Re: Can I buy a linux account?

On Mon, 10 Apr 2006 14:53:47 -0500, Moe Trin wrote:

On Sun, 09 Apr 2006, in the Usenet newsgroup comp.os.linux.misc, in article
<pan.2006.04.09.16.05.48.172954@xxxxxxxxxxxxxxxxxx>, Douglas Mayne wrote:

Dave Uhring wrote:

Their employers forbid the use of any *ix on their desktop
machines.

WTF? What's the logic behind that? Do they have to keep their monoculture
pure? Or is it more punative, "If I'm getting an (expletive) virus,
you're getting an (expletive) virus." I'm glad, I don't have those rules.

The rule is quite common for a number of reasons. First is that "these are
company supplied systems, and we don't want the users installing crap on
them". That rule is true no matter what the company supplied hard/software
is. Second, there is a follow on - "we only support the $FOO O/S". Same
concept. There is also the pointy haired boss syndrome - his kid recommends
using $FOO O/S, and that's the way it's going to be. In fact, we're quite
similar, expect in our case we don't all any microsoft O/S anywhere in the
division - and I'm relatively sure that rule is corporate wide. I know that
the "thou shalt not fsck with the software" policy in corporate wide, and
rigidly enforced. The users are paid to _use_ the computers as part of
their job. They are NOT paid to install software, operating systems, or
monitor toys.

I'm not a bean counter, so I don't know how much prices effect this
(microsoft does give volume discounts, and support people with clue are more
expensive than MSCEs). You also have to balance increased training costs (a
two edged sword, as increased training in _any_ tool/software/what-ever
improves productivity) verses the costs of anti-malware software, and the
cost when an infection or intrusion occurs, and the probability of that
occurrence.

Seriously, to restate the obvious, it is beneficial for some people in
an organization to avoid the monoculture- specifically to avoid
infection. It's important for the first responders in a disaster
scenario to be somewhat immune to infection.

Yes, though that is stretching a bit. A large part of malware propagation
is human engineering. It is designed to exploit misconfigured or
unmaintained systems.

Or a zero day exploit. Still waiting for the patch (tomorrow).

The "somewhat immune to infection" is often helped
by adequate training and better attitude. The "Slammer" worm went through
microsoft.com like a dose of salts because they admins there didn't want
to install a patch that had been available six months earlier because of
compatibility problems. That's but one example.

Not the most recent example. How about those WMF icons? Redmond, a
little less time on the X box, please. Wait, they know which side of the
their bread gets the butter.


I would /*_insist_*/ that the IT department use another platform, or use
a platform with a proven track record against vulnerabilities.

Just as I would insist that they use the same platform. If IT is going
to maintain the systems, it behooves them to know what they are, and how
to do so. If they're using something else, they tend to lack that
expertise that is needed to get things repaired/returned-to-normal RIGHT
NOW. This also goes along with not allowing the users to fsck up the
setups. In spite of what you may think, windoze can be maintained in a
mode OTHER THAN 'retry/reboot/reinstall/reformat-reinstall' used by
MSCEs. But it takes a more trained individual. The guy who knows how to
tweak /etc/syslog.conf is less likely to know which pulldown menu or
registry key needs to be kicked. Just reinstalling can be done by any
partially trained chimpanzee, but actually _fixing_ the problem is going
to be harder.

I would agree that it is harder, and I have given up trying to memorize
the registry. Fixing problems may be impossible though:
http://it.slashdot.org/article.pl?sid=06/04/04/1426238

As the article says, maybe the gov' needs a few more "trained monkeys" who
at least know how to reset a workstation to a known good state.


That way IT is in position to help in starting the recovery process.
Otherwise, IT is a few steps behind because they will need a known clean
install for themselves first.

That depends on your disaster scenario.

Old guy


I was thinking about another contradiction in my post, even when I
was writing it. Would I run Windows if everyone else ran GNU/Linux to
avoid the monoculture. In other words, what happens when free software
wins? I intentionally left myself an "out" by saying the admin could use a
system with a proven security track record.

I just don't agree with you that the admin should be running the same OS
just so he is familiar with it. I know how to setup Windows and how to fix
simple things, but it rapidly becomes beyond any hope of repair. Have you
ever setup supposedly identical systems only to have one system take much
longer to boot than another? Have you ever tried uninstalling an
application over and over, including smacking the registry, only to be
rebuffed. It gets old fast. Watch for it to become even worse as every
software vendor invokes a unique software activation mechanism, which will
go right to the rootkit level very shortly. It's depressing to think about.

--
Ripley: And you let him in.
http://us.imdb.com/title/tt0078748/quotes
.