Forum Moderators: bakedjake
One of the benefits of not processing this stuff in real time is the perspective of being able to connect the dots between unrelated news items and other info.
A cluster of Linux stuff caught my attention. First, I noticed that Red Hat is trying to up their revenue by changing their licensing and support policies. (http://insight.zdnet.co.uk/software/developer/0,39020469,39116667,00.htm)
This comes on the heels of the WestHost conversion meltdown discussed in other threads. While I suspect there were multiple contributors to this disaster, it seems that the biggest part of the problem was a heretofore undiscovered bug in the Red Hat Linux kernel.
This is really the nightmare scenario for open-source users - a difficult bug that cripples your operation with no "manufacturer" to call. In WestHost's case, it appears that they were able to get support from Red Hat, though I have no idea how effective it was. It's times like this when you'd like to have a Sun or Microsoft behind you.
Yet another data point: Microsoft is taking Linux very seriously (no big news), and is promoting a study described in the Globe & Mail (http://www.globetechnology.com/servlet/story/RTGAM.20030911.gtlinuxsep11/BNStory/Technology/) showing Linux has far more successful hacker attacks than Windows.
These mostly unrelated data points have caused me to wonder a bit about the viability of Linux for high-reliability commercial environments. My own experience has been that Linux servers have been more stable than Windows servers, but is Linux becoming a victim of its own success? I.e., as its share grows, will it be the primary hacker target? Will users be forced to choose between increasingly expensive distributions like Redhat or riskier, no-support versions? At some point, does the current Linux-based business model break down?
Most of the people I've met who are running a BSD on a webserver tried Linux, but found it fell over, couldn't scale, or just wasn't as friendly to maintain as a BSD.
Linux being a bigger hacker target is more likely due to clueless/lazy admins than any innate flaws in the product. Anyone can set up a web server (MS or *NIX), but to set up a secure web server takes care. You need to turn off unneeded services that are enabled at install time and keep your systems up-to-date. All the Microsoft worms that have been running around lately point out how many of these kinds of people are on the 'net.
Picking an easy-to-update operating system is essential, and is one area where I feel Free, Net, and Open BSDs win, with a central, official source repository, and extensive code sharing that allows security holes in one OS to be quickly found and patched in the other two.
And the more popular the OS, the more people deploying the OS and the more chances there are of a less than protected system becoming cannon fodder for a enterprizing hack. Result - the more we hear about how Linux has been compromised by a lack of security which the public often interprets as a security flaw in the OS when in actuality it is most likely a lack of knowledge and/or experience.
Does linux have a bullseye on it's back - almost certainly. It's not as big as the one on M$ but it will most certainly grow as the OS becomes more popular.
As far as Tech Support, you really need to understand the product to support it. M$ and Sun can put out a complex product and clueless admins can deploy it without intimate knowledge and get away with it. IF all hell breaks loose they can call for help. If, however, you want to use linux, you'd better know the OS inside and out. Linux is far less forgiving IMO and that's a good thing. Having this level of intimate knowledge of the OS is good for you, your server/network and your security.
But, as rogerd pointed out - sometimes a real quirk comes out and there's no way you could have foreseen it. I'd argue the same could happen with M$ and Sun. RH responded and the engineers at WestHost did the smart thing and put everyone back on the previous version of RH until they could sort out the issue. But the WestHost engineers had to be smart enough to determine what the problem was or else the problem could still be going on. Again, knowledge and experience are essential in working with any OS. IMHO of course!
The way the BSD's are managing their code certainly is better organized but the Linux code base is evolving a lot faster and you have a better chance your new hardware will work on it.
>Picking an easy-to-update operating system is essential, and is one area where I feel Free, Net, and Open BSDs win, with a central, official source repository, and extensive code sharing that allows security holes in one OS to be quickly found and patched in the other two.
I use Debian on my workstation, keeping it up to date is as easy as adding apt-get update; apt-get upgrade -yd in a script in your /etc/cron.daily directory. Having a server running the same OS as my workstation will be easier for me if need one.
I have seen Linux kernels make the top 50, so kernels of that age could make the top list.
