Is Open Source Insecure?

Roaring Penguin Software ^ | 6-10-2002 | David F. Skoll

[ThePythonicCow]

Are banks that publish the combination ...

You raised the question of whether banks publish the combination. No they don't. That is much the same as asking whether senders of encrypted messages publish the secret code needed to decrypt the message. No, they don't either.

Maybe you were thinking about other open source issues, such as increased opportunity to find flaws. But what you wrote to which I was responding didn't say that.

[tortoise]

Anyone who disses win2k adv server does so out of ignorance.

How good Win2K-AS is depends on your metric. For some things, it still very obviously sucks compared to Unix solutions. For large heterogenous environments like ours, the Windows2K servers are actually the weakest link though we have quite a few windows machines in our server farm for all the applications that require it. Windows is more difficult to manage, scales more poorly, and is still less robust than our Unix servers. Yes, it is a lot more stable than it used to be, but it still fails and generally misbehaves far more frequently than Unix systems (which quite frankly, generally just run forever).

I don't "diss" Win2K per se, but it is still very obviously a second-class operating system in the server environment (third-class if you throw mainframes into the mix). From a development standpoint it blows chunks. For desktops or small, non-mission critical servers it is great.

[tortoise]

Corporations deploy solutions with vendor support. They're not going to run their enterprise on your college dorm platform.

Lots of shops run large Linux servers for mission-critical applications. It is so common that most places don't even give it a second thought. FreeBSD drives huge amounts of Internet traffic at many major sites and holds a number of Internet records for data serving in production environments. I don't know what cave you live in, but Linux and FreeBSD servers are pervasive in server farms and data centers throughout the US and Europe, and for good reason.

Add to that the fact that a majority of all the big routers and switching devices on the Internet backbone run Linux or a free BSD (you won't find a single Windows box acting as a mission-critical Internet infrastructure component), and it makes it clear how valid your opinion actually is on this matter.

[Bush2000]

When you say Oracle doesn't participate, what test is that? Oracle seems to be in every test result set. They used to even crow about their results until SQL Server 7.0 was released and then SQL Server 2000. Then, Oracle starting whining about Microsoft winning.

Apparently, Oracle didn't participate in the Clustered configuration test, MS kicked their Non-Clustered score for half the cost, and Harr thinks it's (gasp)... unfair!

[Bush2000]

Windows is more difficult to manage, scales more poorly, and is still less robust than our Unix servers.

Thanks for the uncorroborated opinion. And I note you left out the issue of cost, as well. Sky's the limit, right, H. Ross?

[Bush2000]

Lots of shops run large Linux servers for mission-critical applications.

Not the kind of shops that are deploying configurations being testing in these TPC benchmarks. If you think so, you're kidding yourself. That's the reason that IBM and Oracle have given short shrift to Linux: It isn't their primary customer base.

Add to that the fact that a majority of all the big routers and switching devices on the Internet backbone run Linux or a free BSD

Again, we're talking about different worlds. See above.

[Bush2000]

You can probably imagine the laughter -- and how red his face was as they dropkicked him into the alley!

The sound you hear, Harr, isn't us laughing with you ... we're laughing at you...

[Dominic Harr]

Have no fear, it's obvious who the fool is!

"The new MS-driven Dell-mobile just did the Longhorn Speedway track in 4 minutes 10 seconds! That makes them the fastest, right?"

"Yes, I guess. Altho -- how fast did Linux drive it?"

"Linux hasn't driven it."

"I see. How fast did the new Sun machine drive it?"

"They haven't driven it."

"I see. So this doesn't mean anything then, does it."

Take a look around you -- no one cared about this test. No one else bought it. Because it doesn't mean what you wish it meant.

You're just soooooooooo clueless about this tech stuff, and are showing your ignorance loudly.

[PatrioticAmerican]

It seems Oracle was submitted in the clustered TPC-C test. granted, it was HP using Oracle, but the results are as follows.

6		IBM e(logo) xSeries 370 c/s	363,129	21.80 US $	05/31/01	Microsoft SQL Server 2000	Microsoft Windows 2000 Datacenter Server	Microsoft COM+	04/10/01
7		HP Parallel Database Cluster Model 02000 C/S	137,260	19.25 US $	06/04/02	Oracle 9i R2 Enterprise Edition	Microsoft Windows 2000 Advanced Server	BEA Tuxedo 6.5 CTS	06/04/02
8		IBM eServer xSeries 370	136,766	16.93 US $	09/20/01	Microsoft SQL Server 2000	Microsoft Windows 2000 Datacenter Server	Microsoft COM+	04/24/01
9		IBM e(logo) xSeries 370 c/s	121,319	18.97 US $	05/31/01	Microsoft SQL Server 2000	Microsoft Windows 2000 Datacenter Server	Microsoft COM+	04/10/01

[tortoise]

And I note you left out the issue of cost, as well. Sky's the limit, right, H. Ross?

Linux and BSD Unix are free, genius. But that isn't the reason it is popular. You are right about one thing though: free Unix is widely deployed at companies where cost is no object. Don't you find it strange that orgs with bottomless budgets have no problem deploying Linux and similar? Again, when you have more than a handful of machines, it is a reliability/maintainability issue. The fact remains that Unix still enjoys a much higher server/admin ratio than Windows2K for a myriad of reasons (which also reduces operating expenses, of course).

[tortoise]

Not the kind of shops that are deploying configurations being testing in these TPC benchmarks. If you think so, you're kidding yourself. That's the reason that IBM and Oracle have given short shrift to Linux: It isn't their primary customer base.

Reality check: Most major enterprise applications that only support Windows clients explicitly support Oracle on Linux back-ends as an alternative to Oracle on Sun or various Windows databases. In the real world, heavily loaded Win2K database servers are not the most reliable beasts for non-stop applications. I've never seen a Windows database server run 24/7 for years under severe load without a hiccup, but I've seen lots of Linux/Oracle configurations do it. For those types of environments, it only takes Windows blowing chunks once before management is looking for a new solution. Mind you, I'm not actually all that keen on Linux as a Unix OS, but it has certainly done a fine job when put to the task in my experience.

Clearly you don't do much business with IBM if you think they are giving Linux "short shrift"; I do enterprise-level business with them regularly and push Linux pretty hard as a solution. They support Linux very thoroughly throughout their product line and have for years. I know a number of companies that have bought very large Linux servers (usually for Oracle installations) from IBM and they have performed extremely well.

As for core routers and switches running Linux and *BSD, it is relevant because you persist in thinking that these versions of Unix are toys. The fact that they are the standard for serious enterprise networking hardware suggests otherwise.

[tortoise]

Oy, that should IBM pushes Linux pretty hard. Most of the time, I don't care, though a lot of companies specifically demand it.

[Rate_Determining_Step]

Nothing new here. Standard answers: "tough", "get over it", "not our problem" in response to barriers to a workable business model.

The rebuf just makes the point better than the original article. In essense, "your screwed, but still you should embrace our licensing model". My response: HAHAHAHAHA

GPL is the functional sliced artery to any company that expect to make money in the software business outside of "consulting".

Just looked at the MySQL site again. Poor saps are begging for money while Larry Elison is the 2nd richest guy in the world with a similar product.

When programmers wake up and realize that they're more valueable than toilet water, they'll have to dump GPL or continue to remain exploited.

I was talking to a software exec that had to pony up a large sum for some developer tools. I was amazed at his cavalier attitude to the cost. His response: "Software is always cheap." Without it, your box is worthless. He's right. He gets things done.

[Bush2000]

Linux and BSD Unix are free, genius

How about Solaris, aquamaroon?!? Forget about that little detail?

[Bush2000]

Have no fear, it's obvious who the fool is!

A little self-realization is good for you, Harr.

Take a look around you -- no one cared about this test. No one else bought it. Because it doesn't mean what you wish it meant.

You're so full of shite. Sun and Oracle didn't care about this test so much that they participated in all the benchmarks. Listen: Do yourself a favor and peddle your lies somewhere else. They're not even modestly entertaining anymore.

You're just soooooooooo clueless about this tech stuff, and are showing your ignorance loudly.

Is this the part where you start lecturing everybody about technology -- particularly security involving cryptography?!? Remember your little debacle over public key encryption, Harr? We, who are familiar with your brand of ignorance, have taken you to the technology woodshed so many times that we've lost count. I'm especially impressed that nobody used JDBC to do their benchmarks. Guess we know where that load of crap fits into people's database strategies...

[Bush2000]

In the real world, heavily loaded Win2K database servers are not the most reliable beasts for non-stop applications. I've never seen a Windows database server run 24/7 for years under severe load without a hiccup, but I've seen lots of Linux/Oracle configurations do it.

Bogus. Fallacy of authority. Not buying. Produce hard data to back it up and we'll talk.

Clearly you don't do much business with IBM if you think they are giving Linux "short shrift"; I do enterprise-level business with them regularly and push Linux pretty hard as a solution.

IBM pushes their most expensive solutions to enterprise clients; namely, DB2 running on IBM servers. If cost becomes an issues, it is only then that they pull out the Linux card. But, clearly, the fact that IBM didn't even bother to benchmark its Linux solutions illustrates that point better than I ever could.