On Wed, 2003-08-20 at 14:17, [EMAIL PROTECTED] wrote: > As for my downtime: aside from upgrading the web server software, an hour > or two tops. Include the web server software upgrade - 8 hours at most. > My other servers - a couple of hours at most. Over 5 years. To borrow a > phrase from Ron Popeil, system administration should not be a "set it and > forget it" enterprise; regular monitoring and patch installation is a fact > of IT life. Ignoring recommended patches - whether from Redhat, > Microsoft, IBM, or whomever - will bite you in the CPU one day.
Agreed. Uptime is overrated. Security is far more important (unless you want to see real downtime). > My > concern is with _who_ will do the OS maintenance; if we have a > knowledgeable person on-staff who can handle it along with their other > duties, no problem. If we need to outsource that maintenance.... more TCO > to be factored in. Then hire someone who knows and fire the people who don't. End of that story. > Never once has it been suggested that I "recompile the Windows OS" to get > maximum performance from my computer; many's the time I've read > "re-compile the kernel" in response to a question about Linux performance. That's because you can't ;) Whenever you have something that is tuned for the general case, you can always retune it for a specific case and see a performance change. *If* the source code to the Windows kernel were available, you can be certain you'd see plenty of advice on how to recompile to optimize it for a particular task. > I read stories where someone has seen a performance increase after > replacing Windows with Linux, I personally have yet to see it. Anecdotally > (ie, with no benchmarks) my Dell Latitude is about half as speedy running > in Linux as it in Windows. To get the same performance from Linux, would > I need to get a faster computer? Something else to factor into the TCO. It depends on the application. Server-wise, I suspect Linux to be faster than Windows (especially under load). For the desktop, Windows tends to be a bit snappier. Anyone who claims GNOME is faster than Windows is full of it. Partially it's because GNOME isn't mature. Partially because GNOME has features up the $%#$%. Partially because GNOME isn't integrated into the OS. This last point is an important one because it highlights a major difference between Windows and Linux: the GUI is not part of the OS. This has an impact on both performance and security. Performance-wise, GNOME on Linux is slower than Windows. Linux without GNOME is faster than Windows. Security-wise an exploit in a GNOME application or GNOME itself is unlikely to garner someone root privileges on the machine. > You're implication about the size of our servers is spot on - we use > little boxes for little jobs, big iron for big jobs. All covered during > system analysis and requirements planning. It may be worth mentioning that > we're not a Microsoft-only shop; we make use of whatever hardware/software > makes sense for us, our customers, and the application at the time. I've > no doubt that Linux will one day be in that mix. This is really the best approach. I *prefer* Linux, and find that usually it gives the best TCO (and more importantly, flexibility, something I find sorely lacking in the Windows world). However, there is no doubt that Windows (or rather the applications only available on it) has a place. > However hardened the OS may be, history has shown that Linux is not immune > to attack - nor is any other OS that we can mention. Those who think > otherwise are delusional at best. I don't think anyone would claim otherwise. However, Linux is based on a very different model than Windows that makes compromises more difficult and often something less than system-wide when they are accomplished. Further, security is apparently a real concern on Linux, whereas Microsoft has a history of downplaying its importance. Linux is a difficult target now and will continue to get more difficult (2.6 for instance has entirely new security options, some of which will probably obsolete rootkits and eradicate most buffer overflow attacks) while Windows tends to get more vulnerable with each new version. It's simply a matter of priority. Microsoft's priority has and will most likely continue to be (press-releases aside) features and ease-of-use. Or, more to the point, reasons to upgrade <wink>. Linux' priority has always been stability. Security is a big part of stability. > Clever hackers abound, and go after > whatever they can get their grimy packets into. Some OSes are more > "secure" than others. But if you get enough hackers going at an OS, > they'll find a way in. But you don't have to make it easy for them ;) > For me, and probably 90%+ of the admins out there, > it's far easier to recover from a security breech in a MS-based system (or > network) than a Linux-based one. Why? Because it's what we know - and > therefore is likely to be the least costly alternative. This is an understandable argument. Unfortunately it's also a reason I wouldn't hire you ;) I expect consultants to offer the best solution for *my* business, not simply what they're familiar with. > It would be > _very_ expensive for me to try and figure which of the Linux config files > _might_ be corrupted after an intrusion, and only slightly less expensive > for me to hire a Linux expert (such as yourself) to clean up the mess. And the reverse can be said for me. However, that simply says something about what you or I know and nothing about the OS. If you know little about an OS, of course the TCO is high. This argument carries little weight. Intrusion recovery on Windows usually means reinstall. In fact, most severe problems on Windows mean a reinstall. Sometimes even trivial problems mean a reinstall (lost your vga driver?). That certainly does cut down on the amount of knowledge (and sometimes time) needed to recover a system. The deal with Windows is that it's opaque. You and I and everyone knows there is little point trying to figure out why performance suddenly became bad or a driver won't load or it keeps crashing. You simply reinstall. There is a certain appeal to this if you don't mind reinstalling ;) On Linux I would suggest something like Tripwire, with logging going to a remote host. That would take care of finding out which files have been altered. > The > Linux software may be "free", but the services certainly are not. From > $60 or so per hour for one-man shops to $185/hour or more for IBM Global > Services, the costs add up and should be factored into any decision > vis-a-vis platform dependence. The same can be said for any platform (well, except for the free part). Where does Windows somehow escape the cost of service? > In Linux, I use OpenOffice, > Evolution, and various other "freeware". Upgrading those to take > advantage of new features is oft-times kludgy, requiring crossed-fingers > and upgrades to other packages, ad infinitum. This was certainly true in the past, far less so now. Tools like apt and Ximian's Red Carpet have changed this dramatically. > The Linux-based office > suites are adequate for my needs, but anyone who considers themselves an > MS Office "power-user" will likely be sorely disappointed in the Linux > alternatives. Again, mostly a matter of familiarity. Most Linux applications (certainly OpenOffice) are just as powerful as MS applications. It's simply a matter of knowing how to access that power. Certainly learning curve should be figured into the TCO, but that is something that can be amortized across multiple machines and into the future until the employee has left the company. In other words, it matters little over the life of the transition. > At one time we could boast that Linux could perform well on low-end > hardware but such is no longer the case. Linux Likes RAM! As does any > other OS out there. Sort of true. For a desktop, I think Linux is a bit hungrier than Windows. For a dedicated server I disagree. I know of a local website and mailing list (http://www.pdxindgoth.net) that runs on a P100 (they were gleeful that they got a P3 450 a few days ago). Not a very high traffic site but not an idle one either. That site runs at least Apache and Mailman and handles a mailing list with several hundred messages a day. Our company firewall is a P133 with 64MB of RAM. It's running RH8. > I stand by my statement about viruses and worms - as Linux desktops become > more prevalent, so will the Linux-based malware. Why desktops? Because > that's what the "uninformed" (1) will be using and abusing; the same type > of problems we see on Windows desktops will be seen on Linux desktops. Again, Linux is doing much to prevent this before it happens. The newer security models to be available in 2.6 will even prevent someone who gains root privileges from doing much damage. Were Linux development to stand still while adoption increased, this argument (which isn't new) would certainly be true. Certainly exploits are discovered all the time in Linux or the applications that run on it. This has dismayed many people and so something is being done about it. The best Microsoft has to [someday] offer is a copyright protection scheme disguised as a security model (Palladium). Linux will have real security enhancements by the end of the year. This is one of the major highlights of the open source world: people fix things now. I get the distinct feeling that while you are trying to be neutral your admitted lack of Linux knowledge prevents you from being as impartial as you think you are. Regards, -- Cliff Wells, Software Engineer Logiplex Corporation (www.logiplex.net) (503) 978-6726 (800) 735-0555 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
