[Info-vax] 2009 VMS Bootcamp notice

Bill Gunshannon billg999 at cs.uofs.edu
Fri Jan 23 08:44:11 EST 2009 

In article <ab43de16-f8a4-4249-8274-dfe95872bd5b at s1g2000prg.googlegroups.com>,
	johnwallace4 at yahoo.co.uk writes:
> On Jan 23, 1:14 am, billg... at cs.uofs.edu (Bill Gunshannon) wrote:
>> In article <glatl6$4e... at tempo.update.uu.se>,
>>         Johnny Billquist <b... at softjar.se> writes:
>>
>>
>>
>> > Bill Gunshannon wrote:
>> >> In article <TqLL22IXg... at spock.koehler.athome.net>,
>> >>        koeh... at spock.koehler.athome.net writes:
>> >>> In article <f_udnQFNAIAMN_HUnZ2dnUVZ_vzin... at giganews.com>, "Richard B. Gilbert" <rgilber... at comcast.net> writes:
>> >>>> So learn Unix.  It's not VMS, and never will be, but Unix people will be
>> >>>> in demand long after VMS is laid to rest!
>> >>>   UNIX people will be in demand after VMS people only because VMS will
>> >>>   just keep quietly running along with no attention.
>>
>> >> God, when will this myth finally end.  I have a Unix box here that has seen
>> >> no attention since it was installed in July of 2004 other than continuing to
>> >> add new user accounts every semester.
>>
>> > Really? That should be a very insecure system in that case.
>> > I don't know of a single version of Unix (not even OpenBSD) which
>> > haven't had atleast some CERT alerts serious enough to require upgrades
>> > and serious checkups.
>>
>> > Not that I'm claiming any superiority of VMS, but the unbiased Unix
>> > praise sometimes can go a bit too far.
>>
>> I have never claimed Unix is invulnerable.  That is the ballywick of
>> the VMS fanatics.  But, I do get tired of hearing how VMS is the
>> only secure OS in the world when I have dozens of machines running
>> Unix and (horror of horrors) Windows and while we get attacked
>> constantly they don't succeed.  It is possible to run a secure
>> operation with OSes other than VMS and it is long past time for
>> people here to accept that.
>>
>> Of course, they won't so everyone else will just laugh up their
>> sleeves and let them continue in their delusion.
>>
>> bill
>>
>> --
>> Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolves
>> billg... at cs.scranton.edu |  and a sheep voting on what's for dinner.
>> University of Scranton   |
>> Scranton, Pennsylvania   |         #include <std.disclaimer.h>  
> What is possible in an ideal world is not always the same as what is
> commonly seen in the real world. It is common for Windows systems to
> be exploited, surely you couldn't disagree with that. Partly that is
> because Windows boxes are defective by design (especially a Windows
> system fresh from a Windows CD, as you have already acknowledged).
> Partly that is because of the level of competence and experience and
> motivation of the typical Windows-centric IT department (or home
> user). Your experience seems to be very different from that of many
> people in the Windows world, be they home users, corporates, or
> whatever.

Well, I hardly consider myself a Windows expert.  I don't even like
Windows. :-)  Which begs the question: "If I can do it, why are the
supposed professionals having such a hard time?"  My answer is really
quite simple.  There are millions and millions of Windows boxes out
there.  A hacked Windows box sells newspapers and magazines.  A Windows
success story does not.  We are being innundated now with stories of
"4.9 million" Windows boxes infected with a worm that MS published a
fix for months ago.  So, who's fault is it that these machines are now
getting infected?  Windows? MS? Or is it maybe closer to home.  (Hint:
none of the machines under my control have been hit nor are they even
vulnerable.  Go figure!)


> If the users/managers in general can't be educated to use the tool
> safely, and years of experience definitely shows us that is the case,
> maybe it's time to choose a safer more appropriate tool? 

Well, every year we hear stories of people cutting off fingers with
various power tools, and yet, we still use them.  Don't get me wrong,
I have been the strongest advocate around here for the abandonment
of MS infavor of OpenSource tools.  My primary justification is the
cost.  I have two employers.  One is the University who can definitely
use the extra money they would have if they weren't paying for Bill
Gates to jetset around annoying people.  The other is DOD.  I don't
think I need to tell anyone what the governement is very likely paying
for the use of MS products or what it would do to the budget if that
line item were removed.  But, at least for now, Windows is reality
and the answer is if you have to work with it you really need to learn
how to secure it rather than throwing your hands in the air and saying
"Oh well".

>                                                           Of course in
> the Windows case, a whole ecosystem exists whose finances and careers
> are dependent on continued inappropriate use of the "defective by
> design" tool, which makes widespread change quite tricky, because the
> technical discussion disappears in a sea of self-preservation: "the
> tool may be initially unsafe, but just add blade guards X and Y and Z,
> just upgrade it every three years, just (re)train the users, just pay
> us the maintenance, and it will get the job done just fine..."

All it really would take is for one or two major players to make the move
and make it very public, including the savings in both upfront costs and
maintenance.  And, they would have to get the publicity, which may actually
be the hardest part.

bill

-- 
Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolves
billg999 at cs.scranton.edu |  and a sheep voting on what's for dinner.
University of Scranton   |
Scranton, Pennsylvania   |         #include <std.disclaimer.h>

More information about the Info-vax mailing list