The March of Vulnerabilities in Non-Free Software Continues

“seemingly an unlimited number of zero-day exploits”, is how Symantec describes it. The monoculture created by M$ not only allows everyone to be threatened by random encounters with malware, evildoers who target particular businesses or organizations using M$’s OS overcome every defence. The reason Google switched to GNU/Linux was to escape the Wintel treadmill of vulnerabilities.

see 3 years later, hackers who hit Google continue string of potent attacks | Ars Technica.

At the very least the existence of organizations aiming at particular IT systems using the string of vulnerabilities cranked out by M$ should encourage everyone to use a mixture of GNU/Linux and other operating sytems as well as or in place of M$’s. Making yourself a smaller target or camouflage works. Ask any infantryman.

I use Debian GNU/Linux.

UpdateThe US executive branch is considering an executive order along the lines of the failed bill on cybersecurity. The idea seems to be to wake people and organizations up about the issue. I can see the possibility of renewed interest in desktop GNU/Linux if public knowledge of the cost of monopoly is raised.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , , . Bookmark the permalink.

70 Responses to The March of Vulnerabilities in Non-Free Software Continues

  1. ch says:

    “essential software upgrades that a Microsoft infrastructure incurs every three to four years”

    See the spin in action: You don’t need to upgrade Windows and Office “every three to four years”. If the city had done an orderly upgrade to XP and MSO 2003 in ~2004, then they could start now to upgrade to Win7 and MSO 2010. The first upgrade apparently was done anyway (just hidden), and the second wouldn’t have cost €15m.

    “to a level that is equal to the current status of the LiMux project”

    Sure, LO and Thunderbird are on the same level as MSO.

    “It never ceases to amaze me that folks think that software that costs $0 such as GNU/Linux and stuff already paid is somehow more expensive than staying on the Wintel treadmill.”

    Of course it baffles you – because you don’t have any business sense, you only see that magic $0-license-fee-sticker and nothing else. Hint: Two to three hours lost per employee for retraining and coming to grips with the new environment completely erases that price differense.

    I just was reminded of Joel Spolsky again:
    You really should read it someday.

  2. ch wrote, “absolutely no mention of what happened to those NT installations”.

    Whatever happened to those machines or their replacements, they are not running M$’s office suite. They may well be still running legacy applications that could not be migrated which is the reason those workstations were not migrated to GNU/Linux. In 2008, I worked in a place that still had a bank of Lose 2K running, not much older than NT4 (29 July 1996).“Since 2009, all PC-workstations have been provided with, Firefox and Thunderbird”

    The 7th page of this presentation shows 10% of business applications in Munich had to be left running on that other OS.

    UDE is reported to have ignored the licensing costs of that other OS in his calculations, “Ude said that he didn’t take into account costs such as the licence fees for essential software upgrades that a Microsoft infrastructure incurs every three to four years, but which don’t exist with LiMux. Licence fees for the current versions of Windows and Microsoft Office alone would cost about €2.8 million for the city’s PCs, he added.”, so what happened to the NT machines is irrelevant. They had a savings with the machines that did migrate, a huge savings. see H-online.

    It never ceases to amaze me that folks think that software that costs $0 such as GNU/Linux and stuff already paid is somehow more expensive than staying on the Wintel treadmill. Do the maths. The Wintel treadmill will run until the wheels fall off filling M$’s coffers. That money comes from somewhere. The cost to support FLOSS in my experience and that of others is much less.

  3. ch says:

    “the good citizens of Munich”

    It just so happens I am one of those. Unfortunately, I don’t have any direct sources within the city administration. (However, one
    acquaintance of mine works in Munich Public Works – Münchner Stadtwerke – which, organised as a private company but fully owned by the city, takes care of infrastructure from sewers to public transport. No, they are not even considering switching to LiMux.)

    I’m not saying that Ude is “a lying bastard”, but he is clearly spinning here: According to those “official” numbers from your link, they are barely saving anything after almost ten years, and there is absolutely no mention of what happened to those NT installations: Do you believe for a minute that the 2,000 PCs that were left to be migrated this year are still running NT? It seems that a migration from NT to XP was done “under the radar”, without proper project management or anything and the costs swept under the carpet.

    “their prime motivation was not to save money”

    Thanks, that’s about what I said.

  4. ch wrote, “it seems quite dubious”.

    Clearly Ude is not a lying bastard or the good citizens of Munich would not re-elect him. GNU/Linux is a lower cost solution even if the cost of converting templates, documents and applications was high because that was a one-time deal and they can upgrade indefinitely for a small cost thanks to the automation they have and the $0 licences. Do the maths. The mayor has. He has accountants and auditors.

    While I think Munich did the migration in the most expensive manner possible it was their choice and their prime motivation was not to save money. That is a side-effect of escaping monopoly pricing.

  5. ch says:

    “Getting away from the M$ tax, malware, re-re-reboots, etc. is a victory however you do it.”

    Moving the goalposts, are we? The claim was that Munich saved sooo much money, and it seems quite dubious.

    “I imagine NT4 would have continued running a while”

    Technically running it would be, but after end-of-support it would be criminally negligent to continue to use it. And installing it on new hardware – if a PC broken after 10 years of use needs replacement – might be difficult.

  6. ch wrote, “It takes a politician – or a true believer – to talk all that into a success.”

    Getting away from the M$ tax, malware, re-re-reboots, etc. is a victory however you do it. In the process, Munich modernized the control system as well, something they would have done with that other OS at great expense, CALs and all. Typically large organization have a phased update cycle but if they were using NT4 in 2003/4, their phase must have been at least 4 years, perhaps longer. I imagine NT4 would have continued running a while even without updates if they managed the network stifly. Even a political decision to go with that other OS in 2004 might have taken a year or more to do without the modern tools.

    You and I are not there so we don’t know all the details but the result is what counts and they are saving money compared to sticking with Wintel forever. It costs almost nothing (no per-seat charge) to update a GNU/Linux system and they can keep the clients indefinitely by making them thin. The one big mistake they made was deciding on thick clients. That’s totally unnecessary for most users not doing multimedia stuff. If they do that the cost of their next hardware cycle could be halved again.

  7. ch says:

    “ch, assuming numbers from June still apply in September”

    The article you linked to was “Published 12:17, 02 April 12” and quoted Ude as saying: “The current impact on the budget for the LiMux project amounts to a total of €11.7m” (emphasis mine). So until April, the total cost has been said €11.7m, and “As of March 23, 10,000 systems were running LiMux […] By the end of 2012, 12,000 computers will have been switched”, with probably some more costs accruing. And something I find suspiciously missing in the official statements: When the project started in 2003, it was because those PCs were still running WinNT. Are the last 2,000 PCs to be converted still running NT? If not: What happened?

    It seems to me that they were actually doing two conversions: The official LiMux project – and a quiet update of all PCs to probably WinXP, which was not part of the project, was not even done as a proper project, and with the costs hidden away somewhere. It takes a politician – or a true believer – to talk all that into a success.

  8. ch, assuming numbers from June still apply in September, wrote, “with 2,000 PCs remaining to be converted”.

    Ever heard of a “learning curve”? You can bet that Munich is not slowing down in its rate of installations and that they have all their ducks in a row by now.

  9. ch says:

    “ch 8 dollars a month is fine if you don’t have to pay like 5 years on every machine straight now because your volume licenses are gone. As you find doing liquidation.”

    Wow, you might have found a corner case were the piddling license costs could eventually play a role! But if your company is in liquidation, it means you can’t pay your employees anyway – and just between you and me: That software on your PCs won’t magically stop working just because the company changed hands.

  10. ch says:

    Oh joy, a lot of numbers to play with!

    OK, so updating all PCs to current Windows and Office would have cost €15.5m. The LiMux project aims to only convert 80% of these, which would equal €12.4m. Cost so far, with 2,000 PCs remaining to be converted: €11.7m. Oh, the millions they saved!

  11. oiaohm says:

    ch really go read you volume license agreements. By the time you get it for the liquidation process those can be rendered Null and Void.

    –Cost of still using the license of MSO2003 you already bought: $0
    (Cost of upgrading to every version of MSO Pro coming out: ~$8/month)–
    This mostly does not apply once you have dug self into hole and needing to be dug out. Only applies if you have not dug self into hole. What licenses are not voided is all you have to work with in receivership and liquidation.

    Yes transfers due to different events that could have happened could be impossible. Yes nothing uncommon doing liquidation to find yourself insanely short of software because the licenses cannot be transferred. Legal tie up in courts before the company goes to liquidation can see the company cease trading 90+ days before the Liquidation process starts this renders the licenses non transferable.

    –Salary of employee/month: $thousands–
    Ch how much do you have to find to replace a business software from nothing. What is were you basically are in lots of cases. Thousands need right now or use FOSS. This is why I don’t care that libreoffice is a few feature short. It gets the job the business needs done now without breaking bank.

    I said 6 to 12 months if you can live past that you can have enough income back in to bring the closed source back in. To be correct 6 to 12 months you should have enough income if the company should have be revived in the first place.

    This is why I said oldman and ch are not qualified for what I do. You will presume you still have software without understanding that most of the software installed is now legally stolen because the entity it was sold to is no more and transfers were not done in time and after the time window its impossible todo the transfers.

    –Customer must complete and send to Microsoft a transfer notice in a form which can be obtained from within 30 days of the date of transfer.–
    In fact you can find yourself in the same event after a take over or company name change as well.

    Yes there are nasty events that see your Volume license stuff go by by. Retail and OEM stuff sticks to the machines. Anything else can be gone with no means to recover. You know like those server licenses you got by volume.

    My key job is to be able to look at operational requirements and acquire FOSS software were able to replace the software the company has lost. To give the company a sporting chance of getting back on feet and pay back the creditors. Without people like me the company is a write off and the assets will be sold off at a lose. A going concern is worth more. Cost of straight up replacing the lost software without being able to operate for longer assigns the company to death. The process that leads to liquidation can already seen the company not trade for a while.

    Common presume of these trolls that writing english is important. Liquidation is a team project. You have Legal, Accounting and Infrastructural members. Now if I was Legal or Accounting writing in Liquidation is highly important. That I am Infrastructural writing is not that high on the importance. Being able to produce invoices of what has been done is enough. If staff in the business cannot write the Infrastructural documentation with guidance to save it the business is not worth saving. Since it will fail again when we leave. That is a shocking thing. For what I do not being able to write perfectly is an advantage. Since the admin staff you will leave have to be able to.

    This is the thing I took a job that suites my weaknesses.

    ch answer the question. If you had to choose between a Staff member or using Microsoft products what would you choose?

    Remember I have to make that choice because the license that the company had is now no longer exists.

    Now same case happened in non dead companies. They merged a company in someone missed doing the license transfer document inside the 30 days or it gets lost in the mail. So now those company volume licenses are no more.

    The reality is businesses where core runs on FOSS tech are far more likely to live through the liquidation process. Why they still have some operational software that can be straight up used. So less disruption to operations.

    Redhat and SUSE will cut liquidators some slack. Microsoft does not.

    ch 8 dollars a month is fine if you don’t have to pay like 5 years on every machine straight now because your volume licenses are gone. As you find doing liquidation.

  12. ch wrote, “the offer from MS which was still cheaper. It was a political decision, not a financial one.”

    Sure, occasionally a drug-dealer will give a discount. That does not mean it’s a good plan in the long run. Munich would have bought one or two more rounds of licences they didn’t need if they had taken M$’s offer. The net result: Munich has saved $millions: “If the city had maintained the Windows infrastructure as it was in 2005, the associated costs would have amounted to €11.8 million (£9.8 million). However, since then the number of computers increased significantly, and Munich would have spent an additional €1.65 million (£1.4 million) on new software alone, Ude said.

    Even taking into account the €2.08 million (£1.73 million) for optimisation and test management that ended up on the balance of the LiMux project, the LiMux system is cheaper than using a Windows installation, Ude noted. Upgrading the Windows systems to a level comparable to the LiMux infrastructure, including hardware needed to run the software, would have cost the city at least €15.52 million (£13 million), he said.”
    Now that the migration phase is ending, the savings will be even larger in the future.

  13. oldman wrote, “The fact of the matter is you havent a clue about the requirements of a large institution”.

    I have worked in schools with 4K people in one building. You bet I know what IT folks need as opposed to what Wintel wants them to have. I once took a course from a big university and was told I must run certain M$-only apps. I figured out what those apps did, found GNU/Linux software would do the job and carried on. It was fine with the instructor, despite her being part of a huge Wintel-only IT bureaucracy. In all my years of teaching I never saw any task that really required that other OS. If you doubt that look at school divisions who went from M$-only to GNU/Linux only. They laughed all the way to the bank saving money.

  14. SD 63 in BC, Canada:“Currently we maintain a software budget of well over $100,000. Our strategy is to replace more and more commercial software such as Microsoft Office and Microsoft Windows with viable alternatives such as OpenOffice and Linux. We anticipate this budget being reduced over the next 3 years as these systems move to Open Source software and Linux Thin Client Technologies.”
  15. SD 73 in BC, Canada:“All of our Elementary School workstations run Linux for their operating system. Students and teachers now have a large selection of free open-source educational, productivity, and office software … SD No. 73 has 33 Elementary schools all of which have a Linux Thin Client lab running Linux on the desktop.

    Currently all of our Secondary Schools use Linux and FreeBSD for virus, and web content filtering. In 2006 Barriere Secondary was the first high school in our district to have all it’s student, teacher, and admin workstations converted to Linux. September 2009 we finished converting our last 3 high schools to Linux Desktops.”

  16. GNU/Linux works in education for organizations large or small and education is very big business.