Debian GNU/Linux, A Bargain At Any Price

“Self-support Subscription
(1 year) $349USD”
I just stumbled upon RedHat’s price-list for subscriptions/support for RHEL. It reminded me what a great bargain Debian GNU/Linux is:

  • for one low price of $0, you get an operating system you can use anywhere: on your desktop, on your server, on any number of installations, …
  • the software is pretty good. It’s tested about two years before it’s good enough to be released. If you’re only using a few widely used applications, the chances of encountering an unfixed bug or vulnerability are tiny.
  • in addition to Free Software licensing (you can run, examine, modify and distribute the software!) you get the Debian Social Contract, that means you, the user, are being respected and Debian will play “nice” with the Free Software Community. There will be no misusing of the software to achieve some corporate/marketing/ulterior goal.
  • the most important way Debian helps you control your software instead of being controlled by it is the APT (Advanced Packaging Tool). It allows you to update any or all of the software on any or all of your computers with a few clicks. No longer do you have to hunt for drivers/applications/software all over the web. Debian mirrors (hundreds all over the world) are the original “app store”, invented back in 1998 when many were still using Lose ’95, that other OS, and drivers, applications, malware, crashes etc. were nightmares.

Go on, give it a try. You know you want it.

See Red Hat Enterprise Linux Server Operating Systems.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

61 Responses to Debian GNU/Linux, A Bargain At Any Price

  1. oiaohm says:

    Please remember a lot of anti-virus software under Windows will act like malware when license runs out. Lot of the tests don’t cover this behavior. Nortons is particularly bad killing Internet connection at times that you can not even purchase new version.

    2) It doesn’t take more than a smidgeon of human, paid, time: basically, install and forget.
    No DrZealot. its not install and forgot we all wish it was.

    Schools are harder because malware is not the only problem. Parents don’t want kids playing particular games like drug wars/dopewars.

    1) It’s free, if you don’t want to pay.
    Really school/business free?? exactly how. Please don’t say Microsoft anti-virus it don’t detect all malware.

    DrZealot. If anti-malware software worked Sony would not have been taken down recently. The fact it does not work is documented fact with case after case. Yet for some reason we expect todo the same things to prevent malware and are kinda surprised at identical results.

  2. DrLoser wrote, of anti-malware stuff, “It works”.

    Malware is very similar to terrorism. The attacker has the elements of surprise, time and place. You can’t defend very reliably against an attack you’ve never seen before unless you’re going to simulate all the software and watch for policy violation. That would really slow things down. Tests have been done where the usual software spotted a very high percentage of the most common stuff but not one piece of anti-malware stopped everything that was out there. “Do you feel lucky? Well, do you, punk?”. It’s just like calling Dirty Harry’s bluff. You can’t win against malware without all kinds of other measures that do take time and money: updating the anti-malware stuff hourly, firewalling, checksumming, “heuristics”, monitoring everything and shutting things down when systems get out of spec, before they can do damage… It’s just a terrible drain on support which smallish organizations cannot afford and larger organizations pay for but become less efficient as a result. I’ve worked for folks who actually pulled the plug to avoid malware for which they had no protecition. Even with M$’s updates, I often had systems that were unprotected and I had to scramble to get updates to take while I was supposed to do my day job.

    e.g. In a test of a bunch of softwares, Norton had the best but,
    “In our tests, Norton 360 2014 scanned our 50GB basket of files by looking at 175,985 of them in 19 minutes, 53 seconds, giving a scan rate of 148 files/sec. This is fast and the program does a good degree of fingerprinting, as a repeat test looked at just 20,800 files.
    We measured a 60 percent increase in file copy time, however, when a scan was running in the background.”

    So, even if it managed to catch all the malware, the PC slows down. The bad guys win.

    No software will catch all the malware though. A recent test of 23 packages found only two passed all of the tests given. No test can test for everything because there are 1K new malwares daily.

  3. DrLoser says:

    My refutation of your refutation is that time is money. I hear that all the time around here. Let me give you an example. My last school was running with ~40PCs wide open to the Internet (no router/firewall/each with an IP-address on the Internet). Half the PCs were unbootable. I had to reimage them to get 19 machines to run.

    I have no reason to doubt you, Robert, but you’d have to admit that this is anecdotal evidence. At best, and with a 100% reliable witness such as yourself, it doesn’t amount to much.

    In other words, so what?

    I’d venture to say that your issues were at the extreme end of, say, the tens of thousands of school districts in North America at the time.

    I’d venture to say that “anti malware” was the very least of your issues.

    And I’d venture to say that in an even moderately well-provisioned school district, anywhere in North America, the following facts about anti-malware hold:

    1) It’s free, if you don’t want to pay.
    2) It doesn’t take more than a smidgeon of human, paid, time: basically, install and forget.
    3) It works.

    Your conclusion that there’s a requirement to “add the money that needs to be spent on anti-malware” is therefore disingenuous at best and deliberately specious at worst.

    Because it doesn’t need to be spent. Neither in money, nor in time.

  4. ram wrote, “Doesn’t leave much room for Microsoft and its “partners”, like none ”.

    Yep. There never really was room for M$ but M$ leveraged its way into the market in the shadow of IBM’s timidity. IBM certainly could have hired all the expertise to do what the folks who sold DOS to M$ did and more but instead they locked themselves and the rest of the world into a decadent monopoly. How many $billions has that cost the world? How many years did it delay wide access to IT? The GNU system took a few years to develop. If Linus and a few volunteers could create the kernel in a year or so, IBM could have done it as well. They could have also acquired BSD UNIX. How different would the world have been. I doubt they would have considered the GPL… but who knows? GNU took nearly 10 years to develop and was far superior to M$’s DOS. IBM could have adopted it as they did GNU/Linux another decade later. The IBM PC with DOS was first released in 1981 so that would have been delayed to develop GNU but it was still doable given enough resources. Instead IBM paid for a licence for something M$ did not even develop. IBM could have bought it directly… Hindsight is 20/20. This all was a costly missed opportunity but there’s no guarantee IBM would have brought out a better outcome. We have to live with this mess for a few years longer. I await the next 10-Q.

  5. ram says:

    Robert Pogson is right about how “little” computer power one needs for the vast majority of thin client usage. That is one reason when such hardware will need to be “refreshed” its replacement is very likely to be one of the MCU (Micro Control Unit) processor boards now under development and available for consumer use by next Christmas. Target prices are under USD$30 at retail. Doesn’t leave much room for Microsoft and its “partners”, like none 😀

  6. DrLoser wrote, “My refutation is that you are not required to spend money.”

    My refutation of your refutation is that time is money. I hear that all the time around here. Let me give you an example. My last school was running with ~40PCs wide open to the Internet (no router/firewall/each with an IP-address on the Internet). Half the PCs were unbootable. I had to reimage them to get 19 machines to run. I added a firewall/router and a $free anti-malware. Still XP-machines were getting powned at the rate of one or two per week. It was a steady stream of machines unbootable or slowing to a crawl. The anti-malware was letting in far too many. We then were supplied with a professional, paid anti-malware by the ISP. It was supremely locked down with every .exe having a checksum which had to match before being allowed to run. So, now, instead of re-imaging, I had to reset the checksums every time some software was updated… Performance was abysmal because the thing was both verifying the checksum and scanning for malware before anything could run. The hard drive was always busy too. I eventually told the boss I had enough of this crap and switched the whole thing to GNU/Linux with very few problems related to malware and updates. Problem solved. Anti-malware software does cost money. I was paid. The supplier of the software was paid. The ISP was paid. Everyone was paying and M$ was laughing all the way to the bank.

  7. DrLoser, not understanding thin clients, wrote, “the fact that it was an ancient piece of junk was just a tad more noticeable, Robert”.

    Nope. The CPU was ~120MHz or a bit better. I think it was P3ish. That’s certainly a fast enough CPU and video to please a user pointing and clicking and gawking (not video). If I’d had an ISA NIC with 100mbits/s speed, it would have been indistinguishable from the other faster machines because the user would be getting the speed of the server, not the client drawn on the screen. The little woman’s 300 MHz Via CPU is doing only a little more than idling when she’s pointing and clicking and gawking. It pegs only when the browser is trying to do some video. We have ~50-inch TV/monitors for video so it’s not much of an issue. Her load average is 0.07 at the moment, idling and runs about 1.0 when she’s doing stuff. It really is not slowing her down at all and she see better performance than her old dual-core machine running at over 1gHz because Beast is 2.5gHz 4X and with more RAM than her old machine. I haven’t yet bothered to diagnose the defect in her old machine because there’s no reason to go back to it. In the situation at the school, that old piece of junk supplied one more seat to the lab which was occasionally needed. Having a piece of crap running at any speed is superior to having students double up on one machine. In schools the performance of IT is something like Number of Seats X performance of one seat. The number of seats is a huge factor and wishing for better IT does not make it happen. Fixing old crap does. It was fixable so I did.

  8. DrLoser says:

    Once the thing booted from the hard drive it was OK except that, as a thin client, the 10 mbits/s lag was very noticeable.

    I think the fact that it was an ancient piece of junk was just a tad more noticeable, Robert, but I guess you see what you are looking for.

    24-bit colour on a 1920×1080 comes out at 500 mbits, and that’s if you’re refreshing the entire screen (for no good reason) every time. And I’ve purposely chosen a ridiculously high standard for a knackered bit of hardware.

    No, I’m afraid what you had there, Robert, was a useless piece of broken crap that you just couldn’t bring yourself to throw away.

    Floppies, indeed.

  9. DrLoser says:

    No, they’re not. They slow down systems by reading everything multiple times. One either has to accept lower performance or pay extra for horsepower.

    Your argument was about “the money that needs to be spent on anti-malware.”

    My refutation is that you are not required to spend money.

    Just for once, Robert, and I accept that “your mind is a raging torrent, flooded with rivulets of thought cascading into a waterfall of creative alternatives,” it would be nice to get a straight answer to a straight question.

    Do you genuinely believe that there is an absolute requirement to spend money on anti-virus software when one uses a Windows desktop?

    Because, if you do, then you are wrong.

  10. DrLoser says:

    . I forget what the RAM was but it was low and a more modern distro was not feasible.

    Well, that’s “bloat” for you, Robert. Sadly, Linux is not immune.

  11. oiaohm wrote, “when you cross 9 to 10 years old the changing connection and transmission standards”

    No, it was not having USB and no working CD drive. I had to get it to boot from a floppy with a PXE boot-loader to install an old version of RedHat. As I recall the error-rate on the floppy was high but after a few tries it worked. Once the thing booted from the hard drive it was OK except that, as a thin client, the 10 mbits/s lag was very noticeable. We mainly ran it as a curiosity and as the last available thin client if the lab was packed full. No one chose to use that machine compared to somewhat more modern 400MHz single-core thin clients with 100 mbits/s NICs. I think the machine had an ISA bus so we could not install a 100 mbits/s NIC. I forget what the RAM was but it was low and a more modern distro was not feasible. While the software might have run, the installer wouldn’t. I might have tried overwriting the hard drive with an image installed in a chroot or virtual machine elsewhere but I didn’t because there wasn’t much point with that NIC. That machine took many hours to set up versus a few minutes for a typical machine. It wasn’t worthwhile except to say we had been there and done that. A few students had ancient machines at home so any experience with such hardware was useful.

  12. oiaohm says:

    Robert Pogson its horible video outputs like S3 and Matrox embedded on motherboards. Yes they kinda work with vesa but its only kinda. They never properly supporting-ed running in vesa modes without doing stupid things. Like tell OS it supports Vesa accelerated mouse pointer option when in fact it will just not render pointer at all. Yes you have better odds of getting graphical output with and really old nvidia than some of the beasts out there.

    riva tnt some brands don’t work with the default Nvidia driver in kernel. riva tnt support was officially killed 2004 is only just now going 10 years.

    I’ve installed GNU/Linux on 15 year old machines and the video was not the issue. Finding a peripheral that was not dead was…
    Yep that is the other major issue when you cross 9 to 10 years old the changing connection and transmission standards.

  13. DrLoser wrote, “You could use Microsoft Essentials, Robert. Or, failing that, Avast (and several others). They come at a price you will accept: They’re free!”

    No, they’re not. They slow down systems by reading everything multiple times. One either has to accept lower performance or pay extra for horsepower. Same goes with using that other OS in a school. Even if it were $free, that other OS gives lower perfromance from the hardware. It wasn’t free to individual schools that I know of, ever. School divisions perhaps, but I worked in small independent schools with no umbrella organization to negotiate a price. Basically, we paid retail prices or went without. We went without that other OS and used GNU/Linux with great satisfaction, spending our budget on great hardware rather than less hardware and more licensing fees. More hardware meant we could make much better use of IT in our school than most who wasted time sending students to a lab periodically. Each classroom had access to a cluster of 4-6 seats and a few rooms had clusters of 12 seats. We had printers within a 150 feet of every classroom. A few classrooms with high demands had their own printers, top of the line laser printers. We had a raft of nice colour printers too. If all the money had been spent on Wintel PCs that’s all we would have had, the PCs, not even a server or a switch or a rack… We did the maths and got absolutely the most bang for the buck. I believe they are still using that system as installed and liking it.

  14. oiaohm wrote, “Video cards over 10 years old for instance don’t have drivers in current day Linux”

    I’m not aware of such a policy. VESA driver, for instance, has been around for ages. I’ve used it with many cards for which there wasn’t a current specific driver. Of course, it does not have all the features/performance, but for some uses like showing text/images, it’s just fine. GNU/Linux is also sufficiently flexible that one can find drivers in archives and run an old kernel just to manage the display and put other software on another machine or chroot with modern software. I’ve installed GNU/Linux on 15 year old machines and the video was not the issue. Finding a peripheral that was not dead was…

    e.g. in linux 3.17.7, file drivers/video/fbdev/riva/riva_hw.c contains “Copyright 1993-1999 NVIDIA, Corporation.” so at least parts of it are 15 years old. I think my previous Beastly motherboard had a Riva card.

  15. oiaohm says:

    DrZealot
    http://www.extremetech.com/computing/134760-pc-obsolescence-is-obsolete
    6-8 is officially called the useful lifespan for desktop PC.

    Did you miss this bit. That operation life of a PC is 6-8 years. All TCO maths depend on this being min.

    http://windowsitpro.com/blog/desktop-hardware-lifespan-increasing
    Even from windows users 6 to 8 is not abnormal any more.

    Microsoft pricing is based on an old study when computers only lasted 4 years. There is an old HP study saying 3 years. Again old studies. XP insane life span most of those machines at replacement were between 8 to 12 years old. Heck XP machines are still in usage. Really this is the problem Linux usage is not abnormally long. 8 to 9 years old in Linux is partly kernel driver support lifespan. Video cards over 10 years old for instance don’t have drivers in current day Linux.

    I don’t know about you guys, but in ten years, I expect to lose somewhere between $40 and $100 in pocket change somewhere or other.
    DrZealot For a single machine the difference is not much. But 100 to 200 computer plus deployments it really does add up.

    Over 10 years my general loss of pocket change is less than 1 dollar a year. In fact it would be lower if I had not been pick-pocketed 20 years ago and lost a 20 dollar note.

  16. DrLoser says:

    No, we’re not. That’s your hangup. M$’s product has negative value. $20-$50 is what they are demanding for it, not its value.

    Excuse me, but I seem to recall — and I checked at the head of this post — that the argument was: “Debian GNU/Linux, A Bargain At Any Price.” Price is easy to define. Value, not so much. But, I fully accept your woolly argument here and we can therefore continue:

    Once you add the money that needs to be spent on anti-malware (in futility as well, just ask SONY)

    You could use Microsoft Essentials, Robert. Or, failing that, Avast (and several others). They come at a price you will accept: They’re free!

    … there’s the cost of re-re-reboots which I think should be billed to M$ for ~$1 each,

    A little arbitrary, don’t you think? Is there any sort of productivity study out there that quantifies this stuff? Do tell.

    … and the cost of slowing down which M$ eventually turns into more revenue for them as folks buy a new “faster” machine with less crud on it.

    Not merely “arbitrary” but distinctly unproven, I feel. How’s that three-year guarantee for a Debian lifetime working out for you, btw? Oh, that’s right, it doesn’t cost you a cent. But if you had to pay for it, you’d be up in arms.

    Then there’s the cost of the restrictions in the EULA.

    I believe we were talking about the theoretical acceptable price of a Debian alternative, Robert. On the assumption that the acceptable price is the same ($20 -$50), your issue with the EULA vanishes in a puff of smoke.

    I like to run a server on my PC and I don’t want to pay M$ ~$1K for the privilege and ~$20 per connection.

    Which is fine. You’re getting good value for a payment of zero, or even for $20 – $50. That’s kind of how the marketplace works, isn’t it? But not everybody wants to run a home server, so this particular marketplace is a bit, shall we say, limited?

    I’ve had Beast run a whole computer lab with 30 students. Can’t do that with that other OS legally, without paying a high price, not just the $20 per seat.

    You didn’t even try, did you, Robert? Considering that it cost Easterville something upwards of $40,000 to keep you on board — and you would have been far better used as a teacher of Physics, Mathematics, whatever — I can’t really see how an educational bulk packaging package for, say, 500 students would even have approached that amount.

  17. DrLoser wrote, “What we’re left with, it seems, is an argument about longevity.”

    No, we’re not. That’s your hangup. M$’s product has negative value. $20-$50 is what they are demanding for it, not its value. Once you add the money that needs to be spent on anti-malware (in futility as well, just ask SONY), there’s the cost of re-re-reboots which I think should be billed to M$ for ~$1 each, and the cost of slowing down which M$ eventually turns into more revenue for them as folks buy a new “faster” machine with less crud on it. Then there’s the cost of the restrictions in the EULA. I like to run a server on my PC and I don’t want to pay M$ ~$1K for the privilege and ~$20 per connection. I’ve had Beast run a whole computer lab with 30 students. Can’t do that with that other OS legally, without paying a high price, not just the $20 per seat. I’ve also seen several cases where there was no driver for hardware X for the new release of that other OS so part of the cost of replacing peripherals should be billed to M$. What price is your freedom?

  18. DrLoser says:

    But, no matter. We appear to have established the “Bargain at any Price” value at around $20 to $50 for the Linux OS and the supporting platform. (Others may choose to distinguish between Debian and other distros on this basis. I choose not to do so.)

    We appear to accept that the Microsoft Tax is also around $20 to $50.

    What we’re left with, it seems, is an argument about longevity. Taking the general Linux supporter view at face value, and without any attempt whatsoever to check it out in reality, we would be looking at, say, $20 to $50 for around nine years’ desktop Value.

    As opposed to, in the case of M$, $60 to $150 for three times three years’ desktop value.

    I don’t know about you guys, but in ten years, I expect to lose somewhere between $40 and $100 in pocket change somewhere or other.

    Oh well, on to the next big Linux advantage. What could it possibly be? Carefree system initialisation?

    Whoops, that would involve something like systemd. No way I’d spend $100 over ten years just to avoid SysVInit!

  19. DrLoser says:

    This is the problem. Common operational life of a Linux PC is 8 years the average is 9 years.

    Those sound like awfully precise numbers, Fifi.

    They’re almost certainly more accurate than you wild guess at a world-wide installed desktop population of Debian, somewhere between ~100 million and ~100 billion.

    I was more than happy to help you with your primitive mathematical calculations on that one. Give us a cite for that 8-9 years “average” and I promise I’ll see what I can do to fill in the minor mathematical details.

  20. oiaohm says:

    Robert Pogson you right ish I made a error I forgot debian changed to bi-yearly in 2009.
    http://lwn.net/Articles/344007/
    I forgot 2009 debian officially changed to 2 year release cycle. After 9 years of failing to get the 1 year cycle as what was stated in debian policy at the time. There are official rules when stable releases should be by Debian. The history completely missing the release window is long.

    So the true max life of a Debian release is 3 years if everything works right. 2 years while the next release is being made and 1 year after the next release.

    Only way to get 5 years with debian on the same release is starting in testing.

    Do the maths. If you want yearly releases, go with Ubuntu and take your chances.
    There is not really that much more difference between doing year and bi-year other than how much more automated you have to be.

    Really I would like yearly because 2 years still means the packages in stable can be quite old.

  21. oiaohm wrote, “The other thing to be aware of is Debian stable releases are meant to be yearly.”

    There isn’t any rule about that and the repository has, what, 40 CDs these days compared to one in the old days. Also, some packages today have way more dependencies than they used to. Debian scales but it has to stretch to do it. 1K developers for 40K packages to integrate with the distro. Do the maths. If you want yearly releases, go with Ubuntu and take your chances.

  22. oiaohm says:

    dougman
    Actually the business life of a PC is 3-years and residence is 5-years. These numbers could be stretched of course, I for one have done both, but they are averages. After 5-years you are taking a chance in not being able to find spare parts or the PC just acting weird due to old age.

    Those numbers are backwards for Windows PC here. Businesses here commonly run PC desktops for 5-10. years. At over 5 old when the machine develops a issue they replace. Laptops have a shorter lifespan.

    http://www.extremetech.com/computing/134760-pc-obsolescence-is-obsolete
    6-8 is officially called the useful lifespan for desktop PC. Normally becomes non useful at 6 due to software incompatibility not hardware. 8+ years old is where most of your hardware issues start appearing unless you are using gaming hardware that is badly over clocked. Linux users normally run until the hardware plays up.

    Its not like for doing most things you need any more computing power than an 8 year old computer is going to provide.

    3 to 5 would be a laptop those get dropped and abused and gaming machines that are overclocking all the time.

    dougman you are suggesting replacing PC way more often than you need to. I can understand it as having people replace computer more often brings in more income.

    Businesses here treat PC like throw away items. You don’t repair them you replace them when they fail. They do N+1 every office has 1 extra desk with no staff member so if a computer fails that desk gets used.

  23. dougman says:

    re: Common operational life of a Linux PC is 8 years

    Actually the business life of a PC is 3-years and residence is 5-years. These numbers could be stretched of course, I for one have done both, but they are averages. After 5-years you are taking a chance in not being able to find spare parts or the PC just acting weird due to old age.

  24. oiaohm says:

    https://wiki.debian.org/DebianReleases
    At any given time, there is one stable release of Debian, which has the support of the Debian security team. When a new stable version is released, the security team will usually cover the previous version for a year or so, while they also cover the new/current version. Only stable is recommended for production use.

    DrLoser this is something you have missed. Microsoft only support a prior service pack for 12 months after it is released at most. Debian every time a new stable is released the old stable has 12 months support left. This is why releases are service packs as it basically mandatory to upgrade.

    You also have to love this Debian loop hole.
    A: The security team tries to support a stable distribution for about one year after the next stable distribution has been released, except when another stable distribution is released within this year. It is not possible to support three distributions; supporting two simultaneously is already difficult enough.

    If they happen to release 2 in a year you may not get a year to migrate off. This is purely because Debian users see releases as service packs.

    The other thing to be aware of is Debian stable releases are meant to be yearly.
    Rex, Bo, Hamm, Sink and Potato managed todo it. Its kinda been fail since the year 2000. Even up coming Jessie is late. A debian release is not meant to last years before being upgraded.

  25. oiaohm says:

    DrLoser TCO stands for Total Cost of Ownership a computer you acquired 2 1/2 ago has not done the Total Cost of Ownership.

    The last time I paid the Microsoft Tax was for an XP machine, about three or four years before that.

    This is the problem. Common operational life of a Linux PC is 8 years the average is 9 years. In the Linux TCO time frame you have paid 100 dollars not 50 so far DrLoser. At the end of life of a Linux machine will most likely be running the most current OS.

    DrLoser you are on talking about also possible spending 150 in the life span of a Linux PC on Windows Licenses.

    DrLoser yes is 50 dollar per purchase but in a TCO compare when you have to make operational life the exact same length you have 2 to 3 Microsoft OS purchases to remain current. That is if you get away with OEM and are not using volume licenses to upgrade so you don’t have to replace hardware. Education and Charity volume license is 50 dollars extra to be able to upgrade. Does matter how you do the TCO maths it comes to 100 min for Windows OS when you are comparing equal operational life span.

    DrLoser the computer I am using is only my second computer from 1998. So from 1998 to 2014 I have only acquired 2 computers. I am currently right on the common life of a Linux Desktop user..

    The OS clean install on my computer was a Debian 2.2 Potato year 2000 it has been in place upgraded all the way to Jessie. To Debian users each distribution release is equal to a Windows Service pack just service packs get cool names. Now you would get upset if I started saying you had to add 20 to 50 dollars per windows service pack because OS X charges for Service packs.

    DrLoser this was your question “If you had to pay for GNU/Linux/Debian, what’s the maximum you would pay?”

    And the answer was
    “$20-$50 per copy.”
    Translation 2o-50 dollars per install. Per copy for upgrades in the form of Distribution releases/service packs would be insane.

    XP had 3 service packs pricing it the same Lenny, Wheezy, Jessie, and Stretch would be the cost of XP. Effectively Wheezy, Jessie and Stretch are service packs to Lenny.

  26. dougman says:

    M$ hires pinoys and charges $99 per incident. http://www.answerdesk.microsoftstore.com/Services/SoftwareSupport

    For 24/7 support, you would be looking at thousands of dollars, tiered by the number of employee’s a business has on staff.

    Linux is the better deal, more stable, better security and freeing one from the M$ upgrade treadmill.

  27. DrLoser says:

    Although, to be fair, we could all admit that when Robert suggested that Debian is “A Bargain At Any Price,” he inadvertently missed the major selling point:

    It’s free. What do you expect for “free?”

    Mentioning any other price whatsoever is redundant.

  28. DrLoser says:

    No this is because you are using incorrect TCO. Microsoft Tax when you include reduced operational life before upgrading and the extra hardware costs this causes is about 100 dollars. So 20-50 is about half to a third the Microsoft tax.

    I’ll leave the “extra hardware” dimwittery for that unexplained missing cite, oiaohm, but I have to admit that you are circling around reality here.

    My current PC included a “Microsoft Tax” of somewhere between $20 and $50. I bought it 2 1/2 years ago. It’s on Windows 7.

    For the purposes of argument, let’s ignore the obvious fact that I didn’t pay that Microsoft Tax. The boojums and wotsits (including AV offers, etc) did so. Let’s assume I paid it in full.

    The last time I paid the Microsoft Tax was for an XP machine, about three or four years before that.

    The next time? Who knows. Maybe next year, with Windows 10 or something. Ker-Ching! Another $20-50.

    That time period would roughly cover Lenny, Wheezy, Jessie, and Stretch. And on Robert’s calculation of cost/benefit, each one of those is between $20 and $50.

    Hmmmm. I seem to be saving money here. And also, I get a realdesktop operating system … not just a “pretend” one.

  29. oiaohm wrote, “The difference is that Linux distributions have is free OS upgraded in place.”

    Yep. Debian upgraded the software on my Beast since 2005 with APT. When I renewed the motherboard/CPU/RAM, I just moved the hard drives along and kept going. There’s nothing like that in the world of M$ for consumers. I certainly don’t have to pay extra for the privilege of going back to Wheezy or upgrading to Jessie. It’s all the same with Debian GNU/Linux.

  30. oiaohm says:

    DrLoser
    Observation: This is roughly the current range of the “Microsoft tax.” Well, there goes the only selling point you have.
    No this is because you are using incorrect TCO. Microsoft Tax when you include reduced operational life before upgrading and the extra hardware costs this causes is about 100 dollars. So 20-50 is about half to a third the Microsoft tax.

    There are a stack of TCO papers showing that Microsoft cost is 100-150 dollars per seat. You don’t see TCO papers showing 50 dollars per seat. The difference is that Linux distributions have is free OS upgraded in place.

    Microsoft might be able to get back to 50 dollars per seat if every version they sell from now on is a free upgrade to prior version. So computers run until they die not become software obsolete. Problem is if every version is free upgrade in place this will hurt Microsoft bottom line to a point. But it will also reduce Microsoft OS maintaining costs. So it could be more profitable for Microsoft to reduce properly to 50 dollars per seat.

  31. DrLoser says:

    I’d guess the “market value” would be from $20-$50 per copy. It’s not a reasonable question however because the world can and does make its own software and shares it so the world doesn’t need to get paid in detail.

    It’s more than just a perfectly “reasonable” question, Robert. It’s a question that is the essential one to ask, in light of your headline observation:

    Debian GNU/Linux, A Bargain At Any Price

    If the only price you are prepared to pay is $0, then this is a meaningless assertion, isn’t it?

    Now, obviously, your headline is intentional hyperbole for effect — I don’t for one moment believe that you mean “at any price” — but that’s why I asked the question. And I’m glad you answered it. $20 – $50, eh?

    One observation, and one assumption — a possibly unfair one that you will no doubt refute.

    Observation: This is roughly the current range of the “Microsoft tax.” Well, there goes the only selling point you have.

    Assumption: You haven’t gotten around to a donation yet, have you? I think that might be a fine gesture on your part, if only to back up your belief in your own headline.

  32. DrLoser wrote, “If you had to pay for GNU/Linux/Debian, what’s the maximum you would pay?”

    I’d guess the “market value” would be from $20-$50 per copy. It’s not a reasonable question however because the world can and does make its own software and shares it so the world doesn’t need to get paid in detail. ie. If ~100 organizations decided they would each make some component of an operating system and useful applications the total cost might be a few $billion, starting from scratch. Divided by hundreds of millions of installations that’s a few $tens per copy. However if those organizations would ordinarily be paying those $billions to M$ for licences, the real cost of producing their own OS instead of using M$’s is $0 and they don’t need to charge anything and still break even. If you consider there may well be ~1K organizations producing all the software, the answer is obviously $0 per copy makes sense. The maths isn’t that simple because some packages like Linux get used $billions of times whereas others, say SOX, may get used only a few million times. The order of magnitude is still correct although the $0 might not be right on. It’s a beautiful situation. Those who can afford to pay for creating the software, get a complete software stack while only paying for a portion, and those of us of modest means get to use it for $0.

    We have seen many examples of this principle at work. SUN bought StarOffice for the cost of buying one round of PCs and licences for that other OS and its office suite. The members of Kernel.org get to use all the drivers and core software of the Linux kernel for the price of their contribution which varies from 0.01% to a few %. The members are happy and it costs them no more to share with all not just with other members.

  33. oiaohm says:

    By the way https://www.us-cert.gov/ncas/alerts/TA14-353A is a great read for why not allow closed source drivers.

    usbdrv3_32bit.sys and usbdrv3_64bit.sys are both in advisory. Not because the attack wrote them but because attacker shipped them. Both contained security flaws and Windows would still run them.

    Yes there is very good reason to regularly break driver support. It prevents cases like this where a driver with a bug from 2009 and is fixed in newer versions comes back and bites us today.

  34. oiaohm says:

    DrLoser thing is solving the halting problem and mathematically secure are not linked.

    You can design items that are safe that contain the halting problem. Engineer designing a car engine cannot predict ahead of time how much fuel or oil people will put in so cannot predict when it will stop. Yet car engines don’t explode when they run out of fuel or oil.

    There are many real world things that suffer from the Alan Turing halting problem. They all operate securely and safely.

    This is the problem believing in the halting problem is one thing. Understanding how it relates to security is another.

    For security your question is not when will a program halt but if any event will cause invalid access to data.

    DrLoser http://en.wikipedia.org/wiki/Defensive_programming halting problem is not part of it. The problem here is yes Halting Problem is unsolvable but it has absolutely nothing todo with if a function in a program is secure. If every function in a program is secure it does not matter if the program does or does not halt.

    Mathematically secure OS obeys the rule of a car engine if it runs out of fuel it will stop. Safer to become non functional than function incorrectly. This is the problem Mathematically secure and halting problem are not high related.

    http://en.wikipedia.org/wiki/Secure_input_and_output_handling

    Yes if the halting problem was a problem for security then Secure input and output handling could not exist. Secure input is designed to cover all possible values.

    Yes I believe you can never answer when a program that has a halt operation will halt. Just like you cannot answer when X function will run.

    Can you predict that a program will never halt from data input yes you can. How can you predict is there is no possible halt function. Key condition of the turning halting problem was that a end of tape existed or a halt function existed. One of the people of Alan Turing time put up the example of the tape turning into a loop and no halting function.

    More you understand the halting problem the more you wake up that its not the problem that drives OS security but Murphy’s law “Whatever can go wrong, will go wrong”. Key focus on can if the code paths provide no possibility todo anything wrong the halting problem does not matter any more.

  35. DrLoser says:

    Anyway, Robert, hauling this thread back to its origin.

    If you had to pay for GNU/Linux/Debian, what’s the maximum you would pay?

    I’ll grant you no onerous EULA (other than the GPL, which isn’t onerous).

    How much?

    I’m betting sod all. Which means that your assertion that it’s “a bargain at any price” is only really valid at a single, slightly extreme, data point.

  36. DrLoser says:

    DrLoser yes I have heard of the halting problem. Turns out it possible to design a OS avoiding to almost avoid it completely.

    It’s sort of a binary thing, oiaohm. It isn’t incremental, as you seem to believe. Either you solve it (which is demonstrably impossible) or you don’t.

    Of course you are not aware that is not a problem because you have never watched the Linux Australia Conference videos.

    Of course. Silly me!

    Should I wait for the inevitable Fields Medal, or would you care to share a link to this impressive and completely unbelievable achievement?

  37. DrLoser says:

    There’s more news of M$’s culpability.

    Actually, there’s news supporting the theory that the attack vector was via SMB. Quite a different thing, Robert. To quote your cite:

    The SMB worm propagates throughout an infected network via brute-force authentication attacks.

    Need I explain the implication here? Need we revisit the scene of your failure to comprehend the South Korean SSID system?

    Entropy, Robert. Entropy.

    CNN was reporting that the attackers stole admin’s password and that passwords were being sent in clear text via e-mail, so it’s hard to know what was happening.

    Perhaps I can help you here, Robert. Apparently the attackers stole an Admin’s password, and in other news, some lunatic was sending passwords around in clear text. (It’s hard to see what reason a Bad Guy would have for such activity)

    Phishing, Robert. Phishing.

  38. oiaohm says:

    http://www.lowrisc.org/
    Reality these ongoing attacks are starting research into rebuilding the complete computer world from the ground up. Secure design CPU supporting Secure designed OS.

  39. There’s more news of M$’s culpability. See Hackers Used Sophisticated SMB Worm Tool to Attack Sony

    “The SMB worm propagates throughout an infected network via brute-force authentication attacks, and connects to a C2 infrastructure with servers located in Thailand, Poland, Italy, Bolivia, Singapore and the United States, the advisory said. “

    CNN was reporting that the attackers stole admin’s password and that passwords were being sent in clear text via e-mail, so it’s hard to know what was happening. It could be that the malware artists used the SMB tool merely to fetch and carry and just supplied it with the necessary passwords, but the theft of passwords could have been by brute force also. Anyway, SMB is a weak link in M$’s spaghetti-chain of security. Making file-sharing convenient for users makes it convenient for attackers too.

    This CERT notice is one of the longest I have read. It details MD5sums of several packages and has a long list of mitigations/defences. That list includes just about everything but “don’t use that other OS”…. but the malware takes care of that by eventually wiping several hard drives so it may be redundant. To add insult to injury, the wiping is done by the modified MBR so the guy who reboots does the deed. I’ll bet SONY’s employees are terrified of their PCs about now.

  40. oiaohm says:

    DrLoser yes I have heard of the halting problem. Turns out it possible to design a OS avoiding to almost avoid it completely. Of course you are not aware that is not a problem because you have never watched the Linux Australia Conference videos. Because one of those video cover how to write parsing designs avoiding halting problem. Same thing gets scaled up in mathematically designed OS.

    Do you need to solve the halting problem to prove mathematically secure? The answer is no. Limiting the number of code paths with the halting problem is one of the thing you do. Just because something might run for ever does not mean it can ever do anything that cause a security problem. Good example used for idiots who raise the halting problem as why mathematically secure cannot exist.

    Waterwheel cannot rob a bank right. Attempting to solve the halting problem on a waterwheel just because its next to a bank is pointless.

    When you design the building to house the waterwheel you don’t need to calculate when the wheel will be stopped only that its securely held as well. Same applies to OS design. If where the halting problem will happen in the OS is like a waterwheel next to the bank its absolutely no threat.

    Basically only a idiot on what a mathematically secure OS is raises the halting problem as other than a item you have to detect and reduce to bare min.

    The reason why most x86 chip are not mathematically secure is the fact you load microcode into them to set what their instruction will process as. This is not secure defined. Attacks have happened in the past from loading old microcode.

    The halting problem is about 100 percent mathematically predictability. A secure OS does not need 100 percent mathematical predictability.

  41. DrLoser says:

    babble babble babble babble

    Key thing here is no mathematically secure OS operated on a x86 chip.

    babble babble babble babble … Oh wait, I just noticed something.

    You’ve never even heard of the Halting Problem, have you, oiaohm?

  42. DrLoser says:

    Debian GNU/Linux, A Bargain At Any Price

    As usual, it’s up to us Microsoft Trolls to drag the discussion back to its original point. Which is an interesting one.

    Would I pay $1 million for (unlimited, no EULA) usage of Debian GNU/Linux?

    As it happens, I don’t have the finances to do so. But I am as one with Robert here: no, I bloody well wouldn’t.

    Would I pay $1 thousand for (unlimited, no EULA) usage of Debian GNU/Linux?

    No. The same applies.

    Would I pay $50 for a single license (EULA included) of Debian GNU/Linux?

    Here’s where it gets interesting. Because it’s at this point that Robert’s beloved “cost/benefit” kicks in. Because that’s roughly the point of current competition.

    Hell no, I wouldn’t. It’s a time-sucking swamp of half-baked dreck.

    For $50, I would expect more than that. Luckily, I don’t even have to pay the $50 (it’s bound into the price of the hardware). But, if I had to, I wouldn’t even blink an eyelid.

    In other words, there’s only one price that GNU/Linux/Debian qualifies as “a bargain.” Which is $0, as Robert frankly admits. Not much to boast about, really.

    Particularly since, to be perfectly honest, I’d rather pay that $0 to use Fedora or CentOS or quite possibly something else I haven’t come across yet.

    Is there a Unique Selling Point to GNU/Linux/Debian?

    Because, other than the opportunity to join a welcoming, whining community who don’t quite “apt-get” systemd, I’m blowed if I can see one.

  43. oiaohm says:

    http://www.openwall.com/lists/oss-security/2014/12/17/11
    “Don’t Let The Grinch Steal Christmas“ so call bug is a huge mother of a lie.

    Kurt Seifried Redhat who is charge of Redhat security mailing list states they never sent a email. There is truly no fault. Its an optional configuration to allow polkit to install packages from repository without password.

    PC World is untrustworthly for security reporting. Never report a security flaw before it has a officially assigned CVE number.

    This basically proves my point. Put a name on a bug get media coverage. Heck it does not matter if the bug is not even real.

  44. oiaohm says:

    DrLoser
    https://medium.com/message/everything-is-broken-81e5f33a24e1
    This why making big news out of Linux having flaws does not mean much.

    Nothing we use on PC is mathematically certified secure. Ok lets say you want a mathematically certified secure OS you can afford.
    http://www.theengineer.co.uk/news/safer-software/312631.article
    http://ertos.nicta.com.au/research/l4.verified/faq.pml
    Yes L4.verified and it runs Linux.

    What application can I run. Linux Applications.
    What video driver support do I have zero.
    What cpu support do I have. Arm11 that is it. x86 cpus contains too many flaws cannot be verified. Key thing here is no mathematically secure OS operated on a x86 chip.

    1) No BIOS or EFI so OS runs straight on the CPU.
    2) No Microcode to alter CPU behavior.
    3) Correct memory management instructions in CPU.

    Now, apart from the obvious fact that Windows re-re-reboots do at least get you to a known (presumed secure) state in a matter of an hour or two, would you care to expound on this theory?
    Sorry no wrong. NSA bios and EFI infections. So if you system has been breached rebooting and reinstalling what a laugh you are most likely still infected. Did you re-flash all the firmware chips with clean firmwares.

    l4.verified can reboot and get to a secure state because it is secure.

    DrLoser basically if you have x86 you are already screwed. The question is how bad. So of course there are going to be more flaws because the CPU we love running our OS’s on is flawed.

    Linux by design is Inherently Secure but its under resourced and lacking suitable hardware in volume to achieve it particularly in hardware the correct cpu types. Windows does not even support all the cpu types that can be Inherently Secure. In fact Windows mostly only supports the Cpus that are Inherently Insecure.

    Everything we are using is broken. Linux is doing a fairly good job with the stack of lemons it has to put up with.

  45. DrLoser says:

    The difference between Linux and Win-Dohs vulnerabilities, is that with Linux the community as a whole work together and submits a patch to the kernel and pushes it out in days if not in hours.

    An interesting theory, Dougie.

    Now, apart from the obvious fact that Windows re-re-reboots do at least get you to a known (presumed secure) state in a matter of an hour or two, would you care to expound on this theory?

    Because there’s no actual compulsion to update a compromised Linux system, you know. And if it’s embedded (for some God-Awful reason, idiot manufacturers are keen on embedding some form of the Linux kernel), I don’t think there’s even a straight-forward process.

    Never mind, beddy-byes, it didn’t really happen, here’s a blankie.

    And because Linux is InherentlySecure(TM), it couldn’t possibly happen again, could it?

    To be fair, Dougie, you don’t have to believe this bilge yourself.

    You only have to sell the bilge on to your customers. I don’t envy you. Luckily, I took the trouble to get educational qualifications in my choice of work, which means I can have proper discussions about my customers’ requirements.

    You should try it. When you stop referring to the competition as “Win-Dohs” and start explaining the merits of whatever snake-oil du jour you are selling, you might just find that your customers will regard you as something slightly more advanced than a bitterly under-educated hack who has no clue what he’s talking about.

    Just try it! Lose the “Win-Dohs”! I personally guarantee that up to 50% of the pimples on your bottie will vanish overnight!

  46. DrLoser says:

    Ok, clear, we keep pretending Shellshock and Heartbleed never happened.

    ‘Tis the season of goodwill, he said, talking to himself …

    … and yet, despite obvious signs of mental instability, still being able to cope with punctuation on a level that oiaohm would accept as reasonable.

    Sometimes, I am really proud of myself. But I prefer to restrict this indecent display of hubris to the occasions when I, “Dr Loser,” am proud of me, “Deaf Spy.”

    If only “Tiny Tim” oiaohm had an imaginary friend like mine. It’s awful, really. He’s been battered for the last eight or more years. Every single time he comes up with a proposition — say, a really interesting new concept for encoding the Posix file system, as relayed to the Austin Group — he’s fobbed off with the pathetic excuse that he’s an ignorant moron who has no clue what he’s talking about.

    Now, if only he had an imaginary friend (presumably on a different frequency) to back him up …

    … Who knows? Eventually, he might find a useful place in society.

    I think we are all, all of us, prepared to wait for that glorious yet somewhat unlikely eventuality.

    Praise the Lord, and Merry Christmas everybody!

  47. Deaf Spy says:

    Promised? We, then will pretend that ADShock never happened.

    But, but Windows!

  48. dougman says:

    The difference between Linux and Win-Dohs vulnerabilities, is that with Linux the community as a whole work together and submits a patch to the kernel and pushes it out in days if not in hours. With M$, one may wait for months and even then you run the risk of hosing your system.

    Many users complained of a variety of issues:

    – Windows Authentication failing to recognize that a Windows installation is valid
    – System Files being corrupted
    – BSOD (Blue Screen Of Death) caused by complete system failure
    – Hardware Drivers failing
    – Network Issues
    – Random Error Messages related to User Account Control

    http://www.thenewamerican.com/tech/computers/item/19735-new-microsoft-security-fix-is-worse-than-the-problem

    Users cannot apply patch, so uninstall Office then install patch, reboot, then install office, then reboot.

    http://www.computerworld.com/article/2857637/microsoft-tells-windows-10-users-to-uninstall-office.html

    M$ has been making a lot of quality assurance mistakes lately, in it’s software and likes to have everything glued together like a kindergarten art project gone berserk, but this is ridiculous.

  49. luvr says:

    Deaf Spy said, “Ok, clear, we keep pretending Shellshock and Heartbleed never happened.”

    Promised? We, then will pretend that ADShock never happened. (You know, the issue that allows a Ticket to Request Tickets to be tampered with, so that it gives you even domain administration priviliges.)

  50. oiaohm says:

    Ok, clear, we keep pretending Shellshock and Heartbleed never happened.
    Deaf Spy issue here is Heartbleed issues are not finished yet. There is still unpatched software installed on Windows computers out there.

    OS X and Linux both OS shipped OpenSSL so when the OS updated OpenSSL the applications using it caught up.

    Really Deaf Spy you were only telling part of the story. Deaf Spy you have been playing lets pretend Heartbleed is over. Heartbleed fault is over for Linux and OS X.

    Really I am not pretending that Heartbleed did not happen. I want serous reporting the correct facts of the matter.

    OpenSSL in Debian came from Debian applying patches to OpenSSL to reduce risks and they got it wrong. Turns out Google and many other parties happened to be doing this as well without overcite from the OpenSSL project. Guess what a custom patched OpenSSL shipped with yep that is chrome the web browser. Gets more fun when you find out particular anti-virus software also used openssl.

    Deaf Spy really your screwed with all arguments about OpenSSL. Issue is closed source users of OpenSSL were doing the same things as Linux distributions were doing. Heartbleed bug naming was designed to get a huge number of rats out the wood work.

  51. I noticed there was another horror-story being spread on the web, “Don’t Let The Grinch Steal Christmas“, ranting on about how folks can easily get root access on GNU/Linux. They go on about the wheel group and sudo etc. I was in the process of replying when TFA was taken down giving 404. On my system, there is no user in sudo group. Wheel group does not exist. I run Debian GNU/Linux and, apparently, the authour of TFA thinks “Linux” is Ubuntu or RedHat GNU/Linux…

  52. Deaf Spy says:

    Ok, clear, we keep pretending Shellshock and Heartbleed never happened.

  53. oiaohm says:

    I like to make something else nasty clear.

    Over Shellshock like faults groups like TMR need to watch there back. In a lot of ways they could have had their ass completely sued off over Shellshock for spreading incorrect information. OS X in fact contained BASH but due to groups like TMR focusing on the FOSS/Linux only side the message for OS X users to disable/remove bash never made it to OS X users. In fact TMR and others put them selfs on this on that the can be sued out of existence.

    http://support.attachmate.com/techdocs/2724.html#Products_Affected
    Heartbleed is in fact worse. Linux users most are fully fixed of this fault. Attachmate example here is one of the many examples of closed source products on Windows and OS X using Openssl and infected by Openssl issues. Please remember before the named Heartbleed bug there had be may other Openssl issues and most of these closed source products had not been delivering the updates. Yes Hartbleed in fact makes Linux look angelic if you have properly researched it.

    Majority of current day threats from OpenSSL exist on Windows. Exactly why is because most Windows programs ship with there own versions of libraries so each program on Windows has to be individually audited for bugs.

    Linux world dependency hell limits how damaging Heartbleed like issues are.

    Exactly way was Openssl not properly audited when 1000’s of closed source products depended on it. That is right none of the closed source software vendors wanted to provide any resources. Using FOSS is give and take. If you just take sooner or latter you will suffer for it.

    Yes Heartbleed is in fact a reason not to use Windows since its too hard to be sure you are free of third party library issues with programs.

  54. “That malware uses Microsoft Windows’ own management and network file sharing features to propagate, shut down network services, and reboot computers—and files named for key Windows components to do most of the dirty work of communicating with its masters and wreaking havoc on the systems it infects.”

    That’s like jiu jitsu, using the opponent’s weight against the opponent. Whatever happened to all this concern about security at M$? Could it be that SONY was not using the latest thing from M$ and deserved to be compromised? [SARCASM]

    The interesting thing in all this is that Japan is one of the most loyal followers of M$ yet they were incapable of detecting and responding to the attack in real time. That’s unlike any GNU/Linux system I’ve seen where any alert person can see stuff happen and a proper system administrator can quickly respond. Whatever happened to protecting the file-system or monitoring the network? If I were SONY, I would have every vital system bullet-proofed. Why would I not? The value of the information far exceeds the cost of maintaining the IT. Yet they used M$’s stuff which essentially prevents taking control of the system. I’ve used non-Free software to protect M$’s stuff. Why didn’t SONY? Further, why didn’t they use GNU/Linux and slam the door shut?

  55. dougman says:

    Linux Mint is certainly free, like Debian. Mint devs are paid by donations, keep doing good work, donations will come in, but do poorly and money dries up. Its that simple.

    What about the people that pay through the nose for Win-dohs, but wait they get no say in its development at all, use Windows 8 for example in this instance. M$ just basically told its consumers to STFU and deal with it.

    LOlz..”Shellshock and Heartbleed” the trolls continually harp on these items, but they fail to mention that Win-Dohs suffers way more significant issues on a monthly basis.

    I solely blame the Sony debacle at M$’s feet: http://arstechnica.com/security/2014/12/inside-the-wiper-malware-that-brought-sony-pictures-to-its-knees/

  56. oiaohm says:

    Deaf Spy so you another one who need head kicked in with raw cve numbers.
    http://www.cvedetails.com/top-50-products.php?year=2014

    Like Shellshock and Heartbleed? Like OpenSSL in Debian?
    Even total up all CVE numbers behind these faults are you are no where close to the Number of flaws running Microsoft products you will be exposed to.

    Linux security might be dreadful at times. But it angelic compared to what Microsoft products do. Deaf Spy I have not seen you post once that a person should not use Internet Explorer. Internet Explorer is the worst product of 2014 in CVE numbers. This includes encryption errors like Debian OpenSSL errors.

    So Debian is more secure compared to what. Compared to Windows yes Debian is more secure. Compared to OS X maybe not.

    Really if you want a proper formal security debate lets go for it Deaf Spy by the end of it you will wish you had never raised the topic if your arguement that Windows better than Linux. OS X you only win some years.

    Microsoft Windows hides how bad it is in CVE numbers by listing it self in individual parts and not covering CVE issues that happen in drivers.

  57. Deaf Spy says:

    Ah, security. Like Shellshock and Heartbleed? Like OpenSSL in Debian?

  58. ssorbom wrote, “I’m NOT suggesting that these companies are corrupting the technical comitee or anything, but the areas that will recieve the most attention are the ones that are handled by somebody getting a paycheck.”

    It’s true that all this technology take a lot of money to create/distribute, and it is true that money, per se, is not evil, but love of money is. If it ever comes to Debian and other FLOSS organizations caring more about money than the product/philosophy that created the product, then we are in for a time of decay like M$ and the Lose ’95 to Vista era: no priority for security or quality of code, just market-share/monopoly. No good came of that and nothing good will come of monetizing */Linux every which way. */Linux is community property and the community has to take care of it. A handful of corporations can’t do that for us.

  59. ssorbom says:

    Mr. Pogson,
    I feel that it is nessecary to point out that:
    a). Redhat offers/endorses a community edition called Fedora and a more RHEL oriented free edition called CentOS.
    b). *Somebody* has to pay for any concerted development efforts.
    c). He that pays the most for a thing gets to dictate development (within limits).

    This is true even for Debian. Debian devs are paid by companies to work on it. The companies in question aren’t doing this just out of a sense of altruism. They expect to get something from it.

    I’m NOT suggesting that these companies are corrupting the technical comitee or anything, but the areas that will recieve the most attention are the ones that are handled by somebody getting a paycheck. Money may not always be the best driver of passion, but it pays rent. I can’t fault that.

  60. DrLoser says:

    Oh, and remind me here.

    The Debian Social Contract?

    That would be the one that forces systemd down your throat, would it not?

    I seem to recall you cavilling against this onerous imposition a little while ago.

  61. DrLoser says:

    Go on, give it a try. You know you want it.

    That’s what they say outside lap-dancing clubs, Robert. Somehow, and I have this experience at second hand, the result is never quite as “wanty wanty” as you might have assumed upon your intoxicated entrance.

    Now, do you remember your oft-repeated mantra that “FLOSS is free, but it’s OK to make a profit by offering value-added services?”

    That’s actually what Red Hat do. It isn’t what Debian do. (It isn’t really even what Ubuntu does, although Mark Shuttleworth is free to disagree with this proposition.)

    So, to provide Debian with a level playing ground here, you could take the opportunity to suggest that it’s a horrible thing to do, to charge for value-added services. Which would be fine and consistent.

    Or, you could repeat your FLOSS mantra and claim that it is a fine and wonderful thing to do, to charge for value-added services. Which would also be fine and consistent.

    Unfortunately, Red Hat are losing out left, right and centre to M$ on value-added services, Robert. Why? Because, on your beloved “cost/benefit” ratio, they’re just not up to it.

    You can choose one or the other, Robert. You can’t choose both.

Leave a Reply