And then Ballmer spoke and the Linux community became afraid...
(Article Here)
Quite a firestorm this thing has become. Here I thought that the Novell partnership was straightforward, that MS was finally doing something smart and that all of us would actually reap the benefits of Linux running Windows. Then Ballmer opened his mouth and all Hell hath broken loose...
If you read the original comments(found here) I think there are some interesting points that Ballmer is making and that its not all as alarmist as one might think.
My two cents:
Ballmer talks about interoperability first then makes the comment about Novell having paid MS for their intellectual property. He also talks about the way GPL is structured and that MS has to get money for their intellectual property.
The assumption is that he's talking about Linux stealing MS' IP, but I don't think this is even what he was talking about. Read the paragraph before the comments and what he's saying. I believe he means that MS can't be fully interoperable with Linux as is because they're not about to make any part of Windows open to GPL.
MS might have a real point here. I'm not a Linux expert, but one has to ask: are there pieces of Linux that deal with Windows interoperability that were reversed engineered and distributed with the kernel? Are there any services dealing with directories, printing, or networking that were maybe MS proprietary but easily decoded?
So, in order to have "true" interoperability, one of the Linux vendors had to cut a deal with MS. So Novell does the deed.
Moving forward SUSE is going to have interoperability with Windows. And you know what will happen - someone will release it to the rest of the open source community (which is what the open source community does well) and then - THEN you have the problems that Ballmer was discussing with the liability in the datacenter when some admin compiles himself a new Windows Interop package and runs it on a "non compliant" Linux.
Once something like that happens, MS can do nothing about it. Its one of the classic drawbacks of open source - who do you sue when things go wrong? Microsoft wants to get working on/with Linux and knows they can't make money off of it if they open it up, so they've taken this approach: get someone to pony up for it, and once its released to the open source communtiy, sue anyone who runs Windows on an unapproved Linux. I'm actually impressed with MS' foresight in this one. I'm not even sure that the Linux community sees it just yet.
Its definately going to be interesting to see what happens.
Tuesday, November 28, 2006
Friday, November 10, 2006
Tell me something I don't know -
End User's Don't Get Security.
An interesting study, and I agree for the most part. In fact I see this everyday. Actually, employees not getting security keeps me in a job. However, is it really the employees fault? I have seen firsthand the severe disconnect that exists between security and management. As much as everyone wants to point their fingers at the "bozo" employee (I've heard an IT director call his users that, and let's just say that considering some of his security practices I'm not sure who should have been wearing the red nose...another story for another time) one has to be willing to point the finger squarely at management. I'm not just talking about spending money on security, lots of organizations are doing that, but its the failure to embrace security at a operations level, the failure to have processes in place to deal with exceptions that is causing many employees to ignore security.
Case in point:
A good friend of mine works as a Music Therapist at a hospital here. She works hard and is responsible for seeing patients just as any social worker, nurse, or doctor. However, her position is unique to the hospital. She needs access to music sites, she gets grants to purchase music, she has a legitimate reason to look at sites that the hospital has deemed inappropriate for other employees. She also uses a CD burner on a regular basis, typically a "controlled" device at the hospital.
Many would consider that lack of access a good thing, but here's the caveat - there is no process in place for her to go get this modified. She has had to jump through hoops, make continued calls to help desk, and still has impediments to getting her job done on a daily basis. The solution for her is to have me download music, files, etc. and put them on a zip drive (which aren't locked down, but which is another potential security risk).
The point is this - in her environment, security is an impediment to her job. She is encouraged to go around the security in the environment, not for some self serving purpose, but in order to get her job done. She is expected to do her job just like any other professional, she has a boss, and she doesn't have hours a day to waste waiting on the help desk (she deals with some very ill patients).
Security vendors have focused on very effective technologies. There is still a great deal of FUD used to sell products, whether its about hackers or regulators, and unfortunately the end user suffer. When people cannot get their job done because of security, that is a problem. It leads to lower productivity and lower moral.
I don't have the answer. Its a combination of vendor products' design and corporate policy. However, I will say that at the end of the day I don't blame the employee for "not getting security" when they are trying to do jobs with the added frustration of security and time that of course is unaccounted for.
I am very passionate about this topic, you will hear more from me on it.
End User's Don't Get Security.
An interesting study, and I agree for the most part. In fact I see this everyday. Actually, employees not getting security keeps me in a job. However, is it really the employees fault? I have seen firsthand the severe disconnect that exists between security and management. As much as everyone wants to point their fingers at the "bozo" employee (I've heard an IT director call his users that, and let's just say that considering some of his security practices I'm not sure who should have been wearing the red nose...another story for another time) one has to be willing to point the finger squarely at management. I'm not just talking about spending money on security, lots of organizations are doing that, but its the failure to embrace security at a operations level, the failure to have processes in place to deal with exceptions that is causing many employees to ignore security.
Case in point:
A good friend of mine works as a Music Therapist at a hospital here. She works hard and is responsible for seeing patients just as any social worker, nurse, or doctor. However, her position is unique to the hospital. She needs access to music sites, she gets grants to purchase music, she has a legitimate reason to look at sites that the hospital has deemed inappropriate for other employees. She also uses a CD burner on a regular basis, typically a "controlled" device at the hospital.
Many would consider that lack of access a good thing, but here's the caveat - there is no process in place for her to go get this modified. She has had to jump through hoops, make continued calls to help desk, and still has impediments to getting her job done on a daily basis. The solution for her is to have me download music, files, etc. and put them on a zip drive (which aren't locked down, but which is another potential security risk).
The point is this - in her environment, security is an impediment to her job. She is encouraged to go around the security in the environment, not for some self serving purpose, but in order to get her job done. She is expected to do her job just like any other professional, she has a boss, and she doesn't have hours a day to waste waiting on the help desk (she deals with some very ill patients).
Security vendors have focused on very effective technologies. There is still a great deal of FUD used to sell products, whether its about hackers or regulators, and unfortunately the end user suffer. When people cannot get their job done because of security, that is a problem. It leads to lower productivity and lower moral.
I don't have the answer. Its a combination of vendor products' design and corporate policy. However, I will say that at the end of the day I don't blame the employee for "not getting security" when they are trying to do jobs with the added frustration of security and time that of course is unaccounted for.
I am very passionate about this topic, you will hear more from me on it.
Thursday, November 09, 2006
Going through Slashdot today, I stumbled upon this blog article:
http://www.linuxjournal.com/node/1000121
Fanatical Linux users at their best. I like Linux, don't get me wrong, but everything about this deal that I have read is about creating a distro of Linux that Microsoft will run with/on/whatever.
So, Microsoft wants to make a deal with Novell to create a distro of SUSE that runs BOTH Microsoft and Linux and yet the call from the SUSE folks is to dump SUSE! Down with SUSE! Abandon ship!
I understand that Novell getting in bed with Microsoft is a serious slap in the face to SUSE users. However, I wish Linux users would wake up and realize that not interoperating with Microsoft is THE single stumbling block to mainstream Linux acceptance. Look at Apple. I don't have numbers in front of me, but all indications are that Apple is starting to see a surge in new sales due to the dual-boot option. Why can't the Linux community understand that they are NOT going to get Linux on the desktop until this is resolved.
I commend Novell for yet again pulling a rabit out of it's [insert hat or body part here] and still going.
http://www.linuxjournal.com/node/1000121
Fanatical Linux users at their best. I like Linux, don't get me wrong, but everything about this deal that I have read is about creating a distro of Linux that Microsoft will run with/on/whatever.
So, Microsoft wants to make a deal with Novell to create a distro of SUSE that runs BOTH Microsoft and Linux and yet the call from the SUSE folks is to dump SUSE! Down with SUSE! Abandon ship!
I understand that Novell getting in bed with Microsoft is a serious slap in the face to SUSE users. However, I wish Linux users would wake up and realize that not interoperating with Microsoft is THE single stumbling block to mainstream Linux acceptance. Look at Apple. I don't have numbers in front of me, but all indications are that Apple is starting to see a surge in new sales due to the dual-boot option. Why can't the Linux community understand that they are NOT going to get Linux on the desktop until this is resolved.
I commend Novell for yet again pulling a rabit out of it's [insert hat or body part here] and still going.
Tuesday, November 07, 2006
We're going to give Blogger a shot. Though I've used LiveJournal in the past and as more of a personal sounding board, I want a blog that is not going to be so tied to my personal life, friends, etc. I want more of a working blog where I can post about Information Security, teaching, and things that I hope reach a wider audience than just my few friends.
And to start this wonderful day, please see the following comics from two of my daily comic stops:
My daily readings include Dilbert, Foxtrot, Zits, Shoe, Calvin and Hobbes (yes, I realize that Calvin is just re-runs, but I still read it), and PvPOnline (a great web comic). Occassionally, I'll pop over to Garfield, but that one is a little hit and miss in my book.
I think there is something to be said for taking a little time out of your busy day for a couple laughs at some great comics.
And to start this wonderful day, please see the following comics from two of my daily comic stops:
My daily readings include Dilbert, Foxtrot, Zits, Shoe, Calvin and Hobbes (yes, I realize that Calvin is just re-runs, but I still read it), and PvPOnline (a great web comic). Occassionally, I'll pop over to Garfield, but that one is a little hit and miss in my book.
I think there is something to be said for taking a little time out of your busy day for a couple laughs at some great comics.
Subscribe to:
Posts (Atom)
