Easy Tiger:-) I know you're not trying to be patronising, its cool, however I do have some counter points though:-
> Stop. Your response is nothing but pure fanboyism. This type of > advocacy is ignorant and does nothing to advance OSS in the industry. > Allow me to retort: > > > Security MS = bad, linux=good I couldn't agree more, it IS pure fanboyism born of experience having to compare and contrast the two. And generally watch everything fall over on Windows, and not on Linux. You can rave on all you want about how Windows is secure if you set it up properly, but from the description Jason said of his team, it sounded like they didn't possess the expertise to spend hours turning off all the 'insecure' settings windows turns on as default. And that alone makes linux far better in My humble opinion, because you build it watertight to begin with and then gradually open up the services you want. I decided not to go into that much depth because I don't have time to do Jason's work for him, and I guess that whoever he is meeting with will probably not understand half the concepts we're talking about anyway. > > Any OS is only as secure as its Systems Administrator. I'm not going to > start my typical rant here, I already ran through this with Didier weeks > ago. Yes, MS has a terrible history track. So do other OS's. > There are a number of points to consider: Exploit creators generally focus on > Microsoft because it's the most prevalent (and worst administered) OS; > Red Hat generally has just as many patches released as Windows (if not > more), BUT... ; Red Hat also distributes much more software (3rd party) > with their system than Windows... it would be impossible for them to > audit all of it; etc, etc. MS has a poor track record, has done since People started 'targetting' microsoft years ago. We're not interested in 'other' OS's we're interested in linux. And I'm not aware of it having had a poor track record for a long time. Perhaps you should be reminded that hacking is no fun if you can't do anything, so the reason MS is 'exploited' more frequently is not because people hate MS so much it's because MS is so easy to exploit, it's far more fun. (However this is MY Opinion, as I'm far too busy to actually try hacking anything myself!) Perhaps a fair comparison is a Poor SA on MS against a poor SA on linux. I'd bet my bottom dollar that the poor SA on linux would still end up with a secure enough system. > > What trend does this reveal? Bugs will continue to exist, exploits will > continue to happen. The one advantage Linux/OSS has over the > proprietary market is a *proven* track record of fast patching. *This* > is where Linux/OSS excels. Nevertheless, you're not helping anyone out > by painting with broad strokes. > Perhaps I'm not using broad strokes but Stereotypes. And Stereotypes start from somewhere. Need I remind you of the latest wave of Viruses, that have just struck MS systems. You find me a virus that can get past SSH as easily as MS. > > Access is not a Database Server, unlike SQL Server, mysql is. > > I'm not sure whether you're trying to say "Access and SQL Server both > suck, MySQL is good", or "Access sucks, both SQL Server and MySQL are > good". If the latter, you're ok. If the former, you're actually quite > wrong. While I would *never* suggest that a client run SQL Server, it > actually competes nicely with a number of other popular commercial > RDBMS's. It *is* an enterprise database, like it or not. And yes, it > too has a terrible security record. I did indeed mean to show that SQL Server and mysql are database Servers and Access is not. I was trying to show that there is an option on Windows to use SQL Server rather than mysql, although, mysql is in my experience solid as a rock, and I have yet to find an MS product that doesn't crash regularly. (another sweeping generalisation, but the truth from my own experience). Grrrr Bloomin Age of Empires always crashes when it's been an hour since you last saved your game!!!:-) > > > All software you could want to use on linux is free, as is Linux, > > unless you wish to purchase a set of CD's. MS is not. > > Free as in speech, not as in beer. http://www.redhat.com/download/howto_download.html (where's the price of beer here? It is free to download - or do you mean the cost of the phone bill to download it:-) > > > Apache Vs IIS, no competition. > > I won't argue this point except to say, it matters on the OP's > circumstances. Apache does not have support for full-blown ASP > programming. If that's what their department insists on using (doesn't > sound like it), they're stuck with IIS. Personally, I love Apache... > even on Windows. I've taken full-blown Perl web applications written in > CGI::Application (with HTML::Template inheritance) and ported it > trivially from Linux/Perl/Apache/MySQL to Windows2000/ActiveState > Perl/Apache/MySQL. Coooool. Mod perl rocks, and my one experience of IIS left me feeling cold. I am a perl programmer at heart, so I can understand why I am biased against ASP, but from all the sites I've ever seen the ones that use asp are usually done badly as compared to perl/cgi. I do fully understand that this is down to the individual web developer, but the percentages of bad asp to bad cgi (and by bad, I mean disjointed pages, loss of input variables upon error, etc..) seem to me to be evidence of issues with making sites in asp (not having any asp experience I cannot say for sure, but it doesn't bode well for ASP). > Martin, I don't mean to sound patronizing, but we have to advocate > Linux/OSS in a responsible manner. Please check this out in your spare > time: > > http://www.datasync.com/~rogerspl/Advocacy-HOWTO-5.html > I had a look at your link, and I don't see anything in there that particularly applies to this case specifically. Perhaps the only thing I was guilty of is being a little too glib and contrite through a wish to ensure that Whilst Jason knows the gist of things to look for, he still has to get up off his own (proverbially speaking) backside and hunt the net for case studies, or ask more specific questions, that are more accessible for people on the list to answer. Kind regards Marty -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
