Mailinglist Archive: opensuse (3605 mails)
| < Previous | Next > |
[SLE] [OT] FYI: OpenSUSE vs Vista
- From: "Bryan J. Smith" <b.j.smith@xxxxxxxx>
- Date: Sat, 03 Jun 2006 07:29:08 -0400
- Message-id: <1149334148.2958.61.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
On Fri, 2006-06-02 at 08:56 -0400, George Stoianov wrote:
> and no matter how many review I read I think it is at least 10
> sorry 500 no sorry 1000 better than what MS Windows is and will
> ever be, because of the way it is made. MS is getting to fat and
> too lazy to adapt and change and why should they make the other
> people change.
The problem with Win32/.NET has never been the OS and its core design.
Microsoft stole good code and lured some of the greatest architects in
the late '80s and early '90s. [ Although Google has stolen several of
them in the last few years -- which wasn't surprising ]
The problem is that their own application division utterly _ignores_ the
Win32 and, subsequently, .NET APIs. Everything from embedding DLLs for
IE that bypass Win32 security in the mid-'90s to breaking other NT
subsystems, MAC, RBAC, etc... because "Chicago" (MS-DOS 7.x aka Windows
9x) was the application focus, NT/Win32 has become a bastard of hacks
and security violations from its original design.
.NET/"Longhorn" is just a 1:1 repeat of Win32/"Cairo" -- Vaporware, 0%
actual usage of the _sound_ API, etc...
Especially the fact that you can't install a security fix without
_breaking_ several other security issues. This is the "clusterfsck
integration" of how Windows is designed -- whereas UNIX is "piecemeal."
It's why TCO is a nightmare with Windows servers, unlike UNIX. NT/Win32
was supposed to be more "piecemeal," like UNIX, but that reality _died_
the second Gates gave the "thumbs up" to "Chicago" in 1994 -- and NT
then became Chicago's "bitch."
One of the reasons my MS SQL servers at a Fortune 100 company didn't get
hit by SQL Slammer in January 2003 was because I actually read the
Hotfix release notes of 2 different, latter Hotfixes for MS SQL that
_blindly_uninstalled_ the fix from months earlier that would have
prevented SQL Slammer. In other words, "staying current" with the
_latest_ patches _caused_ you to actually be hit by SQL Slammer!
Unfortunately, about a dozen and a half Windows infrastructure team
members did not know this. So it took down my Fortune 100 company for 3
days! Not only that, but half of Microsoft went down too! The portions
of Microsoft that didn't go down were _not_ feed by Microsoft's own
QA/patch release, but by Altiris -- who caught and mitigated the issue
in their streamed patches.
In the conference call with Microsoft the next week, they were blaming
people for not "keeping current." I saved a lot of butts by showing how
2 newer patches actually "unpatched" MS SQL, and my Fortune 100 company
really gave Microsoft an earful for _not_ being honest -- and "passing
the buck" on to their professionals and partners. I have repeatedly
exposed how Microsoft does this to its _own_ professionals and partners.
And yes, I _have_ seen _many_ people "fired" for buying Microsoft. ;->
Now Microsoft's move to monthly Hotfix roll-ups has addressed _some_ of
the "conflicts." But the core, inter-clusterfsck'd dependencies of
"poor integration" is still the "root cause" -- something that should
have _never_ happened. But most of it, as before, falls on
"Chicago." .NET/Longhorn is a joke -- other than "Indigo" (.NET
Internet services), _nothing_ .NET is shipping in Longhorn.
We already have something like .NET Internet services -- it's called
Java. Not surprising, since .NET 1.x code is _directly_ based on Java
1.1 (Microsoft might have lost the trademark, but a judge ruled they
were 100% entitled to the last codebase they paid for), and .NET 2.x is
largely a refresh of Java 1.4/1.5 code c/o the Microsoft re-license of
Java.
The _entire_ .NET security model (which is very UNIX-like and powerful)
is _utterly_missing_ in Longhorn. We're still stuck with 100%
_bastardized_ Win32 (nothing like the original -- a lot of hacks and
bypasses designed for MS-DOS 7.x).
> Just a brief story:
> ...Yesterday I had to upgrade a Windows XP by putting on service pack
> 2 so that I can test something with .NET, so I check the service pack
> it says 1 I go on MS site and start download it tells me that a policy
> prevents the pack from being loaded over the web ... cut ...
Microsoft will send you a free SP2 CD if you request one.
Microsoft will also let you download it if you prove you have 1 updated
XP SP2 system on your network by using a validator program.
I know it's easy to "complain" about Microsoft, but in reality, a
Windows professional _must_know_ how and where to get the software,
legitimately -- even if they make you "jump through hoops."
I don't think it's worth it, but when my clients tell me they must use
something because they tying themselves to "vendor lock-in" by using the
vendor's latest software, I can't do much by warning them, then provide
services. And that means I'm a competent Windows professional who
_knows_ where to _legally_ get the updates.
And I typically _avoid_ those clients that don't have their "heads on
straight" when it comes to "mitigating risk." But some of their
departments often reality that I'm not only a Linux architect, but I've
been deploying NT since the 3.1 alpha (i.e., I was at the largest
installed base of the first native NT app 14 years ago), so I get stuck
with architecting and integrating NT-based solutions too.
Again, Microsoft _does_ provide a way to download the _full_ XP SP2 and
_all_ post-SP2 Hotfixes. You just have to use a system that is already
updated with its validator. It's _critical_ that if you are a Windows
professional that you not only know such -- but it also makes other
Windows professionals and even Microsoft itself realize that you have
_legitimate_complaints_.
Like I did on SQL Slammer at a Fortune 100 company -- I caught Microsoft
"red handed," especially on their _lies_ and "passing the buck." I've
also exposed serious, base flaws in Exchange 5.5 that were _still_ in
Exchange 2003 -- and the on-site Microsoft support at a Fortune 20
client of mine really got an earful when they started playing the "pass
the buck" game.
> After 2 hours I am ready to now do what I wanted to evaluate a closed
> source security solution. I spent 5 minutes and I have already found a
> major problem .... now I have to fill out 10 forms be on 4 conference
> calls and talk to 5 different people starting with a sales rep ...
> what the ... to explain to them what the problems. I will probably
> never get the name of a developer or try to explain in my own words.
Who? Internal? Microsoft? Independent Software Vendor (ISV)?
Understand that _some_ proprietary software _does_ have value,
especially those that do _not_ use "vendor lock-in" techniques, and
actually win on their merits. If it does not, it would _not_ sell. I
buy proprietary software all-the-time -- but _only_ those that offer
"value."
E.g., Adobe/Macromedia is a company that not only promotes open
standards, but is very "open" with its own, original, but innovative
technology and IP.
The problem is that too many people associate "Microsoft" with
"proprietary." Microsoft products are _not_ "proprietary" -- that would
require them to be compatible with themselves through many versions.
Microsoft is the epitome of "Hostageware."
Software choice is about mitigating risk -- risk to data in 3+ years.
Open Source does _not_ necessarily "reduce" risk. In fact, eccentric
Open Source programs can be _worse_ sometimes.
You _must_ evaluate software on a _per-project/product_ basis for risk.
Don't just assume that by using Microsoft, often a "worst case
example" (and "Hostageware") represents "proprietary" and is always
worse than open source (especially by using its most shining examples).
I discussed these concepts in-detail in my Sys Admin colums back in
January and February of 2005 (beware, they were poorly edited -- last
second requests from CMP Media).
> I hope you are getting what I am trying to say by now. ... this is not
> nice especially when I can post to a forum like this one and get a
> response in 15 minutes with detailed instructions from someone who
> really know my pain ... :). Thank you by the way.
I _agree_ that 99% of Microsoft groups are "people networking" ones. My
local ONTPA (Orlando NT Professional Association) is filled with "people
networking" types, and the list is _never_ used for technical
assistance.
But there _are_ support lists out there. E.g., I help run PC_Support:
http://lists.leap-cf.org/mailman/listinfo/pc_support
It's part of my local LUG's lists (LEAP-CF, Linux Enthusiasts and
Professionals of Central Florida). I'm not trying to "promote" the
group or this list -- but it's certainly a _better_ list than here for
advocacy, comparisons, questions, etc... from some outstanding Windows
professionals (who make me look like a noob ;-).
> I am not saying Linux is perfect or as a matter of fact that it will
> ever be, I do not think that "dumming it down" so that everyone can
> use it will make it better as I do not want what everyone has or want
> to use :).
One thing is that it's not "dumming down." It's really about _not_
"proliferating _bad_ practices." I find 98% of Windows professionals
use _poor_ practices -- or worse yet -- Windows at its foundation is 98%
of _poor_ practices and then people "expect" those out of any UNIX.
Executable installers is one.
Blind associations by extension (instead of file magic) is another.
I could go on.
> And yes I whine and complain from time to time when I spend hours
> figuring stuff out and making them work in Linux, but I know if I get
> so frustrated with anything (like winblows) I can take what I want and
> make what I want ... and this is freedom.
I use Linux because it is _simple_ and has _lower_ TCO.
I can support 10x as many UNIX/Linux systems as NT-based.
If Windows was _easier_ to support, I would do so.
But 14 years of supporting every NT version has told me otherwise.
Now that's just the OS -- people uses applications, not OSes.
[ NOTE: I _never_ and _refused_ to support "Chicago"/MSDOS7/Win9x in my
_entire_ career -- which is a very long story at many clients. ]
On the application front, I don't merely "assume" all Open Source is
better. I evaluate TCO, long-term risk to data, etc... This
overwhelmingly causes me to look to open source and open standards
solutions.
But I have implemented much open standards-based "proprietary" software
as well. Most of that is due to the _superior_ capability of the
software. Some others are due to very "real IP" issues that you can't
avoid.
The key to being an Open Source advocate is realizing the value
proposition of risk and other concerns, and knowing when and how to deal
with the real legal IP issues.
Especially when you are at a Fortune 20 company on a major Linux
integration project and their legal department is considering removing
all Linux because of SCO v. IBM. That's when explaining the SCO v. IBM
lawsuit, in real legal terms and underlying realities, is crucial.
> Even if everyone liked bloody beef (I tried it once to my surprise it
> was not that bad) I like it well done ;) and that is how I will have
> it ... thanks to all the OSS developers that make this freedom a
> reality today :).
Like many "old UNIX wennies," I've been implementing GNU Systems on
SunOS (and, subsequently, Solaris) since _before_ Linux. The value
proposition of a GNU System is "freedom" (or "libre" as I understand
some people don't like the term anymore for various reasons I won't
agree/disagree with).
But "freedom" does not merely stand on its own. There are other things
that are involved. Including real licensing and IP issues. And that
comes down to "risk." If I can lessen "risk" to my customer's data by
using a non-Open Source solution, then I will do so. Especially if it
offers more value in other areas.
--
Bryan J. Smith Professional, technical annoyance
mailto:b.j.smith@xxxxxxxx http://thebs413.blogspot.com
-------------------------------------------------------
Illegal Immigration = "Representation Without Taxation"
--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx
> and no matter how many review I read I think it is at least 10
> sorry 500 no sorry 1000 better than what MS Windows is and will
> ever be, because of the way it is made. MS is getting to fat and
> too lazy to adapt and change and why should they make the other
> people change.
The problem with Win32/.NET has never been the OS and its core design.
Microsoft stole good code and lured some of the greatest architects in
the late '80s and early '90s. [ Although Google has stolen several of
them in the last few years -- which wasn't surprising ]
The problem is that their own application division utterly _ignores_ the
Win32 and, subsequently, .NET APIs. Everything from embedding DLLs for
IE that bypass Win32 security in the mid-'90s to breaking other NT
subsystems, MAC, RBAC, etc... because "Chicago" (MS-DOS 7.x aka Windows
9x) was the application focus, NT/Win32 has become a bastard of hacks
and security violations from its original design.
.NET/"Longhorn" is just a 1:1 repeat of Win32/"Cairo" -- Vaporware, 0%
actual usage of the _sound_ API, etc...
Especially the fact that you can't install a security fix without
_breaking_ several other security issues. This is the "clusterfsck
integration" of how Windows is designed -- whereas UNIX is "piecemeal."
It's why TCO is a nightmare with Windows servers, unlike UNIX. NT/Win32
was supposed to be more "piecemeal," like UNIX, but that reality _died_
the second Gates gave the "thumbs up" to "Chicago" in 1994 -- and NT
then became Chicago's "bitch."
One of the reasons my MS SQL servers at a Fortune 100 company didn't get
hit by SQL Slammer in January 2003 was because I actually read the
Hotfix release notes of 2 different, latter Hotfixes for MS SQL that
_blindly_uninstalled_ the fix from months earlier that would have
prevented SQL Slammer. In other words, "staying current" with the
_latest_ patches _caused_ you to actually be hit by SQL Slammer!
Unfortunately, about a dozen and a half Windows infrastructure team
members did not know this. So it took down my Fortune 100 company for 3
days! Not only that, but half of Microsoft went down too! The portions
of Microsoft that didn't go down were _not_ feed by Microsoft's own
QA/patch release, but by Altiris -- who caught and mitigated the issue
in their streamed patches.
In the conference call with Microsoft the next week, they were blaming
people for not "keeping current." I saved a lot of butts by showing how
2 newer patches actually "unpatched" MS SQL, and my Fortune 100 company
really gave Microsoft an earful for _not_ being honest -- and "passing
the buck" on to their professionals and partners. I have repeatedly
exposed how Microsoft does this to its _own_ professionals and partners.
And yes, I _have_ seen _many_ people "fired" for buying Microsoft. ;->
Now Microsoft's move to monthly Hotfix roll-ups has addressed _some_ of
the "conflicts." But the core, inter-clusterfsck'd dependencies of
"poor integration" is still the "root cause" -- something that should
have _never_ happened. But most of it, as before, falls on
"Chicago." .NET/Longhorn is a joke -- other than "Indigo" (.NET
Internet services), _nothing_ .NET is shipping in Longhorn.
We already have something like .NET Internet services -- it's called
Java. Not surprising, since .NET 1.x code is _directly_ based on Java
1.1 (Microsoft might have lost the trademark, but a judge ruled they
were 100% entitled to the last codebase they paid for), and .NET 2.x is
largely a refresh of Java 1.4/1.5 code c/o the Microsoft re-license of
Java.
The _entire_ .NET security model (which is very UNIX-like and powerful)
is _utterly_missing_ in Longhorn. We're still stuck with 100%
_bastardized_ Win32 (nothing like the original -- a lot of hacks and
bypasses designed for MS-DOS 7.x).
> Just a brief story:
> ...Yesterday I had to upgrade a Windows XP by putting on service pack
> 2 so that I can test something with .NET, so I check the service pack
> it says 1 I go on MS site and start download it tells me that a policy
> prevents the pack from being loaded over the web ... cut ...
Microsoft will send you a free SP2 CD if you request one.
Microsoft will also let you download it if you prove you have 1 updated
XP SP2 system on your network by using a validator program.
I know it's easy to "complain" about Microsoft, but in reality, a
Windows professional _must_know_ how and where to get the software,
legitimately -- even if they make you "jump through hoops."
I don't think it's worth it, but when my clients tell me they must use
something because they tying themselves to "vendor lock-in" by using the
vendor's latest software, I can't do much by warning them, then provide
services. And that means I'm a competent Windows professional who
_knows_ where to _legally_ get the updates.
And I typically _avoid_ those clients that don't have their "heads on
straight" when it comes to "mitigating risk." But some of their
departments often reality that I'm not only a Linux architect, but I've
been deploying NT since the 3.1 alpha (i.e., I was at the largest
installed base of the first native NT app 14 years ago), so I get stuck
with architecting and integrating NT-based solutions too.
Again, Microsoft _does_ provide a way to download the _full_ XP SP2 and
_all_ post-SP2 Hotfixes. You just have to use a system that is already
updated with its validator. It's _critical_ that if you are a Windows
professional that you not only know such -- but it also makes other
Windows professionals and even Microsoft itself realize that you have
_legitimate_complaints_.
Like I did on SQL Slammer at a Fortune 100 company -- I caught Microsoft
"red handed," especially on their _lies_ and "passing the buck." I've
also exposed serious, base flaws in Exchange 5.5 that were _still_ in
Exchange 2003 -- and the on-site Microsoft support at a Fortune 20
client of mine really got an earful when they started playing the "pass
the buck" game.
> After 2 hours I am ready to now do what I wanted to evaluate a closed
> source security solution. I spent 5 minutes and I have already found a
> major problem .... now I have to fill out 10 forms be on 4 conference
> calls and talk to 5 different people starting with a sales rep ...
> what the ... to explain to them what the problems. I will probably
> never get the name of a developer or try to explain in my own words.
Who? Internal? Microsoft? Independent Software Vendor (ISV)?
Understand that _some_ proprietary software _does_ have value,
especially those that do _not_ use "vendor lock-in" techniques, and
actually win on their merits. If it does not, it would _not_ sell. I
buy proprietary software all-the-time -- but _only_ those that offer
"value."
E.g., Adobe/Macromedia is a company that not only promotes open
standards, but is very "open" with its own, original, but innovative
technology and IP.
The problem is that too many people associate "Microsoft" with
"proprietary." Microsoft products are _not_ "proprietary" -- that would
require them to be compatible with themselves through many versions.
Microsoft is the epitome of "Hostageware."
Software choice is about mitigating risk -- risk to data in 3+ years.
Open Source does _not_ necessarily "reduce" risk. In fact, eccentric
Open Source programs can be _worse_ sometimes.
You _must_ evaluate software on a _per-project/product_ basis for risk.
Don't just assume that by using Microsoft, often a "worst case
example" (and "Hostageware") represents "proprietary" and is always
worse than open source (especially by using its most shining examples).
I discussed these concepts in-detail in my Sys Admin colums back in
January and February of 2005 (beware, they were poorly edited -- last
second requests from CMP Media).
> I hope you are getting what I am trying to say by now. ... this is not
> nice especially when I can post to a forum like this one and get a
> response in 15 minutes with detailed instructions from someone who
> really know my pain ... :). Thank you by the way.
I _agree_ that 99% of Microsoft groups are "people networking" ones. My
local ONTPA (Orlando NT Professional Association) is filled with "people
networking" types, and the list is _never_ used for technical
assistance.
But there _are_ support lists out there. E.g., I help run PC_Support:
http://lists.leap-cf.org/mailman/listinfo/pc_support
It's part of my local LUG's lists (LEAP-CF, Linux Enthusiasts and
Professionals of Central Florida). I'm not trying to "promote" the
group or this list -- but it's certainly a _better_ list than here for
advocacy, comparisons, questions, etc... from some outstanding Windows
professionals (who make me look like a noob ;-).
> I am not saying Linux is perfect or as a matter of fact that it will
> ever be, I do not think that "dumming it down" so that everyone can
> use it will make it better as I do not want what everyone has or want
> to use :).
One thing is that it's not "dumming down." It's really about _not_
"proliferating _bad_ practices." I find 98% of Windows professionals
use _poor_ practices -- or worse yet -- Windows at its foundation is 98%
of _poor_ practices and then people "expect" those out of any UNIX.
Executable installers is one.
Blind associations by extension (instead of file magic) is another.
I could go on.
> And yes I whine and complain from time to time when I spend hours
> figuring stuff out and making them work in Linux, but I know if I get
> so frustrated with anything (like winblows) I can take what I want and
> make what I want ... and this is freedom.
I use Linux because it is _simple_ and has _lower_ TCO.
I can support 10x as many UNIX/Linux systems as NT-based.
If Windows was _easier_ to support, I would do so.
But 14 years of supporting every NT version has told me otherwise.
Now that's just the OS -- people uses applications, not OSes.
[ NOTE: I _never_ and _refused_ to support "Chicago"/MSDOS7/Win9x in my
_entire_ career -- which is a very long story at many clients. ]
On the application front, I don't merely "assume" all Open Source is
better. I evaluate TCO, long-term risk to data, etc... This
overwhelmingly causes me to look to open source and open standards
solutions.
But I have implemented much open standards-based "proprietary" software
as well. Most of that is due to the _superior_ capability of the
software. Some others are due to very "real IP" issues that you can't
avoid.
The key to being an Open Source advocate is realizing the value
proposition of risk and other concerns, and knowing when and how to deal
with the real legal IP issues.
Especially when you are at a Fortune 20 company on a major Linux
integration project and their legal department is considering removing
all Linux because of SCO v. IBM. That's when explaining the SCO v. IBM
lawsuit, in real legal terms and underlying realities, is crucial.
> Even if everyone liked bloody beef (I tried it once to my surprise it
> was not that bad) I like it well done ;) and that is how I will have
> it ... thanks to all the OSS developers that make this freedom a
> reality today :).
Like many "old UNIX wennies," I've been implementing GNU Systems on
SunOS (and, subsequently, Solaris) since _before_ Linux. The value
proposition of a GNU System is "freedom" (or "libre" as I understand
some people don't like the term anymore for various reasons I won't
agree/disagree with).
But "freedom" does not merely stand on its own. There are other things
that are involved. Including real licensing and IP issues. And that
comes down to "risk." If I can lessen "risk" to my customer's data by
using a non-Open Source solution, then I will do so. Especially if it
offers more value in other areas.
--
Bryan J. Smith Professional, technical annoyance
mailto:b.j.smith@xxxxxxxx http://thebs413.blogspot.com
-------------------------------------------------------
Illegal Immigration = "Representation Without Taxation"
--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx
| < Previous | Next > |