Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Managing Innovation
 len, we have (and have had for a long time) mandated installation items and practices to maximise reliability - part of which is constant upgrading. as part of that i get the security feeds from cert - www.cert.org - and monitor them carefully. it's interesting that open source software is still having potential problems logged, and as i mentioned, often within 24 hours, but certainly a couple of days, redhat is distributing a patch. i think they really set the standard here - oss coders for the fixes, and redhat for getting it out there. ms has hardly been mentioned lately which i guess means they've been successful and fixed all their security issues (sic). i'm waiting o see xml security issues start appearing - and wondering about how they will be fixed. rick On Fri, 2003-10-03 at 00:46, Bullard, Claude L (Len) wrote: > I don't have experience with Red Hat. My experience with > MS is improving quickly. The announcements now come fast > and the Windows Upgrade process is easy. That's a desktop > perspective, but I do have SQL Server running locally, and > so far, so good. When the Love bug hit the wires, we had > some serious problems here. Since then, our IT department > has become not politely but strenuously insistent, to the > point of Draconian measures when needed to get the attention > of the droid owners. Hopefully, everyone has gotten the > message that security is a serious business issue. But have they? > > Here is the kind of thing that frustrates the IT folks: > > "It's no secret that the advantages of upgrading operating systems or > application software has diminished quite significantly over the last few > years. If you look back over history, there were great advantages from one > release to another. You just don't get that anymore. You just don't get the > bang for your buck switching from 2000 to XP. > --Toni Duboise" > > It's just dead wrong and spreading the idea contributes to > the problems by insisting there is no value > in getting a better operating system. XP is waaaay better > than 2000 and one can see that easily by dropping some > more RAM into the machine and watching what happens. > Security is better but not perfect. There is something > to be said for killing Outlook Express whereever one > finds it. Scripting inside mail systems is a bad brew. > > So part of the problem is the old legacy not having been > fully patched, part of it is competence in that sloppy > code gets released, part of it is institutional in that > sloppy code isn't discovered early enough, part of it is > architectural in that the trade offs of ease and security > aren't fully understood and implemented, and part of > it is cultural, in that the web culture has yet to > mature to the point to realize the deep nature of its > interdependencies and the folly of unsavory or ill-informed > opportunism. > > Everyone is learning. We need to encourage collboration > on solving these problems, learn to improvise and work > together quickly, and stop stomping on each others lines > or riffs just to get more of the spotlight on ourselves. > A theatre troup banishes an actor who does that and any > technician that helps them. A jam band beats them up. ;-) > > len > > > From: Rick Marshall [mailto:rjm@z...] > > that's why i primarily use windows 2000/xp and redhat linux distros - > redhat in particular is very fast at getting fixes out - so they > obviously recognise the problem from a business perspective. ximian has > an alternative that is almost as good. microsoft does the job, but i > find it's response a bit patchy although i haven't done the stats. > basically i watch the announcements from cert and then how long to get a > fix from the vendor. > > ----------------------------------------------------------------- > The xml-dev list is sponsored by XML.org <http://www.xml.org>, an > initiative of OASIS <http://www.oasis-open.org> > > The list archives are at http://lists.xml.org/archives/xml-dev/ > > To subscribe or unsubscribe from this list use the subscription > manager: <http://lists.xml.org/ob/adm.pl> 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
