vendors like Red Hat are winning, and
winning big in very very large organizations. IBM, and HP reported good
business off of offerings that haven't nearly warmed up yet.

> 
> Ask some folks running Linux why they moved to Linux and almost every time
> it comes down to OOB cost.

I guess if that were really true, Ballmer's trip to Munich would have
had a different ending. I guess the big ruckus a little donation
couldn't smooth over in Peru was not on moral grounds. Or the mass of
global gov't deployments and so many mandatory OSS initiative the BSA
hardly has time to harang users like Ernie Ball into a corner, with all
the time counter lobbying, is really about money. 

I'll admit, I have dealt mostly with people moving from Unix to Linux,
in the enterprise, where MS isn't really considered much, if at all. So
I'll bet desktop users all over the world who first tried Linux were
attracted b/c it was cheaper OOB, but since this began by acknowledging
where Linux was re: the desktop, I guess it's "almost moot".

--jeremy