Re: Should we stay with M$

• Previous message: Michael Schwendt: "Re: rhn notification icon is red but..."
• In reply to: Jason Dixon: "Re: Should we stay with M$"
• Next in thread: Dave Ihnat: "Re: Should we stay with M$"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "Red Hat Mailing List" <redhat-list@redhat.com>
Date: Thu, 11 Sep 2003 15:37:54 +0100

Easy Tiger:-)
I know you're not trying to be patronising, its cool, however I do have some
counter points though:-

> Stop. Your response is nothing but pure fanboyism. This type of
> advocacy is ignorant and does nothing to advance OSS in the industry.
> Allow me to retort:
>
> > Security MS = bad, linux=good

I couldn't agree more, it IS pure fanboyism born of experience having to
compare and contrast the two. And generally watch everything fall over on
Windows, and not on Linux. You can rave on all you want about how Windows is
secure if you set it up properly, but from the description Jason said of his
team, it sounded like they didn't possess the expertise to spend hours
turning off all the 'insecure' settings windows turns on as default.
And that alone makes linux far better in My humble opinion, because you
build it watertight to begin with and then gradually open up the services
you want.
I decided not to go into that much depth because I don't have time to do
Jason's work for him, and I guess that whoever he is meeting with will
probably not understand half the concepts we're talking about anyway.

>
> Any OS is only as secure as its Systems Administrator. I'm not going to
> start my typical rant here, I already ran through this with Didier weeks
> ago. Yes, MS has a terrible history track. So do other OS's.
> There are a number of points to consider: Exploit creators generally
focus on
> Microsoft because it's the most prevalent (and worst administered) OS;
> Red Hat generally has just as many patches released as Windows (if not
> more), BUT... ; Red Hat also distributes much more software (3rd party)
> with their system than Windows... it would be impossible for them to
> audit all of it; etc, etc.

MS has a poor track record, has done since People started 'targetting'
microsoft years ago. We're not interested in 'other' OS's we're interested
in linux. And I'm not aware of it having had a poor track record for a long
time. Perhaps you should be reminded that hacking is no fun if you can't do
anything, so the reason MS is 'exploited' more frequently is not because
people hate MS so much it's because MS is so easy to exploit, it's far more
fun. (However this is MY Opinion, as I'm far too busy to actually try
hacking anything myself!)

Perhaps a fair comparison is a Poor SA on MS against a poor SA on linux. I'd
bet my bottom dollar that the poor SA on linux would still end up with a
secure enough system.

>
> What trend does this reveal? Bugs will continue to exist, exploits will
> continue to happen. The one advantage Linux/OSS has over the
> proprietary market is a *proven* track record of fast patching. *This*
> is where Linux/OSS excels. Nevertheless, you're not helping anyone out
> by painting with broad strokes.
>

Perhaps I'm not using broad strokes but Stereotypes. And Stereotypes start
from somewhere. Need I remind you of the latest wave of Viruses, that have
just struck MS systems. You find me a virus that can get past SSH as easily
as MS.

> > Access is not a Database Server, unlike SQL Server, mysql is.
>
> I'm not sure whether you're trying to say "Access and SQL Server both
> suck, MySQL is good", or "Access sucks, both SQL Server and MySQL are
> good". If the latter, you're ok. If the former, you're actually quite
> wrong. While I would *never* suggest that a client run SQL Server, it
> actually competes nicely with a number of other popular commercial
> RDBMS's. It *is* an enterprise database, like it or not. And yes, it
> too has a terrible security record.

I did indeed mean to show that SQL Server and mysql are database Servers and
Access is not. I was trying to show that there is an option on Windows to
use SQL Server rather than mysql, although, mysql is in my experience solid
as a rock, and I have yet to find an MS product that doesn't crash
regularly. (another sweeping generalisation, but the truth from my own
experience). Grrrr Bloomin Age of Empires always crashes when it's been an
hour since you last saved your game!!!:-)

>
> > All software you could want to use on linux is free, as is Linux,
> > unless you wish to purchase a set of CD's. MS is not.
>
> Free as in speech, not as in beer.

http://www.redhat.com/download/howto_download.html (where's the price of
beer here? It is free to download - or do you mean the cost of the phone
bill to download it:-)

>
> > Apache Vs IIS, no competition.
>
> I won't argue this point except to say, it matters on the OP's
> circumstances. Apache does not have support for full-blown ASP
> programming. If that's what their department insists on using (doesn't
> sound like it), they're stuck with IIS. Personally, I love Apache...
> even on Windows. I've taken full-blown Perl web applications written in
> CGI::Application (with HTML::Template inheritance) and ported it
> trivially from Linux/Perl/Apache/MySQL to Windows2000/ActiveState
> Perl/Apache/MySQL. Coooool.

Mod perl rocks, and my one experience of IIS left me feeling cold.

I am a perl programmer at heart, so I can understand why I am biased against
ASP, but from all the sites I've ever seen the ones that use asp are usually
done badly as compared to perl/cgi. I do fully understand that this is down
to the individual web developer, but the percentages of bad asp to bad cgi
(and by bad, I mean disjointed pages, loss of input variables upon error,
etc..) seem to me to be evidence of issues with making sites in asp (not
having any asp experience I cannot say for sure, but it doesn't bode well
for ASP).

> Martin, I don't mean to sound patronizing, but we have to advocate
> Linux/OSS in a responsible manner. Please check this out in your spare
> time:
>
> http://www.datasync.com/~rogerspl/Advocacy-HOWTO-5.html
>

I had a look at your link, and I don't see anything in there that
particularly applies to this case specifically. Perhaps the only thing I was
guilty of is being a little too glib and contrite through a wish to ensure
that Whilst Jason knows the gist of things to look for, he still has to get
up off his own (proverbially speaking) backside and hunt the net for case
studies, or ask more specific questions, that are more accessible for people
on the list to answer.

Kind regards

Marty

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

• Previous message: Michael Schwendt: "Re: rhn notification icon is red but..."
• In reply to: Jason Dixon: "Re: Should we stay with M$"
• Next in thread: Dave Ihnat: "Re: Should we stay with M$"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]