Bad Days at the Office

Strangely, I am constantly bombarded by comments telling me I am wrong to praise GNU/Linux and how M$’s OS never gets malware. Today I read a report that a hospital with 2500 PCs has been shut down for days because malware got into the system. I guess it really didn’t happen and it was just a slow news day…

The hospital has hundreds of servers and 2500 PCs. The servers run UNIX, GNU/Linux and that other OS. We may never know what the malware was or what system was infected but I would bet it was that other OS. HP supplied a lot of the hardware and boasted about it.

Here is a list of tweets from the organization:

SillyFDC is yet another AutoRun virus that has been around for ages. I wonder how many layers of security had to fail to let that one in. Yes, it’s a virus of that other OS.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

150 Responses to Bad Days at the Office

  1. Clarence Moon says:

    You can have your private definitions of the law, Mr. Pogson, but it will not affect commerce. All of the Microsoft litigation in the world has been civil actions. If you want to call that crime, go ahead, but you are all alone.

  2. Clarence Moon denied again,“As to “criminal activity”, there was none. “

    “Crime is the breach of rules or laws for which some governing authority (via mechanisms such as legal systems) can ultimately prescribe a conviction.” see http://en.wikipedia.org/wiki/Crime

    “Section 1:
    “Every contract, combination in the form of trust or otherwise, or conspiracy, in restraint of trade or commerce among the several States, or with foreign nations, is declared to be illegal.”[15]
    Section 2:
    “Every person who shall monopolize, or attempt to monopolize, or combine or conspire with any other person or persons, to monopolize any part of the trade or commerce among the several States, or with foreign nations, shall be deemed guilty of a felony [. . . ]“”

    see http://en.wikipedia.org/wiki/Sherman_Antitrust_Act

    It never ceases to amaze me that visitors to my blog waste everyone’s time defending the indefensible.

  3. Clarence Moon says:

    “Chuckle. Nope. IBM created it by giving M$ sole-supplier status for their IBM PCs”

    Was that not a natural thing to do? IBM didn’t want to do their own OS, so they opened it up for bids and the rest is history. Someone was going to get the business. It turns out that was Microsoft, but that was not an unnatural act.

    As to “criminal activity”, there was none. As to “civil liability”, which was the subject of the Microsoft trials in the US and Europe, they were found in violation of the antitrust laws for “attempting to promote” their monopoly, but, interestingly enough, I think, were not considered to have been successful at doing that and the actions that they took in terms of promotions and manipulation of their code were deemed to not have been useful in actually prolonging their monopoly because the court said that it didn’t need any such help. In any case, there was nothing criminal charged in the US or anywhere else in the world.

  4. Clarence Moon says:

    “Clarence is also wrong to assume smaller means less efficient”

    I don’t see where I said anything at all regarding “efficiency”, but this comment stems from the same cite that you made and presumably is in regard to the non-viability of smaller players in the ultimate mass market.

    It is convenient to propose a lot of little suppliers can replace some fat cat big company, but that has never been the case. If you look at the desktop market, there are a bunch of little guys who sell Linux pre-installed machines that they apparently buy from the white box makers in China and other Asian countries and private label and resell in the US. But the price of an equivalent to a Dell or HP model is always significantly higher than for the real McCoy with Windows.

    It is still less expensive for a user who wants a Linux computer to buy a Windows computer and replace the OS. The Linux vendors live off of the Microsoft haters who are so inept that they cannot manage to install Linux themselves, it seems.

    Supermarket prices are never going to be beaten by the farmer’s market seller, I think.

    The size of the market dictates that big businesses are the only effective way to address the market. If a small seller wants to survive, they have to become a big seller simply to address the volume demand of the market. By your own numbers, there are 360 million PCs sold annually and there are even more than that numerically smart phones, feature phones, and tablets sold annually.

    Whoever is to handle all that business cannot remain as a small supplier and to grow to the size necessary is not a simple task of going down to the bank and getting a business improvement loan.

  5. Clarence Moon wrote, “the Microsoft monopoly arose naturally”.

    Chuckle. Nope. IBM created it by giving M$ sole-supplier status for their IBM PCs, setting the standard for ISVs to produce software for that platform almost exclusively for DOS. That naturally transferred to that other OS named after rectangular regions of screens because it first ran on DOS. That’s not natural. IBM was otherwise very cautious insisting that Intel license others to produce chips and using an open standard for the motherboards and cases.

    Further, M$ illegally promoted the monopoly by exclusive dealings, refusing to sell licences, delaying licensing or charging higher prices to folks who did not deal with M$ more or less exclusively. That’s not natural. That’s criminal activity. They even coded DOS to barf when a competitor’s software was run. Natural is selling a product at a reasonable price in competition with other similar products. By preventing OEMs from putting other OS on PCs, M$ distorted the markets.

  6. Clarence Moon says:

    “That’s a fallacy. Look at Nature.”

    You are not thinking this idea all the way through, Mr. Pogson. It may very well be that some time in the future, the Wintel PC will be replaced by some other product or group of products. For the sake of argument, say that that group of products is the suite of Android mobile devices that you are so proud of.

    But that has nothing to do with my point that the Microsoft monopoly arose naturally due to the costs of being in the mass market business drove out all the Wintel competitors leaving Microsoft as essentially the sole supplier of desktop OS software.

    If Wintel disappears and Android devices take its place, there will still be one dominant supplier of the Android devices. Google seems to want that supplier to be Google and has taken steps to make that happen with their pending acquisition of Motorola. It will take a number of years to tell who is the winner here and maybe you will remember the conversation when it finally happens.

    That is, of course, a big “if” and I would not concede that it will ever occur in that way.

  7. Clarence Moon wrote, “At some level, only one competitor is going to survive since the leader ends up at a level where the prices cannot sustain competitors with smaller shares.”

    That’s a fallacy. Look at Nature. I was out in the bush today. I saw a few deer tracks, no rabbits and no grouse. The reason? The predators are maxed out and about to starve. Once enough predators have starved the rabbits and grouse will return in huge numbers. The natural way society, economies and IT works is that someone will come along with a better mousetrap and do well for a while until the next new mousetrap appears from another sector of IT/region of Earth and power/money/enthusiasm will shift. Nothing is permanent in this. It’s a cycle and M$ is on the way down. They’ve had their kick at the can and held “the lead” illegally for quite a while. That made them fat, lazy and uncompetitive and the rabbits and mice are now being fruitful and multiplying. The other predators are now turning on the alpha dog who will be replaced forthwith.

    Clarence is also wrong to assume smaller means less efficient. China has thousands of entrepreneurs who can make money selling a few thousand units at half the price of the big players. The big players lock in inefficiency. We see that with the ultrabooks. The world wants small cheap computers which Moore’s Law has made more than adequate and Wintel is lining up to play the wrong game. That will go on for a few quarters while the rest of the world ramps up netbooks, cheaper notebooks, tablets and smarter smart phones. The OEMs who feel the need for higher-margin products will be replaced by smaller OEMs growing into the spaces where the big guys are not efficient. Within a year, Wintel will fall apart. The OEMs are on very tight margins and M$ is a big reason why. Within a year OEMs will realize that there’s more money to be made selling small cheap computers running FLOSS. Business needs customers to pay them to produce stuff to be efficient. It is not efficient to have M$ bribe them to produce stuff running M$’s stuff if it’s too expensive. M$ has been getting more expensive year after year as their share shrinks.

  8. The cost of acquiring use of an OS should be the lowest of
    – cost to write your own OS, $billions, these days
    – cost to pay for a licence from M$ or Apple or some other business
    – cost to download a GNU/Linux distro and perhaps some other extra FLOSS apps.

    In most cases FLOSS will be the lowest cost and should be chosen. The cost is likely about $50 counting time as money. Spread over a bunch of seats the price per seat probably gets below $10. Does it make any sense to pay ~$100/seat when one can have an OS that manages the hardware, users, processes, etc (Stuff OS do for us), for much less? No. So the price is a few dollars per seat and the performance is one PC running smoothly to do our bidding.

    It is fair to argue that this costing does not cover the cost of production of the OS but that is covered by others who are willing to share with us. The folks who create the GNU/Linux OS do so for their own reasons and it costs them nothing to share. For example, IBM contributes mightily to Linux so that their blue-label customers will trust that Linux is viable, reliable, efficient etc. Contributing to Linux gives IBM a product and services to sell. It costs IBM nothing that Linux can be used for $0 by millions of other ordinary folk. Those folks are not IBM’s customers. IBM also gets an OS at lower cost than doing it on its own. That’s smart business. RedHat similarly wants GNU/Linux to be a great OS so people will desire it and hire RedHat because of their special expertise. Same goes for a lot of hardware makers who want their stuff to be price-competitive due to the lower cost of a FLOSS OS. FLOSS works for everyone.

    The desktop is a special case because very few businesses make tons of money from GNU/Linux. RedHat provides it basically so that it can support servers supporting those desktops but RedHat also pushes management of hordes of PCs and thin clients. A lot of the applications in GNU/Linux desktop systems are not supported directly by large businesses except in the case of databases and OpenOffice.org/LibreOffice/FireFox/Chrome but the other software still gets built because people want particular applications runing on their GNU/Linux systems. Developers of that software benefit greatly in that they don’t have to pay for licences for the FLOSS libraries they use. That reduces their cost of development and gives them platform-independence too because FLOSS does not lock them in. It all works and it keeps getting better.

  9. Kozmcrae says:

    “Ah, Yes More twerp noise to ignore…”

    Well then, ignore it.

  10. oldman says:

    Ah, Yes More twerp noise to ignore…

  11. Kozmcrae says:

    “As I have said many time, business is Bu$ine$$. It is not a charity nor is it, when push comes to shove a, socialistic commune.”

    If you’ve said it “many time” then why do you repeat it? You really like see your opinions in print @ldman.

    Why don’t you number them instead like business is bu$ine$$=#1 and applications, applications and applications=#2 and so on. Then you could just say something like: “As I have said many times Pog #1. The real meat of a business environment is #2.” See how it works? You could just number all your pet phrases. I surprised you haven’t thought of it before.

  12. oldman says:

    “The purpose of vigorous competition is that the consumers/the economy get the best deal. ”

    That is a side benefit Robert Pogson, and indeed only one possible outcome of a process whereby business attempt to get ahead of each other, capture market share and if possible dominate a product and/or market segment.

    As I have said many time, business is Bu$ine$$. It is not a charity nor is it, when push comes to shove a, socialistic commune.

    The fact is, within the bounds of government set limits, anything goes.

  13. oldman says:

    “Business should and do compete on price/performance.”

    You are continually harping on price/performance, Pog. It occurs to me however that we have never had a clear definition of what you think it should be.

    Care to enlighten us?

  14. Clarence Moon says:

    Competitors are harmed by one company giving the best deal and customers abandoning suppliers who cannot match the deal. At some level, only one competitor is going to survive since the leader ends up at a level where the prices cannot sustain competitors with smaller shares.

    That is what Microsoft did to Netscape Navigator with their supplying IE at no charge with Windows. Navigator was a better browser at first (remember IE 1.0 :-)) and most people just got a copy of Navigator themselves. Around IE 3.0, most people thought it was just as good as Navigator and there wasn’t any reason to go to the trouble to get Navigator. IE being free prevented Netscape from charging for Navigator, too, and eventually Netscape sold out to AOL.

    Consumers got browsers for free and now with Chrome and Firefox, they are assured that will continue.

    FLOSS is an interesting concept in its original form, namely that a group of providers will contribute to a common product and mutually benefit from its use and continued development. I think that can only work where that common interest of the group does not further competition. If the common interest ever becomes a point of potential product differentiation and market advantage for the participants, then the parties are going to be reluctant to “share” anything that can put them at a disadvantage or causes them to lose their advantage relative to the other participants.

    All the smart phone makers can now mutually benefit from using Android and each may assist Google in ongoing development or fixing defects. I do not know personally how much of this actually occurs, but it can happen in theory.

    Once Google’s purchase of Motorola Mobile is complete, though, is it going to continue? If Google can get an edge on competition and offer a better product by keeping some improvement in Android under its hat, are they not legally required to do just that since they have fiduciary responsibility to their stockholders and so cannot do anything that would deliberately cede business share to a competitor?

  15. Clarence Moon wrote, “Competitors were doubtless harmed, that is the very purpose of vigorous competition it would seem.”

    Nope. The purpose of vigorous competition is that the consumers/the economy get the best deal. When competitors are harmed consumers don’t get the best deal unless the monopoly is regulated appropriately. That’s not the case here. Instead of planning to compete, M$ planned to eliminate competition. It’s frightening how close they came to succeeding thanks to a gutless US government.

    Business should and do compete on price/performance. M$ competed on NDAs and exclusive dealing. IBM’s original grant of monopoly was a terrible mistake driving IBM from the PC business. Fortunately Lenovo ships GNU/Linux with impunity now either to large buyers or with no OS to smaller.

  16. Clarence Moon says:

    QED by whom, Mr. Pogson?

    Competitors were doubtless harmed, that is the very purpose of vigorous competition it would seem. Consider your own chortling over Microsoft’s presumed loss of market share due to the FLOSS movement. Netscape was harmed, even destroyed, by making browsers and web servers into zero revenue items. Apache had as big a hand in Netscape’s demise as Microsoft, perhaps bigger.

  17. Competition was harmed. QED

  18. Kozmcrae says:

    To Clarence and @ldman. You can revise Microsoft’s history all you want but history is finally catching up with Microsoft. And history’s a bitch.

  19. Clarence Moon says:

    It isn’t irrelevant, Mr. Pogson. If what they did was not illegal, then all you can say is that they were diligent with their investor’s money and did all they needed to do to efficiently build their business.

    According to the highest courts in the land, they did not harm competition via any illegal acts. You have to be fair.

  20. oldman wrote, “Again, No conviction that stood.”

    Irrelevant, M$ did what they did whether you call it illegal or not.

  21. Clarence Moon says:

    The claim “so the assertion that M$ was convicted of nothing is plainly wrong” refences the original finding of law by the lower court judge that ordered the breakup of Microsoft. On appeal, however, that entire finding was either reversed or remanded back to the lower court and the judge was fired due to violating ethics.

    If that is the basis for Mr. Pogson’s attitude vis’-a-vis’ Microsoft, his view needs to be revisited.

    In the redeux, Microsoft was found in violation of the antitrust laws but those violations were judged to not have actually harmed competition and no corrective action was ordered. Rather, there were two overview committees established, one by the judge due to her rulings and the other by the states and Justice Department who had previously settled with Microsoft. The states that did not settle basically got the same settlement as those who had. Microsoft eventually paid all the legal costs involved.

    So they were guilty, but all of the monopoly formation and things that they did to assert their original contracts were not found to be illegal. It is a little confusing and long-winded, but when you get to the bottom of the thing, it is not really so bad.

  22. oldman says:

    “so the assertion that M$ was convicted of nothing is plainly wrong.”

    The conviction was overturned on appeal and the judges rulings vacated, if I recall with prejudice by the appeals court.

    The DOJ offered and Microsoft then agreed to oversight.

    Again, No conviction that stood.

  23. oldman says:

    “You seem to think we are just dying to know your opinion on everything, but really @ldman, when it comes to you and what you spew forth day in and day out, we’re just dying.”

    More noise from the twerp.

  24. Kozmcrae says:

    “Whoever I am Mr. K, at least I’m not a little twerp like you.”

    You don’t know who or what I am @ldman because I don’t flaunt myself upon the other posters on this blog like you do.

    We all know that you too (imagine that!) are a user of FLOSS. Big freakin’ deal. Everyone is a user of FLOSS. I use proprietary software but you don’t see me harping on it like it’s some kind of major sacrifice. We all know too well your opinion on applications. You can’t help but state it every day.

    You seem to think we are just dying to know your opinion on everything, but really @ldman, when it comes to you and what you spew forth day in and day out, we’re just dying.

  25. oldman wrote, “Microsoft was convicted of NOTHING Pog,”

    M$ was convicted. That’s irrelevant. They did the deeds.

    “411. Many of the tactics that Microsoft has employed have also harmed consumers indirectly by unjustifiably distorting competition. The actions that Microsoft took against Navigator hobbled a form of innovation that had shown the potential to depress the applications barrier to entry sufficiently to enable other firms to compete effectively against Microsoft in the market for Intel-compatible PC operating systems. That competition would have conduced to consumer choice and nurtured innovation. The campaign against Navigator also retarded widespread acceptance of Sun’s Java implementation.

    This campaign, together with actions that Microsoft took with the sole purpose of making it difficult for developers to write Java applications with technologies that would allow them to be ported between Windows and other platforms, impeded another form of innovation that bore the potential to diminish the applications barrier to entry. There is insufficient evidence to find that, absent Microsoft’s actions, Navigator and Java already would have ignited genuine competition in the market for Intel-compatible PC operating systems. It is clear, however, that Microsoft has retarded, and perhaps altogether extinguished, the process by which these two middleware technologies could have facilitated the introduction of competition into an important market.

    412. Most harmful of all is the message that Microsoft’s actions have conveyed to every enterprise with the potential to innovate in the computer industry. Through its conduct toward Netscape, IBM, Compaq, Intel, and others, Microsoft has demonstrated that it will use its prodigious market power and immense profits to harm any firm that insists on pursuing initiatives that could intensify competition against one of Microsoft’s core products. Microsoft’s past success in hurting such companies and stifling innovation deters investment in technologies and businesses that exhibit the potential to threaten Microsoft. The ultimate result is that some innovations that would truly benefit consumers never occur for the sole reason that they do not coincide with Microsoft’s self-interest.”

    That’s from the findings of fact. No matter what you think of M$ or what M$ paid people to rewrite history, M$ did those things, documented by their own internal memos.

    “ORDERED, ADJUDGED, and DECLARED, that Microsoft has violated §§ 1 and 2 of the Sherman Act, 15 U.S.C. §§ 1, 2,”

    That’s from http://www.justice.gov/atr/cases/f218600/218633.htm
    so the assertion that M$ was convicted of nothing is plainly wrong.

  26. oldman says:

    “All this posturing about morality is avoiding the elephant in the room, that M$ repeatedly and persistently messed with competition by exclusive dealing, bundling, and extortion rather than by competing on price and performance which M$ easily could have done for more than a decade.”

    Rationality? Microsoft was convicted of NOTHING Pog, Yet you repeatedly keep insisting that your estimates of their behavior count more than the law of the land in the US. Is that rational? You are the one who insists that they should be banned from doing business, in spite of the fact that they have been convicted in a court of law of NOTHING that would even begin to allow such a thing. Is that rational?

    This is your Blog, Pog. I am not even presuming to dispute your right to your opinion. Forgive me Pog, but from my viewpoint the vehemence with which you prosecute that opinion sure seems to me as taking the whole discussion out of the rational.

    IMHO Any benefit that Microsoft may have derived from what happened in the 90’s has more than been offset by a huge pile of negative publicity. They have become the IBM of their era in terms of being the bad guy.

  27. oldman wrote, “an irrational reality – Robert Pogsons hatred of Microsoft.”

    That is not irrationality. I am the most rational human I know. Give me numbers and words describing reality, not personal impressions, any day.

    It is not my hatred of M$ that causes their share of PC shipments to fall, but competition in the market which M$ has avoided any way it could for many years. All this posturing about morality is avoiding the elephant in the room, that M$ repeatedly and persistently messed with competition by exclusive dealing, bundling, and extortion rather than by competing on price and performance which M$ easily could have done for more than a decade.

  28. oldman says:

    “It is a waste of time to throw down the gauntlet on a personal level, no matter how irritating it gets, Oldman. You just encourage the stalking, taunting, and brilliant one liner posting.”

    Thank you for your feedback Clarence. It is indeed frustrating to have to check ones experience at the door when engaging in this discussion, especially when one is being sandbagged by our resident Aussie Linux troll.

    To be frank, I am not sure that an honest discussion can be had on this subject. It seems that that no amount of rational debate can push through what is in the end an irrational reality – Robert Pogsons hatred of Microsoft.

    In spite of this I will continue to comment when I see fit as I see fit on Pog’s posts, until he chooses to finally ban me as he has so many others who challenge him.

  29. Clarence Moon says:

    It is a waste of time to throw down the gauntlet on a personal level, no matter how irritating it gets, Oldman. You just encourage the stalking, taunting, and brilliant one liner posting.

    For an honest discussion you can only point to corroborating cites or rational arguements. When the talk changes to anecdotes that assert some expertise of one’s own, you know you are past the point of useful information exchange and can only become more frustrated.

  30. oldman says:

    “just forget about telling us how wonderful your work is and how great it is to be you.”

    Whoever I am Mr. K, at least I’m not a little twerp like you.

  31. Kozmcrae says:

    “They are unlike you peers who respect me and whom I respect and whom I listen to. I even learn useful things from arrogant bastards similar to you who cross my path.”

    Wow @ldman, that’s some pedestal you’ve put your self on. I suppose your other teammates have put themselves on pedestals too just to keep up on the same level as you.

    You know @ldman, you kind of remind me of Barney Fife. You can create any kind of world you want here on the Internet. And you do. You are the only one who does so for the most part. Why bother. Nobody knows if it’s real or not so it’s better to just forget about telling us how wonderful your work is and how great it is to be you.

  32. Good IT can be done anywhere, even in the bush. I too find cities noisey and crowded. Some of the communities in which I have worked have no “stop” signs but there are still thousands of people living there who need Internet access, hardware and software support and education.

    It is indeed arrogant to presume that someone who works in the bush is less than competent. Some of the most competent people are also those who love the out of doors. I would not trade anything for the smell of a pine forest loaded with mushrooms or the taste of the water or fish from a northern lake. People all over the world are implementing similar solutions for educational IT that I do and they work in huge schools in wealthy cities.

    e.g. Skegness Grammar School
    “It grew through the need to teach ICT using something reliable,” remarks Garry, “I feel we have better curriculum facilities than any school running Windows – and with far more reliability. As part of our computing specialism we are doing a full network Linux install in one primary school and we are trialling ScholarPack in another.”

    The school has found support from the free software community to be excellent. Asked if he would do anything differently if he were to start the process again, Garry stated that he would probably employ consultants to support the design and deployment of the system, but that in the long run he felt that support should be in-house, commenting that “with LTSP one techie can look after quite a large network”

    see an article in Free Software Magazine.

    Skegness Grammar School has been in existence for 500 years and only accepts the best and brightest. I don’t think they would run second rate IT. They stand well above average on national tests in the UK (95 percentile). Skegness is a small city of 19K people.

  33. oldman says:

    “Its your own arrogance you presume to know where the best will be. So of us who are the best don’t like cities. Too noisily don’t sleep well in them.”

    Not to mention the fact that it makes you, like myself, are nothing more than big fish in a small pond.

    “O well the day will come that you mistakes will catch up with you oldman.”

    Not likely. I am a member of a team made up of people with different backgrounds. Part of what we do is to check each other and prevent problems that might effect the task at hand. They are unlike you peers who respect me and whom I respect and whom I listen to. I even learn useful things from arrogant bastards similar to you who cross my path.

    As a result I will survive and retire as a well respected member of the organization.

    On the other hand, I am willing to bet that no one will give a crap when you are gone…

    As far as all the rest above noise is concerned you can take it and shove it up your backside sideways!

  34. oiaohm says:

    oldman
    “You are by your own description doing itinerant IT in the middle of nowhere australia. This is not a job that anyone who is a “good” as you are would willingly.”
    Maybe you have not allowed for something. I love the job. It a job that I willing choose. In fact I asked for it. To the point leaving one company to do what I do. Its harder working in outback but the people out there are many times nicer. Something goes wrong they don’t bark at you as long as it was not your fault. They are closer to nature and accept that not everything is under human control.

    I grew up in outback Australia oldman. I love the land. Being an IT officer is not what I become willingly. I damaged my back a long time ago. So I cannot to aerial mustering or horse back or even motor bike.

    So yes I love being in the middle of nowhere camped with no one for a 100 kms+. Even better I am paid todo it.

    You are inferior oldman you keep on presume to know me. Does not my designs show that I am highly skilled, very well trained and very experienced.

    I am pick your level to me by the quality of examples you are giving oldman. Most of the time they would be something I would be pulling up new staff for doing that is wrong. You want me to see you as equal lift your game.

    Example after example from you oldman has been lower quality than what is acceptable. Maybe who you are working for has not learnt the lessons why the level you are being allowed todo is unacceptable.

    Its your own arrogance you presume to know where the best will be. So of us who are the best don’t like cities. Too noisily don’t sleep well in them.

    O well the day will come that you mistakes will catch up with you oldman.

  35. oldman says:

    “I accept the realities of the Weaknesses in Linux and the Weaknesses in Windows. Common mistake is thinking I am pro FOSS. Yes I know the weaknesses of both very well.”

    For someone who knows both you sure do sound like a linux bigot sir.

    “No its pride comes before a fall. oldman. You have tones of pride you just don’t want to admit it to yourself.”

    All if this noise that you have posted is irrelevant to me. You are by your own description doing itinerant IT in the middle of nowhere australia. This is not a job that anyone who is a “good” as you are would willingly. Couple that with you unique way of insulting anyone who you believe is “inferior” leads me to believe that you are reaping the whirlwind of your own arrogance.

    If you wish this exchange to remain civil, then I suggest that a good way to do this is to keep noise like you just posted about me to yourself. I do not respect your opinion and I do not want to hear it. If you attempt to comment on my abilities in the future you will be told in no uncertain terms where to put your opinions.

    Period.

  36. oiaohm says:

    No its pride comes before a fall. oldman. You have tones of pride you just don’t want to admit it to yourself.

    You will be unable at some point to maintain your current level of productivity. For the simple fact you are not ready for the worst a disaster can throw at you oldman. The solutions you have describe to me would be equal grade as the hospital that end up off line for 2 days+. So yes your network could fail to meet dead lines due to infection.

    Yet you are arguing to me that it does not need fixing. What you have is equal to a car that runs fine but has broken breaks. You are going to crash an burn at some point. No logical sense here.

    Your pride is how solid virtization is. There is no base in fact that virtization is going to be virus clean. Broken virtization or admin error will bring you down here.

    Your pride that you are above sneaker net or incompetence not knowing sneaker net effects. Being aware of sneaker net and allowing for it would have shown you the clear flaws in your recovery plan.

    Claiming oldman status you should remember that before the internet computer viruses still got all over the place transferred person to person. This is impossible to 100 percent stop.

    I do expect to have to teach IT Officers who have been in the game less than 10 years about Sneaker net and its effects. I should not have to be teaching this to a old hand oldman other than if they have developed to much pride in there own skill for there own good.

    I accept the realities of the Weaknesses in Linux and the Weaknesses in Windows. Common mistake is thinking I am pro FOSS. Yes I know the weaknesses of both very well.

    I accept the fact even the best IT officer can make a mistake. Even the best team of IT officers can make a mistake as well oldman.

    Do you accept the fact that you could be the one to possibly infect the network with a zero day infection. If you don’t you have too much pride in your own skill oldman or your own isolation from being able to cause harm.

    I get called as over using Linux by people like you oldman because simply you are not doing the grade work I am. So have not learnt yet that using Linux for particular jobs is not optional is the only option that will work perfectly sold for it.

    You just did here proved me call you incompetent was not baseless oldman. Inexperienced might be more correct not studied or had enough disasters yet to know what is required so are still making major novice mistakes in design of disaster management plans.

    Think oldman how many times I mention use windows and Linux correctly. You have been the one with the major anti-linux desktop bent. I really don’t have a anti-Microsoft bent. I sell the Microsoft products to people of all things oldman for where it fits.

    Calling what I am doing specialist shows how out of touch you are oldman. There are tones of documents that work you threw getting the basics assembled to restore networks quickly. http://www.linuxjournal.com/magazine/freeboo-open-architecture-network-dual-boot

    Catch is oldman all the good articles how todo are in Linux books. So a person who is not upto date on what Linux can do is missing critical options that should be included in the disaster management design stage.

    Also calling me a specialist shows you have too much pride in what level you are. That a person who is your better has to be a specialist. Sorry I am not a specialist. I just work in a lot stricter areas that does not tolerate newbie design errors.

    Basically its about time you deal with your pride issue oldman before the day comes and it deals with you.

    “my own way”. Do you think for one min what I am doing with LTSP and other techs is my own way. Its not the method is documented over and over again. It the common way to get the lowest downtime possible with the most secuirty possible and the lowest reinfection rate possible.

    Of course each time the method is altered to what the customer needs as well. Is this my own way no. Who is the customer of IT services.

    When it comes to a company the entity that is the company. The entity that is the companies needs come before the staff since if the entity that is the company is dies the staff lose there job.

    This is your problem oldman you are putting the user before the entities needs. So IT should never been your own way. It should always be what you believe the entity requires. If it is your own way by your own believe you should be fired as a IT personal now because you would be just as bad as that guy pushing OpenOffice out incorrectly. Except your is the reverse it has to be Microsoft it has to be Microsoft I have seen many companies go under with IT Officers like this at the lead.

    Do you know what your most dangerous pride is.

    Pride that you will be able to cope with a disaster without planning it out properly. The idea it does not need fixing now. This is why most people die in disasters and cause most business with IT failures to go under.

  37. oldman says:

    “Using the solid solution requires you oldman to bite your pride and except good enough instead of demanding perfection all the time. ”

    THis is not about pride sir, it is about the difference between using tools that make allow me to maintain my current levels of productivity and meet deadlines and tools that would require me to stop and fix what doesnt need fixing now.

    ” Perfection is not reality.”

    An interesting observation, Mr. oiaohm, and one that along with your 70% solutions and your microsoft VAR status I take as a tacit admission of the realities of FOSS and Linux.

    Realitits that I am very much aware of and which I deal with in my own way.

  38. oiaohm says:

    oldman besides at the way the Linux Small business class distributions are going. The tech I am using will become almost perfect out the box standard in those in a few years.

    Microsoft really needs to lift there recover from disaster handling.

  39. oiaohm says:

    oldman
    “They are non portable and custom to your site. They require you or someone like you to maintain them, update them, and dry run test them. ”
    Windows image installs require dry run tests as well.

    In fact the only non portable bit is the signing keys that bind the sets and the list of applications to auto install that will be wrong for a different site. Anyone who understands debian preseed or redhat kickstart can create a system to rebuild it self clean as central with all current updates installed before coming fully on-line. Little more study is required to use LTSP or DRBL. Both of those you can hide clonezilla in for deploying Windows images in back ground. Both debian and redhat based can chroot install the other in background and apply the latest updates.

    Oldman the simple point is what I am using is almost bog standard tech. If you have a Linux tech of any form and he cannot build what I am using without the signing system that Linux tech needs to go and do some training courses. Since that Linux tech skills are not as good as they should be.

    For those not advanced enough to be using signing keys. http://www.gnu.org/software/grub/manual/grub.html#Network Grub on a disk can get pretty darn close for the clients.

    Current syslinux site is off line but we are using isolinux out of that loading a custom pxelinux that checks a few more things on clients. Even the default pxelinux can lock down fairly solidly. We are not using anything special other than fixing 1 weak point.

    Oldman you are just making the normal argument here. That a proper done job require some magical specialist. True 100 percent proper job does require a specialist to the little extra hardening. But once you have that oldman you can use it over and a over again. General Linux tech can take advantage of it. 99.9 percent can be build with a General Linux Tech.

    Heck can you big your virualisation tech without trained staff be maintained either. Answer is no you need someone taking care of that beast all the time.

    The tech I am using should not be light years ahead of any organization these days due to the numbers who have Linux doing web servers.

    I have gone a different path oldman. 100 percent solid path. We don’t waste resources one solution deals with what ever might happen. We have our baseline and our operational line. Baseline is what we can promise to give as long as the computer run.

    If building had burnt to ground we could have people who should be working in that building back online as soon as we have a new location for them to sit. I guess if one of your building burnt to ground you would be in trouble oldman.

    Robert Pogson with a little thought would be able to replicate what I am using every quickly since he is already using 90 percent of the tech required. Its just working out how to put clonezilla and chroot installing in background without hogging the network connection. Not hard its just Quality of service settings.

    A Linux tech not skilled with LTSP or DRBL could take a few attempts to get everything right. This is one of these things you get it right once and you basically know the tricks and can do it again and again. You are talking less than a 4 days for someone to come off the street and build a solution like this. I truly do mean off the street and given the manuals by the Linux OS makers and a description of what they have to build.

    Remember you are dealing with a person who works with a group that does test everything. We know what requires specialist and what does not. Most of this does not. Heck most of this does not require qualified IT officers to build it because the documentation of the different projects is so good.

    You really have some big balls to say to me what I am doing is specialist. Only reason you think this is that you have never attempted the way we deal with the problem oldman. Since it non windows way its not valid to you so you have never tried it oldman.

    “Assuming that they learn from their mistakes”
    We learnt from our failures. This is how come we have a system that looks the way it does.

    So oldman keep on trying to push a Windows solution down my throat that does not work. We have learnt this from the mistakes we have had happen.

    Basically pull your head in oldman. Your solution does not work you just don’t have the experience under you belt to know this or you have been not learning from your mistakes mostly because you have not thought there is another option. I am a trouble shooter. My I have done myself directly solo over 30 cases of network infections oldman. I have done a lot more as part of teams.

    You really need to try the LTSP(with applications pushed local)/Clonezilla/chroot/Bacula hybrid and find out what a solid solution feels like and what its maintenance cost is.

    Why Bacula to make backups of the infected machines so we lose no data. Also provides comparative scanning at one location allowing you to find infections that anti-malware will miss. Reason why we need a time window. Also reduces the ammount of scanning that has to be run. So the amount of cpu time that is required to get a all clear status.

    At this point where your recovery tech is this the 80 20 Linux Windows split now starts making critical sense. Since if 80 percent of staff are on Linux they have 100 percent functionality in time of criss without requiring extra hardware to support them.

    Using the solid solution requires you oldman to bite your pride and except good enough instead of demanding perfection all the time. Perfection is not reality. Oldman you are just like a lady putting on make-up to cover defects that are coming from toxic exposure from the makeup.

    Of course what we are running LTSP could be providing a citrix client so uses think they have Windows. But that is a extra cost and extra risk to be running at start line of recovery. The solution we are using will allow you to rebuild your network while in thin terminal mode without having to move the users.

    By the way the makers of clonezilla and DRBL do this image out while running Linux for the last 10 years. Solid and dependable tech. You are 10 years off the game oldman.

  40. Clarence Moon says:

    “Assuming and dividing” may not be the right way to calculate MS Office use anymore, Mr. Pogson. If you look at Amazon or Dell, at least, it seems that all Windows computers automatically come with at least the Office Starter edition of MS Office which includes Word and Excel. You can “upgrade” to the full product by entering a key that you purchase on-line.

  41. oldman says:

    “How many of these disasters have you managed?? oldman. I think not enough directly to even understand what the network guys end up having to fight. So you don’t know the mistakes that could have destroyed all your existing. Why you design to recover must depend on 0 existing being there.”

    This all sounds quite impressive, but in the and its ultimately irrelevant. The world is NOT Austrailia, Mr. oiaohm. Your views on security remain in the bigger scheme of thing your views. They are non portable and custom to your site. They require you or someone like you to maintain them, update them, and dry run test them. Such a setup is light years beyond an organization such as the one in question.

    Assuming that they learn from their mistakes, what is needed is a better maintenance of what they have now. Only when this is done should they begin to investigate other solutions.

  42. Not so. Look at licences for M$’s office suite. They are being sold for only a fraction of PCs. Assuming all revenue for Business segment was for M$’s office suite and dividing by the price of a licence gives a tiny number of PCs per quarter.

  43. oldman says:

    “Did you miss the recent news in the last 2 years about web hosts having like 10 000 + sites infected in one hit from inside vmware and xen hypervisors because the hypervisors got busted. Hypervisors are not 100 percent bullet proff.”

    Citation please.

  44. oiaohm says:

    “How Mr. oiaohm?: USB upload is disabled into the recovery VDI by default and is only enabled on request. The USB/external device is scanned before upload. ANti malware support is enabled at the hypervisor level to catch any issues on the wire.

    And even IF the infection were to somehow slip through the virtualized desktops along with any malware are destroyed when the session ends.”

    We did have the bad luck of catching one of the virtualization busters. So we know that the idea that malware is destroyed when session ends is wishful thinking oldman when taken on a worm/bot. Some of the more advanced worms/bots have them. So end of session was not enough if your virtualisation system is old it many not have all its flaws patched to prevent it being busted. paravirtualisation to increase performance in virtualised instances are the most common locations of the bugs allowing something in virtualization to reach out to host and infect host. Did you miss the recent news in the last 2 years about web hosts having like 10 000 + sites infected in one hit from inside vmware and xen hypervisors because the hypervisors got busted. Hypervisors are not 100 percent bullet proff.

    In your backup plan have you rebuilt all your images in your virtualisation clean. Because if a master image there is infected the files coming out of the virtualisation server can be generating new sources for the infection for the infection to find it way back from. Exactly how long has the infection been in your network unnoticed???
    Long enough that the infection could have entered one of your images when you added an application to it?
    Being a bot/worm it could have still added stuff to images you anti-malware cannot detect yet. So you have to presume yes every existing image is infected virtual or not.

    Yes your visualisation images could be destroyed by sneaker net and you cannot see it yet. Direct user transported files. Sneaker net refers to a network made by people transporting disks/data. Not a normal wired network.

    There are critical reasons why everything against the infection has to be the latest and clean and isolated properly. Physical isolation not software based isolation. Its fastest to achieve latest and clean from scratch with Linux.

    Notice all the levels you are using. I am using less but everyone audited and rebuilt. Run locally like we do the instance does 100 percent end when that machine powers off. Users don’t have to keep the machines that are possibility infected running. Means to pull physical power switch on a instance is about the only 100 percent sure solid way to end a instance.

    Detection we are not depending on. We have also learnt this with a few of the zero days we have had that depending on Detection is stupid. Anti-malware is next worthless against zero days sometimes for a few months until there signatures catch up. You cannot delay fixing up the mess for a few months while detection software catches up.

    You never asked. How I am sure my central server in the repair is clean. In the 6 hour process its really part of the 1 hour disruption creating a completely new instance from the pressed recovery disk inserted into host machine. Yes latest updates and all.

    Nothing used in recovery from worm/bot class malware by us existed before the process started other than the highly audited bootloader disks and the disk designed to create a new central server instance to rebuild everything by acquiring new data.

    It is possible if we don’t have internet at time to rebuild from installation disks but this is not preferred due to the risk of secuirty flaws that should be closed still being open.

    What we are doing is 100 percent scorched earth policy oldman. Effectively we could restore our network from the ground up on new hardware in 6 hours. Brand new hardware. 24 hours to give ourselves some play room to be fully 100 percent on-line.

    Lets say your building has been leveled like sep 11. Could you get back on feet. The system I am using copes with physical destruction of hardware just as well as it copes with virus infection oldman.

    Why train two different drills more drills more human error. oldman. One of the big issues after Sep 11 was the destruction of software license paperwork. FOSS what license paperwork to trace down.

    70 percent restore of desktop operations is protected by this method no matter the trouble we are going to be running up against. Staff here are ready for the worst possible.

    Basically ours is a Unified threat mitigation plan.

    Can your recovery function if the ISP has cut internet connection due to detected virus infection?

    Yes Australian ISP’s do cut your internet connection off in case of detected infected computers for as long forever. So remote site crap can be next to worthless. Reason the ISP cuts all your company accounts at once with that ISP. You are now off the air. Welcome it Australian conditions. Sending malware is a breach of the telecommunications act if they get really nasty all phone lines and company mobiles can be dead as well for calling anyone other than 000(ie emergency). So yes 100 percent of the air is possible. How this will happen is if you were taken off the internet due to being infected and ask to have internet restored and still be infected. ISP will take offence here and really ruin your day. So moving from just a IT disaster to a complete disaster were no client can contact you. So I have no right to risk the company on a solution that might not work. Mine has to work first time no second chances oldman.

    Yours what is the smallest space you can store it in?
    What I am using is small enough to be stored in a PO Box or other small commercial lock box.
    How fast can you ship it to being on site?
    Again small as fast as a person with a box can get there.
    Cost of off site storage of off site recovery hardware?
    Ours cheap gain.

    The exact design you described oldman we have seen crash and burn. Costs a fortune in compare to what we do as well.

    How many of these disasters have you managed?? oldman. I think not enough directly to even understand what the network guys end up having to fight. So you don’t know the mistakes that could have destroyed all your existing. Why you design to recover must depend on 0 existing being there.

  45. oldman says:

    “Second rate option oldman. 70 percent is my baseline. If a person is not get 70 percent functionality back they did not have a terminal to use when the disaster started. There is no leaving users out in the cold because we don’t have enough resources or budget.”

    I have to admit that I am impressed at the thoroughness of your thinking. You do indeed know your solutions. If course the real issue with your solution is in the end yourself, Mr. oiaohm. Your solution doesnt scale, because in the end it needs your presence or the presence of a determined individual with your combination of skills to succeed. Those are rare skills and expensive ones. The reality is that the “experts” on the linux side are more like the idiot geek in the situation that Phenom’s described, who only succeeded in disrupting a working office and probably guaranteed that Linux on the desktop will not even begin to get near that office. So long as that is the situation, Organizations like the one in question will simply pick up the pieces and 99 times out of 100 go right back to what they know.

    Hopefully the will have learned from this experience.

  46. Clarence Moon says:

    And I forgot the biggest item of all which is using Outlook for all scheduling and mail.

  47. Clarence Moon says:

    MS Office is the status quo almost everywhere, I think, at least everwhere that I have ever worked. For a long time, I had a company laptop that came with MS Office stuff and I used it for “working at home” which was once the rage. Now I just attach whatever computer I am using to my company network and can used stuff on that network directly with the security code from my key fob and personal password, so I don’t need MS Office on my home computer anymore. Ironically, my last PC laptop came with Word and Excel at no additional charge and I understand that anyone with an older PC can buy a 5 license pack for home use at Target or other retailers for under $100.

    I don’t think, though, that anyone who is not already working somewhere and using MS Office would bother with any office suite. No one writes documents at home, they email if they have a lot to say or they tweet or post on facebook for most other stuff.

    Anyone who has an office job will understand, I think, that all this worry over MS Office or Open Office is a thing of the past. My work computer is set up with dozens of company apps that are used for things that we used to have to fill out forms or enter spreadsheet data. Big documents are still in Word and Visio and presentations are PowerPoint and we run them around with SharePoint. Day to day stuff, like an expense account or vacation request, are apps that the company has created for the purpose and they connect directly to the accounting department or HR or where appropriate.

  48. My point is that too many organizations are not making any choice. They just stick with M$’s office suite, which is a mistake. Monopoly costs money and wastes resources when the price is arbitrary. Would a business choose only Cadillacs? Nope. They would choose a variety of vehicles to meet their needs including rental/leased. Why do they not do that for software?

  49. oldman says:

    “M$’s office suite should not be the default anywhere.”

    But that is the choice of the organization Pog.

  50. oldman says:

    “Sorry to have to be the one to give you the bad new oldman but your design will fail. Users doing there work will infect the virtual instances.”

    How Mr. oiaohm?: USB upload is disabled into the recovery VDI by default and is only enabled on request. The USB/external device is scanned before upload. ANti malware support is enabled at the hypervisor level to catch any issues on the wire.

    And even IF the infection were to somehow slip through the virtualized desktops along with any malware are destroyed when the session ends.

  51. oldman wrote, “Software is chosen by function and feature based on the needs and requirements of the organization”.

    That should be the case but it often is not. Consumers look on retail shelves for products. They don’t see LibreOffice there. They don’t see GNU/Linux in many places so FLOSS is not even on the menu of choices. Consumers are not IT specialists. They don’t make proper choices. If they did they would say GNU/Linux + LibreOffice is more than good enough. In businesses with IT support, the IT guy or some PHB makes the choice and the end users do not. It’s about the same. These guys usually use what was there before, again not making a choice. I’ve been in schools where the office staff have M$’s office suite but all the students and teachers have OpenOffice.org. That works very well. If something important comes from on high, a PDF is sent. M$’s office suite should not be the default anywhere.

  52. oiaohm says:

    Phenom issues like you just described is why the 80 20 split exists.

    The guy was not obeying IBM designed migration guides. By 2006 proper guides to do the migration existed. That IT officer should have been sent to the wolves just on those grounds.

    Robert Pogson and me might not give the person back MS Office installed on there machines. It might be a shared virtual instance for those odd documents that are problems.

    Again it about addressing required functionality at most suitable cost. Copy of MS office on every machine could be overkill.

    Also that guy showed poor homework on the HR department I guess it a common document they fill out as well Phenom.

    Really Phenom some homework for you find the IBM guide that described how to prep a migration and see how many things that guy did wrong. The excel case that was strong armed here the documents were internal and Excel was left in place until the documents were migrated. The issue the accountant was not liking the idea of being migrated.

    So the error you are talking about I would not have done.

  53. Phenom says:

    Oldman, your story about the 20MB Excel sheet reminds me of a real story at my wife’s job (head of hr in a middle-sized state administration office), where they hired a Pogs-spirited guy for a system administrator.

    One beautiful day (back in 2006) that guy removed Office from the computers in the whole HR department, and replaced it with OpenOffice. Then he started insisting that OO does everything fine, right, etc, you know the lines. Unfortunately, that very same day my wife had to fill in a DOC form with fields, sent out by the Ministry of Health, and return it back by the end of the day. Needless to say, OO failed miserably here. In the turmoil that followed, the system admin accused MS, and had refused to install MS Office back.

    The next day that poor moron was sacked, and given a rather embarassing job reference.

  54. Phenom says:

    Pogs, you say it yourself – “You probably did this when you set up your new PC by selecting the option to “Help protect Windows automatically.”

    On the first run, Windows asks users whther they want to turn on automatic updates, and option “On” is bold, in large font, with label “Recommended”. In other words, MS poitns the correct choice to you, and leaves users a way to opt out, if they wish. That has been around since XP.

    In effect, you blame MS for not forcing an automatic update policy on all their users. Weak, Pogs, weak.

  55. oiaohm says:

    oldman
    “You could have implemented a system to allow the desktop reboot into a thin client that implemented the citrix client that would attached to a windows terminal services system.”
    Are you trying to make me laugh. Because this is down right funny.

    A standard citrix client that allows you to re-image the machine while user is using client is Linux terminal server solution if you wish to reimage the machine while the user is using it anyhow oldman. Don’t you know your solutions????

    It is lighter to run firefox and other tools locally in a Linux terminal server solution that is Linux all the way trough so the windows virtual provide in citrix or other means can be off line being audited. This is what the 6 hours allows.

    I don’t need as much duplication of hardware as you do. LTSP in Linux allows me to have particular applications running locally using the cpu they normally would have been using to perform there work and direct DRBL allows me to push the workload 100 percent to the desktop machine.

    oldman
    “Yes, and in our case the end result was the investment in the BI suite that the accountant really needed. That was what got the 20Mb spreadsheet from hell retired, not any strong arming.”
    The result was the same here in the end. Wrong software for job better software for job was found. Even better platform neutral stuff that can run from a livecd if required.

    Thing was the serior accountant had tried strong arming. Does not work. It should not work because its not good for the entity that is the company. Serior accounting should have been talking threw solutions with department effected instead of trying to go over that departments head and apply own will.

    Sorry to have to be the one to give you the bad new oldman but your design will fail. Users doing there work will infect the virtual instances.

    “their personal productivity can be shot to hell because, after all it is an emergency.” What you are not getting we have found at 70% percent functionality or higher the productivity is not disturbed. Not in the slightest. You are not allowing for how good staff are at reordering there work.

    If we remained at 70% for more than 48 hours then there is a effect to productivity. Even so quite minor. Comes critical to return to 90 percent functionally by 72 hours. This could be bring virtual instances of windows online if data recovery has to be performed on particular machines.

    The 24 hours in Linux mode gives time to scan media and other files users wants to exposed back to the the window system. So reducing reinfection risk. Since there is no productively cost doing this its not a issue.

    oldman
    “Correct. The network Guys here have implemented an “isolation network” that allows them once detected to quickly isolate infected systems. The department is then notified of the problem. The departments either handle it directly or are assisted.”
    LOL destroyed by sneaker net.

    Sorry we have already run the crap you are talking about oldman. It don’t work. You are not allowing on the sneaker net effect. That makes stopping infections so hard. The sneaker net can be a person mobile phone they sync these days. They don’t think of it as a memory stick device that needs scanning.

    70 percent functional 100 percent audited and basically insanely resistant to infection. Is a very good starting point. We have had to pull our virtual windows instances that are share between Linux clients off line due to infections that got into them. What brings you down is when the infection is in the data.

    Note I get 70 percent functionally back to all staff. A few windows instances are in my mix. But there are only a few for particular applications that will not work on anything else and are required. Oldman.

    So just like yours “The key users who are accommodated actually get back 90-100% of what they have.” Yes all my key user are 90-100% normally inside 3 hours from start of disaster.

    Everyone is at 70 percent or higher in the system I am using oldman. There is no poor person left out in the cold completely.

    “The systems at that site include a virtualized desktop infrastructure containing sufficient virtualized windows workstation instances to provide those people who need to get work done access.”
    Basically this sufficient says you are not restoring service to everyone. People miss out so unexpected productivity damage can happen.

    Someone needs to do something they are are not on the List because normally they would not need to so they don’t have a allocated set in the restore system.

    Second rate option oldman. 70 percent is my baseline. If a person is not get 70 percent functionality back they did not have a terminal to use when the disaster started. There is no leaving users out in the cold because we don’t have enough resources or budget.

    Scary part here oldman you have spent more money for poorer results. Large percentage of staff are at 100 percent functionally for there needs on Linux oldman.

    Oldman price your solution at standard commercial prices. Not education discount. You will find it one hell of a cost to have your kind of system there all the time.

    We are working on the presume that all currently installed instances have been breached when we start the 6 hour clock oldman. That their is not a single thing that does not have to be reinstalled. Ground Zero basically. You are operating with presumes that stuff has not been breached.

    Every switch every router everything gets audited. Seeing different response here. Strict correct and fast. We what to be 100 percent sure we got it inside 48 hours so we can return to normal operations without worry.

  56. oldman says:

    “GNU/Linux has every right to be on the enterprise desktop as much as Microsoft does. Same goes for servers, mobile, tablets, notebooks and the rest of it. There is nothing that is done with Microsoft that can’t be done with GNU/Linux.”

    Lets deal with reality here. Software has no rights. Software is chosen by function and feature based on the needs and requirements of the organization. The Linux desktop does indeed have the disadvantage of being a johnny come lately arrival in an environment that already has solutions that work. This may not seem fair to you, but to borrow a phrase from a fellow poster, “Stiff Briskets”. Just because the linux desktop is here and you like it doesnt mean thyat it has some god given right to just be there.

    It is also a fact that there are plenty of desktop tasks that either cant be done with linux based desktop software or which require a lot of extra work to accomplish the same tasks. I know of few people who will willingly take on extra work for no reason just because the solution is “not microsoft”.

    “As long as you think and state otherwise will be as long as I will be a thorn in your butt.”

    And as long as Pog insists on white washing the issues of working in a pure linux/FOSS world, I will be commenting here as I see fit.

    As far as your comments on my posts are concerned, if you insist on being a jerk and just trying to heap abuse, I will respond in kind. If however you state your positions as you have actually started to do, then I will respond civilly and Pog will have the IT discussion that he purports to actually enjoy.

  57. oldman says:

    “Linux terminal services system that can reinstall systems that are infected or other damaged while allowing that machine to be in productive usage for something while it being fixed.”

    I seems to me that for someone who claims to work in shades of grey you seem to reach for the linux solution quite often. You could have implemented a system to allow the desktop reboot into a thin client that implemented the citrix client that would attached to a windows terminal services system. Your users could then continue working without disruption.

  58. oldman says:

    “The task must be performed is number 1 oldman. How it done is always number 2. User happiness means nothing for a task that must be done. How critical a task must happen alters the rules completely. Oldman really how many tasks do you have on your network that must be done no matter what.”

    The tasks that need to be done no matter what are on systems that are duplicated at our disaster recovery site. The systems at that site include a virtualized desktop infrastructure containing sufficient virtualized windows workstation instances to provide those people who need to get work done access.

    Note that I said WINDOWS instances. That is the difference between us, Mr. oiaohm. Our setup accommodates the reality user requirements by providing the same environment. Your solution just shoves the linux desktop down their throat on the assumption that 70% functionality is better than nothing and besides, their personal productivity can be shot to hell because, after all it is an emergency.

    Where we part the ways is that you have worked to purpose built a recovery environment without regard for requirements and rely on you position and the situation to impose it without having to worry about buy-in.

    IN contrast we have built the same recovery environment using the software that our users actually use. The key users who are accommodated actually get back 90-100% of what they have.

    Of course building a recovery environment like outs isn’t as cheap as yours. It does however have the advantage of meeting user needs.

    “Senior IT Officer and Senior Accountant have same direct access to SVP.”

    Yes, and in our case the end result was the investment in the BI suite that the accountant really needed. That was what got the 20Mb spreadsheet from hell retired, not any strong arming.

    “They better not let a network get in a state that a no matter what task cannot be done. I guess the school network has nothing in the no matter what class.”

    Correct. The network Guys here have implemented an “isolation network” that allows them once detected to quickly isolate infected systems. The department is then notified of the problem. The departments either handle it directly or are assisted.

  59. oldman wrote, ” the Senior Accountant with his 20Mb excel spreadsheet”

    That’s a strange concept. Why doesn’t the Senior Accountant use a relational database that will scale with the business instead of something awful? A good rule of thumb is that a spreadsheet should be converted into a database long before one spends more time scrolling around than working or going for a cup of something while waiting for a change to propagate through the thing. Assuming 8 bytes per cell, 20MB means 2.5 million cells or a 1200X1200 array of cells, or 100 sheets 120×120.

  60. oiaohm says:

    oldman
    “Perhaps joe order entry clerk has no say, but the Senior Accountant with his 20Mb excel spreadsheet and the SVP’s ear will cut your proverbial jollies off if you attempt to ram your ham handed security policies down his throat.”

    In fact yes I been order sort out the Senior Accountant so there excel spreadsheets work in LibreOffice pain in but of job converting all the VBA macros. Senior IT Officer and Senior Accountant have same direct access to SVP.

    Issue was solved very simple when SVP was giving the operating requirement to handle something in SillyFDC class yes a bot class infections. That windows would have to be taken off line until it could be cleaned up and reserve network brought on-line that if done in MS Windows would cost a hell load more. So the Senior account was asking for IT Officers to support something that was non profitable.

    This puts the Senior Accountant in one hell of a bad location leading to the Senior Accountant work going to a full and detailed inspection looking for other areas of money wasting.

    Basically high grade Senier IT Officer more often than not wins disputes since we are doing stuff to protect profitability of business by having redundancy. SVP don’t do things that put profitability of business at risk particularly when they are placed in a location they have to sign off knowing the risk.

    Senior Accountant basically got told by the SVP stiff briskets get use to libreoffice. Books must always be doable no matter how bad of condition the IT network is in.

    The task must be performed is number 1 oldman. How it done is always number 2. User happiness means nothing for a task that must be done. How critical a task must happen alters the rules completely. Oldman really how many tasks do you have on your network that must be done no matter what.

    You just have not been in the commercial world enough. Your arguments are bogus oldman anyone working commercial sees them as such. Those no matter what tasks are what commercial admins have to live with. They better not let a network get in a state that a no matter what task cannot be done. I guess the school network has nothing in the no matter what class.

  61. Kozmcrae says:

    “People are not going to dump their software whole sale to go to elsewhere when they are getting useful work done, especially when the “risks” can be mitigated if not effectively eliminated with some judicious use of software and a little bit training that anyone even an apparent sh-twit like you, could have mastered! ”

    People are dumping their Microsoft software and every year that goes by, more and more are doing it. Microsoft is selling gold plated software. Your whole argument is based on the fact that people have always used Microsoft products. That has nothing to do with the value of their products but from their unique position in the history of the personal computer. It could only happen once.

    You can use whatever you want but I’m not going to let you get away with saying GNU/Linux is not suitable for others by inference or by insinuation. GNU/Linux has every right to be on the enterprise desktop as much as Microsoft does. Same goes for servers, mobile, tablets, notebooks and the rest of it. There is nothing that is done with Microsoft that can’t be done with GNU/Linux. As long as you think and state otherwise will be as long as I will be a thorn in your butt.

  62. oiaohm says:

    oldman
    “Microsoft has “horrendous” issues? My point is, what of it! People are not going to dump their software whole sale to go to elsewhere when they are getting useful work done, especially when the “risks” can be mitigated if not effectively eliminated with some judicious use of software and a little bit training that anyone even an apparent sh-twit like you, could have mastered! ”

    I have the risks eliminated as much as able. By a mixture of Linux and Windows. Linux terminal services system that can reinstall systems that are infected or other damaged while allowing that machine to be in productive usage for something while it being fixed.

    The idea that dump software is require is the problem. Also you do find that it is 80 20 split. 80 Linux that is simple to reinstall with 20 percent windows that is pain in but and require a lot more care.

    You cannot train staff to not be idiots try as much as you wish it is not going to happen. Even threat of death is not enough to stop staff making idiot mistakes. Leave a dial home usb key laying around and 90 percent of the time you will recover it.

    Problem I have with you oldman is your logic patterns are not tuned to the shades of grey required to reduce downtime. You are two black and white for your own good.

    Kozmcrae language and style is the common frustrated long term commercial admin. They hate windows by the end. For how many times they are blamed for stuffing something up and it traces to MS documentation and other things.

    Oldman think a mistake by a commercial has cost the boss money so they are out for your hide.

    Commercial admins get very little tolerance for what they class as BS. BS is that Windows works or can be made work by admin effort. They have seen enough cases they cannot trust that fact at all.

    The risks of windows cannot be mitigated by windows alone. You cannot reinstall windows while a user is seeing a thin terminal interface that they are using on the machine using windows alone. Yes you can reimage this require Linux or some other OS in mix but that is not truly reinstalling with the latest security patches.

    There is a limit to what Windows can do Oldman. Linux Freebsd Solaris even OS X can be reinstalled in way that the desktop appears operational even that only at that time being installed on the harddrive of the machine and the reinstalled machine when it first boots has the latest version of the software with all the latest secuirty fixes so reducing risk of reinfection.

    Yes this is something Windows machines do have happen from time to time is reinfection before all the new secuirty updates are applied after a reinstall. Why. Windows update stops party way threw applying updates and will only apply more after the machine has rebooted. Total nightmare in after disaster recovery is windows due to this bad behaviour. MS only recently promised they will address this in Windows 8.

    To get past the limit of Windows requires accepting another OS on the desktop as well to give a buffer to windows limits. Once you done that is only a small step to drop a percentage of windows machines so that you have machines that after disaster you can always bring back on-line with the latest version of software. So most resistant to attack.

    Heck you can even update the anti-virus signatures in a Linux, Freebsd, solaris and OS X clean install. So absolutely nothing is out of date on it first boot ever.

    Remember I don’t have to make images to have a install that is absolutely upto date first boot with Linux Freebsd solaris or OS X.

    This is a huge weakness in Windows. Nothing you are saying oldman makes these facts go away.

  63. oldman says:

    “When you are in a business to make money. Complaining users can be and quite regularly are offset by budget limits and secuirty to prevent downtime. As soon as you start work a commercial setting you should change you methods oldman.”

    Perhaps in some places, but as you probably know it isnt always that cut an dried. Perhaps joe order entry clerk has no say, but the Senior Accountant with his 20Mb excel spreadsheet and the SVP’s ear will cut your proverbial jollies off if you attempt to ram your ham handed security policies down his throat.

    Assuming that you are allowed to get anywhere near him by YOUR management, that is.

  64. oldman says:

    “No, you are trying like Hell to muddle the argument into anything that is not about Microsoft’s horrendous issues. The “bigger picture”, what a load of BS @ldman.”

    Look a$$hole, I am not muddling anything. I dont give a crap about your little games. You want to call me names, have at it. Hopefully Pog will see that it is one of his partisans who is crapping on his blog and dump your sad a$$.

    Or he can ban me for that matter, It is a matter of indifference to me either way.

    Microsoft has “horrendous” issues? My point is, what of it! People are not going to dump their software whole sale to go to elsewhere when they are getting useful work done, especially when the “risks” can be mitigated if not effectively eliminated with some judicious use of software and a little bit training that anyone even an apparent sh-twit like you, could have mastered!

    So you have to ask yourself O tortured one.

  65. oiaohm says:

    oldman not one of the linux kernel secuirty patches for the last 2 years required a reboot.

    Of course you have to use ksplice to apply patch and be paying for the privilege. This is cheaper than a anti-virus for windows. Its optional to reboot mostly based on how penny pinching you are.

    oldman
    “Security spook for a high security network.”
    I am running at a higher security level than you. I am not running a Spook level. I do not pass spook level. I am too Nice and Value my Life too much. They are people I don’t like because of there complete lack of care for people other than if they will be alive or not and sometimes preferring not alive that the person is alive is the problem. Yes at spook level reason why I don’t want to go there is at that level IT Office for secuirty reasons is expendable. If it secuirty of the network or your life. Do you thinking being dead is good user experience?

    This is what I am getting at higher you go less important the user is. To the point if they complain they can be placed 6 feet under for attempt to lower secuirty.

    This is your problem oldman you are too low to know what a Spook level operator is. We call them Spook because they are the walking dead in many ways. Please don’t call me the walking dead again.

    oldman
    “IN my world not only does user experience count, but those users have no problem complaining to the deans of the schools who can and will make their displeasure known to our CITO.”
    Number 1 this because you are in a school a low secuirty operation very low.

    When you are in a business to make money. Complaining users can be and quite regularly are offset by budget limits and secuirty to prevent downtime. As soon as you start work a commercial setting you should change you methods oldman.

    Really you are the one in the special case my equals who stay in cites would respond exactly the same way that user experience lower importance.

    Downtime will not send a school bankrupt due to not meeting contract requirements. Commerical world the business has to meet it contract requirements come hell or high water. About the only gape to this is a natural disaster. IT disaster you will be in breach of contract.

    The same basic rules do apply to a school that I operate from. But the rules you are apply in a school don’t apply to commercial IT. Remember commercial IT is the majority.

  66. Kozmcrae says:

    “In fact there are even some kernel patches that require system reboots just like windows.”

    Of course anything that changes the kernel will need a reboot. Where did I say otherwise…? Nowhere.

    How often does Windows need a security patch?

    “Nope. I am bringing in the bigger picture that you are IMHO willfully ignoring in your zeal to bash a specific vendore you dislike.”

    No, you are trying like Hell to muddle the argument into anything that is not about Microsoft’s horrendous issues. The “bigger picture”, what a load of BS @ldman.

    Lose the insults? Lose your BS @ldman and I’ll seriously consider it. This is not your blog and you are a pompous ass if you think you can give orders around here. Suggestions? Yes. Orders, no. Let me give you an honest observation. You are full of yourself. That’s why you would even consider saying such a thing let along saying it. You think you can get on Mr. Pogson’s good side. As far as I can see, he only has a good side. He is far too tolerant. I would have to be a lot worse for him to knock me off of his blog here from what I’ve see of the Microsoft gutter rats.

    I will continue to call you names until I see some honest words from you. Until I no longer see you try to derail the discussion into some kind of GNU/Linux dirty laundry session.

    Holy crap, I just noticed… “Last warning”? You are a piece of work.

  67. oldman says:

    “Mine is far more strict on secuirty so high up into the area of being a BOFH.”

    You have me at a disadvantage sir, as I do not know whether you are making all this up. But for the sake of argument I will accept the notion that someone whose job it is to do ad hoc IT support in the the Australian outback is also a Security spook for a high security network.

    Even if I do so, the fact remains that your situation is such a special case that it has zero bearing on IT realities. IN my world not only does user experience count, but those users have no problem complaining to the deans of the schools who can and will make their displeasure known to our CITO.

    This does not mean that security goes out the window where I work, it does not. It does mean however that we can not use it as the blunt instrument that you apparently use to impose your 70% solution on an unwilling set of users.

  68. oldman says:

    “It doesn’t exist dipstick because it doesn’t need it. ”

    Lose the insults Mr. K…

    Last warning.

  69. oldman says:

    “You did not answer the post as it deserved. You were trying to bring Linux security into a Microsoft security argument.”

    Nope. I am bringing in the bigger picture that you are IMHO willfully ignoring in your zeal to bash a specific vendore you dislike.

  70. oldman says:

    “I cannot remember the last time one of those updates contained a security fix.”

    Then you’re not looking very hard, security patches occur fairly often even with linux. In fact there are even some kernel patches that require system reboots just like windows.

  71. Kozmcrae says:

    I update my GNU/Linux system daily. I cannot remember the last time one of those updates contained a security fix. When was the last update that you did Clarence that contained a security patch?

    By the way, I can use my computer while it’s updating and there is almost never any need to reboot. I know you know this because Mr. Pogson has mentioned it many times.

  72. Clarence Moon says:

    At home or at the office I have 5 Windows computers that are being updated in the middle of the night by autoupdate and I have never had any such problem. It may have been the case that XP actually asked if you wanted to have auto update on, I vaguely remember that being the case, but it was strongly recommended if nothing else and almost anyone who was going through a new computer start up would likely accept that recommendation.

  73. Kozmcrae says:

    “And I answered the post with the answer it deserved.”

    Microsoft has “grown” an entire in multi-billion dollar industry just to service its nonexistent security. Where is the corresponding Linux industry? It doesn’t exist dipstick because it doesn’t need it. You are trying to associate Linux security with Microsoft security. They are not even on the same planet.

    You did not answer the post as it deserved. You were trying to bring Linux security into a Microsoft security argument.

  74. Phenom wrote, “on by default”.

    M$ wrote, “Turn on and use Automatic Updates
    Turn on Automatic Updates. To have us turn on Automatic Updates for you, go to the “Fix it for me” section. If you would rather turn on Automatic Updates yourself, go to the “Let me fix it myself” section.”

    see http://support.microsoft.com/kb/306525

    “Article ID: 306525 – Last Review: September 27, 2011 – Revision: 11.0
    How to configure and use Automatic Updates in Windows”

    Also, in the document, Windows Update Explained (Published: September 2008) , M$ states:
    “1. Turn on Windows Update. You probably did this when you set up your new PC by selecting the option to “Help protect Windows automatically.” “

    Further, M$ advises turning them on in “7”:
    “Install Windows updates in Windows 7

    If you’d like Windows to install important updates as they become available, turn on automatic updating.”

    SO, Phenom is out to lunch again. Of course, he will say “critical updates” are not “updates” or some such silly thing, but I have never seen that other OS update anything automatically by default except drivers which wrecked booting.

  75. Phenom says:

    Quote: M$ ships machines with it turned off by default.

    Pogs, MS is not shipping machines. OEMs do.
    An ordinary setup of XP has critical updates on by default. In fact critical auto-updates first made their debut in ME.

    I understand that you want to blame MS for every evil in this world, including setting orphanages on fire, and stealing candy from babies, but now you go too far to rely on being taken seriously.

  76. oiaohm says:

    Clarence Moon I know particular brand of laptop by default has it off by default. Yes the red shield is stuck there from new. I have had a few people question me about why there laptop was showing a red shield is why I came aware of the problem. Desktops are common to be on by default. There is a case Robert Pogson might have come across and yes for a time laptops shipping with updates turned off did happen from MS stores in the USA as well.

    Could be human error here. Not exactly attempting to lie but evidence leading person to lie. Again I don’t know how many laptop makers might be doing this.

  77. Clarence Moon says:

    I looked at my home computers and automatic update is enabled on all of them, ranging from XP to Windows 7. I have no memory of ever enabling it and as far as I can see, it is enabled by default. Articles exist for turning it off, but none seem to exist for the sole purpose of turning it on:

    http://www.ehow.com/how_5845016_enable-updates-windows-xp-registry.html

  78. oiaohm says:

    I hate when I suffer miss context.
    “Options you could disregard incorrectly as worthless so lowing the uptime performance of your networks in disasters.”

    uptime performance should have been downtime performance. I wrote that wrong out of the bad habit of writing uptime performance disrupted for X time. Instead of downtime of.

    My english has some horrible flaws.

  79. oiaohm says:

    –“Don’t try to predict my mind of what I know you are far too low of level to even attempt it oldman.”

    Are we going back to insults, Mr. Microsoft Var?–

    oldman No it was a statement of fact. Most likely I was not clear enough what I was meaning. Level is referring to the secuirty level of network you are having to manage. Most likely should have used security level instead of just level so it did not appear insulting. I am sorry that you have taken it that way oldman.

    You said I know something oldman.
    “And the securest system, in the world is worthless if it doesn’t accomplish the task to the satisfaction of the user.”
    This is presuming to know my level and predict the way I think by claiming I know this. Yet your statement is wrong for my level of secuirty. The correct answer for my level is:
    “And the securest system, in the world is worthless if it doesn’t accomplish the needed task.”

    This correct answer for my security level has a vastly different meaning does it not oldman.

    As long as it can do the needed task it has worth. Satisfaction of the user is secondary to non existent requirement. If a user wants todo a task and they cannot at my level stiff briskets if it not a needed task.

    Of course I am to try to be as nice as possible on the User just to be friendly to co workers. At my level I have no requirement to satisfaction of the user as a requirement for why OS is being used. Training user to use a system from hell is permitted if the solution will be more secure.

    Getting the needed tasks done, secure and with min downtime comes before all else even how happy or unhappy users are since they are paid to put up with it. Paid extra in fact for handling secure records so putting up with a mongrel system comes with the job as part of the extra pay.

    oldman we are basically on two different secuirty requirement levels. Your comments are showing me this. Mine is far more strict on secuirty so high up into the area of being a BOFH.

    Higher the level of secuirty operation you have to run the lower user happiness requirement is. Right at top user happiness requirement is zero. I am not right at the top yet. I still have too much niceness to users I am likely to choose something a little nicer todo the job even that the more mongrel selection is more secure. I guess this is kinda shocking oldman that I am too nice for the highest levels.

    I would not even attempt to predict exactly how the ones right at the top would answer the same kind of thing. I am not sure I want to know either.

    Now of course learning to look at the problem from a more secure mind set enables you to see more options. Options you could disregard incorrectly as worthless so lowing the uptime performance of your networks in disasters.

  80. oldman says:

    “Don’t try to predict my mind of what I know you are far too low of level to even attempt it oldman.”

    Are we going back to insults, Mr. Microsoft Var?

  81. Most users have no idea what an update is and M$ ships machines with it turned off by default. One has to know to turn them on and when people just want the machine to work out of the box it never does get turned on. Of course, M$ has all the information on their website but how many actually go there?

  82. Phenom says:

    Quote: “the machines were running XP SP1 unpatched when I arrived in 2009″

    Gosh, Microsoft does not force its users to update their systems! How dare they let users turn off auto-updates?

    Loons never cease to entertain. One time they will scream that Microsoft forces people to update (bloated software, anyone?). Next, they will roar that Microsoft does not force updates. Go figure.

  83. oiaohm says:

    Also oldman there is an advantage to the secure system only being 70 percent. When users get back to the normal 24/7 OS they are happier since they have something to be thankful they are not using.

    Yes happiness of users can be increased by exposing them to a crappy system from time to time.

  84. oiaohm says:

    Hanson
    “Nobody blamed the Debian guy who patched openssl to hell.”
    He got demoted. He was release to general public key got revoked for 18 months. Yes there was fall out Hanson. There was fall out at Openssl for the testsuite for being incomplete as well.

    So how is getting demoted not getting blamed. Hanson.

    People were held to account and processes changed.

    Hanson
    “Or what about KDE4? The developers’ cunning strategy to blame users for downloading a major release and, gasp!, expecting a major release ready for user consumption was really awesome.”
    There was a huge fall out over this.

    KDE has developers and advertisement teams. Guess who was not talking to each other clearly enough. Developers was thinking 4.0 as prototype and 5.0 as final.

    Errors do happen yes the lead developer in the KDE 4 mess was not at fault the guy in charge of the advertisement teams is no longer there was in fact the one who sent the wrong kind of documentation to the press because he thought it would be fine. Yes PR people don’t send out that stuff it a going to be great without talking to the Developers. Yes he had been give a full plan of what the developers were upto. There is now required meetings every 3 months between the two kde teams to prevent screw up happening again.

    Notice something here stuff was changed and corrected. As well as the person who caused the trouble punished.

    You are only seeing the surface of FOSS. Look a bit deeper you will find a very strict culture of accountability. Ok it does not make the press most of the time.

    I am asking nothing different from Microsoft than what I expect inside a Foss project. Someone owns up for the issue and takes punishment for it.

    Hanson
    “If you want to claim that these patches weren’t released by Microsoft over two years ago, that the tech press didn’t discuss it, that they were re-released via Windows Update about 10 months ago”

    What are you thick as brick. The patch 2 years ago and the patch released 10 months ago are two different patches. The 10 month ago patch is a optional patch in the Windows Update system not a security mandatory to install patch. This is part of the mistake that caused these issues.

    oldman
    “I have watched BOTH Linux and windows systems get knocked over.”
    Yep exactly why having a backup plan is so critical that will cause the least downtime of productivity.

    oldman
    “And the securest system, in the world is worthless if it doesn’t accomplish the task to the satisfaction of the user.

    And you know it!”
    Don’t try to predict my mind of what I know you are far too low of level to even attempt it oldman.

    The most secure system in the world that still works yet is only 70 percent of what the user likes is better than a system a user 100 percent likes but is currently not running at all because its breached.

    A fully worthless system is a system that cannot accomplish any of the tasks the user needs. Staff are very good are altering there tasks around to maintain productively they do the tasks they can and delay the ones they cannot.

    That a secure system has not completed the task 100 percent to the satisfaction of the user is not critical when its a choice between secure & working or perfect & non working.

    Most critical thing is having the means to perform the tasks they must to today even if it is done poorly the tasks they can put off until the main system is back on-line the secure system does not have to perform. So the reserve systems don’t have to be working to the 100 satisfaction of the user at all basically.

    Yes satisfaction of the user of user is critical for long term running systems. No where near as critical in disaster mitigation solution since the secure disaster mitigation OS should only be in place for under 24 hours to reduce productively disruption.

    This is why I class your idea of waiting 24 hours for fixes such joke.

    This is why my Linux/Windows Mixed systems are so tough. Windows gets taken down there is a 70 percent or better fail back location until it can be resolved. Users are happier with a 70 percent functional system compared to nothing.

    I think in shades of grey oldman. Something you are unable todo this is why your disaster management plans are so poor.

    Oldman please spend the time todo a basic list of order of requirement.

    1)Performing Task
    2)Quality of Results of task.
    3)Speed of performing task
    4)Users Happiness.
    Notice something here User happiness is way lower down the list. Yet you keep on putting it up at number 1 oldman this is wrong. Not all cases can you grant all those.

    When you cannot grant all the first to suffer should be user Happiness we are paying them to put up with it basically.

  85. oldman says:

    “No it’s not a “show stopper” dipstick! Microsoft’s atrocious security is the subject of the post!”

    And I answered the post with the answer it deserved. If you do not like it that is your problem not mine.

    We could do with a little civility Here Mr. K.
    I suggest that you drop the insults – the serve no purpose except proving your immaturity.

  86. Kozmcrae says:

    “I just don’t think of it as a show stopper that you and our resident Microsoft VAR Mr. oiaohm seem to think it is.”

    No it’s not a “show stopper” dipstick! Microsoft’s atrocious security is the subject of the post!

    And my comment was based on you attempting to derail your so called “show stopper”.

    If you wish to reply to this comment stay on the subject. Microsoft’s spawned a multi-billion dollar security industry without which it could not survive. It wouldn’t last 24 hours if all that security software were to disappear.

  87. oldman wrote, “Most people are not going to just drop all their windows based applications and move to FOSS on linux. They will perform all of the mitigation of risks that are well known and live with that risk.”

    Yet, M86 Security Labs reports the top 5 vulnerabilities observed in November, 2011 were: IE, Office, IE, Adobe, and Adobe. All were “fixed” last year or earlier but they still are available by the millions for malware creators.

    People are not even performing the minimal mitigation of patching. Where I worked last year, the machines were running XP SP1 unpatched when I arrived in 2009. It’s no wonder that other OS is falling down but it’s not the fault of end-users or even managers of organizations. None of them are IT experts. M$ sells them on how wonderful that other OS is and leaves them to take the risks. I have seen a bunch of ads by M$ lately. No mention that it takes work to keep them running… No mention of the price, either. M$ and its partners have worked very hard to keep end-users in the dark.

  88. oldman says:

    “you still try to avoid the nasty subject of Microsoft security. oiaohm is right, you’ll try to derail the discussion every time when it’s about a Microsoft security disaster. ”

    I dont avoid it Mr. K. I just don’t think of it as a show stopper that you and our resident Microsoft VAR Mr. oiaohm seem to think it is.

    I have been dealing with internet security issues from the time that internet connected Unix hosts were being knocked over by baddies exploiting the holes in the WSFTP code. One of my first experience with linux was as a member of the security team that did forensic analysis of a Caldera linux workstation that had been connected to the internet by a linux newbie who assumed that it was secure out of the box – it wasn’t. I have watched BOTH Linux and windows systems get knocked over. This experience has left me with the conviction that NO system is secure, and that each system has its issues and risks that have to be mitigated. That is the view that I take to this day.

    It is in context of this view that as far as I am concerned, all of your bleating on about the security of microsoft products is as far as I am concerned ultimately beside the point. Most people are not going to just drop all their windows based applications and move to FOSS on linux. They will perform all of the mitigation of risks that are well known and live with that risk.

    I note that you avoided answering my question. Could it be because you know the answer?

  89. Kozmcrae says:

    Hey look, Hanson doesn’t want to talk about Microsoft security disasters anymore. What’s the matter Hanson? Tired of losing?

  90. Kozmcrae says:

    @ldman, you still try to avoid the nasty subject of Microsoft security. oiaohm is right, you’ll try to derail the discussion every time when it’s about a Microsoft security disaster.

    You say the people who ran the system are idiots. Those are Microsoft customers you are talking about. They paid good money to be a Microsoft customer too. Why don’t you just admit that Microsoft gives their customers a thousand and one ways to totally botch their systems.

    Every day there’s got to be a thousand disasters going on in businesses large and small. Microsoft’s OSs are not made for engineers but for marketers. After more than two decades of change for changes sake Microsoft has an OS that’s just too complex. Those are their words, not mine. When Microsoft makes even a minor change in their code, they have no idea what the Hell is going to happen. They just hope and pray it isn’t too drastic.

    It’s a just another Microsoft security disaster and hundreds if not thousands of businesses have suffered an extra expense because of it. If you call every Microsoft customer that suffers under a malware attack idiots then most of Microsoft’s customers are idiots.

  91. Hanson says:

    “Blaming the user has been a cloud of vultures circling over users of that other OS for more than a decade.”

    So if a Linux user/administrator screwed up, you wouldn’t blame him? Wait, that’s right. Nobody blamed the Debian guy who patched openssl to hell. It was explained away as a miscommunication. How convenient. Or what about KDE4? The developers’ cunning strategy to blame users for downloading a major release and, gasp!, expecting a major release ready for user consumption was really awesome. +1

    What else is there to say? If you want to claim that these patches weren’t released by Microsoft over two years ago, that the tech press didn’t discuss it, that they were re-released via Windows Update about 10 months ago, that this was again discussed in the tech press, if you want to claim all that, then you’re a lying weasel. Or delusional. Take your pick.

  92. oldman says:

    “Do you hear that? All you devoted customers of Microsoft… Microsoft is calling you a bunch of mentally challenged individuals (I wont use the word the Microsoft gutter rats are fond of using).”

    Give us the applications that we have now running on windows and OS X and the argument is over. Until then
    all of your abuse is just so much angry noise!

    my take on this is as follows:

    The autorun issue was known and should have been disabled by group policy. The people who “ran” this system were either idiots and/or had a management who permitted this to happen. They probably would have mismanaged a linux/FOSS based system equally badly.

  93. oldman says:

    “Really GUI does not mean anything if the OS is off line due to a secuirty fault.”

    And the securest system, in the world is worthless if it doesn’t accomplish the task to the satisfaction of the user.

    And you know it!

  94. Kozmcrae says:

    Good point oiaohm, but Clarence loses no matter what topic on Microsoft he chooses. Thanks for setting the discussion strait.

    It’s understandable why a Microsoft devotee would want to avoid any discussion on Microsoft security (an oxymoron in itself).

  95. oiaohm says:

    Clarence Moon could you please stop trying todo the MS troll thing people start talking about secuirty. This here is about secuirty. As an excuse Troll tries to use how good the GUI is. Really GUI does not mean anything if the OS is off line due to a secuirty fault.

    Kozmcrae please don’t fall for this in future. Secuirty topic stick to current day secuirty at most direct history of the stupidity of the bug.

    Windows is one of the few OSs with Autorun feature the only others are game consoles. Secuirty risks are far too high of this feature.

    Yes its a bit harder to have people go find the setup program.

  96. Kozmcrae says:

    Words, words, words Clarence. No matter how many you throw at the monitor, the pigs are still pigs.

  97. Clarence Moon says:

    In 2000, Windows 95 was hardly current and Windows 98 was being replaced with Millenium. As to being “horrible”, some might agree, but that is a comparative term first of all and in 2000 most people still used Windows computers every day and managed to get by. Later, when they bought a new computer, it was still a Windows computer that they bought and that continues on to today.

  98. Kozmcrae says:

    “One thing that is forever getting lost in these discussions is the unescapable fact that user experience with Windows and MSDOS before that has been continually improving.”

    DOS 4, Windows ME and Vista? Have those been revised out of Microsoft’s history Clarence? No, they haven’t been lost. You’ve been trying your best to shove them under the rug.

  99. Kozmcrae says:

    “Conclusion: the insecurity of Autorun on the 9th of December 2011 had to be well known to every Windows administrator with even only half a brain.”

    Hanson has taken the true Microsoft path here. Slough off any accountability and abuse your customers yet again. The customer always takes the hit when it comes to Microsoft.

    One other thing that Hanson is saying is that Microsoft has supplied too many ways for their customers to screw up. The system administrators have to be masters at juggling far too many gotchas.

    Do you hear that? All you devoted customers of Microsoft… Microsoft is calling you a bunch of mentally challenged individuals (I wont use the word the Microsoft gutter rats are fond of using).

    Conclusion: Hanson, must accept that his beloved OS is a piece of crap or have total contempt for Microsoft customers.

    I don’t see how that makes me sound angry. Maybe a little sad for your sorry ass.

  100. and how many times have you passed on some hardware because no driver was available for your current version of that other OS? How many times have you had malware and had no way to detect it?

  101. In 2000, when I found GNU/Linux, Lose ’95, and ’98 were both current and they were both horrible. Last year, when I converted dozens of PCs, XP was current and horrible. Vista and “7” would not run on those PCs very well at all.

  102. Clarence Moon says:

    One thing that is forever getting lost in these discussions is the unescapable fact that user experience with Windows and MSDOS before that has been continually improving. I personally do not recall the past with such horror, but I have never wanted to regress from a new version of Windows back to an older one, Vista included. Through my employer, I have always moved to the latest version as it became available and have never regretted having done so.

    Compared to Windows 7 today, Windows 98 was indeed horrible, I would agree, but there was nothing better to compare it to in 1997 and that is why it was the leader then. Since then, Windows 2000, Windows XP, Windows Vista, and Windows 7 have come along and displaced their predecessors. Argue about Vista, of course, but everyone survived and are here to use Windows 7 today.

  103. oldman says:

    “With so many years of abuse, users suffer the Stockholm syndrome and accept taking the abuse as normal.”

    The same can be said of Linux enthusiasts as yourself.

    Consider:

    I haven’t needed to compile a device driver in over 20 years. I’ve even used binary workstation device drivers on server class windows with no issue.

    I rarely have to resort to the command line to get normal tasks done.

    I never have to worry about whether or not the version of the application that I need is in the distribution repository yet.

    I don’t have to compromise with my applications or write glue code/scripts to fill in form missing function/feature.

    And I REMAIN malware and virus free.

  104. Blaming the user has been a cloud of vultures circling over users of that other OS for more than a decade. I can remember “crossing my fingers” every time I clicked on file/print or file/save… I remember trying to wait for a perfectly quiet moment to try those operations. I worked in one place that was using Lose ’98. With 20 students in the lab, I could count on one machine crashing every hour. Fortunately, I hung boot CDs on a nail to make them thin clients of a GNU/Linux terminal server and we never lost another file after that.

    With so many years of abuse, users suffer the Stockholm syndrome and accept taking the abuse as normal.

    “In psychology, Stockholm Syndrome is an apparently paradoxical psychological phenomenon where hostages express empathy and have positive feelings towards their captors, sometimes to the point of defending them. These feelings are generally considered irrational in light of the danger or risk endured by the victims, who essentially mistake a lack of abuse from their captors for an act of kindness.” see Wikipedia.

  105. oiaohm says:

    Hanson there is still the issue of duplicate docs addressing that read as the same problem and using the wrong docs not fixing it but making it happen.

    Because MS is not marking invalid docs for current day as so in a nice clear way.

    You are missing the issue and you have fall for it Hanson. Those two links you nicely just provided are for.
    KB967715 Defective solution
    http://www.theregister.co.uk/2009/04/28/microsoft_windows_retires_autorun/
    KB971029 And the last one that we hope that works.
    http://blogs.technet.com/b/srd/archive/2009/09/11/autoplay-windows-7-behavior-backported.aspx

    This is the BEEP problem. Administrator thinks they have handled the problem. By doing instructions for KB967715 but they have left there ass exposed because they should have done KB971029 as well. The latter press also seams to read as KB967715. So they can fail todo the correct action.

    There is nothing in KB967715 telling you that you should do KB971029 so leading to possible disaster.

    You are talking about 2 secuirty bugs as if they are one Hanson. This is the problem it far too confusing better system needs to be made one could say. But maintain the current one better you will see is all that is required at a min. So administrators do make sure the correct patches are applied.

    There is a issue with the way the MS runs the KB system.

    Basically you have no right to throw stones Hanson because you are failing to keep the to bugs split yourself. That mistake is what leads to the Administrator error. This is exactly the error that a percentage of system admin will make so leaving systems exposed.

    “Patches provided again through Windows Update in February 2011.”
    There is also a patch please read the number careful. KB971030 this applies to .net it breaks .net applications. I go into wsus and black list a patch from being applied I miss by 1 so I just disabled the autorun fix for the complete network. Just to be really bad KB971028 is for direct X in vb 6 that can stuff up a few other applications. There is no official support if this patch turns you computer into a steaming non running bit of trash.

    And KB971030 that is not a secuirty patch is nicely marked as superseded by KB981574 in it description. Not that MS cannot mark patches as superseded or related since they are able todo it for non secuirty patches. Some reason they fail todo this with secuirty patches where this is the most critical areas todo it.

    Yes someone at Microsoft should be getting the size 12 boot up ass over the KB967715 and KB971029 mess it should not exist. Since KB967715 should be marked as superseded by KB971029 or recommend to install KB971029 as well. So meaning admin gone back to KB967715 checking for updates know something has happened. In fact by MS operational manual for using the KB system that is all you should have todo. Failure of someone at Microsoft todo there job is here.

    So the very secuirty patch you need is sitting between to patches you might want no where near your network and KB967715 is incorrectly marked.

    Even to be more fun KB971029 is not flagged as a secuirty patch so making it mandatory install. Its just in the pack of application patches. So if your wsus only has apply secuirty patches turned on it will not be applied.

    Yet some how the administrator who has stuffed up is totally to blame. If a Linux distribution maker errors like this we do hold them to account as well.

    I have no problems blaming the admin/money people of the hospital for poor disaster plans. They should have had better down for 2 days that should not tolerable ever. 24 hours should have been max to restore network to operation. Even then we should be questioning why there disaster plan was so poor.

    Microsoft needs to be held to account for having there documentation not in good order. Particularly when just looking at the next bug along you can see they can do better.

    Sorry to say this poor linking of related issues in the KB system happens more than it really should. Leading to a lot of administrator errors and a lot of infections. Yes these do have accountability as being Microsoft caused infections due to poor documentation.

    Of course most of the time us linux people are not straight forward about what we are complaining about. Dam Microsoft again is normally referring to KB list not being kept in good order so leading to mistakes by administrators.

  106. Hanson says:

    Good morning from the south of Germany, from the wonderful Munich. 0.3 °C, no snow. A lot milder than in Winnipeg, I guess. On the other hand the only things I can hunt for here are crows.

    Anyway, on to business. What’s the real issue here? Anger! Lots of it.

    Kozmcrae & Co. are angry over the fact that Mr. Pogson, for purely malicious reasons, or as we say in Germany: “aus Schadenfreude”, posted this great, great story about Gwinett Medical that was once again to provide proof what a shoddy piece of insecure crap that other OS is.

    And now you’re all angry, because Mr. Pogson, as he often does, forgot to check his facts. Which are (I hope for some kind of learning effect here, but I seriously doubt it):

    – Security hole (or “feature”, whatever you want to call Autorun) known long before Gwinett Medical incident.
    – Publicly acknowledged by Microsoft (see: http://blogs.technet.com/b/srd/archive/2009/09/11/autoplay-windows-7-behavior-backported.aspx).
    – Publicly discussed in the tech press (see, for example: http://www.theregister.co.uk/2009/04/28/microsoft_windows_retires_autorun/).
    – Patches provided by Microsoft for OS versions prior to Windows 7 as early as August 2009.
    – Patches provided again through Windows Update in February 2011.
    – Gwinett Medical getting infected in December 2011 through sheer stupidity.

    Conclusion: the insecurity of Autorun on the 9th of December 2011 had to be well known to every Windows administrator with even only half a brain.

    Case closed.

    A good day to you all.

  107. Kozmcrae says:

    You’re an idiot Ivan. “Cause Linux is, like, totally secure, yo.”

    Who says anything like that?… Besides you and a few other Microsoft gutter rats.

  108. oiaohm says:

    Ivan the fact is you can reinstall the 2500 infected machines while in thin client mode in Linux.

    Also it possible to push a generic Linux image to all the machines using clonezilla with its multicast.

    Standard image to push out to 2500 machines will take less than 30 mins as long as the users can insert a disk or switch the machines to network boot. Depending on the threat. Note the Cd will eject after its loaded into ram. Ie insert disc boot from cd clone software loads up. These restore mode disks can be left around the offices. Since they depend on central server to operate and if central is offline they are paper weights.

    1 disk per 5 to 10 machines is quite suitable. Disk take less than 3 mins to boot and be removable for the next person. So 250 to 500 disks for a 2500 network would be prep for disaster. That does not cost that much compared to down time. I am not depending on dhcpd to provide image and I am also locking what dhcpd server they will talk to.

    While in thin-terminal mode standard install on 2500 machines will take about 2 hours on 1 g networking of course. Yes you have todo it a bit slower so you don’t kill the thin-terminal connection. Its longer if you are running 100 speed networking still you will get threw it in under 6 hours. 8 hour shift I have spare time. I have almost no one on my back because most people can still do their job and they know next shift everything will be back to normal. So they get off my back. No rush no mistakes.

    Really 2500 is not a large problem to a correctly setup network. With thin terminals I have time to decide how to proceed. Worst thing todo is rush that increases human error.

    As long as you have a clean reserve server you can rebuild a Linux network infected with everything bar the very worst nasty in under 6 hours so restored to normal operation in 6 hours with a max of 1 hours disruption due to switching over to reserve and switching back to normal. This is reduced if you run drills like fire drills but virus infection drills. Time to switch over to reserve system. People know where the disk are and straight up can do it. Yes I have used building PA at times saying something that does not sound harmful like –attention backup power system testing in 15 mins backup all work.– What to staff equal switch to reserve system.

    I can almost do this with windows as well but it activation design gets in the way major-ally.

    Very worst nasty has gone into the motherboard bios chips. The very worst nasty makes the kernel.org infection look minor. Yes is a very expensive process to clean up windows or Linux. Since it physically go to every single machine. 2500 takes a while to reflash bios. Particularly if people have not used gigabyte motherboards so you are forced to remove the bios chip from board and place in programmer. Yes it can work out cheaper to replace the computers in case of the worst nasty rootkit. I have no fast way to deal with this.

    Also there is the option of a Linux livecd for systems that are out in the field so taking harddrive off line until it fixed. Yes something MS does not allow home users to have for windows.

    Windows you cannot reinstall from scratch it while running terminal services mode where Linux can be. I have to image with windows and hope the images are not infected and are upto date if a infected machine in network is still there they don’t get reinfected.

    Those boot disks really are a directed network boot from a particular server checking against signing key to prevent tampered image. Virus/Malware is not getting in that way.

    IVAN not once has Greg Kroah-Hartman recommend anti-virus solution. https://lkml.org/lkml/2011/9/30/425

    http://www.chkrootkit.org/, http://www.ossec.net/main/rootcheck and http://www.rootkit.nl/projects/rootkit_hunter.html are not anti-virus software.

    They are anti-rootkit. Something in the same kind of tech on windows is malwarebytes.

    Reason package management mostly deals with the mess that anti-virus software attempts to detect.

    Linux biggest threat is rootkits not viruses. Even so the total number of threats is less than 1000 and over 70 percent of those will not work on a upto data Linux even without an anti-virus or anti-rootkit system installed.

    Linux we don’t operate on the idea that its totally secure. We operate on what would we have todo to restore operation.

    Key to all disasters is forward planning. If you are planned for it the disaster is a minor problem.

    Yet most businesses don’t have good enough IT disaster plans. My high grade disaster plans are rare.

  109. We still don’t know what happened with kernel.org. Compromised passwords is the most likely. Re-installing is just insurance against some planted rootkit. The installation is trivial compared to restoring the passwords/web of trust and restoring all the data from backups. Kernel.org is a huge system.

    “Nov 3, 2010: We would like to announce that we have done some fairly major system upgrades to several pieces of our infrastructure. These upgrades were made possible by the generosity of both Google and HP. These upgrades add two new machines to the infrastructure and replace two aging machines that have serve us quite well over the years.

    On the replacement front we have replaced mirrors1 and mirrors2, the US based mirror machines, with two new machines.
    Mirrors1: Is now an HP DL380 G7 with dual Quad Core E5640 Xeon CPUs, 144G of Ram and 66 x 300G 10K RPM 2.5in drives.
    Mirrors2: Is now an HP DL380 G6 with dual Quad Core X5550 Xeon CPUs, 144G of Ram and 66 x 300G 10K RPM 2.5in drives.

    UPDATE: Because I’ve gotten so many e-mails on this, no the 66 drives is not a typo we have two HP MSA70 chassis’ attached to each machine. Giving us 25 per chassis, and 16 in the head node meaning 25 + 25 + 16 = 66.

    On the new machine front we have acquired two machines, both based out of the US at OSUOSL
    Demeter2: We have acquired a machine to run in parallel with our existing dynamic web machine, which hosts such things as bugzilla, the wikis, kerneloops, etc. The new box is an HP HP DL380 G6 with dual Quad Core X5550 Xeon CPUs, 32G of Ram and 8 x 300G 10K RPM 2.5in drives.
    Master – Backup: We have acquired a machine to run as a ‘live’ backup to our master backend machine. What will happen is that we will replace the current master backend machine with the new hardware, and the current master backend machine will become the backup. The new box is an HP HP DL380 G6 with dual Quad Core X5550 Xeon CPUs, 32G of Ram and an external msa70 drive chassis.

    Again, a HUGE thanks goes out to Google and HP, with specific shout outs to Chris DiBona and Bdale Garbee for helping make this happen. It’s been a long process to get this far, but the equipment is up, and it is proving its worth already!”

    That’s just a few of their many servers. The kernel’s Git servers are an amazing cluster. Only GitHub and Google were close to being able to serve the load when kernel.org was shut down.

  110. Ivan says:

    Hey that’s great, man. Now, imagine if they had been using just Linux and then had to reinstall _all_ 2500 infected machines after they were compromised.

    You know, like Greg Kroah-Hartman recommended after the kernel.org incident. He also suggested running anti-virus software on Linux but who cares right, man? ‘Cause Linux is, like, totally secure, yo.

  111. oiaohm says:

    Please note a Linux network should have a reserve just as much as Windows network should.

    Both can get infected in ways requiring the primary to be taken fully off line.

    I have had rootkit infected Linux systems before. Biggest example of over trusting was kernel.org. It still not fully back on-line. Linux personal can make this mistake just as much as windows ones of not having a backup system. The rebuild of kernel.org is designing in reserve systems so if it ever happens again disruption will be minor.

    Cost cutting is one of the big causes of huge down times. That is only need once in a blue moon so we can skip having. Not having a reserve system is like taking the spare tire out you car and not paying for road side assist and being upset when you get stranded due to a flat. That is what a Lot of businesses are doing to there computer networks.

    Dr Loser
    “Want me to quote some Linux security holes from Mitre at you?”
    You can but I can tell you now that quite a few don’t work on proper locked down systems.

    And at least the documentation to reduce there risk is clear and straight forwards with the Linux ones. So reducing the risk of human error by administrator. We cannot say this about the Microsoft documentation. MS really need to improve its docs for secuirty management.

    Of course good documentation cannot over come administrator laziness. Yes laziness is something you can kick Admin up ass for.

  112. lpbbear says:

    “I’m getting rather tired of pointing this out.”

    You think anyone gives a crap how tired you are?

    Perhaps you can now ring the dinner bell and have the servants fetch dindin for you since you have all but tuckered yourself out dropping pearls before swine eh?

    What a lamer.

  113. oiaohm says:

    Dr Loser SillyFDC it is what version.

    sillyfdc.bba is in fact very dangerous.

    W32.SillyFDC.BBA properties:
    • Connects itself to the internet
    • Hides from the user
    • Stays resident in background

    Reason number one its a bot. sillyfdc.bba connecting to a remote control server so it can have downloaded and installed other malware.

    Cutting internet connection can trigger some of the sent malware to clear the data off the hard-drives of computers and other equally nasty things. Safest is to take all the machines off line.

    Simple fact is here Dr Loser your are the incompetent administrator. You don’t know the threat. Funny little name very very dangerous. Administrator has every right with a infection like this to be kinda pissing their pants for the risks involved when you find it.

    “pathetic little virus” I think not. This is like the nuke named little boy yes it levelled Hiroshima. Cute name does not make something harmless.

    This is also the reason for a reserve network one mistake and something like sillyfdc.bba gets in your options are limited. You must take your current network off line there is no other option unless you want to risk setting off the forth of july and lose data. Downtime will happen if you don’t have a reserve.

    sillyfdc name refers to how you can spot a infected machine. The fdc(floppy drive controller) can look to be failing so acting silly. Yes the floppy drive blinking on and off with no floppy in drive. Software bug in the malware that gives away its location.

    Please don’t accuse administrators of overreaction when what they did was by the book for that class of infection.

  114. oiaohm says:

    Clarence Moon
    “Is it not true that updates and reconfigurations of one’s software require the “root” privilege in Linux?”
    This is not in fact true.

    policy kit allows granting to users Individual commands as root so does sudo that is older. packagekit exists for the exact reason for updating software on Linux without requiring root.

    User software yes gets global settings from etc but those can be overrided in the users home directory no root required.

    When it comes to services and hardware even those can be configured without root rights to the user. This is what roles in the selinux are for.

    “Why would the same thing be tolerated for Linux?”

    Why it is tolerated on Linux is 90 percent of all Linux applications has no requirement for root. It classed as a sin under Linux to be logged in as root user. You should only raise privilege when you need todo something that needs that privilege.

    Linux and Foss world in general has a very low tolerance of any thing rootkit just like carrieriq found out. So until your application absolutely requires root it better require anything running as it. Be aware Android phones is not the only thing infected by carrieriq. iphones and ipads are also infected. Does not matter if the item is doing good or bad if its running with high privilege and hiding from users Linux and Foss people will want it dead.

    Nokia is a good spinner. Of course nokia phones don’t ship with carrieriq. Nokia provides a competing product to carrieriq called Nokia Analytics Collector. That also hides in the system out of users view.

    Clarence Moon this is the sad fact most phones are invested with this crap. FOSS developers have been the first to stand up and say stop users don’t deserve this.

  115. Dr Loser says:

    @Ipbbear:

    “filled with jumped-up white trailer trash who couldn’t quite muster the entrance fee to join the KKK”

    “What a pompous ahole!”

    Maybe. But at least I’ve spent three months in Gwinnett County. You?

    Franklin County is, indeed, the current centre of the KKK, btw. I’m of the not very radical opinion that, if you are a white supremacist, you are quite likely not to be bothered about trivial stuff like computer security and so on.

    Not that it really matters, in the general scheme of things. There are far more important things than computer security.

    Like heart-monitoring thingies. And anaesthesiology dooberries.

    I’m getting rather tired of pointing this out.

  116. Dr Loser says:

    @Robert:

    “The network was down. What’s a shell script going to do?”

    Well, it’s nice to talk to somebody who actually addresses the real issues.

    However: was the network down?

    If so, did SillyFDC cause it? I suspect that would be the first time this rather pathetic little virus caused an entire network to go down: as I understand it, the thing mostly causes random redirects on the browser.

    Could it just be that the incompetent administrators in question pissed their pants and took the entire network down for a weekend because “it was the right thing to do?”

    Surely not.

    And that would never happen with proper Linux administrators, oh no … well, actually, it probably wouldn’t. Linux administrators are quite happy to tolerate security holes that have not been patched for three or four years, because, y’know, Linux is InherentlySecure(TM).

    Except when it isn’t.

    Want me to quote some Linux security holes from Mitre at you?

  117. Dr Loser says:

    @Ipbbear:

    “And as I have told you before, you’re a sick, condescending, twisted, arrogant, prick who seems addicted to wasting his time posting on a site where absolutely everyone who is actually interested in the subject of Linux thinks your comments come from your nether regions.”

    Did you?

    I’m sorry, I must have been listening to somebody who occasionally makes sense, like Robert or Oiaohm.

    Could you remind me of where you told me this before?

    Much obliged, yr humble servant, etc etc.

    What a doubly worthless waste of space you are.

  118. The network was down. What’s a shell script going to do?

  119. This virus was spread by AutoRun from network sharees. The thing spreads by creating more network shares. What do you think happens when 2500 PCs create malware shares that AutoRun??? Can you say, “geometric growth of network traffic”, boys and girls? There was no user interaction required. Just connect to a shared resource and the damned AutoRun ran the malware. Pretty soon the whole system bogs down.

  120. Kozmcrae says:

    “Personally, I blame the perpetrators of the malware more than I blame the suppliers of the software that was victimized.”

    That is a noble gesture Clarence. But it is too close to your beloved Microsoft. Let me explain.

    The philosophy difference between Microsoft and Google says it all. It’s about how they both deal with the problem of malware attacking their products.

    Microsoft offered a $250,000 reward for the writer of a specific piece of malware (I can’t recall which one but it was nasty). Google offers $1,500 for individual bugs found in it’s software. Do you see the difference? It’s not the amount that’s important, it’s the timing.

    Google wants to kill the bugs before they cause any damage. Microsoft doesn’t give a rats ass about their customers. They just want to appear to be doing something in a big way.

    With Microsoft it’s all about the message, all about marketing. The only problem with that is the damage has already been done. That $250,000 won’t do a damn thing to help those past, present and future customers of Microsoft who are hurt by that malware. The Google customers will never be hurt again by those found bugs.

  121. oiaohm says:

    Clarence Moon where did you get chrome from please don’t be download.com. I run chromium under Linux.

    Simple point Clarence Moon you love closed source programs so much I thought I would lead you complaining idiot down that path. http://www.chromium.org/Home Yes there is a windows version of the 100 percent sure crap free version of chrome ie chromium that will run angry birds.

    We on Linux don’t get that crap because we use the better stuff for not containing crap all the time.

    Dr Loser my comment here.
    “Linux thin clients to a Windows terminal server solution is a far more solid solution.”
    This is as primary. You can block out a lot of windows media issues this way. Also block out people installing stuff from home.

    Dr Loser even with the last patch to autorun I am not 100 percent sure MS has even at yet disabled every single path to trigger it.

    Dr Loser
    “Have you ever had to justify this sort of mad raving lunacy to a CTO or to the accounts department?”
    I normally have Linux thin clients as backup. Cost there is not too bad. Yes I have justified it to CTO and accounts department. This will become clear In my last comments why.

    “Have you ever been tasked with doing a security audit of the current network?”
    Yes I have and my Linux thinclients make this process a god send. I can really afford todo it weekly due to the fact the automated system does 99 percent of the work to audit the system. I only have to audit the auditing system.

    This is the difference between a pro and toy admin. When asked to audit a network a pro who has been allowed to set network up correctly is not bothered in the slightest because its not major work.

    There is also security auditing that runs daily in the backup system but that could be comprised. The is called layered secuirty. Each layer vets the next.

    “It doesn’t really solve the underlying problem, which is that you are working with unemployable dangerous idiots, but then again that’s what a back-up plan is all about.”

    The point is oldman everyone is human. Even you thought you had the correct fix to the autorun issue. So you might not been aware you need to apply the other patch. This is not dangerous idiots this is human error. No matter what you do. No matter how good your administrators are. Human error can and will happen at some point. There is also the fact that a zero day attack would have left that network non functional as well.

    We are talking hospital. We are talking lives. A computer network in there should have redundancy. The lack of redundancy is the administrators or the money managers incompetence.

  122. Clarence Moon says:

    There seems to be lot of pent up hostility over this simple issue. Personally, I blame the perpetrators of the malware more than I blame the suppliers of the software that was victimized. For one thing, I understand that there has been quite a bit of malware directed at Android phones in recent history and the phones themselves contain some undesired data collection and passing software provided by the phone manufacturers themselves on the guise of collecting quality assurance data. That suggests that the problem is larger than just a simple matter of OS access security.

    Linux, with its Unix design heritage, is much more easily and more thoroughly locked down, it is said, than Windows and that seems to be true from all that I have seen. But that lock-down seems to require the user to be their own system administrator when it comes time to re-configure the system. Is it not true that updates and reconfigurations of one’s software require the “root” privilege in Linux?

    I don’t know that amount of complexity would be acceptable to the majority of Windows users. When such lockdown was applied by the Vista version of Windows, there was a lot of dissatisfaction shown. Why would the same thing be tolerated for Linux?

  123. lpbbear says:

    “You’re a miserable worthless waste of space.”

    And as I have told you before, you’re a sick, condescending, twisted, arrogant, prick who seems addicted to wasting his time posting on a site where absolutely everyone who is actually interested in the subject of Linux thinks your comments come from your nether regions.

    “filled with jumped-up white trailer trash who couldn’t quite muster the entrance fee to join the KKK”

    What a pompous ahole!

  124. Dr Loser says:

    Incidentally, there is no evidence whatsoever to suggest that “the network was brought down.”

    It isn’t that kind of virus.

    The incompetents who shut the network down are exactly the same incompetents who let a two-year-old virus run amok in the first place.

    Now, about those heart monitors and small anaesthesiology thingies …

  125. Dr Loser says:

    @Robert:

    I hope I’ve dealt with the incompetent zealot leaking from Dr Roy (yup, I admit all of that), so now let’s get down to a proper discussion.

    “I suppose they do but they outsource their IT support… That caused delay and may have permitted the thing to spread. That it took days to fix may be because the network was brought down and personal attention to individual machines was required.”

    It was a solved problem in 2009. At the extremity, these so-called “security experts” who were brought in on Friday, or whenever it was, should have been able to clear up every single one of those 2,500 machines in roughly four hours. Using the equivalent of your beloved shell-script propagation method, which is extraordinarily primitive, but actually works via PowerShell.

    It’s about five or six commands. I could quote you the source for this, but you’re more than able to look it up for yourself.

    Now, a more interesting question is why the virus/whatever is called “SillyFDC.”

    Hmmm. FDC. I wonder what bright boy might have targeted that at a badly-administered hospital?

  126. Dr Loser says:

    @oe:

    Two months?

    With crime scene tape around it?

    Yup, that’s so totally believable. I’m sold. Gimme some of that good Gnu/Debian stuff right now, and I won’t care whether or not it gets the job done.

    I’m allergic to CSI, you see.

  127. Dr Loser says:

    @Ipbbear:

    Pandering? I’m very fond of Pog. He’s (from my limited point of view) insane, but he’s honest and he doesn’t delete comments just because he disagrees with them.

    I’d miss this blog, but to be absolutely honest I wouldn’t miss a single one of the trolls that transfer to it from Schestowitz’s nightmare of a site.

    “Same old tired excuses, same old ‘loonies’ ‘zealots’, ‘you’re incompetent’ blah blah blah insults to excuse the clearly obvious issues in Windows.”

    I didn’t call you a zealot, and I didn’t suggest that you are incompetent.

    Do you have the faintest ability to read other people’s posts? If not, then why bother to reply to them?

    Auto-run is a clearly obvious issue in Windows. Oiaohm, to his credit, has tracked down the proper way to solve it (I didn’t).

    You? What have you got to show for yourself, little troll?

    Any advice as to back-up procedures (eg a Linux thin-client, courtesy again of Oiaohm?)

    You’re a miserable worthless waste of space.

  128. oe says:

    @Clarence Moon

    Yes its nice using a system that is not only (almost) free of true malware, but also is free of such crap as Bonzi Buddy, Ask Toolbars, CNET installers, scareware, iTunes bloatware.

    lpbbear is right, I’ve experienced anecdotal how GNU/Linux can keep ticking. At work 80% of the Windows XP/Vista/Vista 7 machines were down, the cases torn open with crime scene tape around them for 2 months while the IT Techs were figuring out what was wrong. Meanwhile the CenTOS labs kept on ticking along. Meanwhile at home I guess GNU/Linux was so uneventful and stable, that everyone has finally convinced that Linux is worth it save one son who is hooked on Windows games. But he is aware that his own money and time are on the line, I’m done with crapware OS’es.

  129. lpbbear says:

    “Nope, just the same old me. I’ve never posted under anything else. And Robert (God bless him: he has better standards than loonies like you) has never once deleted one of my posts, no matter how much he objects to them.”

    HORSESHIT!

    I repeat, same old crap from the same old trolls using new names.

    (also the same old pandering to Pog tactic in your lame ass post)

    Same old tired excuses, same old “loonies” “zealots”, “you’re incompetent” blah blah blah insults to excuse the clearly obvious issues in Windows.

    How dare anyone point out the emperor is butt naked!

    As I said….

    As usual the roaches are full of it.

  130. Dr Loser says:

    @Oiaohm:

    It would be wrong of me to ignore the bits of your argument that I can understand, and this one is quite valuable:

    “Linux thin clients to a Windows terminal server solution is a far more solid solution.”

    It’d still be a ridiculous waste of money, but it makes a certain amount of sense (at least, as a back-up).

    OK, I admit it. If you are in charge of a diseased and thoroughly incompetent IT organisation, and you can’t be bothered to keep your (Windows or otherwise) servers up to date, and you can’t be arsed to follow best practices and only use Administrator (or root) privileges when they are actually needed, and you can’t be bothered to switch off simple security holes like auto-run even though everybody and their auntie has known that this is dangerous at least since that nasty little incident with Siemens hardware in Iran …

    Then, I agree, your best bet is to have a decent back-up plan using Linux thin clients.

    It doesn’t really solve the underlying problem, which is that you are working with unemployable dangerous idiots, but then again that’s what a back-up plan is all about.

    Now, about this FOSS-based back-up plan for the dangerous idiots in charge of the heart monitors and the anasthesiology and so on ….

  131. Dr Loser says:

    @Ipbbear:

    “Same old crap from the same old trolls….under new names cause the old names likely got banned here…..and likely were banned over at techrights at some point in the past for their insane BS.”

    Nope, just the same old me. I’ve never posted under anything else. And Robert (God bless him: he has better standards than loonies like you) has never once deleted one of my posts, no matter how much he objects to them.

    Using the term “insane BS” in the same sentence as “techrights [nee BoycottNovell]” is, um, at least mildly suggestive of cognitive dissonance.

  132. Dr Loser says:

    @Oiaohm:

    I’m genuinely indebted to you for supplying the correct link. Good man, there.

    Now, let’s consider the broader picture:

    Would you trust these nincompoops to run the other equipment in the hospital? Of course not.

    Would you trust these nincompoops to set up a Linux network, replacing the Windows network? Of course not.

    At some point it genuinely does boil down to the people involved. And these people are obviously incompetent. No surprise to me: I spent three months in Gwinnett county, and came away with the impression that it was mostly filled with jumped-up white trailer trash who couldn’t quite muster the entrance fee to join the KKK (based three counties away in Franklin).

    To return to your interesting observation that no organisation should rely on a single system, but rather have a 100% functional back-up system on a separate platform (might be Debian as against Red Hat, for what difference it makes) Just In Case.

    Have you ever had to justify this sort of mad raving lunacy to a CTO or to the accounts department?

    Have you ever been tasked with doing a security audit of the current network?

    I can’t lay claim to the former, but I can certainly lay claim to the latter (it was on a Solaris 8 system for a telecoms company, out of non-interest. Riddled with security holes according to actual authorities like Mitre).

    I would say, “You cannot be serious…” but then, you’re not, are you?

    Please tell me you’re not.

  133. lpbbear says:

    Same old crap from the same old trolls….under new names cause the old names likely got banned here…..and likely were banned over at techrights at some point in the past for their insane BS.

    So when yet another Windows security failure happens its ALWAYS…

    1. The users fault
    2. The administrators fault
    3. The entire IT department
    4. Yada yada yada
    5. etc.

    Its never the FACT that Windows has security problems.

    Sure, ALL operating systems have problems, but the FACT remains that Windows is the MOST INSECURE PIECE OF CRAP ON THE PLANET.

    I have seen the same basic issue at a medical clinic I worked at in the past. A virus blew by 2 levels of AV systems that were constantly being updated and infected……. THE IT DIRECTORS copy of LOOKOUT. The ONLY reason it did not take down EVERY lame ass Windows based system in the clinic was because I spotted the infection starting to kick in while monitoring security on the main Linux email server and ran into his office and literally pulled the plug out of the wall to shut the infected system down as it was beginning to run through his contact list in LOOKOUT on its way to infecting every Windows box in the clinic and all of his outside contacts as well. In fact every Windows system in the entire clinic had to be shut down and tracked individually for the infection and only allowed back on to the network after being confirmed clean. The ONLY desktop system that was allowed to be online during this process was my….LINUX based desktop system.

    You friggin’ trolls can come up with all the lame ass BS excuses you want but the FACT IS Windows itself is insecure…EVERY VERSION. You can throw all the AV security bandages, duct tape, and baling wire at it but no single company can keep up with the security issues in Windows. There is simply too many for any one company to handle. Microsoft is supposedly going to bundle AV into Windows 8….riiiiight….good luck with that.

    As usual the roaches are full of it.

  134. Kozmcrae says:

    So let me see if I got this right. If a Windows installation gets hammered it’s because they didn’t keep up with the anti-virus software. Is that right? But why does Windows need anti-virus software? Linux doesn’t need it for the end user. Maybe the Microsoft admins are jealous of the Linux admins because the Microsoft admins have to do so much more work to keep their systems safe.

    So what is it that the Linux admins fail to do when their systems get hammered? Can’t be the patches because those are few and far between and besides, the kernel gets updated every 3 months or so, not every year or so like Microsoft.

    You said both Linux and Microsoft admins get lazy and let their systems get owned but somehow it’s worse when it’s a Linux admin. Why do you say that Hanson?

    By the way if I’m puking it’s because there’s too much Microsoft in this world. If you mean I’m puke to you, then it’s great. In fact, it’s an honor to be puke to you and the rest of the Cult of Microsoft.

  135. JairJy says:

    This is a user’s fault, not a Windows nor Microsoft fault. An updated Microsoft Security Essentials can detect this worm (is not a virus, Pogson) and prevent the computer from being affected by malware.

  136. Hanson says:

    @Kozmcrae:

    Wow, you apparently failed primary school.

    What I first wrote, I paraphrase: “Linux evangelists always make it seem as if disasters/problems involving Windows machines are Windows’ fault.”

    What I then wrote with regards to Pogson’s case study involving Gwinett Medical isn’t a contradiction of my own statement. It is a prove of said statement. Because I have clearly shown that a patch for the Autorun behavior which most likely allowed Silly FDC to do its work has been available since a long time ago.

    Therefore it has been proven that Pogson’s conclusion, namely the other OS being at fault, is wrong. The ones at fault are the Gwinett Medical administrators.

    Where is the contradiction again? Only in your head.

    By the way, the first letters of your nickname remind me of the German word “kotzen”, which means “to puke”.

  137. Clarence Moon says:

    The problem as I see it is that the PC, along with MSDOS and Windows after it, was designed for personal use and security was obtained the same way one keeps his wallet secure, namely by keeping it in his possession and not letting anyone fool with it. To make using one’s personal devices easier, a lot of automated execution of things needs to occur.

    That opens the door for malevolence, certainly. Oiaohm, in another topic, talked of being able to run Angry Birds in the Chrome browser. I then installed it using Chrome, in order to see how it worked. In the process, I ended up with Angry Chickens and the Ask.Com toolbar installed in sp;ite of my care in unchecking the pre-checked authority to do those installs. As a further irony, I ended up with ask.com as my default search site, automatically overriding Google! All of that occurred from clicking the ad on the Google site with the big “Download Now” button which wasn’t what I wanted, but was presented to fool people trying to install Angry Birds.

    To uninstall these things then required a reboot.

    It is not just Windows that causes people to make mistakes, it is just about everything involved with the internet.

    I don’t think that the answer to improving things lies with technology. Rather it needs to involve the law and deputies with guns to chase down and stop the hackers and other thieves who make the experience dangerous in the first place.

  138. Kozmcrae says:

    Hanson says: “On the other hand when something bad happens to Linux computers, it is always the users’ fault.”

    Hanson says: “Obviously the hospital’s IT department is unable to administrate their Windows installations adequately.”

    So what is Hanson? You can’t have it both ways. I love it when the Cult of Microsoft come out to defend Microsoft’s nightmare of security. You are so pathetic. Crawl back in your hole and don’t come out until you can comment without contradicting yourself.

  139. oiaohm says:

    DR Loser
    http://support.microsoft.com/kb/967715
    This is the wrong patches. These patches are defective and don’t fully turn autorun off alone.

    Hanson is in fact right with
    http://support.microsoft.com/kb/971029/en-us
    Is require we hope to address the problem.

    SillyFDC still works after 967715 is applied. 971029 is required to stop it dead.

    This the the problem. Person can think they have handled the autorun issue but in fact they have not applied the full set of patches required to deal with the issue.

    “After you install this update, you may receive notifications for AutoPlay hardware events even though you set the Shell Hardware Detection service to Disabled. This issue occurs because after you install this update, the service startup type is changed to Automatic. To resolve this issue, reconfigure the Shell Hardware Detection service to Disabled. ”
    If you don’t do this step it can still malfunction and still run a autoplay event to third party software.

    This is a difference between a real administrator and you arm chair buggers Dr loser and Hanson.

    MS documentation about this issue could be clearer particularly if they would mark what the heck is out of date like http://support.microsoft.com/kb/967715 with a refer to 971029.

    Really Dr Loser and Hanson do you really class it suitable for incorrect information to still be displayed by MS so possible leading administrator up the garden path.

    I should have wrote poor training and poor documentation by Microsoft is responsible for this mess. So administrator could think they have autorun turned off when they don’t.

    Of course we hope the last patch fully works.

    Its a bit hard to blame the administrator when the MS docs could be at fault. Yes I expect smart ass.

  140. Hanson says:

    Again, the patch in question was available since August 2009. It was pushed out through Windows Update in February 2011. February 2011 by my estimates is 10 months prior to now. One way or another, Gwinett Medical apparently decided against applying that patch. The responsibility for that is solely their own.

  141. Hanson wrote, Don’t they do updates at Gwinett Medical?

    I suppose they do but they outsource their IT support… That caused delay and may have permitted the thing to spread. That it took days to fix may be because the network was brought down and personal attention to individual machines was required.

    Gwinnett did not invent AutoRun. M$ did. It was an obscene insecurity feature from day one. Gwinnett did not invent file shares on which AutoRun worked. M$ did. It was an obscene insecurity feature from day one. M$ designed that other OS to do those things as convenience features and promoted their use. Now you blame the victims of this criminal behaviour on M$’s part. AutoRun was giving entry to malware many years before M$ patched it.

  142. Hanson says:

    The patch, by the way, was already released in August 2009. See:

    http://support.microsoft.com/kb/971029/en-us

  143. Hanson says:

    “In this particular case a relatively benign malware got in only to bog the system by its race to replicate.”

    Why do you keep avoiding the truth? Obviously the hospital’s IT department is unable to administrate their Windows installations adequately. If they think it’s a good idea to allow people plugging in USB sticks and such without taking necessary precautions, then they had it coming. Besides, a relevant patch was offered via Windows Update in February 2011. Don’t they do updates at Gwinett Medical? I don’t know, but once again your claim that it was that other OS’s fault has shrunk like a soufflé after you’ve left it standing for 10 minutes. A soufflé is actually just like your claims: lots of hot air.

  144. Dr Loser says:

    @Oiaohm:

    Indeed: try turning off autorun. Who’d a thunk? As a public service (and feel free to chortle that it requires, horrors, various software patches — which have been around at least since June):

    http://support.microsoft.com/kb/967715

    I am not an expert in the field of medical technology, but I understand that hospitals these days have all sorts of complicated thingies and dooberries which require a modicum of training, thought and even intelligence to operate.

    If your computer administration is this shoddy, then I rather worry about the other stuff. You know, the bits that involve heart monitoring and anaesthesiology and the like. The stuff that isn’t controlled by Windows, but which actually affects a patient’s ability to survive, rather than medical insurance records and the like.

  145. Dr Loser says:

    For an OS that’s designed to fail, it’s astonishingly successful.

    Look, this virus has been around since 2009. The only possible way to get infected is if you have a criminally lax attitude to anti-virus protection and a stupid habit of plugging in removable media when running as Administrator.

    I’m not defending auto-run, which is an exceptionally dumb feature. And I’m not for a moment suggesting that TOOS is virus-free.

    This bombardment you speak of, Robert: can you quote a single example of it?

    No? Thought not.

  146. Of course we all know GNU/Linux systems can fail or be compromised. The difference between that other OS and GNU/Linux is that other OS is designed to fail. M$ tied everything to everything (e.g. GUI is at the heart of it all) so that if one component is compromised it all falls down. That other OS has so many vulnerabilities that intruders have multiple means of getting to the next level.

    In this particular case a relatively benign malware got in only to bog the system by its race to replicate. It’s an AutoRun thing which probably introduced itself to the system but how did it spread to other PCs? AutoRun on shared network drives!!! Is that not a wonderfully useful feature of that other OS? Making installations so simple even on networks? How did that feature ever get into a multi-user, multi-tasking, networked OS?!?!?!!! That other OS was designed to fail.

  147. oiaohm says:

    Hanson I do find it interesting that you language pattern does match another user who has been here.

  148. oiaohm says:

    Hanson Problem with Windows are well known. Yet you still find places running it as the only solution.

    Historic rules tell you that this is stupidity.

    Yet Microsoft training manuals don’t cover creating a unified threat neutralisation solution.

    Poor training from Microsoft is partly to blame for the mess Hanson. Windows is also partly to blame try disabling auto run from usb key on windows sometimes.

    Linux thin clients to a Windows terminal server solution is a far more solid solution.

  149. Hanson says:

    This exemplifies again a failure in your thinking, Mr. Pogson. I also call it double standard or hypocrisy.

    It always goes like this:

    Bad things happen to Windows computers. Whose fault is it? Perhaps the fault of the people administering said computers? Lax security protocols? No! It’s Windows’ fault.

    On the other hand when something bad happens to Linux computers, it is always the users’ fault. Because Linux has no flaws, as we all know. Chuckle.

  150. oiaohm says:

    This is also a case where was the backup system.

    I have thinclient servers as backups in case of such a problem.

    Of course poorly planned and implemented networks always fail.

    Yes backup system should be a different OS bread to primary so that infection in one hopefully will not effect others.

    oldman how far do you think you would get with your out sourced staff if this mess happens to you. Outsourcing maintenance IT staff is very much not paying your insurance in case of disaster.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>