Re: Open source in the national interest

I have lots of forte's, I have been working professionally in this field for over 20 years. Don't let a simple signature make you think you know what you are talking about.

However to talk about Active Directory for a brief second. It is far more than LDAP. That statement would seem to indicate you really have no clue.

As for Open Standards and Open Source, Karl as already pointed out your misconception there. But again, you have no clue.

Anyway, I never said I was anti-Open Source. You just assumed it because I said I didn't think it was good for the government because of the mismanagement. You also look at my signature and see Microsoft MVP, this guy MUST BE against Open Source... Actually I am a paid supporter of FreeBSD as well as some other projects that I think are worthwhile. I expect over the years I have probably donated more cash to OSS than you have. I realize that the projects need the money more than someone making them look bad as you apparently revel in doing. I would work on the kernel source code of FreeBSD (but never anything GNU) except I actually have Source Code access to the Microsoft Operating Systems and me working on FreeBSD source for the masses would be dangerous to FreeBSD as it could open it and myself up to lawsuits. It is more important for me to have the MSFT Source Access than work on FreeBSD source because MSFT is *really* changing the world and from a professional standpoint, it is more important to be involved with and aware of what MSFT is doing than any OSS company.

As for that mismanagement, you seem to think because the government deals with lots of money it is organized in some way. I don't have a clue how you could make that logic leap as there is no basis in fact anywhere for it. As for non-money resources, I have some great stories of tanks and artillery and food provisions that sat on docks for weeks because of simple email and other management issues. I can tell you unreservedly from the many things I have seen that if the government was an actual company, they would have gone out of business long ago. A corporation cannot be mismanaged as poorly as the government does and continue to exist. I am amazed at how much money is wasted and lost on those things. Name a company that can run while it is trillions of dollars in dept, or even billions of dollars in debt for any real extended period and continue to put itself further in debt. This isn't just me that sees this. I have relatives that live in VA that have been working on Govt contracts since the 70's and they openly admit in every division they have worked in the same crap exists.

The US Government doesn't appear to do anything as a whole except waste money and resources. They simply have so much available to them that the millions falling through the cracks isn't readily noticed. I fully believe that there are pockets of areas of the government that do do things right but that doesn't mean as a whole it could. If they could do Open Source properly, I wouldn't have a problem with it, however, I don't expect that they can. I have seen this in corporations as well, some of the largest in the world in fact. They have a rounding error deployment of some 5000 or 10,000 users using Linux or UNIX in the company and they think they can just grow that to handle the rest of the 300,000 users. Then they go to do it and realize they really don't know enough about what they are doing to do it effectively and that all of the things they thought worked great completely implode at scale.

I think OSS can be used at that scale, but it will take professionals to do it, not a bunch of religious zealots who do it because they hate Microsoft versus actually having a good solution. Professionals use the best solution available to them, they don't use "b" because they have a grudge against "a".

I would love to see a 50k seat centrally managed distributed company be completely on OSS. I would like to see how they got around some of the challenges. Global centralized auth with distributed load balancing / redundancy for one is quite fun (it reminds me of, at best, the NT4 Domain structure which sucked if it is done the absolute best it can be done). Ever see a large (>30k active users) OSS Kerberos implementation that WASN'T limited to a single university? Let me answer for you... No. It is likely you haven't even seen an OSS Kerberos implementation of that size. Contrariwise, I see 100k+ Windows Kerberos implementations nearly every week and people running them that don't have the slightest clue how Kerberos works or in some cases don't even know what Kerberos is and things work relatively well... That is the power and weakness of Windows. A person with minimal skill set can actually deploy and run large implementations. It is a power because it makes it that much easier to find people to do it. It is a weakness because they don't do it properly to fully protect it so bad things can and do happen. Trying to get that large of an environment working in OSS using Kerberos or even LDAP is a non-starter unless the people doing it are very well versed in the technology. It is even a non-starter for someone who doesn't fully understand it to fire up OSS Kerberos in their basement with 3 PCs.


As for patching, though this thread really isn't about that, I wasn't talking about patch stability, I as talking about patch and binary management which is a very different thing. As for stability though, I have had tremendous luck with patching my servers having had occasion to be responsible for thousands of Windows servers at a time as well as as few as 300 critical servers at a time. When approached in a professional manner with proper testing, etc, patching Windows is no less safe or efficient than patching Unix or the Unix knockoffs or mainframes. I have experience with all of those levels of patching reaching back into the early to mid-80's from manual by hand patching by poking hex into kernel binaries where we would get a typed letter sent to us telling us of a fix that needed to be applied and giving us offsets and strings of binary to enter to the full automatic patching mechanisms available today.




As an aside, do you actually feel you are getting anywhere whining about Microsoft? If you were in some way constructive in your whining you wouldn't look like a complete idiot. If anything, what you represent is what is wrong in the world of open source software right now and is a reason a lot of "normal" people will stay away from it. Computers aren't religion, Bill Gates isn't the anti-christ. OSS isn't Nirvana, it is a development methodology. FSF is just plain silly. The operating systems that are available are tools and just like when building a tree house, you use different tools at different times depending on the need. There is no one size fits all and if there was, it would appear we found it with Mainframes as that is where we seem to be headed again...

You can talk security all you want but there is nothing inherent in the open source operating systems or applications that makes them safer. The whole, it is open so everyone can check the code is crap because there aren't really that many people checking the code and no one who is truly financially responsible for checking it. If there is anything that makes it safer it is how it is used and the technical quality of the users because it is such a small subset of all of the users. If tomorrow everyone switched to using Linux it would be just as problematic if not more as Windows has been over the years because the primary security issue is at Layer 8. I know lots of very technical users of Windows who don't have issues with viruses or spyware or worms or patching. I haven't run a resident AV program since about 1998 or so but every 8 or 9 months or so will do a scan just to check my machines out and have yet to have been infected. The last virus I have had on my machines that I didn't purposely put on a machine to study it was Form.A in about 1995 or 1996. Don't assume because you have issues with patching that someone who knows what they are doing would as well.

thanks

joe


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


imhotep wrote:
I normally do not double post replies but after reviewing your post I must.
I find your comments about patch management a joke. In the 15 years I have
been working with Unux (Solaris, linux and FreeBSD) and Windows (DOS 2.1
through Windows 2000) I have *NEVER* been burnt by installing a patch on a
UNIX system. That's right, not once. However, patching Windows servers is a
combination of "Cross your fingers and kiss out *** goodbye". Now let's be
honest, the quality of Microsoft patches are simply pathetic. At times, I
am simply at a loss of words, believe it or not, to describe the utter crap
that comes out of Redmond. Most large companies even have to have a patch
monkey team just to test the damn things because Microsoft certainly
hasn't/won't. Now that is a managerial nightmare.

Try this for size, first invest your efforts in designing a real linker for
the MS platform instead of BS'ing people hear with your utter crap. Ah ya,
*OTHER* OSes have had a real linker for what 30 years? Like running
multiple version of you dynamic libraries (DLLs) not a problem for
everything *BUT* Windows...

You seem to try to put down Open Standards/Open Source but what is your
forte? Active Directory? Gee, what is that *really*? Oh yea, Active
Directory was taken from Open Standards wasn't? I believe it is called
LDAP...

...there is nothing worse than a hypocrite my friend, nothing.

-- Imhotep



Joe Richards [MVP] wrote:

Sorry for some reason Thunderbird isn't showing my previous post and I
see on google that IMHOTEP responded....

Here is the response

Joe Richards [MVP] wrote:
> Open Source software can be a great thing, however, IMO, it takes an
> organized and disciplined company/organization to properly and safely
> use it. Having been exposed to many different aspects of the government
> and how things are run, I would not recommend open source as they, in
> many cases, barely have enough time and resources to be organized
> enough to keep closed source running well where they are told exactly
> what they need to do.


Well, as someone who worked for the Government for years, I will say they
are often *more* disciplined and organized than 99% of the corporate
World. And Yes, most government agencies are already using open
source/open standards....and those number are growing.

Im




------

I worked directly for Corporate America (Fortune 5) for about 10 years
and for the last couple of years have been doing consulting in one of
the largest IT service companies (Fortune 15) for corporate America
(generally Fortune 100 or larger with 20k+ seats, usually I work with
100k+ to 200k+ seat customers) and the US Government which varies in
size vastly depending on the division. From the many engagements I have
seen, your numbers are way off to the point of ridicule.

As a rule the government is far more unorganized than pretty much ANY
corporate customer I have dealt with. I far prefer going into a
corporation than a government/military engagement because of how bad the
government/military things are generally run combined with how things
are funded. It isn't generally the fault of the engineers/admins, it is
almost always a managerial/bureaucracy issue. The last engagement I had
to go look into a mail environment that never should have gone down was
down for a week because of completely dorked processes and organization
and didn't get straightened out until we came in and started giving step
by step do this and then this instructions.

I have no experience with the Chinese government but from my experiences
with the UK and German governments I would say that the US isn't that
different from other countries in that regard.

As for the German government move to linux, that hasn't been a chatty a
subject since about 2004 when they were getting ready to do it...
Outside of the mainstream I have been hearing that things aren't so
green over there for them which explains a lot of the silence.

The only way I see the US government as a whole will successfully
pulling off Open Source for the platform is if everyone gets together
and works out the standards and then one body is responsible for
dictating what will be run and how and manage the whole patch strategy
as well as prepare and certify the patches for internal use. That isn't
going to happen, the various divisions of the government are like a
bunch of wolverines fighting in a paper sack.


joe


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Karl Levinson wrote:
Besides the fact that this is off-topic for this newsgroup, something
that is considered rude, I'm not sure what exactly you think we here can
do to help out in this area.


"imhotep" wrote:

"There is one thing stronger than all the armies in the world, and that
is an idea whose time has come." Victor Hugo.

So states a report from the Department of Defense's Advanced Systems and
Concepts Office, which recommends that the DoD move to a roadmap to
adopt open source and open standards, maintaining that such a move is
not only in the US national interest, but in the interests of US
national security.

The 79-page report proposes that the DoD adopt what it calls "open
technology development," which incorporates open source methodologies
and open standards, but also takes into account the fact that the DoD
has systems that it would rather keep secret."

From:

http://www.businessreviewonline.com/os/archives/2006/07/open_source_in.html
Imhotep


.