Re: #define failure opportunity
Lars Hansson wrote: On Wed, 30 Nov 2005 19:37:48 -0500 Steve Shockley [EMAIL PROTECTED] wrote: Like HP? Of course, I wouldn't pay for their level of OpenSSH support. The level of support, or lack thereof, is not issue. It's not really about getting any kind of support at all. It's all about (middle) management covering their backs and making sure there's someone outside the company to blame when the shit hits the fan. You pay someone to be your scapegoat. It's a sad state of affairs but that's how it often is. I do not mean to insult anyone but I just want to chime in here and say that even though I am very grateful to have OpenSSH, SSH.com's product is not bad. The commercial version supports a lot of different complex environments, does more and therefore costs more. For example, there might be many here who may not want X.509 certs in LDAP/OCSP for network authentication but there are sites that do. Overall, SSH.coms' support is good and their product rock solid (the same for OpenSSH). My 2 cents. -Bruno
Re: #define failure opportunity
On Tue, Nov 29, 2005 at 06:12:29PM -0600, Qv6 wrote: Has any company ever approached the openssh dev team and offered to buy a support contract from them? Did they refuse? Come to think of it, why doesn't the openssh team sell support contracts to companies that want it? Or maybe they already do. You don't need to be an official OpenSSH developer to start a company that supports OpenSSH. Start one that focuses on it. Hell, www.opensshsupport.com is even available. I bet some of these companies already support this in some capacity http://www.openbsd.org/support.html Less complaining, more doing.
Re: #define failure opportunity
bofh wrote: Your piddly little company is not a real company, not like Computer Associates or McAfee or Nortons or Microsoft. Now, those are _REAL_ companies. Like HP? Of course, I wouldn't pay for their level of OpenSSH support.
Re: #define failure opportunity
On Wed, 30 Nov 2005 19:37:48 -0500 Steve Shockley [EMAIL PROTECTED] wrote: Like HP? Of course, I wouldn't pay for their level of OpenSSH support. The level of support, or lack thereof, is not issue. It's not really about getting any kind of support at all. It's all about (middle) management covering their backs and making sure there's someone outside the company to blame when the shit hits the fan. You pay someone to be your scapegoat. It's a sad state of affairs but that's how it often is. --- Lars Hansson
Re: #define failure opportunity
From: Qv6 [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: #define failure opportunity Date: Mon, 28 Nov 2005 18:35:24 -0600 ... Intersting news. I once worked for a major Telecom firm that used a commercial implementation of ssh. I was curious and I asked one of the other techies why pay for ssh when openssh is available. Because we can go to the company for support was his answer. I couldn't help but wonder what type of issues people encounter while using openssh. Aside from the usuall software bugs, has there really been any major problems with openssh that the community has not fixed promptly? I'm reminded of the following quote I saved -- can't remember where I found it: Open source code is not guaranteed nor does it come with a warranty. -- the Alexis de Tocqueville Institute I guess that's in contrast to proprietary software, which comes with a money-back guarantee, and free on-site repairs if any bugs are found. -- Rary I certainly couldn't provide the services I currently support without a *lot* of open source software running on OpenBSD. Well, not without it costing a great deal of money.
Re: #define failure opportunity
* Theo de Raadt [EMAIL PROTECTED] [2005-11-28 15:38]: This is why OpenBSD/OpenSSH does not need to hire a spin doctor. Other people do it for us ;) http://www.ssh.com/company/newsroom/article/684/ Heck, I wanna meet the person who wrote that. It's brilliant spin. It's just deliciously evil, and designed so perfectly to maipulate those with deficient weasel-dar. Ford would like to announce the new compatibility mode for the Pinto so that it doesn't explode. Other implentations deviated from the standard in that they did not allow for exploding, we only do this to ease the transition for customers migrating from other non-exploding cars to the Pinto. The huge installed base of non-explosive cars out there is a huge oppotunity for our new non-explosive Pinto. Whoever wrote it I'm sure has a promising career waiting for them in Washington D.C. I really am seriously impressed with it. -Bob
Re: #define failure opportunity
The people who they are addressing are bussiness, and they think in terms of gaining money and loosing money. Open Source Software is a concept they will not understand easily since they don't have a concept of interacting with people without a gain or loss perspective. It is very important that we educate people about what the choice of open source software means. In their terms: You have to invest more _time_ into learning how to use a more complex and better tool. And also to help it improve by providing feed-back. And it's the job of the ssh-salesmen to convince people that they have to invest more money into an easier to use tool. That's the main attraction of their concept: ease of use. # Han
Re: #define failure opportunity
From: Han Boetes [mailto:[EMAIL PROTECTED] The people who they are addressing are bussiness, and they think in terms of gaining money and loosing money. Open Source Software is a concept they will not understand easily since they don't have a concept of interacting with people without a gain or loss perspective. It is very important that we educate people about what the choice of open source software means. In their terms: You have to invest more _time_ into learning how to use a more complex and better tool. And also to help it improve by providing feed-back. And it's the job of the ssh-salesmen to convince people that they have to invest more money into an easier to use tool. That's the main attraction of their concept: ease of use. And here I've just not found OpenSSH to ever be difficult to use. Maybe we can say it's SSH Corp's salemen's job to sell snake oil and back it with FUD, the typical process for swaying people away from OSS to commercial software. DS
Re: #define failure opportunity
It is very important that we educate people about what the choice of open source software means. From a business perspective I don't see this being very important =) If the competition is willing to give me an edge on them, be my guests. /Tony
Re: #define failure opportunity
On 11/28/05, Qv6 [EMAIL PROTECTED] wrote: On Monday 28 November 2005 04:04 pm, Theo de Raadt wrote: This is why OpenBSD/OpenSSH does not need to hire a spin doctor. Other people do it for us ;) http://www.ssh.com/company/newsroom/article/684/ And... thanks to those of you who supported us when they were threatening to sue us years ago.. Intersting news. I once worked for a major Telecom firm that used a commercial implementation of ssh. I was curious and I asked one of the other techies why pay for ssh when openssh is available. Because we can go to the company for support was his answer. I couldn't help but wonder what type of issues people encounter while using openssh. Aside from the usuall software bugs, has there really been any major problems with openssh that the community has not fixed promptly? Not that I don't think openssh is superior for the fact that it *is* open software, I bet that the company in question needs software support lisc. for legal issues. If the software goes tit's up and costs the company N dollar's it is easier to get that money from a commercial entity whom you have a contract with (or more likely get money via a insurance broker of some sort). At least that's the best I've been able to see through that line of reasoning :^) -p -- ~~o0OO0o~~ Pete Wright www.nycbug.org NYC's *BSD User Group
Re: #define failure opportunity
From: pete wright [mailto:[EMAIL PROTECTED] Not that I don't think openssh is superior for the fact that it *is* open software, I bet that the company in question needs software support lisc. for legal issues. If the software goes tit's up and costs the company N dollar's it is easier to get that money from a commercial entity whom you have a contract with (or more likely get money via a insurance broker of some sort). At least that's the best I've been able to see through that line of reasoning :^) Holds true until you realize that the box their software came in has a big orange sticker on it notifying you that they aren't liable for any of that stuff you would expect to be able to get money out of them from. Like I said, snake oil. Don't believe for a moment that vendors don't take every possible precaution to indemnify themselves from having to be responsible for problems you experience as a result of using their software. DS
Re: #define failure opportunity
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Spruell, Darren-Perot Sent: Tuesday, November 29, 2005 2:57 PM To: 'misc@openbsd.org' Subject: Re: #define failure opportunity From: pete wright [mailto:[EMAIL PROTECTED] Not that I don't think openssh is superior for the fact that it *is* open software, I bet that the company in question needs software support lisc. for legal issues. If the software goes tit's up and costs the company N dollar's it is easier to get that money from a commercial entity whom you have a contract with (or more likely get money via a insurance broker of some sort). At least that's the best I've been able to see through that line of reasoning :^) Holds true until you realize that the box their software came in has a big orange sticker on it notifying you that they aren't liable for any of that stuff you would expect to be able to get money out of them from. Like I said, snake oil. Don't believe for a moment that vendors don't take every possible precaution to indemnify themselves from having to be responsible for problems you experience as a result of using their software. DS Software is like wine and lawyers. If it costs more, it must be better. ;)
Re: #define failure opportunity
On Monday 28 November 2005 08:10 pm, pete wright wrote: On 11/28/05, Qv6 [EMAIL PROTECTED] wrote: On Monday 28 November 2005 04:04 pm, Theo de Raadt wrote: This is why OpenBSD/OpenSSH does not need to hire a spin doctor. Other people do it for us ;) http://www.ssh.com/company/newsroom/article/684/ And... thanks to those of you who supported us when they were threatening to sue us years ago.. Intersting news. I once worked for a major Telecom firm that used a commercial implementation of ssh. I was curious and I asked one of the other techies why pay for ssh when openssh is available. Because we can go to the company for support was his answer. I couldn't help but wonder what type of issues people encounter while using openssh. Aside from the usuall software bugs, has there really been any major problems with openssh that the community has not fixed promptly? Not that I don't think openssh is superior for the fact that it *is* open software, I bet that the company in question needs software support lisc. for legal issues. If the software goes tit's up and costs the company N dollar's it is easier to get that money from a commercial entity whom you have a contract with (or more likely get money via a insurance broker of some sort). At least that's the best I've been able to see through that line of reasoning :^) Seriously! How many companies have actually received money from, say, Microsoft for an os or app software that crashes repeatedly, or gets hit by a major virus attack? You never get your money back. You just get support based on your support contract. Has any company ever approached the openssh dev team and offered to buy a support contract from them? Did they refuse? Come to think of it, why doesn't the openssh team sell support contracts to companies that want it? Or maybe they already do. Take a look at Mysql. It started as the work of a couple of guys. Now it is a major enterprise and lots of companies use their product. Openssh comes bundled with every Open Source OS, and some companies ship it with their products, too. So the install base is fairly broad, and I think a separate business can grow around that. Just my $0.02
Re: #define failure opportunity
I dont think a separated business growing around that would be a good ideia? I don't really think so. I am not saying this happened to other projects like FreeBSD, but i switched from FreeBSD to OpenBSD exactly because much of what i saw the first time i started with FreeBSD i could not see since that's time i switched to OpenBSD. Many of my feeling on FreeBSD has been lost since so far. OpenBSD folks, i my point of view, take the right road. I believe they have a strong conviction on the values i don't bargain that. I see very positively, behavior like the one that decided to remove ahc driver support. Of course it is not all good, but i pay the price. I like openbsd just because the project its view of the surround environment/world is not the common (to not say another world) view shared by many alternatives around, including garbage like Linux. OpenBSD may not be perfect, and in this sense, i label it the less imperfect OS for my needs of confidence and peace of mind. I would really love to use it for everything my needs could be. I cannot use it in a multitera byte storage server nor in a 64 processor sparc box, but i do love it. There many thing i believe it could get a better support, real SMP (HIGH performance) kernel, and File System for instance. Anyhow, as i have already stated, i go for OpenBSD. 2005/11/29, Qv6 [EMAIL PROTECTED]: On Monday 28 November 2005 08:10 pm, pete wright wrote: On 11/28/05, Qv6 [EMAIL PROTECTED] wrote: On Monday 28 November 2005 04:04 pm, Theo de Raadt wrote: This is why OpenBSD/OpenSSH does not need to hire a spin doctor. Other people do it for us ;) http://www.ssh.com/company/newsroom/article/684/ And... thanks to those of you who supported us when they were threatening to sue us years ago.. Intersting news. I once worked for a major Telecom firm that used a commercial implementation of ssh. I was curious and I asked one of the other techies why pay for ssh when openssh is available. Because we can go to the company for support was his answer. I couldn't help but wonder what type of issues people encounter while using openssh. Aside from the usuall software bugs, has there really been any major problems with openssh that the community has not fixed promptly? Not that I don't think openssh is superior for the fact that it *is* open software, I bet that the company in question needs software support lisc. for legal issues. If the software goes tit's up and costs the company N dollar's it is easier to get that money from a commercial entity whom you have a contract with (or more likely get money via a insurance broker of some sort). At least that's the best I've been able to see through that line of reasoning :^) Seriously! How many companies have actually received money from, say, Microsoft for an os or app software that crashes repeatedly, or gets hit by a major virus attack? You never get your money back. You just get support based on your support contract. Has any company ever approached the openssh dev team and offered to buy a support contract from them? Did they refuse? Come to think of it, why doesn't the openssh team sell support contracts to companies that want it? Or maybe they already do. Take a look at Mysql. It started as the work of a couple of guys. Now it is a major enterprise and lots of companies use their product. Openssh comes bundled with every Open Source OS, and some companies ship it with their products, too. So the install base is fairly broad, and I think a separate business can grow around that. Just my $0.02
Re: #define failure opportunity
Original message Date: Tue, 29 Nov 2005 19:56:33 +0100 From: Han Boetes [EMAIL PROTECTED] Subject: Re: #define failure opportunity To: misc@openbsd.org The people who they are addressing are bussiness, and they think in terms of gaining money and loosing money. Open Source Software is a concept they will not understand easily since they don't have a concept of interacting with people without a gain or loss perspective. It is very important that we educate people about what the choice of open source software means. In their terms: You have to invest more _time_ into learning how to use a more complex and better tool. And also to help it improve by providing feed-back. And it's the job of the ssh-salesmen to convince people that they have to invest more money into an easier to use tool. That's the main attraction of their concept: ease of use. i asked my friend, a corporate accountant, about why large corporations don't prefer to use open source software. he didn't even address the ease of use issue, but he said that large organizations aren't interested in open source software because it's difficult to audit custom systems for tax and financial statement reasons. he mostly works with publicly traded companies, and it just couldn't be a legal scam unless the money was sufficiently spread around, eh? i wish you could audit the crap that comes out the mouth of a lying CEO and include that as a big red number on the balance sheet. cheers, jake
Re: #define failure opportunity
On Mon, Nov 28, 2005 at 06:10:17PM -0800, pete wright wrote: support lisc. for legal issues. If the software goes tit's up and costs the company N dollar's it is easier to get that money from a commercial entity whom you have a contract with (or more likely get money via a insurance broker of some sort). At least that's the best anyone heard of this happening or heard even a rumour of this ever happening?
Re: #define failure opportunity
On 11/28/05, Paul Pruett [EMAIL PROTECTED] wrote: omg what a load of , to funny, any coporation stupid enough to fall for that story by ssh to buy Tectia ssh and not use openssh deserves to be taken for plus the security issues they will get. That's because there's a huge number of cover my ass type people at work in key positions. If they can't buy support, they won't use it, at least officially. I had proposed making openssh a standard at a Fortune 100 company. The director of security turned it down for 1.5 years, because of support. I was told to evaluate ssh. I asked them for a quote. They quoted me list price. I laughed in their face, and asked for a serious price. It still came to over a couple of million for an enterprise solution. Told them if they wanted serious consideration, they had better not waste my time. Finally got a reasonable price by the director's standard ($100k). In the end, I managed to prevail and got openssh set as the standard, but had to find 3 key people to support ssh. Had to write documentation, which basically was something along the lines of: Old way telnet host Username: enter username Password: enter password New way ssh host Username: enter username Password: enter password Advanced features Some advanced users may wish to explore features such as the -l flag or even using keys. Read the man pages for more details. -Tai
Re: #define failure opportunity
On Tue, 29 Nov 2005 19:19:01 -0800 Sean Comeau [EMAIL PROTECTED] spake: On Mon, Nov 28, 2005 at 06:10:17PM -0800, pete wright wrote: support lisc. for legal issues. If the software goes tit's up and costs the company N dollar's it is easier to get that money from a commercial entity whom you have a contract with (or more likely get money via a insurance broker of some sort). At least that's the best anyone heard of this happening or heard even a rumour of this ever happening? I've heard of it happening, but do not remember anything ever coming of any of them... probably quietly and confidentially settled if anything - otherwise thrown out of court. I've often heard the support argument raised... But having spent some quality time with support from large companies, I really have to say I overall tend to get better support from the web and open source communities. Heh, we used to make little paper cutouts of the support people we were dealing with and put them around the speaker with little captions next to them saying time is money, I'm an idiot, etc.. Ah good times. -- Bill Chmura Director of Internet Technology Explosivo ITG Wolcott, CT p: 860.621.8693 e: [EMAIL PROTECTED] w. http://www.explosivo.com
Re: #define failure opportunity
Chris Kuethe [EMAIL PROTECTED] wrote: ...However, OpenSSH deviates from the standards in its SCP (Secure Copy Protocol) implementation. SSH Tectia Client and Server now incorporate a compatibility mode for OpenSSH SCP, which still uses the old Secure Shell version 1 (SSH1) $vendor is smoking something very funky... Trace below says OpenSSH uses protocol 2 just fine. That caused me to raise an eyebrow as well, but I think they refer to the protocol of scp(1) itself, not the SSH1/2 protocol of the underlying SSH session. The phrasing certainly is confusing. -- Christian naddy Weisgerber [EMAIL PROTECTED]
Re: #define failure opportunity
On Monday 28 November 2005 04:04 pm, Theo de Raadt wrote: This is why OpenBSD/OpenSSH does not need to hire a spin doctor. Other people do it for us ;) http://www.ssh.com/company/newsroom/article/684/ And... thanks to those of you who supported us when they were threatening to sue us years ago.. Intersting news. I once worked for a major Telecom firm that used a commercial implementation of ssh. I was curious and I asked one of the other techies why pay for ssh when openssh is available. Because we can go to the company for support was his answer. I couldn't help but wonder what type of issues people encounter while using openssh. Aside from the usuall software bugs, has there really been any major problems with openssh that the community has not fixed promptly?
Re: #define failure opportunity
Christian Weisgerber wrote: That caused me to raise an eyebrow as well, but I think they refer to the protocol of scp(1) itself, not the SSH1/2 protocol of the underlying SSH session. The phrasing certainly is confusing. I think you mean misleading. :-) -- Matthew Weigel
Re: #define failure opportunity
On Mon, 28 Nov 2005 21:43:34 -0600 Matthew Weigel [EMAIL PROTECTED] wrote: Christian Weisgerber wrote: That caused me to raise an eyebrow as well, but I think they refer to the protocol of scp(1) itself, not the SSH1/2 protocol of the underlying SSH session. The phrasing certainly is confusing. I think you mean misleading. :-) I think you both mean marketing speak --- Lars Hansson
