Forgot your password?

Comment: Re:Low (Score 1) 79

by donaldm (#46811913) Attached to: Heartbleed Pricetag To Top $500 Million?

That's ridiculous. I download firmware patches, software patches, etc on a daily basis. Patching heartbleed wouldn't even be out of the ordinary for my job as CIO. It basically costs IT nothing.

Yes and no. If you are patching for home use then there is basically no cost, however if you are patching corporate systems then the cost can be considerable since you actually have to involve all the managers that have an interest in all the relevant applications on the systems that need patching.

Just patching a corporate system without testing if the update breaks any applications is almost a sure way of getting fired. Many business have or should have a change management process and the professional IT manager has to follow those procedures. In the case of a serious vulnerability change management can be fast-tracked however the IT manager should consult with their software service provider to see if only the relevant patch can be applied and in some cases a full update may be required. In the worse case there may be a requirement to have a major update (ie. one major release to the next plus updates) which in the case of Linux/Unix should only take a few hours however without the proper testing that upgrade may actually break some applications which may not sit well with some business.

To recap you are correct in saying that just applying the patch would take a few minutes with almost zero IT cost, however when you take enterprise systems into account what would normally be a very quick patch could translate into a considerable amount of hours/days/weeks when all interested parties get involved.

Comment: Re:Not a fan, but... (Score 1) 397

by donaldm (#46804121) Attached to: In a Hole, Golf Courses Experiment With 15-inch Holes

Golf is about getting your balls into the hole in as few strokes as possible. It's as simple as that.

You have got in one (pardon the pun).

One thing I like about golf is the fact that it can be played by people, male or female of all ages and you get a reasonable workout, especially if you play the full 18 holes. Of course the 19th hole is usually the more interesting :).

(FTA) “A 15-inch hole could help junior golfers, beginning golfers and older golfers score better, play faster and like golf more,”. What rubbish the whole idea of any game is to provide a challenge and this also includes video games as well. Sure there will always be some who are much better in a particular game but unless you play a game professionally then you should be playing for the challenge and the enjoyment. As far as I am concerned if you don't enjoy the game then don't play it after all no one is really going to force you.

Unfortunately with golf as with some other sports the overall costs keep going up and that actually turns many people off the sport.

Comment: Patching (Score 1) 293

by donaldm (#46785327) Attached to: Ask Slashdot: System Administrator Vs Change Advisory Board
If all the patches come from Redhat there is no approval its necessary to keep them up to date for security purposes. The same is true for patches pushed out from Microsoft.

Your kidding right! In any company environment you must follow "Change Management" procedures and that usually involves getting written approval from all project managers that are responsible for each project that is installed on the particular machine. On a Production and/or machines it is usually good policy to be at least one month (possibly six) behind Testing.

I am well aware Redhat are very professional however you should never just update without appropriate testing and management approval. As for Microsoft the same concepts apply. The "cowboy" approach may be ok for home use but put yourself in the shoes of someone who has to explain to a really pissed off management why something went wrong when you were not following "Change Management" procedures.

Comment: Re:SCCM (Score 1) 293

by donaldm (#46785279) Attached to: Ask Slashdot: System Administrator Vs Change Advisory Board
I think go for easy solution. introduce the patches in batches for the board. ("monday updates for week 32")

I won't comment on MS Windows, although I don't think what you have said will work very well, since I have never seen Production MS centric machines updated on a weekly basis.

Providing information for Linux (Redhat example) is very easy if you have the rpm's. All you need to do is run "rpm -qp --changelog " on every package associated with a particular kernel release/update and provide that information to the Change Advisory Board (CAB) which may result in 100's of package information. This is extremely easy to automate and should only take you a few minutes.

If you provide the above type of info to the CAB then I am quite sure they will do one of two things. 1) Throw a "hissy-fit" (grin) and never want to speak to you again, or 2) Thank you for the information and get back to you in a few months. Of course to keep on their good side you could just give them the changelog of the kernel you are going to install then explain that this is your reference and in the case of a Redhat distribution, which the company has to pay for, this should be enough although you may want to list all the packages that will be updated and let CAB decide if they need their changelogs as well.

I do have to state that in a production, QA, development and to a lesser extent a test and/or "crash and burn" environment you should have appropriate software contracts in place whether it be for a Linux, Microsoft or Unix solution or even some other OS. Having an appropriate software contract in place should save yourself allot of problems and you actually look good with management especially if you can give CAB the info they require (not necessarily want) that will get the job done quickly and efficiently.

In the case of Linux it is fairly easy to setup (approx a days works) an "in-house" repo "jump" server keeping in mind your network people need to get involved here since all target machines will need network access to this machine (or multiple machines if you have separate networked environments. On your "repo" server (appox 100GB+ needed) make sure the appropriate distribution are kept current (within a week) then create links to a staging area that the software updater programs (ie. yum or apt-get) on the target machines can see which contains the packages that will be updated against a kernel (changelog provided to CAB) that they will be reference against. It must be noted that emergency (ie. security) patches should always (you need to check) have the kernel that the patch came out with which means you should update all packages associated with that kernel. Google and your software provider is your best friend here.

Obviously in the case of a company you must follow "Change Management" procedures and if they don't have one (yes some companies don't have this) make sure there is one in place since this covers you if things don't actually go as planned, then you would need to fall back to the appropriate part of the companies "Disaster Recovery Plan" (your company does have one that is tested, I hope).

Sounds complicated, well it is and it isn't. Basically no company that is serious should be without "Change Management" procedures and an appropriate tested "Disaster Recovery Plan" should contain a section for backups and recovery processes and the policies covering them. I am aware that some people will disagree with me but put yourself in the the shoes of the System Admin who has to explain to Management why the Production machine crashed and/or data was corrupted or lost because procedures were not followed.

Comment: Re:All I can say to that is... (Score 1) 69

Too right. MS Office is bad. Open Office is worse.

In what way? I have personally found that there is not much difference between the two since they are both Word processors. Of course if you want professional documents you could always go for LaTeX which is surprisingly easy to use since you only need a text editor or you can use a graphical interface as well, however there are commercial type setter software packages as well. It really depends what the user or organisation require (Note: I did not use the word "want", there is a huge difference) to get the job done.

Similarly, Photoshop is bad, and Gimp is worse.

Again how are these products bad? They both can do some quite amazing things with images since they are both image manipulation software.

Why is the open source community incapable of outdoing commercial de-facto standard apps with poor UIs?

I don't think it is a matter of "free open source software" (or FOSS) outdoing commercial software since it would be difficult for FOSS to match a commercial company in features and they also run the risk (especially in the US) of infringing software patents. However if a FOSS product will do everything that the user or organisation requires then why spend money on the commercial software,

As for poor UI's you should elaborate on that. If the UI does the job efficiently then what is the problem? What do you expect a "telepathic" or some other "magical" interface? :)

Comment: Re:Problem with releasing an underpowered console (Score 1) 117

The reason people don't think 1080p is "next gen" is because PC gaming moved on from it years ago. If you look at most of the hardware review sites they test cards at 4k or 1440p with everything on maximum detail, way beyond the current crop of consoles.

I think people expected 1080p as the absolute minimum, since that's what PC gamers expect. Even low end cards can run most stuff on medium detail in full HD.

Most HDTV's have an aspect ratio of 16:9 and support 720p (1280x720 pixels) and 1080i/p (1920x1080 pixels). Now there are what is commonly called 4k HDTV's and most of these also have an aspect ratio of 16:9 so a little bit of arithmetic will give you 3840x2160 pixels or 2160p. at the moment 4k HDTV's are more expensive than 1080p HDTV's although the price is dropping, however while the difference between Standard Definition and HDTV is very obvious especially when screen sizes can be over 80 inches (16:9 aspect ratio). The difference between 1080p and 2160p content only becomes significantly obvious in very large screen sizes and only if the content is produced in 2180p.

When people buy a HDTV they normally watch content such as movies or other passive entertainment (ie, TV shows) and the rare some even play games. With the exception of BD movies most passive entertainment is still ether Standard Definition or 720p and that does not look like changing for years to come. Some fanatical PC games appear to want ridicules screen resolutions but eventually you reach the limits (we are not far off this) of what human vision and/or the human brain can process and then what?

Comment: Re:Problem with releasing an underpowered console (Score 1) 117

That BS. Microsoft and Sony fanboys mocked the Wii for targeting 720p. According to them they had all the games in glorious 1080p while Wii peasant didn't had real HD.

Correction: The Wii was 480p, not 720p.

Well if you live in the USA and countries that support the NTSC standard then "yes", however there are other countries that support the PAL standard which is 575i/p 768×576) so the Wii can output in higher resolution.

Comment: Re:Farming (Score 4, Interesting) 736

by donaldm (#46738259) Attached to: Ask Slashdot: Are You Apocalypse-Useful?

People can survive quite well without the care of physicians. Going without food is more difficult.

Very true, because without food all living creatures die. However if you have a community of people the most important people are "Waste Management Specialists" such as garbage collectors and people who can put in and maintain water and sewerage systems. Without proper sanitation you would normally have a local or even a worldwide catastrophe unless we all want to go back to our hunter/gatherer roots.

Comment: Re:Slowly (Score 2) 451

by donaldm (#46722563) Attached to: Ask Slashdot: How To Start With Linux In the Workplace?

Then run like hell!

Wile the AC made this into a joke it really is the best advice if you do this badly.

Rather than be the person who is going to be perceived as the one who pushes Linux into your workspace I would recommend getting in a consultant from a reputable firm and get written recommendations on "how" or even "why not to". If this is done properly then everyone looks good. A Professional Consultant could come up with relevant recommendations in less then a week (assuming a small organization of say less than 100) contrary to what some would say.

Another thing don't be the person who is going to be stuck supporting a Linux environment unless you really have had experience, one or more support personal and get paid accordingly.

Comment: Re:Whatever you may think ... (Score 1) 446

by donaldm (#46722055) Attached to: Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

Good luck with that lawsuit, what law was broken? There was no contract and no guarantee, implicit or explicit. OSS is generally "use at your own risk".

I think if you look at propriety software you will also find that it is "use at your own risk" and "best effort" although it may be obscured with more legalese wording. Making any programmer or software house libel for any mistakes unless they can be shown to be malicious would effectively stop software development in the county that IMHO stupidly allowed this to be part of that countries law.

Comment: Re:WTF? (Score 2) 277

Actually if a cracker wanted to get a user's password all they need to do is contact the target in a so called official manner stating that they think that their account has been compromised and they need their password to check. Surprisingly many people would actually fall for this so a cracker would prefer to use social engineering to get a password rather than try the brute force method which would normally raise alarm bells with System Administrators. Of course this assumes that the System Administrators of a targeted machine have some level of competence and integrity.

Actually brute force cracking is the stuff of Hollywood movies since most operating systems have a policy that is set to 3 or 4 strikes and the account is locked. Although I have seen sites were this was not enforced. Of course there are ways of restricting access even further such as one time passwords but the problem of security is still the weakest link in the chain and that is the user.

Maybe this is a great system, but the hyperbole in the summary is ridiculous.

Could not agree more.

Comment: Re:Clean laptops (Score 1) 387

If you're looking for a gaming machine, don't buy Compaq/HP or Dell/Alienware. They load so much crap in there it isn't even funny.

I think serious gamers actually build their own machine and somehow "get" a version of MS Windows to install as their OS :)

If you're looking for a general use laptop, stick with the business lines for anyone save HP/Compaq (who still loads gobs trialware/demoware crap).

True, however business lines are usually much more expensive so the average person will put up with the rubbish or if they have some knowledge remove the crap, which is really not that difficult.

Personally I have never had an issue with HP machines and I have two working laptops that are 5.5 and 3.5 years old respectively that are running perfectly with Fedora 20 although originally I actually removed the pre-installed OS (MS Vista and Win 7 respectively) and installed the particular version of Fedora at the time I purchased each laptop.

Comment: Re:Bad summary (Score 1) 206

Much as I hate to defend Microsoft, the summary mischaracterises Microsoft's statement. Microsoft is saying that it already had the right to search the mailbox, so a court would not have issued an order.

This is such a grey area and I would be surprised if there is not some precedent in law that would classify reading someone's mail and private data as a serious offence without the express permission of the owner of that data or a court order requesting such access. Stating that we own the infrastructure therefore we have the right to do what we please is not a valid excuse.

Consider the following. Say a person owns the building that houses a post office, would they have the right to enter that post office and demand to read mail without proper legal permission? Why would private email be any different from private physical correspondence?

When acting as a System Admin on occasion I was approached by management requesting me to read other peoples email which I promptly denied stating that I would need a court order to do this. The reason for requesting a court order is mainly to cover yourself in case there were legal implications. The only thing relating to email which was acceptable was checking if particular email had been sent and where too, which required a check of the logs. Even then I required written permission to do this. Was I being overly cautious? Well yes since it may not be a good excuse in a court of law stating that I was ordered by management to do specific investigations without the proper legal authority.

Was Microsoft breaking the law demanding that the particular System Admin read certain mail for them? Well I would hate to be in that System Admin shoes right now since they effectively did the "break and enter" while management can sit back with a smug look on their face.

Comment: Re:Not the only reason..... (Score 2) 409

by donaldm (#46532157) Attached to: Why Buy Microsoft Milk When the Google Cow Is Free?

Both my private and work machines both have MSOffice on them and I still use Google Docs for the bulk of my writing. It is light weight, easy to use, accessible from anywhere, and easy to share with collaborators. Office 365 is a bit better in some of those regards, but still makes collaborating with external entities more difficult.

I have found Google Docs great however if you are moving around (think consultant) then depending on a product that is on-line only is IMHO stupid because there are may places that block outside internet access. Basically having an installed Office suite such as Microsoft Office or even LibreOffice is a much more reliable way of using an Office suite.

Personally I use LibreOffice under Fedora (it can be also be installed on a MS or Apple OS as well) and I have never found issue with interoffice interoperability. What is even nicer is that LibreOffice is free and is about a 210 MB download and since I use a Linux distribution any updates can be automatically (personally I don't recommend this) or manually updated.

The first version always gets thrown away.