UNIX, Microsoft, Apple, and Linux/BSD: An IT Reality Check

UNIX, Microsoft, Apple, and Linux/BSD: An IT Reality Check

Just some random takes on the industry and some toothpicks for the eyelids of people who may think Microsoft is a planet, might have lived under a rock for the past 30 years, and for salesmen and Microsoft developers that may have used Knoppix and Powershell but have never installed another OS on a machine other than Windows and gave it a real chance. I also discuss many other topics, so enjoy. Get angry. Take something from this. By all means, please do not take any offense, but if you do, figure out why before you respond to me. Thanks.

-Kevin Gregg, Infination Technology (11.15.08)

Linux and Open Source vs. Windows

Linux/BSD and the plethora of software in the open source community is well supported if not documented better than our friends in Redmond's products, with nothing hidden in order for a sales model to work in the industry. There may be a learning curve if you've only been selling Microsoft all your life, but it's a small hump if you really know computing fundamentally.

All the agencies of the DoD and any corporation that needs real security use a version of Linux or BSD to assist. Microsoft does not have end-to-end security solutions for the perimeter of a company or for their soft infrastructure. So far Live OneCare has proven to be failed trash, as well as Windows Defender and any attempts at worthwhile products. I have a quick question; do Microsoft trainers have a Netsh manual that they teach with? It is the core for most everything underneath some GUI applications (I also see less GUI apps already in the OS depending on the levels you pay for Vista) I don’t see full GUI administrative control, and many times you have to simply go to Microsoft’s web site to download a command they “left out”. I sure don’t see documentation for Netsh inside Windows, just on their web site if you know what you’re looking for, or through the online-enabled Windows Help app. I’ve heard it said that nothing comes with great documentation from the open source community. That’s simply not true; it’s quite the opposite. How could you come to think that; did someone just tell you and you believed that? You might want to check the FAQ or run ‘man <cmd>’ on what you downloaded, or go to the program’s project page where everything always is. What happened to the trusty ‘fdisk’ utility? It has been removed from XP and Vista. I guess they found out we liked simple utilities that work. Don’t lose older versions! You might need to boot up with them and change something; I have seen 3^rd party apps, but I tend to trust something to clean up an OS that was manufactured by the OS(if it's possible to trust the OS). I have had to use Linux CDs to repair problems with XP and Vista. They also removed Remote Recover from Winternals. When Mark Russinovich and his buddies sold Winternals to Microsoft they were told their utilities would be available for free online. Some are; but not the really good ones like Remote Recover (all you needed was a NIC driver and you could make another computer’s partition look like it was a local partition on the PC you accessed it from. Then you could perform recovery and do things with the partition that Windows otherwise would not let you. I remember before Windows 95 that Peter Norton had to offer the best solutions for DOS/Windows. His packages failed on Windows 95; they included some similar utilities but the hardware couldn’t handle the fat libraries that his bloatware had to contain, so his newer utilities were never of any worth again. Sold to Symantec.

I understand making revenue and I’m not against profit. I am against a company who has unchecked control and now restricts their users from benefiting others in many ways. Some Microsoft products (humans and the actual products) seem to be intended to sell people with the sole intent of profit and total disregard for every client concern (DLP, loss of revenue from hackers, compliance, and repair/recovery). Some Microsoft software creates needs for 3rd party solutions to provide, which might create jobs, rather than the false promise that it has QA'd a full SDLC. There are better turn-key solutions in the market for many segments. If Microsoft has no worries with their sales model, why do they refuse to disclose the source code with the product? If you read their EULA you shouldn't be using it anyway--It reads like the Microsoft bill of non-rights. Don’t print it; you will run out of ink. It's just proprietary dominance with leverage and licensing on too many layers. Sometimes that means it comes with heavy costs to deliver to middleware developers who pass those costs down the pipe to their customers, and everything ultimately serves Microsoft's bottom line. It is not a small pill for everyone to swallow (as it is marketed for all) and is certainly not the smartest solution to every business in all environments. It has an extremely large footprint on CPU, memory, storage...basically all hardware utilization is swamped compared to an alternative you do not care to use: Linux, which still can be productive on a 486 in certain configurations, but on your hardware it can also put Microsoft developers to shame. Microsoft puts a load on network resources that chokes your bandwidth in a way analogous to what sugar does to supersaturated Mississippi sweet tea.

Really, if your outlook for Microsoft's future revenue is no different than today, and you think they can compete with the same success they've had since the early 80's in cloud computing or security w/ Azure and maintain their user base percentage, and you the reader think their products or certifications are an industry trump card, I think you should learn more before you pretend to have a clear picture of the past or present. Remember when Microsoft bought Hotmail, tried to port it to Exchange, it crashed w/ 1 million users, and they had to continue to use UNIX to serve its users? That was funny to many of us in the industry. Nobody's perfect. Microsoft tends to be less than average to poor as a NOS, unless something else is securing it, tightly. Then if you give any of its ports access for functionality, like if it has to connect to AD, or if it needs NETBIOS for some horrible reason, or if someone doesn’t configure the services properly and close all the insecure-by-default ports it keeps open, you’re still in trouble, and it’s just a problem on your network that any vulnerability scanner would pick up and point out to you plainly.

Regarding Licensing

Every Apple sold includes BSD and their Darwin open source project with every copy on their OS disc. NSA's Security-Enhanced Linux project contributed to the secureability of the Linux kernel, and was finally embraced by Linus Torvalds, who included it into the kernel as of 2.4. Microsoft licensing could be likened to Amway, with licensing “boot camps” they constantly push to sell the sellers and give them answers for the questions they’ll be getting, which is down to science by now. Regarding licensing debates, I’d rather have a BSD license so my project is free; I’m not concerned with the binary code. More packages have had larger success that had BSD licenses. GPLx is pointless compared to GNU and BSD; it mandates the code be free. That binary code isn’t human and doesn’t represent me or my product. You probably think I’m crazy to want to give up the profit-potential of a completed project. That’s the difference between profit-oriented and service-oriented; products are chosen based upon their application for the particular solution. Way down here on the client and user level, sizable profit is made in service. That’s also why I benefit everyone that knows how to apply my project to benefit others as well. I am not asking for royalties, I am simply licensing a project that can be used and altered. GPL mandates that you do 4 things. That’s not freedom. That’s being told what to do. Nobody can then alter that code, but they can use it as-is. I hope you understand my point.

Debate that sometime out loud and keep people tuned in that know a little, have only heard the positive slant from a Microsoft partner that has forged an advanced sales position to the point of selling it as a lifestyle on its supposed worth. Be frank about its weaknesses, show them free alternatives that are more robust, secure, and have more powerful and proactive network security, access control, secure authentication, cryptography, can deploy encrypted tunnels to all your network access locations, has a tighter kernel that won’t crash, and has less exploits than on the extremely large amount of data that comprises a Microsoft server. Then see if they'll still be willing to pay you the same amount of money for your solutions if you refuse to offer anything but Microsoft applications, and pretend that poor Microsoft security is mental-midget mentality from Microsoft-ignorant muddle-headed morons. It feels good to be honest; trying to convince someone to buy anyway because that’s all you sell or know is not objective, thorough, or helpful. You are just presenting the pointers you learned on selling Microsoft products from Microsoft advocates in your keynote speeches. Do you have real IT solutions, or do you just play with technology and love tech toys. I question how serious as a developer you are in this industry to be choking off open source, with your stance sounding like it's a pointless joke to have alternatives than the most hacked Network OS in the world, which creates the most economic damage, but still proffer that it still should be embraced in the same way. How do you pull that off? If I show proof by hacking into it and showing someone their administrator password in about 12 seconds would you dismiss it as a fluke? What’s the proper spin sell in that situation?

Business and Cost Analysis

The most preposterous thing I heard is that there are no Business Analysts in open source. I know for a fact that some of the most dangerous people in the industry are people who claim they are analysts of any sort but they close their eyes to available solutions, and prove themselves to be nothing but an extension of corporate sales. Pardon the pun, but they deserve a window office for their efforts.

One of the most conclusively ignorant statements I have ever heard is that having specialized apps for functions makes open source somehow weak compared to a very decent Microsoft product (when the new exploits are patched of course), the Office productivity suite. I don’t suppose you know how many third party apps it takes to properly harden a Microsoft Server to the best of its ability, while allowing to function on a network, or how many remote execution holes are in that well-functioning software that happens to pose a large security risk a great deal of the time. Microsoft has to be told to fix those problems as well; they promote a need-to-know basis and don’t inform vulnerable customers in proper time because they don’t want to look bad and lose business. I garner respect in the industry from (not just self-proclaimed) informed thought leaders that don’t just sell for a living and enjoy social networking and discussion, but they have skills, develop secure code, check logs regularly, know the right security appliances, vulnerability tools, IDS/IPS, packet sniffers/analyzers for the job, and test their intrusion detection or prevention system with the proper penetration testing tools. My assumption is you don’t provide security solutions, because you’re a Microsoft pusher. I of course hope that I am wrong, but what 3^rd party do you trust?

A fundamental Business Analyst skill is weighing every option, looking at all possible ways to save your client money. When you consider passing them the costs to maintain something written upon the Microsoft development platform, you would be lying to yourself or completely inconsiderate to an unethical degree not to consider alternatives such as open source, especially when you leave them vulnerable to be compromised and leave their data insecure. Regarding migration away from such a privacy and security risk, I could teach 8 or 80 year-old end users GNOME, KDE or even Xfce-based GUI. They offer simplicity and ease of use on top of X, and it presents nothing harder to understand regarding use, navigation or using administration tools than a Windows platform. There's no difference in the learning curve unless you’re institutionalized as a user with single-platform knowledge, or simply fully profit-oriented as a Microsoft salesman (or simply ignorant regarding UNIX or any other OS in full).

The U.S. government at one point said Microsoft was a threat to National Security for its lack of security. (Afterwards, here came Mandatory Integrity Control and Vista, finally, which had some improvements, but not the way the OS installs by default). Why do they not sell it secure-by-default like OpenBSD? I'm all for supporting any mix of proprietary hardware and software, but would only deploy a fresh Microsoft framework for a new client unless they were already using Microsoft or only wanted to go that way, or had to, to be able to run some bloatware a Microsoft developer shot out of Visual Studio with no regard for its security and did no checks to test it for security holes. It's ultimately a choice, and a smart person would deploy secure things in production and not pass on costs to their clients which are usually 100% unnecessary. I don't see how a Microsoft MVP could win an argument which included cost analysis against open source security or support if you actually research the available product offerings; it’s free software, has ease-of-use, is much more lean, fast, and responsive, and does not present issues that need solving right when you place it on the PC; you would be blind to not see that it had a clear-cut edge on Microsoft at this time for a Server application, especially considering the savings. Where’s the savings with Windows? Would you claim that 10-20% off of $15000 you didn’t have to spend at all in the first place is a saving? Why are there training sessions geared towards Microsoft partners by MVPs that clearly illustrate the problems why it can be a hard sell, in 4 key areas, then provide you with answers for those questions and products to purchase to make it easier for you. Have you wasted that much time in only one OS or with that many Microsoft employees to be that sold on it?

Could not there be better solutions simply because you lack the proper skill sets in them or do not know of anything better? That would make you the problem, and not in a position to be a sensible solution provider for anyone, at anytime, or anyplace, unless you consider how in fact you’re just a corporate puppet for a Redmond, WA HQ that offers big apps at big costs, passes on large costs to customers, and you have a little to show for the sale as a middleman, handling a large ticket, but the frequency you have to repeat and lather this model just to stay competitive brings at least some personal ethics into light.

Microsoft is only concerned with improving legality concerning antitrust, intellectual property, and patents. (Their stance in the EU has changed since EU dropped a hammer; who knows what their new approach to circumvent their lack of control over the government is in the EU; they don’t allow the same kind of practices Microsoft enjoys here in the States). Ironically, they’re very big on anti-piracy as well, but they don’t mind stealing ideas from others, and when they don’t outright use an idea someone else has, they pay as little as possible, not close to what it is worth. Would that be one of Microsoft’s Best Practices?

This is my point driven home that I’m recycling: pushing Microsoft only and waxing like a ‘Bill O'Reilly’ does with guests: only existing with the function to show one side of a two-sided coin and silencing anyone that has a different perspective. Being against an opinion not in a more perfect union with what you're championing is not just less than smart, it's not even witty. It will not even serve you long-term. It’s simply just a pro-Microsoft arena, where you flex your debating skills, and sound like the bad guy when you dismiss logic. Being one-sided towards a computing platform is just silly. You miss the big picture totally; it’s pointless for a blind man to drive that huge truck. That’s why you buy the side and rear-view mirrors too; it might help, right? Sounds like the model.

I rarely, wait, I think I have never heard anything mentioned about Microsoft owning 25% of Apple, which constitutes 100% of the social networking, "Web 2.0" toy box full of gadgets you own and install. Why is that? Do you gentlemen want to consider yourselves truly “multi-platform” because you can also get around OS/X? An equivalent argument would be “I can play Galaga AND Space Invaders!” Walk and chew gum.

Microsoft’s “Redundant Cost Model” vs. BSD Open Source Model

The Microsoft platform, especially as a developer or collaborator on a network, all costs a great deal of money of course, and plenty of time to configure. You have to purchase each Microsoft module that it requires to enable proper collaboration and productive development. There’s Visual Studio (under $500 in 1997, $5000 the last time I checked, and now all those additions and versions from over a decade cost between $500-$1000—must be the economy), SourceSafe, SharePoint, SQL Server, Windows Server and everything else you'll need for productivity like Office. Then you have to license each piece of the software you just paid thousands for, for each application. The OS has the same redundant cost model, and will serve mandatory upgrades and obsolete itself to ensure everyone stays aboard. Annual redundancy, with necessary hardware upgrades. Next you have to prove to them that you paid for it all through online activation. It always feels good to prove that you’re broke to the company that took your money, doesn’t it. Accounting takes the shoe box you hand them, accounts for it all, subtracts that from your IT budget, and you organize everything and secure your shiny licenses with those pretty holograms on them. (They've come a long way.) When you finally have Barbie all dressed, you place her in her dream home with the latest hardware (or she’ll complain!). Only then may you begin your productivity journey on top of this Jenga-esque platform. By this time, a small startup would have already buried itself in debt before it has begun. You haven’t even begun securing this wide open thing. If you are concerned with people being malicious with your data, stealing your ideas or information, or think Windows Firewall is effective, you’re mistaken again. Microsoft isn’t a one-stop shop for all your needs. Pardon the pun, but I am finding it futile to ‘window shop’ now. If I continue to chip away on the cracks of this Hoover Dam of a corporate hold for too long and I think I’m here to fix problems, here come my results!

You still have to deploy 3rd party applications on top of Microsoft to make Windows a closer-to-secure platform worthy to use, unless you outlay a large amount of your budget for security appliances for your perimeter security. Out of the box, it's insecure-by-default; ready to configure, configure, and configure some more (time is money). It requires so many updates from the Internet after a vanilla install; it’s daring to plug an Ethernet cable into it and get the ‘security’ it should have. If you desire proper business-minded interoperability with the Internet and the web, you better use Vista deployment, or have a Ghost server set up with enough layers of security programs to feel halfway enough secure to plug it into the wall. This takes time. It’s more expense--more waste.

Microsoft has too many services dependent on the kernel, including an insecure RPC. Add up all of the necessary layers on top of software architecture built on top of a 1985 software model and we’re talking a lot of room on your hard drive; for space and more for failure. Windows is generous to computer repair facilities and opens more than a mouthful of ports that can be exploited; the RPC and all the dependencies on the kernel make it ready to crash at your fingertips after all the enemies it has created add to the virus signature database. As a developer, you might not want someone to take your ideas; you probably didn’t check first to find out that your idea had already been completed in open source and has been maintained and updated several times. All you have to do is be smart and start using better tools for the job sometimes. It can help.

The best way to test hardware is to see if the newest copy of a Microsoft OS will install on it and run with out a BSOD; that’s how thoroughly it taxes hardware. Before Microsoft Windows 95, the only blue screen that was household language was on a monitor or television that was turned off but still was seeking reception from a source that wasn’t providing it that far away. Similar I suppose, but definitely not what I would demand from something you purchased from one of the largest companies in the world.

Why have they not learned anything? Entertain the possibility that they know very well that the faults in the software are serving the company’s sustainability well, now a part of the model, through the pay from the many partnering solution providers and 3^rd party support offerings. Ultimately they just do this [big business practice], because they’re in the position to be able to do so. You can make a rock skip on water and then do it again. The rocks sink and the show is over. Eventually more important things develop.

Now, let's take OpenBSD for a comparison here. You download it for free. You install it. It is secure-by-default. Cryptography is configured for you to use. Proactive security is already built-in. Choose your GUI, developers many times prefer GNOME. KDE is many times chosen for productivity apps, email, etc., but both will run the important things not simply for a cosmetic function. You could have them both installed and more of them if you want. I think you have heard of Enlightenment. You could easily switch between them all by logging off, choosing which one, and logging back on. You download applications that are all similar and function well, integrating smoothly with each GUI. You have your development platform chosen and downloaded in no time.

In this free OS, everything updates with one command from the GUI or the CLI, so there goes the previous need to sit down with Microsoft Update and watch it fumble the ball. There’s also no need for several reboots until it gets everything in there right. It will sequence it all right the first time, if it even requires a reboot. The kernel is secure and few things if any depend on it. You can compile a custom kernel. You can add LSMs that harden it further, including built-in, customized iptables with netfilter, both configured for the environment you deploy it. There is no need for a 3rd party patch management program or two (one for all apps, one for security); you do not worry about the frequency of running each vendor's update program individually. Some companies hire another person for such labor, but for general purposes let's assume we're not just developers or salesmen, we're smart and want to oversee our own environment and can handle that task just fine. This one will take much less time, and you can schedule it to run automatically. All packages are integrated into the package manager, no matter who the developer is. Now, please, tell me about how glorious Microsoft Office is now in comparison. Is it because the icons are all close together?

On Linux/BSD, any additional security or other applications are free, easy to use, and much leaner, as more time and development was spent on everything by advanced developers in a community that is awake now in every language and available with support-a-plenty for free. They made and maintain stable, tight apps with a tiny footprint that boast the same amount of functionality, with less problems. Any support you want is usually free, requiring no long phone queue or credit card, and it’s easy to find an answer to your question. For some reason, it’s much smaller; maybe it doesn’t have bloated libraries with unnecessary, exploitable modules in the libraries that you aren’t planning on using on this installation. One package manager lets you choose from over 25000 applications that cost nothing. It will let you know if one app would conflict with another on the list that you had chosen, and just configures the conflicts and lets you approve everything; you don't have to find that out the hard way or research. It’s an intelligent OS. It was written by intelligent people for their own use and it now performs in demanding ways in production environments. It’s not just a toy for geeks on steroids; it just happens to have Swiss-army knives for all your network needs and then some.

File operation in Linux on the same hardware makes Windows blush. No waiting such a completely ridiculous amount of time for a bar to go across the screen in 'Microsoft Minutes' that may really mean 57 minutes and take an hour and a half or 15 minutes; it just moves things extremely fast, always. The graphics move much faster on your GUI than the fat Microsoft apps on top of the bloatware OS that had already consumed most hardware resources. You have plenty of room and time left to add more of these small-footprint applications if you care to look for and install any utility you want, plenty of them, before your free OS even thinks about slowing down. You can find 100 tools you want, install every one at once, and it barely takes up any room on your hard drive. It handles this all very smartly, and only loads the libraries you will use when you need them. That would significantly decrease the performance of a Windows OS with that many applications installed, even if they weren’t much larger each, but they would have been. Your GUI looks pretty already, but you've got more options in it than Windows to configure it to your liking. Time is money but you still have plenty of time to spend on anything you find that rarely comes with a price tag, like learning more about anything. You have many options, so spend as much time as you want. Accounting will still smile and add a few entries from your thin, manila folder you hand them, if you even have anything to discuss with that department after you have received your hardware and an Ethernet connection. Let's begin development. Your platform’s TCO: ~$0. That means that your ROI can begin with the first line of code. Will you be required to additionally spend time and money with annual, mandatory upgrades to all software programs? No. Are there any new recommended updates, like your OS, that will require or recommend (recommend means you better get it or you’re going to be frustrated) you updating your hardware for Microsoft every year? Nope. You have just done the best thing. You saved yourself time, you gave yourself a more stable platform, and you won’t be passing cost down to anyone, which places you at a much higher integrity level. You will be appreciated for saving a company’s time and having their best interest in mind, if you are in an IT role for an organization.

Regarding Certification

You don't hear so much about this. You might work for the government as a civilian for the military and get a Security+ and a Red Hat certification, for instance. No need for countless hours to pay for a large list of classes that cost a lot of money, all in each application, from the same company. You pay a lot for training if you aren't a self-learner. It’s easy to get swift very fast, at any age; I’m 34 so I require a pen at this point at least to take some notes. Back to the redundant cost model, Microsoft would have you be certified in all these classes for each application or role you might play. They all expire eventually after they release the next version that you will end up having to bite the hook. It costs a great deal. You usually don’t require that much training, but just the cost of the exams is high. You end up seeing Steve Ballmer's signature more times than you've ever seen John Hancock's, and most people in the industry other than Microsoft won’t care. I know paper MCSEs that have asked me what a NOS was. I wanted to slap them across the face. Ballmer and Microsoft benefit from whoever had to spend all that money to get you to be a certified developer, and he and his company will reap the benefits when you sell that application to anyone, buy the next version, upgrade all the dependent OS it requires, then you’ll have to take another certification test eventually to stay certified in something that probably changed cosmetically and had a page of updates in functionality or features. You cost more than you should for your organization and every time you try to benefit yourself, you continue to pass that unnecessary, redundant cost model to the end user, who inherits this multi-tiered beast to feed annually with frequent, expensive IT expenditures. Maybe you feel better sleeping at night with that idea that true Business Analysts are there for him to see that he can save money somewhere else because they are serving proprietary operating systems; you don’t believe there are Business Analysts that would dare analyze free software and find value! But a BA won’t usually be necessary after you’re ready to start developing, because the budget has just been thoroughly trashed for the rest of the year. He’s not available.

So here we are, you have no money left. You still haven’t opened anything in Office to use your super special productivity suite; the seller of the ‘feed-the-beast’ model, from the great company that looks after a businesses’ best interest. But your notepad on steroids is pretty. You can tabulate numbers in a spreadsheet that will perform more things than you can dream of. Maybe you didn’t care to run the new one; you were content with the old one. But they’ve stopped supporting that one, which means it will continue to be exploited, and no security company is going to care to look for holes in obsolete software; it’s just declared a risk. Now you better get busy creating those wonderful large applications it makes and churn them out fast; you would like a budget again so you can buy a spindle of CDs, or maybe a USB backup device, because you know how easy it is for Windows to get corrupt. So you’ve paid for the most expensive development platform there is, and you couldn’t be happier with things. I’m just a silly Business Analyst that does BPI and security, what do I know about the benefits of standardization, or those underlying costs of the platform that have all the security and reliability and performance disadvantages I have touched upon and discussed.

If I’m your BA, now I’m too busy do anything but look for business process improvements that save money, because the IT department is functioning without a budget for the rest of the fiscal year, and Windows is going to have to eat again soon.

Some Microsoft Issues to Consider

I am not on a rant to just bash Microsoft and I don't dislike anyone. I am here to open eyes to facts:

You cannot dismiss Linux as a viable solution, alternative, or complement to proprietary companies such as Microsoft in any organization.
Eventually, Microsoft will have to reduce their costs to compete with the general population in the open source community developing the same things; much of which is very impressive and trendsetting.

Microsoft likes to take from the ideas people already put together. They’re the largest software company, so they can wait until the competition in other proprietary operating systems for businesses to come out with ideas; wait, no competition, they look at smaller companies and take from their innovation. That’s similar to how they started. It is commonplace for Microsoft to take ideas from the Linux/BSD community, but

At this point Microsoft just absorbs any companies that have already written what they're looking for on top of their own platform, and usually, considering there’s really no competition that could pay close to what they’d offer if they wanted your product, you would probably agree to the deal.
Your application becomes their property, and they will make more money off of it than you could have; at least you saved your receipts to recoup the expenses you outlaid to finally bring a product to market.
If a competitor creates a product they don’t own that outperforms a Microsoft offering on their platform, there is always the chance they will use the platform to their advantage, and break that software by placing something in the proprietary source code that they protect so tight, making it difficult or impossible to run, and someone spent all that money to them to get to the point where they had some success just to be crippled by the very same company that got them where they are. (were) So much for climbing that ladder of success.
They’re also good at releasing the same better features that software had to offer in their next pricey (or did I mean piracy) update.

If you work directly for Microsoft, you work very hard; there is nobody that will deny that. In Redmond's organization, they have a reputation of "slaving" their workers and most probably don't have as much fun making something work as nicely as the open source guys who probably had the idea first, drove it through a functional SDLC with friends with international help if it filled a need in the industry, because there are translations for every language that do not force you to know another language to immediately be productive with someone in any part of the world. I could never say there aren't lots of Linux applications that took from Microsoft and other industry innovation as well. Some of Linux productivity apps, while more secure, have the same way of adding extra features Microsoft would put into something they replicated from someone else (for example the Evolution mail reader is your Outlook replacement in Linux if you want the exact same look and feel, except it handles spam better, has quicker apply filters, and you don’t have to pay for Outlook 2007 to have the same functionality).

Everyone is a pirate in this industry if you begin your trace from the founding of Microsoft and Apple. Without spending after buying Microsoft, you would be stuck with Outlook Express version what, 11? 12? Windows Mail. Insecure, low functionality, doesn’t work so seamlessly with the rest of that Office package that we all love. (We haven’t been to Microsoft Rehab to break the cycle of addiction to their products.) Trust me; you’re happier when you’re not dependent on those expensive applications. They just cost too much and simply aren’t worth it. It takes a long time to convince a majority they were wrong, and most don’t want to look or feel stupid.

Currently, I see the current Linux user base around 17%. That’s a big difference than the 1% I heard Microsoft salesmen say and actually believe. (The open source community does not waste time with surveys as often as to which OS they use at their home; they’re security-minded, don’t want spam and generally make better programmers. It’s all debatable, sure.) 1%, come on. They have done studies and tried to place a monetary number on the value of the open source software that is free today. They estimated approximately 13 billion dollars, maybe it was 31 billion; I can’t remember. Either way, if it were truly 1% it doesn’t make sense. Most businesses do have a mix of Linux in with their other software, to boost the quality of the network. Why would we see it so often; is it all a coincidence? No, the user base is approaching 20%. You might say 4 out of 5 people choose Microsoft and forget that one out of five adds up after a while. That's why you see rapid deployment of new technologies from companies such as IBM that make Linux work in cute little mainframes with pretty plastic black boxes, and advertise them on the cover of industry magazines; they know the true impact the open source community is making, and how it poses a threat to their profit margins. They adapt. Microsoft's price points will wind up much lower and Microsoft (and their partners) will be forced to lessen their aggression in the marketplace, with the undeniable rise of the popularity and benefits of a free development framework that has great value that all too many seem to dismiss as paltry. That's why you hear discussions about open source much more frequently these days at Microsoft professional developer conferences; they are sponsored by Microsoft vendors and Microsoft partners and filled with Microsoft users, resellers and advocates.

Bill Gates is an innovator with a great mind, and I would never take anything away from him. He has contributed to the industry in a large way, and he still contributes to the industry in many ways; consider research.microsoft.com projects, such as Worldwide Telescope and his philanthropy in many areas, especially towards global education and the countless number of charities for worthy causes he gives to. Many of the founders of Microsoft have done and still do great things for the industry they helped create that continue a steady money flow into Microsoft worldwide, that grow the industry and allow for such philanthropy from the top dog. I won't take anything away from Gates; he contributed much and still contributes. There's just room for more than him in the industry, and there’s no need to bash an entire collaborative community where people spend countless, usually unpaid time to make solid products that cost zero, zilch, nada, nothing. (Not that he has) There are so many packages available for Linux and BSD, and most support is documented extremely well and just about everything is free. Plenty of production-grade products do cost money and some really great open source (such as MySQL 6.0 Enterprise) obviously makes a smart move to start charging for all the work they've done over years and years; they earned it. I don't like some of the things some open source companies have done; an appropriate example would be MySQL dropping support for Debian-based distributions. No one company has ever made all the right moves, and nobody can please everyone with one solution. Not everyone will benefit. Maybe some people will use PostgreSQL on Debian. It has advantages over MySQL; MySQL has advantages over PostgreSQL. The support communities both improve the products and both grow towards improving where they are weaker. Security is a concern no matter what it lacks that you might want, however. You don’t ever have to sacrifice peace of mind or trust one company for everything, whom I feel takes advantage of their users, simply because they are in a leveraged position to do that for their stockholders.

Here's a stark difference functioning in Microsoft and a Linux platform in whatever similar application. Microsoft sells beta software with bugs in it and pretends they've completed the SDLC. Of course it is written by sloppy developers that write the bloatware that will not function without something close to the fast hardware that it was written on. They then proceed to overcharge for support and upgrades to basically make it solid. Finally stable, they release a new version that requires hardware upgrades and breaks things all over again (but does not reinvent the wheel!)—this continues their profit scheme and the vicious cycle it levies on their user base. They have developed one from-the-ground cornerstone and layered on top of it; they bought DOS, so I speak of Windows NT (New Technology). In sharp contrast, most (if not all) Linux applications have been tested so well by so many people with so many fixes and a stream of documented upgrades on bugtraq, by every user that submitted something that turned out to be a true bug. One can merely hope that Microsoft receives and reads all those ‘error reports’ that OS generates and sends. Now you can of course make money and look good by redirecting that information to the help desk, custom configure auto-reply messages to send to the user that a solution is coming down the pipe from your IT department, and have your workstation support techs research the problem. You look smarter then, and people don’t continue to reboot their machines and lose productivity without your knowledge of each specific problem; finally there appear some real solutions for crashes have arrived, instead of waiting for a patch or to pay for something to be released that might have the fix. Supposedly it works well; this is just what I was taught in a training course for the MDOP snap-in for Software Assurance. (Decent little 2-day course, gave away a free 120GB WD USB drive, and another free Vista Ultimate CD/license) I have never had the need to implement that function to see how well it works, so I do not know how accurately you can find answers associated with all those hexadecimal numbers. I easily resource my own problems on the Internet with fair results; things have improved.

In Linux/BSD projects, they make sure problems are ironed out before they call an OS a release. Completed products are solid before the developers usually see much or any revenue. Any problems deploying a solution to a particular business can be customized with higher granularity, down to the source code level of the operating system deployed with it. That is impossible with Microsoft, and advantageous to individual businesses with more specific needs than are in a universal model that you cannot fully control.

If you have the inane view that there are no Business Analysts in open source or OSS, you have skewed logic, tunnel vision and strong bias, and you obviously think your audience is large enough in your area to influence people to believe that there is no solution but Microsoft. There are those types (and those areas); usually they are too ignorant to think in other ways of doing things or simply unwilling to take part in a round table discussion with people who actually can analyze more platforms. Some just don’t care, or are comfortable in Windows, which translates “scared of technology” to me.

Just like Novell has made some revenue by acquiring OpenSUSE, Apple has done some smart things, like the Darwin project and with BSD; user groups and the community behind FreeBSD projects have added a great deal of worth as well. Microsoft and Novell also have the Interop project, where they partner together, promote interoperability, profit from it, but ultimately want to eliminate their competition. Bear this in mind--Microsoft started its company by selling something it didn't even have to IBM and then went out and bought something that they didn't develop to build on and license to them. Both Microsoft and Apple were handed technologies from Xerox; they had no part in the initial development for the GUI and mouse technology we take for granted today. Imagine what we don’t know about proprietary business practices. That’s their primary function. Wake up in the morning, throw spin to the media to move the stock for the investors, and lobby the government for change that benefits them, thinking of the corporation before anybody they consider an alliance or partner or customer. Inside the source is the magic formula that makes everything work for their benefit; it’s not just a combination of flavors for a soft drink. There’s valuable venom in there; they protect those precious nuggets of code.

The IT industry is extremely competitive, and it gets nasty, especially when companies hide secrets from each other and don’t work well together; a good analogy would be open source to something bipartisan in government. People that do things for profit secure their own data, try to find information on the competition, and generally decide to engage in manipulative, unethical or illegal business practices. The larger they are, the more corrupt they tend to be, or have the capacity to be.

Microsoft Office is a wonderful productivity suite, but you can't say that a user cannot be just as productive on a Linux platform. OpenOffice is a great product (inferior to Office still, but compatible, improving, and Sun Microsystems just gives it away). Then there's Mozilla Firefox, whom most prefer over IE7 (and they have the same look now that Microsoft has incorporated those innovative ideas into their browser). Mozilla Thunderbird and Sunbird are great for mail and calendar programs, with more security, which is the one common theme you are certain to see with applications written out in the open for free in the open source community as opposed to Microsoft. The security tools themselves are second to none, and there is many more in addition to what Microsoft lacks in so many areas, not just the operating system. Trust me; a Business Analyst who opens his eyes every now and again sees at least the simple cost benefit. But I’ve presented much more, and I’d love to hear you tell me it’s all just anti-Microsoft, and I am not close to the truth. Decide for your own; do the research. Find out for yourself where the quality applications lie. Let me graph it for you so you know I can analyze:

A lot of money ---- No money

Using simple cost analysis, please, pick for me the side that has core impact. If you can provide a company a better product at a cheaper price, you’re not the American Gangster. You’re a CXO champion, and a smart cookie. You think outside of a tired corporate cost profit model, and find real solutions for real people in all facets of industry. Name a Microsoft or other proprietary offering, and tell me how horrible the Linux version of that solution is by comparison. I’m from Missouri. Show me.

If you think that you are such a great developer, have some form of business genius, yet fail to acknowledge anything of worth from a large open source community, remember a popular phrase: Real developers write their own OS. [Linus Torvalds, among many others not pertinent to this discussion other than Digital Research’s programmers. Steve Wozniak.] I could list the authors of every tool in security that Linux has, from Chief programmers of every Linux Project that develop or port code from one version of UNIX to another to application writers, such as Zimmerman (PGP)]

The list is too long and numerous. These might be your heroes:

Microsoft Corporation, 1976. Played with the Altair. Geeked out a lot in the desert with it. Failure. Sold IBM on a product it did not own and could not figure out on their own, then bought it for next to nothing. Sold a licensing solution while retaining ownership of software, to Big Blue. Success.

Apple Computer in college. Steve Jobs (left) playing with blue box developed by Steve Wozniak (right). Profited by geeking out while eating Captain Crunch. As telecom hackers and phreakers, they enjoyed free phone calls at Ma Bell's expense. Their innovation was a free toy in a cereal box. As the brains developed a PC with an OS, the vision had the idea to photocopy from Xerox Palo Alto Research Labs, copied their GUI and mouse ideas and implemented them into their PC. Success.

If you write on top of someone else's platform, you may be successful or be very business savvy; it's one thing to piece objects already written together, or use technology that you didn’t create to make something…

Linux makes collaboration history

On the other hand, it is something quite different and refreshing to see someone like Linus Torvalds in Finland post on the Usenet about a free OS project that he was working on, based on a port from MINIX; anyone that had the ability could contribute to the project. Imagine that, an IT guy who asks for help from strangers in the industry. That might be the biggest or most important collaboration in IT history. I am glad it caught on to the point of collaborative work becoming a standard—it's a much faster way to bring a product to a goal-oriented finish. There is more input and testing for a better overall piece of work, with like-minded teams working together on a common goal. Some people find it hard to believe that someone, much less a group of people, would get together and do something for free that has value for industry. I have seen too many quality applications on this platform to have that kind of blind mentality.

Linus Torvalds, creator of Linux, the free UNIX-based OS with a GNU license; wound up creating the open source community as we know it that surrounds and supports it. He looks happy too.

If you think that the IT industry only includes Microsoft, Apple and other proprietary corporations, or they're all that really matter, you are not only sadly mistaken but also missing out on great technology and exciting development, with so many valued applications that are already used in production today that you can test, observe, and use; rather, you choose to joke about open source contribution. You might not want to provide any contribution to the real world yourself. You may want to adjust your rear-view mirror, however. Short-sighted Microsoft salesman's days are numbered. Forward-thinkers that consider others and provide quality products and solutions are here to stay. I appreciate insightful, knowledgeable content in a tech show; you play with toys, discuss the toys you play with, discuss the social networking programs (many with a GNU license written in open source) that you use on your phones, and argue with people who advocate additional solutions other than Microsoft or Apple; it seems simply just for kicks. I like color and humor, but when we get to work, it’s strictly for business. I’m results-oriented. You might want to consider what you bring to the table in that respect, with other people’s benefit in view. Then you might begin to wax intellectual and claim yourself among analysts of some kind or an IT consultant or trainer.

UNIX is necessary to government and enterprise business, if you didn't know; it is literally the backbone in telecom and networking and has been. It is used more so in the important areas I have thoroughly discussed like security, as well as the Linux community’s contributions, and like-minded people concerned with the effectiveness of the Linux project, down to the security of the kernel, such as DoD agencies, whose programmers are part of the open source community and have released patches and bug fixes. People who like security like to know what they’re paying for and not own just part of the software and a license agreement. They look under the hood too.

Regarding industry contributions, let's not forget ESIX, POSIX or even XENIX in the past. Don't leave out SGI (running IRIX on MIPS architecture), Novell, who has included a Linux kernel option in their server installs since version 6.5. Apple’s Darwin project/BSD--the list goes on. Every company, including Microsoft, has benefited from some form of UNIX (and then added it to their turn-key profit system). Now even some of the best Tier-1 IBM-compatible-turned-proprietary companies who are also Microsoft resellers like Dell include Ubuntu (Debian-based BSD) and Microsoft as options at purchase. You have a choice now down to the user level. Why would these smart, profit-oriented companies place free software on their machines if only proprietary solutions are of value? There’s a big difference in cost and worth.

IBM History and Microsoft

Microsoft plays a large or small role everywhere; they were viral regarding their popularity; software travels fast, especially when you're the first to license it to IBM. IBM simply dwarfed anyone in the industry with their mainframes and consultants, and has been around automating business processes with typewriters, tabulation, sorting, keypunch and indexing machines and all the equipment and solutions they provided since German-American Herman Hollerith founded the Tabulation Machine Company in 1898; the company that became IBM. They have been consulting businesses and whole nations (such as Nazi Germany from 1933), anticipating their client needs, and providing solutions for them, decades before computers were created by NASA out of necessity. Consulting business to provide solutions came about. It is not a matter of popular knowledge, or their brightest hour, but IBM assisted Hitler, the SS, and the Third Reich, using Hollerith machines to do data automation for them, including the whole process of profiling every individual in the country, including their religious denomination down to 1/16^th Jew. Like an effective consultant, they anticipated their client’s next move.

They opened IBM Poland; Germany invaded Poland. Et Cetera. IBM overseas had to be very cryptic when they talked to IBM New York about this particular business solution when it got to a certain point. They called IBM Germany “Dehomag”, to avoid public exposure. They had European operations based in IBM Switzerland, a neutral country. They rapidly developed hardware solutions such as alphabetizers, and wound up the people that put the ‘blitz’ in ‘blitzkrieg’. Every individual in the country had a Hollerith punch card with their information on it.

Today, IBM maintains a solid position in the industry, AIX and Z/OS being their operating systems they utilize on their many mainframes such as OS/390, RS/6000, and AS/400. That mainframe business is still the back-end of most large or industrial businesses today, with nothing but a terminal client connecting the end users easily from the mainframes. They now incorporate Microsoft solutions on their PCs, since they chose Microsoft over Digital Research and started with Microsoft’s DOS and licensing model.

Apple and Microsoft History

Microsoft and Apple were just in the right place at the right time during the advent of personal computing. Microsoft started out working on an OS for the Altair in Albuquerque. They were smart, had some brilliant ideas, and acted on them, gaining market dominance and heavy revenue from their business partnership with the largest PC manufacturer. Bill Gates is also an expert at delegating the proper authority to individuals suited for the task in his company. Apple has the hardware and software model for personal computing. They’ve built on their expertise after gaining the additional ideas from Xerox’s Palo Alto research facility for the GUI w/ the mouse, and have been improving their product lines for decades. Steve Jobs resigned from Apple in 1985 and founded NeXT. When Apple purchased NeXT in 1997 for its increasing user base of the platform for business and education market segments, he resumed his role as CEO at the company he had originally founded with Steve Wozniak, the technical mind behind Apple’s personal computing. Apple had the head start and innovation lead on Microsoft. They developed local bus technology first, which made graphics much faster on their machines, resulting in their dominance in the graphic design sector. I believe they maintain their user base not only because of the familiarity of the OS suiting their purposes, creating comfort after years of use, but because Apple’s hardware has always had aesthetically pleasing appeal, both the OS look and the plastic; just another quality aspect of Apple making products that play to their advantage. They’ve gone through software exploitation of their products and had to patch them too; everyone has. They touted being very secure in 2004 and were inundated with problems not too long after that; there have been as many as 25 patches in a week months ago. The key is to find and patch them fast, rectify the situation, release a patch for your users and notify them ASAP. Close the problem. Know how to make sure that audit trails can be traced to the source of an attack, and use stealth technologies (all free online for Linux/BSD distributions) to capture them in the act and record their activity, capture their packets and analyze/decode them, or set up a honeypot using DNS masquerading or a DMZ; hackers come in thinking it’s an important, but vulnerable system; it’s just fake services that look real over TCP/IP. You can force a keep-alive on their IP, which gives you some time to research their IP, find out what the real one is if it is spoofed, and forces them to leave an audit trail so you at worst sniff their packets and analyze them. A MAC or IP ACL filter table is handy; you know what system they’re coming from unless they’re spoofing everything; with a MAC address the first 6 hexadecimal numbers are the brand; combined with the last 6, they comprise the serial. Other tools can fingerprint much more of the OS characteristics on their machine. If they ever come in again, you can then trigger keylogging, packet sniffing and capture for analysis, and start stealthily sniffing the machine, finding out about them and and trying to locate where they are. Ultimately obtaining incriminating evidence will rectify any situation. It’s always nice to catch the criminal, but it is certainly good to have the right tools to scare them so they don’t try you again. You’d have to pay a 3^rd party a lot of money for the same security solutions for Windows that are readily available as free, easy-to-use packages on a UNIX-based machine. I’ve seen some offered on both platforms, but not so many for Windows as are exclusive hacking tools for UNIX.

I’m still interested in a Netsh manual. They're at Barnes and Noble I guess, written by O'Reilly. I’d be sure Microsoft trainers teach everyone the important context inside that CLI program. I’ve found web sites that offer solutions. Microsoft doesn’t seem to offer the documentation easily. I haven’t failed to find documentation from the people that wrote the products for UNIX-based machines; many can be directly contacted for help. Windows' Network Shell is just an easy example, including the constant removal of any helpful utilities on later versions of Windows, to show not only their lack of support but prove that they have poorer documentation, on purpose. I have heard that documentation is weak on a Linux or BSD platform. That’s simply a novice speaking with no navigation skills, basically like someone who can drive a car but not a truck, or an automatic but not a stick-shift.

Similar to Apple, the user base of Microsoft continued to stay for many obvious reasons: rapid growth, ease-of-use, increasing popularity, and application support. IBM-compatibles shattered the cost of ownership. Hardware and software vendors had clear reason to develop drivers and create alliances with the growing giant; it had the deepest market penetration. Hardware and software vendor growth pushed competition with Microsoft well out of reach, and created enemies and lawsuits in some cases and with some versions. (like their rip-off of Stacker they named DoubleSpace, their legal fights with Real Networks, etc.) With both home and business users mastering its software and common API, full dominance in the market was achieved with ease. Despite every OS upgrade having some form of instability, and the lack of security in every version since its deployment, Microsoft prospered to a global leader during the tech boom. It had satisfied all major market needs, and created revenue for resellers and technicians. Unheralded market control from its leverage allowed Microsoft to rapidly develop and improve its own application offerings en masse. It now viewed many software companies that grew with it as competitors of its own line of products. Creating extinction or absorption of these companies at its will, lawsuits increased from injured software companies to US antitrust and government investigation into possible illegal monopoly practices. Business tactics created trust and dependence in software from average companies and users worldwide. Despite the threat from government intervention, Internet browser integration continued with every version of Internet Explorer. Easily avoiding problems with government interfering with big business, only the acts of 9/11 and now the global economy decline has stymied the company’s stock price.

UNIX and Microsoft Convergence: Multi-Platform History

During the popularity surge of Microsoft, many computer and network users stayed with earlier companies such as Bell, Sun Microsystems and other UNIX hardware and software companies, and they had an advanced OS and a strong, steady user base. These advanced “Bellheads” from the telecom sector and “netheads” using big backbones on the largest network in the world, then called the ARPA/DARPANET. All of the nation’s infrastructure was implemented onto this idea, and we now know it to be the Internet. It was a bit more simple back then, all government and military, built with intentions to have a segmented connectivity. In the event an atomic bomb took down a large part of the nation’s communications network, the rest would stay up. Both types of these of users were all UNIX users first, and this group has always made their voice quite clear about the distaste they have with Microsoft and the stereotypical types of users that worked on that platform. They viewed them as novices in the networking industry, as they had been using advanced networking protocols with security for many years in their careers by the time Microsoft was popular with end home users. As Microsoft grew more offerings and tunneled more deeply into every market, the users went from client to server applications, and this user base started making its way from around to working with these groups. Microsoft now had a place for its application in a business environment. They did not all quickly embrace Microsoft invading their secure platform, and there were areas where they felt things were more than under control using Sun Microsystems and their SPARCstation systems with SunOS 4.x and related equipment. This pro-Unix user base has never really changed its attitude regarding Microsoft in comparison to UNIX in business application, and their user base was always steady and unchanged, with a slow, normal increase; things were changing to their dismay. They saw the pattern of Microsoft business growth early and found it to be distasteful; jokes about Microsoft and security started immediately; the sentiment is largely similar today; the exceptions being that objective multi-platform users understand both general types of people and saw both sides of the argument. Other smart and advanced users began learning UNIX, desiring a challenge as they had the same passion for technology and degree of potential. On each side, some found common ground and did eventually get along despite their geeky preferences or areas of expertise. The most successful people seemed to understand both types of individuals, championed nothing out loud except for a willingness to cooperate and waited for things to pan out. They will and continue to play it cool today. Many Windows users that desired to learn UNIX found it hard to find coworkers or people willing to take time to impart their knowledge to them, because of their hesitance to trust or even dislike some of the people for little reason, sometimes simply because they started in DOS or Windows and didn't have the same wealth of knowledge. There were also UNIX users that saw potential to exploit the popularity of the Windows platform and understood why it found application in so many diverse areas, regardless of its advantages or flaws. There are just things you could do on UNIX systems that you just couldn’t do in Windows. Attitudes and ideologies many held clashed on a daily basis; there was a transitional phase where everyone had to adapt or adjust in some way; at the very least, in a positive working environment, and much like the civil rights movement, people that came from different backgrounds had to find common ground to build from to forge good relationships with people; it was exactly like that, because they lived and breathed the languages their computers spoke—they had distinct cultural differences. These users got to know one another and began to understand each other and communicate more effectively. Interoperability tools such as simple UNIX for Windows and tables of the basic command-line tools were created and compared, ‘cp’ for ‘copy’, ‘mv’ for ‘move’, et cetera. People who wanted to know dug hard enough and found out themselves; self-motivated and sharp individuals continue to have the same success as they always have.

Much has changed today, but the same basic differences hold true in large networking environments that have a need for strong security. UNIX still leads in security and networking, where Microsoft was newer and more user-friendly to begin with. Both have improved to a large extent towards each other, but there are still many technical workers that are most comfortable at a UNIX prompt than inside a GUI. By that same token, there exist the types who prefer the graphical interface and find it most comfortable to work in, but enjoy working from the command line as well. Regardless of differences and opinions, multi-platform networking had arrived; nothing was going to change that.

Modern Contributions from Linux progress Development

In the late 80’s and early 90’s, alternatives of Unix-based OS started to hit the scene, such as ESIX and POSIX. Eventually motivated, sparked by ideas and a desire for his new project, Linus Torvalds showed up on the Usenet, posting on newsgroups about his Finnish project of creating a 100% free UNIX-based distribution. His request for help from anyone interested in the idea of freedom and distribution was well received and many volunteers responded, enthusiastically interested in such a project. Soon after, many were helping contribute and a unique, technological enthusiast crowd surrounded his free project; a fast growing support community began developing. There has been a rapid increase of the number of people drawn to this advanced user development community ever since. I was first introduced to Slackware Linux around 1993. It was the first popular distribution of Linux I got my hands on. Collaboration increased steadily around all these different distributions, and more growth resulted. Knowledge of network protocol and security concern created more and more advocates of open source UNIX and UNIX-based operating systems who enjoyed the idea of a robust and free platform that had certain freedoms; this movement was new and exciting to everyone involved. As Torvalds would say, “I use the best tool for the job, even if it happens to be proprietary”. Formal and self-taught individuals continually increase in knowledge in this exciting field. With more news about this community about the growing advocates of this open source ideology spread around the industry, opportunities became swiftly visible and some advantages had immediate industry impact. Continued growth has been largely welcomed by commercial business and in government sectors, as TCO is much lower, helping smaller businesses, while the security helps security-aware organizations such as the public sector, sophisticated law enforcement and the financial market. With every disadvantage in a proprietary platform comes a specific, free package that addresses the need in all user communities. These applications, for the most part, have been easily ported into any platform. Red Hat Linux was the first to go proprietary; it still has a Fedora project that remains free, and the popularity of Red Hat grew immensely with version 5.0, as it had a GUI install that the largest user base was attracted to--Windows or Macintosh users. Voluntary users edit the source code from these free projects and they show up ported or previously compiled for every popular platform. Recent growth continues and becomes visible in several areas, as things like unemployment growth, the decline of the economy and knowledge of networking expanding to a younger generation continues to stimulate growth.

The focus on security has been steadily increasing for five to seven years, as the events of 9/11, the war on terrorism in the U.S. and in the Middle East, and an unpopular war have stimulated growth in the security industry. The threat of terrorism has also boosted network security-related opportunities in a heavily saturated market during the tightening domestic economy. Criminal activity on networks is on the rise in all forms, which creates more need for businesses to protect their investments in their network infrastructure. Information assurance, data integrity and data theft are rising issues that can be addressed with Linux and Linux-based applications, and of course more reports of network cracks and break-ins are heard daily. Crackers use a plethora of exploits, more that are found than fixed in a day, and they come in all forms: denial of service, ARP/DNS and DNS cache poisoning, IP/MAC spoofing, zombies, keyloggers, rootkits, remote execution exploits, and hijacking and compromising systems to gain unauthorized administrative access and use of networks and systems through application vulnerabilities in code. SQL injection is probably one of the largest-used attack vectors today. The increase in the amount of passionate technology enthusiasts with experience in multiple operating systems have now become a normal industry incline and is in observation by all governments and businesses. There is also sharp and steady increase in the amount of security vendors in the industry. Basically the only thing that has slowed has been the quickness to trust other individuals and businesses. Reputation among quality security vendors in the industry increases their visibility; competition creates more opportunity in the IT security field as more solutions are offered to government, businesses and individuals using faster network bandwidth, thus requiring more security to deter hackers, protect networks and defend from problems important to most people such as identity theft which is a major concern. Many security vendors were started by ex-hackers who saw a use for their ethical hacking stills, which have value and social import in the industry today. Some were caught and have changed their ways; some just started making wiser decisions. In today’s complex network world, it’s hard to implicitly trust anything, from an e-mail to a security company. You have to make informed and cautious IT decisions. It is important for all people in today’s workforce to understand the dangers of physical networking, social engineering, technical hacking and the level of sophistication in which these attacks are carried out on a business. I believe that training of all employees in an organization regarding computers and security is very important and vital to the longevity and strength of that organization.

Personally, I’ve also found it much easier and proven it more effective to secure a Linux machine; Windows is a much more difficult beast to tame. Depending on the amount of money a company has to spend or desires to spend, or simply cannot afford not to spend, the security-awareness of the general computer user has to be improved and employee awareness of security risks regarding data theft, dumpster diving and social engineering through training is just as important as employing individuals with technical skills.

The Modern Multi-Platform: From Business and Security to Social and Solitaire.

Today, both UNIX-based and Windows OS offer most business and home user software. Microsoft has an advantage with many users that do not know another operating system, and familiarity breeds ease of use. Knowledge of the platform is important to them, as they are more comfortable in the environment. If you just think about the fact that DOS was copyrighted in 1981 and Windows NT in 1985—that was almost a quarter of a century ago. Some have tried a more difficult Linux distribution with a higher learning curve first, as they all vary; user-friendly installs such as Ubuntu Linux, a very popular Debian-based BSD distribution today see the fastest growth. That first impression Apple and Microsoft users had with a UNIX-based platform has made a lasting impact on their unwillingness to embrace it and thus its technology. Many users simply don't need the complexity and find one version suits their needs, and for longer depending upon how smart the initial investment. Many feel the learning curve of UNIX is more difficult than Microsoft in general, and are reluctant to give it a chance. The fact remains that increasingly easier GUI installations and more user-friendly tools are increasing on the multiple offerings of Linux and BSD-based open source OS, and continue to grow popularity. For individuals, home networking and small business users it has found a place as a cheaper, more reliable file, web or SQL server. Using many security technologies for secure authentication access control, and technologies such as encrypted VPN, secure e-mail and browsing, with keys containing encryption ciphers who quickly power up security to having 8192-bit strength keys easily, and that would take a while to break. There are hackers that use recently more popular SSH man-in-the-middle attacks by forged, self-signed SSL certificates created from open source SSL servers installed or compiled from source on their own machines, as well as older, traditional ping flooding and password cracking which has always posed a security issue; it is becoming commonplace by end-users to combat it. For Windows and Mac users who are susceptible on their high-speed Internet connections, cheap hardware firewalls are easy sells from Radio Shack to being included with a Dell or Mac purchase. Simple port scanning tools are available to see what services a computer or network runs, so hackers know what options they obviously have at directing an attack, especially if a PC has ports open; these port numbers are well known and are assigned to native services and to manufacturers and protocols. Commonly attacked ports that certain Trojans use are just as well known. Regardless of the resistance in some organizations by their non-IT computer users, these things must be learned. Multi-platform users are valuable to companies for many uses, for security analysis to address these concerns and make them aware of their own specific vulnerabilities. Technical or administrative support roles are necessary to fill for security and training. Given the instability and the security issues that UNIX has and the many areas that should be addressed concerning Microsoft, proven knowledge in both platforms gives an individual added worth. Open source Linux has proven itself a viable option for many reasons, usually cost regarding self-taught people who just play at home and develop a skill they can use. With increasing applications and the open source community that UNIX has, it has clear advantages over Microsoft in more than several certain applications. With every version, more and more people see enhancements in the open source community’s efforts to willingly create more and more proof by continuing the advancement of the platform by word-of-mouth of its stability and reliability, the many application advantages in advanced areas of security, and its capability to secure a business with a much lower total cost of investment. I rarely see the type of stingy individuals in the business place today, considering how much knowledge has spread. They always got on my nerves too, but people usually come to realize that the best way to learn is by doing, not sitting in a class. I don't see certification being as much of an issue anymore regarding employment; and I see that trend decreasing further. Sure, given the time and ability to afford it, ease of a student loan to attain, having something on paper makes it easier to market yourself and more confident. I won't deny that higher education or formal training does not have use! I just see more of a social pattern with less knowledge coming from paid institutions; I see it easy to obtain freely, largely in part to Linux and BSD and GNU/BSD licensing of products. The desire to achieve and learn and passion for technology creates more people that can drive themselves to success without the traditional methods of learning processes; it just depends on how much someone truly wants to learn, in what area, on what platform, and how determined they are to succeed, no matter what the stock market or changes in politics or wars are going on that is beyond our control.

To be sure, Microsoft, Apple and other companies have taken notice of the changes. Today in most businesses there is a mixture of several server programs, both proprietary and open source, such as VMWare for virtualization, and at least one of the SQL servers, the most popular SQL products in the market being Oracle and now Microsoft has just as fine a product. There are also other popular client-server software utilized such as Citrix/Citrix MetaFrame and Lotus Notes/Domino Server. Web-based programs, custom scripts in Python, Perl or Ruby, one of the plethora of mail servers, web servers such as Apache, development packages for programmers, etc. are all becoming increasingly well known. Businesses, developers, and IT professionals employ IDS/IPS, identity management systems, and use different ways of anonymous surfing through multiple proxy servers using technologies such as Tor. Most companies these days include Microsoft and Linux as integral parts of their multi-platform network, exploiting the advantages each operating system has to offer.

I personally boot Vista Ultimate and Ubuntu 8.10 on my home machine, and enjoy beta testing software and many other OS flavors of Linux, such as Mandrake, Fedora, OpenBSD, FreeBSD and Sun Microsystems’ OpenSolaris. There are also smaller Unix platforms mostly known for troubleshooting such as Knopper/Knoppix.

Competition has increased in database server and scripting languages in the free offerings made to organizations. Many companies using Linux/BSD OS are showing profits by offering advanced network security features for a price to target audiences, such as Nessus, Snort, and other popular programs that have gone to a pricing level from being completely free. There are so many utilities to consider regarding security, such as Netcat6, Hping2, Nmap, Tcpdump, Ntop, L0phtcrack, Ettercap, many of them based on the Pcap library, that are totally free. There are multiple intrusion detection and intrusion prevention systems, free and for sale; the most popular ones are all based on Snort, which is still has free license. Companies can build on these base applications and create custom solutions with much more user-friendly interaction for them, so there is room to profit in the open source industry. Imagine that, money from nothing. Isn't that what the “American Dream” still basically means to people, despite what may have gotten worse or better in America the past decades.

Some things like Nmap and a GUI front-end for it's network mapping utility, Zenmap, are also available on Windows, which compete with proprietary products such as HP OpenView. Nessus and Snort and many others have also been ported to Windows solutions. The Pcap library reaps benefit on a Microsoft platform easily. Windows has penetration testing tools that include high-end software applications such as Core Impact, and simple vulnerability/port scanning programs such as GFI LANguard. There are hardware offerings that automate security analysis, going through millions of attack vectors using algorithms which function at a very rapid pace and deliver valuable reports to the security IT employee, such as Mu Security’s MU-4000 Security Analyzer. Appliances such as this are valuable to have on the perimeter to constantly test different modules of a company’s infrastructure to create security end-to-end. Some are advanced and proactive; others are engineered to function with much more stealth. Simple hardware firewall architecture such as Cisco PIX firewalls have been phased out and are no longer supported; Cisco has moved to Cisco ASA products. It is a daily laborious effort to stay abreast of new and emerging attack vectors, popular new attack ports, and new exploits that are made available to the public daily. It is an arduous task to stay abreast of security technologies as there are so many whitepapers on available hardware, webcasts to illustrate products, podcasts, blogs, and the like.

Security vulnerability bulletins exist that contain information on most every problem in every type of hardware and software, and are updated regularly. Information on new security holes that have been patched are released from many companies. Security organizations exist in many areas, and more than one source should certainly be used to keep a balanced view of the varying opinions people have for securing enterprise-level to small business. Some exploits are widely advertised, some you have to know where to look; it also can depend on the company, the hardware or software, its function or importance, and the methods each company decides to employ regarding the disclosure of vulnerabilities in their products. I personally believe in instant disclosure. Others feel that certain people should know and then others, depending on their roles, and that a set window of time should be used before the patch is made available to the customers that use these hardware or software solutions from IT solution providers. Generally I find that the larger, proprietary companies tend to disclose later than the open source community, for obvious reasons: some hope they can repair a problem and deploy a solution before common knowledge of it spreads, not making them look good. There are also considerations regarding the varying levels based upon which Linux/BSD or project that we could discuss.

There are plenty of applications with these and many more security tools for businesses, and the simple front-end security that Linux can provide solutions in a multi-platform environment is widely used as a cheap edge server while Microsoft systems can operate more safely behind the Linux security features and use it as a proxy or NAT. I feel that is a wise decision to make inside the hardware perimeter for the Intranet security software layer of defense in depth, considering the vulnerability of Microsoft OS, its applications, and the many programs written for Windows that have multiple security holes and require constant monitoring and patch management. Recently they just patched a 7 year hole in their software. That does not make me feel all warm and fuzzy about the attention they pay to security, regardless of how hard they may or may not want to try; echoing previous sentiment and seeing all angles, I see opportunity for a company that large in such a unique position to profit from it's own flaws and then sell the clothes on the naked Barbie doll OS that it sells. I can't think of another reason why they haven't addressed the initial offering of a supposedly functional piece of software as important as an operating system having inherent security from the ground up.

Interoperability features between the two operating systems continues to grow and present businesses with cheaper solutions and more opportunities to reduce their spending. Enhancing the ever-worsening problem that security vulnerabilities pose on more and more complex networks on the rise makes security a large focus I spend time on in the industry. Awareness of this fact has grown the knowledge of hacking ability, and both good and bad uses of the same security tools are performed by both ethical hackers and the criminal element of crackers who engage in fraud, malicious activity, and other crime concerns in the network industry.

Microsoft now gives 120-day trials of practically everything it has not absorbed which closely resembles a Shareware model of software, giving them more leverage. They give end-users inside businesses the opportunity to have users upgrade their own software which I would hope would be against company policy. Independent users can easily become dependent or spoiled on a product’s new features, and many times Microsoft makes it hard on the integrity of the system it was installed on to make the older version work again, once the new version’s trial has started. I believe that has advantage to Microsoft, especially where someone has deployed it in a production environment, and does not have the proficient skill to regress to the previous version again. Long-term product mastery of Microsoft allowed the company to take advantage of its users and resellers, releasing bug fixes at a slow pace, and eventually, 3^rd party security vendors became relied upon for their expertise regarding the knowledge of problems with Microsoft and other often-hacked PC operating systems; these companies and their respectful submittal to the industry giants have forced more timely updates. Many companies have embraced security with the responsibility they should, and there has been growth at every stage at Microsoft. Bill Gates sent a message out with importance before he stepped down, illustrating the need for the company to really focus on increasing security on the Windows platform. His soft-spoken yet authoritative knowledge of software does not fall on deaf ears. Apple has changes coming as well, as OS/X, iTunes, QuickTime, Dashboard, and many other Mac applications have been and continue to be exploited. The iPod chief at Apple has also stepped down. Change is rapid, and concern with large business and their practices as a watchdog does not sound like an unreasonable, paranoid idea at all, considering the vicious competitiveness in the IT industry. Both Apple and Microsoft have played off each other well, and both remain strong with unique business models; they are both important companies with a steady stream of innovations; all contributions from proprietary companies, open source projects and their communities and user bases have evolved the industry as we know it today. I could plug away forever, but I cannot simply have fun bashing proprietary companies for fun without looking like a hypocrite, considering the way I have attacked many advocates that disregard their peripheral vision when they're focused on one platform. I do still think however, that the open source community is more aware as a minority than many users and business-minded people who work solely with platforms that have profit generation built into the concrete of the business, before anyone can build on top of that and put down walls around the company and install the roof, doors and locks. I think you have to see before you can type, and know before you can develop, if you want to posture against my line of thinking and dismiss me as some sort of champion without a basis for my beliefs; most people that ignore the truth get slapped in the face down the road. Maybe that's why I'm writing an extensive report. I do not have an intended audience for this in mind; maybe I'll just dump it on my web site and spread a link around. I have to bring my own Windows-based company and it's shallow, antiquated web site out of the shadows before I might even be taken seriously. However, consider that those who spend more time worrying about their profile usually have less time to focus on the delivery of real IT solutions. Sip on that whiskey for a minute; it's easy to underestimate an individual or a company. That's another easy way that hackers can pose risks to a company's security, by making them feel like they aren't a threat. It's really hard to not see all the angles when you have a bit of experience.

Wireless Security

Hackers have recently found a way to crack WPA, when this protocol was the wireless security generally considered the best practice to best 'secure' wireless networks. Pardon my cynical viewpoints from experience, but it's hard not to see wireless packets floating in the air for anyone to intercept not having obvious, inherent security risk. WEP used to be used the most deployed, which uses a 40-bit passphrase to create a much longer key, while WPA uses a shared key between wireless equipment, and can be up to 64 characters long, creating the possibility that a standard dictionary attack or decryption of the password is possible to create harder passwords that take longer to crack; you could change your MAC addresses and passphrases regularly before someone cracks the first one. They would find a more suitable opponent and tire out rather quickly, as people that steal and commit crime are inherently lazy. That's why they are not in a real job in the first place usually; they want a quicker way to make a faster buck--too many people have relaxed, highly flexible morals and business ethics, making it a complex world to secure. Password crackers using databases with common passwords and standard dictionary attacks are widely used by malicious crackers to obtain access. Among all technology, wireless is by far the easiest to attack; as you would immediately think how I visualized earlier--packets are literally flying through the air to intercept and decode, and criminals may attempt to authenticate from a distance. TJ Maxx heard of this shift from WEP to WPA, and this is when the the famous infiltration of their network happened; it was attacked while they were in the process of shifting from WEP to WPA. The break-in was very large and made echoes through the IT industry down to individual credit card holders. It was a massive amount of data theft which led to a great deal of economic damage, and much time had to be spent as the credit card companies had to protect their customers. The resulting solution was in their decision to issue new credit card numbers to everyone that had their information stolen from TJ Maxx and other companies that incurred massive data theft. They also gave away free enrollment in a credit card identity theft program where the consumers were given three months of free credit report checks. There simply is no ultimate way to secure wireless; best practices only include increasing the length of the WPA shared key to be as long and complex as possible, and reducing the amount of users granted access to sensitive areas of the network through wireless access points. Personally, I do not allow this practice at all as a matter of corporate policy; users must log on to the secured, wired network from their computers at work to access them or from secure remote logins if they are traveling or working from home. It does not make sense to me, nor do I feel that I am inconveniencing a client too much, when you take into account the security benefits and risks, simply to ask a user on the work campus of the organization to use the wired network from their office computer or cubicle instead of their laptop that I haven't encrypted the information that travels into “my” network. (I must view a company's network possessively like that; their problem is my problem if I am responsible to secure it--so I treat it how I should; like it is mine.)

Business Options and Advantages

Back to the persuasive aspects of this report, unless you just do not know, have not seen it done or have not cared to try and find out, there are more options for the future that do not require such a large pie for your IT budget spending if (God Forbid!) you opt to use a different or additional platform to run your company's applications on. Get with the program; think outside of one shell. Remember, all the companies whose applications you may champion and every other proprietary operating system was written in some form of C, the same language that both AT&T and Berkeley styles of UNIX are based. Much of Microsoft Windows was written in Visual C++. When it boils down to it, don't be a numerology racist; by this I mean think in terms of 0's and 1's. It all is binary code, whether a lot of the programming of the code involved a lot of binary digits to protect what can be placed inside the proprietary kernel. I like to know that my chicken is fully cooked before I eat it, and that means I must check in the middle of it. What if you bit into an apple and you started chewing on what tasted like BBQ fruit? That thin layer was enough to make you think it was still fresh and had it's integrity, didn't it. I use analogies to deliver my point many times. When you deal with so many different individuals, some will get frustrated if they don't understand what you thought you conveyed in a very patient, thoughtful manner anyway. Not everyone has a computer mindset; I don't either. I would like to think I get outside a little! So applying real-world graphic comparisons that can help someone understand it in plainly makes it easier to drive a point home. I get annoyed when car mechanics tell me that my triptoflopter is broken on my durabatch conflibulator too! Ask for an explanation, and someone can think of an analogy if they've got enough experience to be touching your computer or your car. Gone are the days of geekly employees with no interpersonal skills. Evolve or die; you either come out of your cocoon or you won't have those pretty butterfly wings in the industry that you have been seeking. If you aren't social and prefer to just program, at least be able to communicate with your team and your supervisor, before you run home and play D&D.

Depending on a company’s IT needs, there is simply more than one solution to consider when the day comes to deploy a solution to fulfill that need with a look into the future and a concern for your company’s bottom line. Sometimes Microsoft is the answer and sometimes it is not. Security in Vista is just now starting to begin to be able to compete with existing technology already incorporated out-of-the-box in most Linux distributions. It has a long way to go, though. The UAC and MIC are good, but the elevated privileges some applications run in are harder to control, and programs such as Local Security Policy, Group Policy, and Active Directory must be kept current and unnecessary ports must be blocked, especially when they are left open on a vanilla install and are not used by the common public. I personally have an inexpensive system at home and dual boot both Microsoft and UNIX-based NOS, but I have layers of hardware on the perimeter, high levels of log management related to the work I perform on anything. I am not saying you can make your computer foolproof; like I have heard it put: “If you try to make your systems foolproof, there's always one more fool that's more inventive than you.” I implement audit trails, including multiple traversals of the Internet traffic through multiple routers; this is merely a home network. Default values of most everything should be changed to increase security. There are too many stupid things Microsoft has done in the past, such as a vanilla SQL server installation having no default password at all. Some people do not address these simple-yet-important issues first. Any SQL server should be tested for the SQL code’s security integrity and the network’s configuration, to know what level of protection you need by examining exactly what you are exposing yourself to. For your own sake, please think before you start to use as many of these hacker playgrounds that exist on the Internet, such as an old protocol like IRC and new social networking sites such as MySpace and Facebook. From a network security position, I simply would not permit social networking sites, Internet messaging outside the Intranet solution for that, or tolerate any insecure protocols such as telnet and FTP, among many other things I lock down and deny usage from, when there are common applications that use newer, more secure protocols. You don't always compromise speed to sacrifice for security; and on Microsoft's platform, the more secure I make it, the faster it responds. It isn't wasting any more of it's time on worthless services to you that you weren't using, allowing your CPU to be utilized more efficiently; however, a small sacrifice in speed greatly outweighs the implications of downtime, data loss, theft and frustration. The safety of the network and the data on the servers simply outweighs the initial frustration some users may feel regarding company security policy. The lacks of productivity from these users tend to be the largest security risks in the first place in the organization, considering the insecure protocols the programs call for, the ports they would open, and the length of time they would keep the network vulnerable to attack through their machine. Some workers spend too much time using those kinds of technologies instead of working anyway. I do the company and the individual a favor; they work more and play less, making the day go by faster, having more productivity, and eventually they will be noticed by their superiors, and if not get a bigger raise, increase their job security and sustainability within the organization. Of course you have to be reasonable regarding this. You have to earn trust in your users that you have their best interests in mind, and you don't want to make the work environment so boring that you destroy morale. That would be contradictory to your own role in the first place.

Conclusions

It is not wise to maintain a single-minded, Microsoft-only mindset in this industry. It requires a lot of effort to keep revenue streams ahead of business spending, requiring developers churning out programs that create revenue at a much faster rate than it would if you used a less expensive development platform. That makes quality assurance not as easy as products have to be brought to the market much more quickly. It is complex and a difficult thing to please everyone while keeping your company’s best interests in mind, especially trying to keep the company in the black on top of the costs you already pay yearly including plenty of hardware and third party software Microsoft continues to absorb, such as Winternals (sysinternals). I repeat myself, but I hate lies. Microsoft promised they'd leave that package intact for people to use freely, but right after they bought it some of the best tools disappeared very quickly. You'll always need 3rd party tools to harden this bloated OS anyone could drive a truck through more quickly than you could run to a networked workstation and execute a security tool to combat a security breach taking place that had more sophistication than the automation you applied to an attack vector; you also cannot set rules for every type of way you might be vulnerable to an intelligent network predator. If you're going to champion Microsoft in a security arena, before you decide to compete, you better bring brilliance. There is a reason Microsoft is the most hacked NOS and Linux is second. Microsoft doesn’t have anything near the same kind of users, and is not equipped with the same weapons or skills to bring to a competition with OSS anything close to what it takes to win without outside help; the Linux community simply has better IP Kung Fu. The sad part is that these geeks take sides to the extreme from one operating system to another, and many malicious attacks are simply the equivalence of a hate attack on a different operating system. The majority of attacks on Windows is from Linux OS; likewise, the majority of attacks on Linux come from the large Windows user base.

Champion what you will; just stay open-minded. I have presented Open Source vs. Microsoft and have presented many relevant topics and viewpoints; much of my own. As bad as I can sound towards Microsoft in some areas, it remains an objective viewpoint; all sarcastic humor I included in this article aside, I am not displaying negativity for Microsoft technology for the sake of defaming its operating system. I hope by this constant repeating many of which all are the same point through this report, I may persuade a user to proper objectivity regarding technology. Possibly start considering Linux/BSD and the open source community as a minority that will not disappear. Please view it with an open mind, without thinking it’s a stupid idea and dismissing its application in business, simply because of your technical ignorance. It has much larger user base than you might think; the fact that it has garnered support that proprietary companies have to acknowledge and adapt to the convergence of many technologies available on both platforms should give you a clear indication. A general appreciation for technology would allow bias to be removed from viewpoint and the support of both proves my point as well.

Even though a majority of my revenue streams throughout my “career” have been on a Microsoft platform with a mixture of various hardware and software, for business and security applications, and I am a Microsoft partner, I will not restrain my freedom of speech to address the needs and problems I see on any level, in any OS or in any segment of this industry. I refuse to suppress honesty and sacrifice security and stability and convince myself or others that taking on extra cost would be wise, from a reasonable BA/SA mindset. Don’t dismiss Business Analysts that think of the costs they can affect for their clients or OSS. You’d have to be a trained monkey otherwise, and I don’t want anyone to fail in this industry by being a short-sighted, narrow-minded thinker. We need all the informed, smart people we can find to support the technology sector and provide for our declining domestic infrastructure as effectively as possible, without bloating operating expenses to an extreme.

Kevin Gregg

Infination Technology

KG@infination.com

http://www.twitter.com/Infination

“Don't push me, 'cause I'm close to the edge; I'm tryin' not to lose my head.” - Melle Mel

"We could take over the world today, but we'll wait until tomorrow." - Linus Torvalds

“Advertising! Advertising! Advertising!!!!!” - Steve Ballmer, Microsoft Corporation

“640K ought to be enough for everybody.” - Bill Gates, Microsoft Foundation