[Info-vax] A possible platform for VMS?

[Bill Gunshannon]

In article <mctu35$hvc$1 at dont-email.me>,
	David Froble <davef at tsoft-inc.com> writes:
> Stephen Hoffman wrote:
>> On 2015-02-28 21:24:33 +0000, David Froble said:
>> 
>>> Stephen Hoffman wrote:
>>>
>>>
>>>> As it is currently priced and configured, VMS is not competitive in 
>>>> the NUC server market — again, not outside of the VMS installed base.
>>>
>>> Now, here is where I see a problem.  What is the use of charging 
>>> license fees?  None that I can see, and, I can see disadvantages in 
>>> trying to do so.
>>>
>>> Let's look first at the current user market.  How many VMS licenses 
>>> will they be buying.  I suggest zero.  They already have their systems 
>>> and licenses, and if upgrading the HW, will most likely feel they 
>>> should be able to transfer their existing licenses.  No money to be 
>>> made here.
>> 
>> It'll be interesting to see how that will work in practice, with HP 
>> providing the Itanium hardware and VSI the software, and HP and other 
>> vendors providing x86-64 and VSI providing the software.  VSI is going 
>> to want revenue, and HP isn't going to want to cut too far into their 
>> server hardware revenues.    That there are now two vendors involved in 
>> each server sale is part of why I've wondered whether VSI will be drawn 
>> into packaged or even private-branded hardware, too.    configurations 
>> with VSI-co-branded and/or pre-packaged HP ProLiant servers, combined 
>> with the VSI software.  With packaged and supported server 
>> configurations — with VSI co-branded and/or vendor pre-configured and 
>> pre-tested servers server hardware — the end-customers aren't dealing 
>> with which NICs, RAID controllers, and other widgets will work with VMS.
>> 
>>> Ok, the mythical "new customer".  They see free OSs all over the 
>>> place.   They are not going to like license fees.  Go ahead, chase 
>>> potential business away.
>> 
>> Ayup.  That's not an easy decision, though.   These pricing decisions 
>> make or break a company's future, and can massively disrupt the finances.
>> 
>>> So what's better, a limited number of people exposed to VMS, or, maybe 
>>> a few more people exposed to VMS?  The best thing that could happen to 
>>> VSI would be for as many people being exposed to VMS as possible.  
>>> Then, where it's going to happen, make money of service contracts, 
>>> which are recurring, not one time.  It it's (service) not going to 
>>> happen, then those people sure wouldn't have paid any license fees, 
>>> and so there is no loss.
>> 
>> Service contracts and patch access is one approach to recurring revenue, 
>> and can tie into automated tools and related mechanisms that could 
>> theoretically be added into OpenVMS, if VSI sought to avoid using the HP 
>> HPSC patch-portal model.    SaaS is another approach that would 
>> undoubtedly get discussed in these business discussions.  HP had some of 
>> this with iCAP and LMF features, and various vendors have tested license 
>> subscriptions.  Periodic SaaS licensing means a vendor can shepherd many 
>> of its customers forward onto more current software, based on escalating 
>> prices for older and aging versions, too.  Some customers won't want 
>> these SaaS software "rentals", though.
>> 
>>> This idea that "we have to charge license fees, people should pay for 
>>> VMS" just isn't going to work.  VSI does NOT have to charge license 
>>> fees, unless HP is making them do so.
>> 
>> VSI has stated that they're expecting to follow the HP pricing and sales 
>> model, at least based on the initial VSI discussions.
>> 
>>> Even if there are people, (hobbyists for example), who do not pay a 
>>> license fee, not contract for support, VSI still has their product in 
>>> front of more rather than less people, and who knows when one of those 
>>> people might cause VSI to gain a new service customer?
>> 
>> Ayup.  This all combines with whatever VSI might decide for the hobbyist 
>> and the partner programs.
>> 
>>>> An as-yet-unavailable box that might be somewhat faster, but without 
>>>> a competitive story around applications and integration and pricing?  
>>>> Not gonna sell many of those.
>>>>
>>>>> Yes, but the functionality of the systems is limited and well known. 
>>>>> Compared to Windows an Linux far less need for frequnt security 
>>>>> patches etc, and that seves costs.
>>>>
>>>> I'd bet on Windows security and tools and defenses over VMS security, 
>>>> but that's not likely going to convince you.  Put VMS and third-party 
>>>> VMS applications under the same sort of scrutiny that Windows has 
>>>> been under, and VMS will likely crack.
>>>
>>> I wouldn't agree.  Whiel weendoze may not be so bad, it runs browsers, 
>>> and they are maybe the worse offender.  More likely the user who runs 
>>> with full privs and likes to click on something to see a song and 
>>> dance, and unseen intrusion into their computer.
>> 
>> Web browsers are big targets, but there are many other targets in an 
>> average network-facing operating system, and there are certainly reasons 
>> to have web-related tools around — I've just started looking at gRPC 
>> <http://googledevelopers.blogspot.com/2015/02/introducing-grpc-new-open-source-http2.html>, 
>> for instance, and there are a number of other web-based tools that are 
>> very useful beyond the familiar web browsers.  (No, I haven't yet ported 
>> the gRPC code to VMS; working on a different port right now...)
> 
> What a web browser does is allows the user to pull in and run just about 
> anything.
> 
> To much weendoze software requires Administrator privs, and so many 
> (most) ((all)) will run with those privs, and turn off some or all of 
> the security stuff.
> 
> Put those two together and you have a compromised system.

And yet, people blame Microsoft when a machine gets compromised.
They provided the tools to prevent it, the user chooses to ignore
them.

> 
>> As for Windows, Microsoft has done a tremendous amount of work to verify 
>> their source code, to automate the detection of hazardous and deprecated 
>> mechanisms in their source code, to increase the difficulty and the 
>> costs of attacks on Windows, to make downloads and installations easy 
>> and secure, to improve Internet Explorer, and to make the detection and 
>> remediation of security breaches quicker and easier.  Windows 7 is a 
>> pretty solid offering, as are more recent releases.   Yes, there are 
>> still Windows bugs and zero-days around, and likely always will be.  
>> Yes, users can also click through Windows UAC or OS X Gatekeeper, and 
>> get themselves into trouble.   That written, Windows security has been 
>> very heavily tested, and by some very savvy attackers.  Microsoft has 
>> learned more than a few lessons from those attacks, too.
> 
> There is still the apps that need full privs, and the people who are 
> used to running as administrator, and will continue to do so.  Without a 
> router.

See above.  Don't blame Microsoft for idiot users.  If they didn't sell
their product to idiots, they would have no customers.

bill

-- 
Bill Gunshannon          |  de-moc-ra-cy (di mok' ra see) n.  Three wolves
billg999 at cs.scranton.edu |  and a sheep voting on what's for dinner.
University of Scranton   |
Scranton, Pennsylvania   |         #include <std.disclaimer.h>