USDOI Goes 100% Microsoft 385
SatanIsHere writes: "A memo (here, here, here, and here) dated September 19th, 2002 from the Department of the Interior's Acting CIO notes the new policy of a "Department-wide standard for computer operating systems (desktop and server)" Of course the good news is that this will herald a new era in government transparancy for the Department of the Interior.
SatanIsHere Continues: "On September 13, 2002, the Assistant Secretary for Policy, Management and Budget signed the attached Findings and Determination establishing Microsoft Corporation's enterprise desktop and server software as the Department-wide standard for computer operating systems (desktop and server), office automation, and asset management software.... Benefits of establishing this new Department-wide standard include:
- Lower Total Cost of Ownership for the desktop, including lower user training costs.
- Centralized and efficient security policy administration
- Greater flexibility and management functionality from products that offer a broader range of management solutions that integrate with non-Microsoft environments
- Greater productivity and reliability attributed to less downtime.
- Extended support for a large base of software applications.
Business specific application software requirements (such as Sun/Solaris, IBM, AIX, etc.) outside the established Microsoft standard may be addressed through the OCIO waiver process."
This looks to freeze out an entire Federal Department (70,000+ employees) from non-Microsoft solutions, requiring a "waiver" to use anything non-MS. One more step to complete Microsoft World Domination. This is particularly ironic considering the problems DOI has had recently regarding IT security. If this isn't leveraging a desktop monopoly into other areas I don't know what is. :-P"
Brilliant tactic! (Score:4, Funny)
Re:Brilliant tactic! (Score:5, Interesting)
DOI has cultivated a reputation for being total mongos for decades, and since Gale Norton came on board, all pretenses of their mandate to protect US natural and cultural resources have been pretty much dropped. Their handling of Native American and environmental issues have been atrocious (so much so that they were recently called to task by a federal judge for their incompetence) and their recently publicized network security problems are just icing.
I would post links, but why
In short, the DOI is largely derided as an incompetent bunch of bumbling boobs, hence my weak attempt at humor noting that installing a uniform MS environment would be an excellent diversion and scapegoat.
This page is currently unavailable... (Score:3, Funny)
If this site belongs to you, you owe us big time, one of our rack's just melted from this fatal slashdoting.
Re:This page is currently unavailable... (Score:2)
I just got amazing deja-vu reading your post. Do you or someone else say something like this every time this happens?
It's totally weird. I'm bidding on a server on ebay too, that is tying into it. I wonder if my gf put something into this coffee.
Oh yeah, to be on topic, I wanted to say that I work for gov't, and our department's CIO has declared that only MS is going to be "supported software." It doesn't mean anything. People are going to use what they want. There are plenty of Unix boxen on our network.
Of course our CIO is a joke, the DOI CIO isn't neccessarily...
Re:This page is currently unavailable... (Score:2)
So? (Score:2, Insightful)
I use linux at home, but at work I gladly use windows & MS Office, it is the best solution, or at least a decent one for many situations.
Hopefully the waiver process isn't so difficult that people can still select the best tool for the job.
waiver process?!? (Score:3, Informative)
That's the kind of sh*t that pisses me off, I don't pay taxes to have the government simply hand that money to a corp. I am morally opposed to. I wouldn't mind if they simply chose the best tool for the job and the tools they needed happened to be MS software, but this just reeks.
There is absolutely NO REASON why a waiver should be needed to use something other than M$ software, that's ludicrous and stinks of corporate pandering.
* i usually stay away from using $'s in M$, but in this case i thought it was appropriate
Comment removed (Score:5, Insightful)
Re:waiver process?!? (Score:4, Insightful)
And I'd say take that one step further had have conformance of systems...but conformance to a published open standard...so you can have competition without conformance degration.
Once you start down the MS road and start using software that does not conform to a published standard you are locked in and the cost of switch over to any else becomes extremely high..and higher after every release cycle.
Its hard to talk about conformance when the issues at hand are vendor specific since the vendor can force change on you via updates. You can get conformance and competition if you limit yourself to an open specification that all vendors can compete for. Once you let the vendor dictate to you what features are worth using and what features you are going to get...your stuck...without paying a huge penalty to get out. But if you don't pay the huge penalty in the short term you pay a gigantic penalty in the long term after several upgrade cycles, where you have lost the power to make decisions as to what you really need and who can provide the software and the systems.
Honestly, sometimes, it makes sense to standardize
It sure does...so stop using MS...becuase MS software does not conform to OPEN standards. How standard is a standard if there isn't a neutral 3rd body overseeing conformance to that standard.
If we used a standard of length measurement only sold to us by MS, we'd have to upgrade our rulers every 2 years becuase the standard would surely change.
-jef
Comment removed (Score:4, Insightful)
Conformance != All Microsoft (Score:3, Interesting)
One problem, conformance of systems usually means that you have to use older systems to ensure conformance. To get conformance right now you'd have to throw out most of your current PC's and buy/upgrade all of the desktops to the latest version of Windows XP. Additionally, you'd have to migrate all of your servers to Windows 2000. With that accomplished you would now have a conformant layout.
Then, you'd have to avoid making any upgrades to the systems. All you could do is patch and make sure every box had all the patches. Sounds great. So, this whole process gets completed somewhere around Q3 2003 (being generous time-wise).
Windows
BTW, this part hasn't even started to go into the actual applications being run on the desktops and servers let alone the hardware being used by them.
Basically, "conformance" is impossible. Hardware changes too quickly. Software changes too quickly. You'll either need to freeze everyone in time or just deal with the fact that everyone will be running different OS's.
Finally, considering the DoI's current track record with security (couldn't even put the Indian records into a DB) I find it very hard to believe they would be able to stay up with the patch-wave that is MS.
Re:Conformance != All Microsoft (Score:3, Insightful)
Now, let's look at a modern WAN. You've got regional offices scatterred all across the US. Do you need local servers to redistribute those patches down to? Maybe you want the 5 XP machines in the little RI office to completely flood their 128K frame relay connection back to the main office pulling down the latest Microsoft VM patch? How about that travelling guy with a laptop and a dial-in connection?
Now, how about provisioning that new box in the RI office? Are you going to be constantly updating a stream-lining patch set so that they don't have to download 20 seperate patches and reboot after many of them?
It takes a hell of a lot more time than your 5-10 minutes *per week*.
Conformance of systems (Score:2)
If the gov't had created a policy requiring the department to settle on the most widely used and standardized systems available, that would have acheived the desired end.
As I understand this policy (and I really don't, because all of the links are dead), I'm required to purchase a Microsoft product even if it a) doesn't integrate well with other Microsoft products, b) is completely non-standard, and c) is not the package generally used for that purpose.
One policy is at least vaguely justifiable. The one they've chosen is just a blank check to Microsoft.
Re:So? (Score:2, Insightful)
Re:So? (Score:2)
Actually it did. I work for a state government. Sure the rules we get to "save money" cost us a fortune, but some wavers are easy to get and some hard. You can't tell from this memo, but I guessed this one would be easy.
I still think it's lame, especially after the NSA was told not the help Linux security in the name of a free market.
era of transparancy (Score:3, Funny)
Benefits?? (Score:2, Troll)
> Centralized and efficient security policy administration
> [...]
> Greater productivity and reliability attributed to less downtime.
That are the Benefits of using M$? Funny, I never knew that widooze provides these features...
Re:Benefits?? (Score:4, Funny)
> [...]
> Greater productivity and reliability attributed to less downtime.
That are the Benefits of using M$? Funny, I never knew that widooze provides these features...
You've got to pay attention.
Centralized and efficient security policy administration
This says nothing about security; just a security policy (apply patches and hope for the best)
Greater productivity and reliability attributed to less downtime
'greater productivity' means that Spider Solitaire isn't as easy as freecell, so users will give up in disgust and do some work.
'reliability' is a truncation in the memo of "re: liability"
'less downtime' refers to the microsoft helpdesk
Re:Benefits?? (Score:2)
The problem is that MS is so arrogant, so slapdash, and so powerful, that you just can't trust them. When a company spends an appreciable amount of effort at suppressing security flaw reports, it's time to find another company to rely on for your IT infrastructure.
Benn there, done that.. (Score:3, Interesting)
Fraud, waste and abuse hotline 1 (800) 647-8733 (Score:2)
Contrast that with the high availability for non-experimental products like Netware for file sharing or Exim,Postifix, or Sendmail for mail.
Sounds like the government's Fraud, Waste, and Abuse hotline, 1 (800) 647-8733 [info.gov] is going to be ringing off the hook.
One by One (Score:4, Interesting)
* Lower Total Cost of Ownership for the desktop, including lower user training costs.
We've got problems at my work with people thinking that they are fully fledged programmers since they can record two macros and cut'n'paste the results into a super-macro. Of course users need to be educated, otherwise they will not be able to use the applications properly. (One example is people insisting on using spaces when they try to indent text, then go to the IT department and complain about the lines not being properly aligned...)
* Centralized and efficient security policy administration.
Oh, what? Surely one can pull the TP-cable out of *nix boxes too. Even the 'central' one in the basement... Security can not be a reason to use M$ software.
* Greater flexibility and management functionality from products that offer a broader range of management solutions that integrate with non-Microsoft environments.
This is M$ key to new markets. Take a standard, implement it, expand it in your solution in order to make your app 'integrate' with others, but not the other way around. A good application should be able both to import and export data properly. (M$ Word RTFs crash my FrameMaker... portable format - not).
* Greater productivity and reliability attributed to less downtime.
Again, you do not get less downtime by buying an expensive system with big flaws. They probably pay loads of $$$ to get a guaranteed time to support arrives and press the 'reset' button. *nix usually do not fail as ofter as Win*, thus no need to advertise that support will arrive in 2.3ms. The lack of service can be because it is not needed, not because it is an ingnored flaw.
* Extended support for a large base of software applications.
Since most advertised software is commersial, and they probably do not look for software them selves (just ask for it in a formal way and have companies make offers). Just use KDE as the German government intends to do. This does not only give a better quality of the software, but also save loads of license $$$.
But since Bill payed Bush's campain, Bush has to give the money back to Bill. As he doesn't fancy paying up at few $$$, he just takes the $$$ from the tax payers. Bomb the hell out of a few arabs and the software sums looks small in the contents.
Re:One by One (Score:4, Informative)
Oh, what? Surely one can pull the TP-cable out of *nix boxes too. Even the 'central' one in the basement... Security can not be a reason to use M$ software
As much as I loath to defend any decision to choose Microsoft, I still need to point out that the sentence you quote talks about policy administration WindowsNT security model is based on ACL's. Combine that with LDAP and you have a system which is ideal for centralized and efficient security policy administration. Currently, thats something that Unix just can't do, at least not on the same level as Windows can do it.
Re:One by One (Score:2, Interesting)
It just depends on what you want to implement. There are good options out there, including ldap, kerberos, etc.
On the other hand, Windows won't show you file permissions by default. And most users don't even know they can (and should) set those permissions (I guess lots of Windows sysadmins don't).
I never had any problems editing other people's files in my company. I used that in a productive way and with permission from the owners, but it is a security risk.
You can make your system secure either way (even using Windows). It just depends on you. This advocacy for MS products stems from fear. Windows sysadmins go for the easy road (where decisions are made in Redmond) instead of taking responsibility for developing a security policy of their own.
Just like my company: 90% of the Internet has been blocked out. For security reasons. Everybody afraid of the killer ActiveX control. But if you go to the web site, they post dozens of Excel spreadsheets and Word documents. Talk about security risk (and liability, since those documents can spread virus)!
Re:One by One (Score:4, Informative)
Since when? Did NIS, LDAP, Kerberos, and ACLs suddenly disappear from Solaris? UNIX vendors have been selling centralized policy administration tools for years. With a little thought and planning, they can even be efficient. Many of them have very nice GUIs, too.
There are even "trusted" versions of UNIX if you want to go crazy with military-style need-to-know setups.
Basically, Microsoft is delivering nothing new, here, except more marketing spin.
Re:One by One (Score:3, Interesting)
http://www.wikipedia.com/wiki/Computer_Security
There have been several papers examining the subject. See the above article and the confused deputy problem for details.
ACLs are certainly more flexible in certain cases than UNIX permissions. But flexibility usually has a cost, as aforementioned.
I agree with you on LDAP, it is a great way to centralize security. UNIX would certainly benefit from a clean way of tying the two together (PAM is only part of the puzzle and is certainly not simple to setup in my opinion).
Kerberos? It was never designed to resist attacks in which a listener can capture packets. That pretty much means how secure active directory is depends on the physical security of your network. If someone can get onto your network you out of luck. Why? Well, because your domain controller encrypts an ascii timestamp with your password when a request is sent to it to logon as a certain user. An RC4 cipher is used and given that RC4 has been torn apart cryptographically, that you know atleast a 80% part of the ascii timestamp because the dc will happily tell you the time, you have plenty of info to crack the password.
Since MCSE's like defaults, I would imagine and as far as I have seen, most admins use the out of the box kerberos authentication as is. In there defense, Microsoft does offer the use of PKI in place of RC4 which is resistance to these particular attacks, but it generally requires a smart card reader and smart cards to deploy. There is an additional substitution option, but I cannot vouch for the strength of it either. Hopefully, microsoft will use a strong authentication protocol like SRP in the future in place of the weak mechanism included in there kerberos implementation.
Re:One by One (Score:2)
If you don't know it, don't say it!
Re:One by One (Score:2)
I don't suppose you've considered that this might be a FrameMaker problem?
Re:One by One (Score:5, Interesting)
"We've got problems at my work with people thinking that they are fully fledged programmers since they can record two macros and cut'n'paste the results into a super-macro"
That's a problem anywhere. When I was a junior sysadmin at a university Unix shop we'd have PhD candidates dropping fork bombs and other stupid Unix programmer tricks.
"Oh, what? Surely one can pull the TP-cable out of *nix boxes too. Even the 'central' one in the basement... Security can not be a reason to use M$ software."
Microsoft Security is pretty decent and granular in an all Windows 2000 / Active Directory environment. Try implementing group policy and acls in Linux or Solaris.... it can be done, but you do not know anyone who can.
IIS vulnerabilities do not count -- Apache has it's share of exploits and doesn't belong in an LDAP or NIS server. Similarly, you keep IIS where it belongs.
"Take a standard, implement it, expand it in your solution in order to make your app 'integrate' with others, but not the other way around. A good application should be able both to import and export data properly. (M$ Word RTFs crash my FrameMaker... portable format - not)."
No disagreement with you there.
"Again, you do not get less downtime by buying an expensive system with big flaws. They probably pay loads of $$$ to get a guaranteed time to support arrives and press the 'reset' button. *nix usually do not fail as ofter as Win*, thus no need to advertise that support will arrive in 2.3ms. The lack of service can be because it is not needed, not because it is an ingnored flaw."
That's really not true anymore -- busy Windows servers are nearly as reliable as Unix these days. The only real disadvantage of Windows (and Linux) vs. Commerical Unix are mass-deployment and backup tools. Comparing your Windows XP desktop computer's uptime to your Linux boxes' is not a valid comparison.
As far as your delusions about support go, you need to think a little. Our datacenter pays about $1.2M annually for 4-hour support contracts for Unix machines. (For our most important machines only) Similar contracts from Dell or Compaq for Intel hardware cost about 1/2 of a similar Unix contract.
"Since most advertised software is commersial, and they probably do not look for software them selves (just ask for it in a formal way and have companies make offers). Just use KDE as the German government intends to do. This does not only give a better quality of the software, but also save loads of license $$$."
If you have ever worked in a large IT shop with lots of custom applications, you will know that custom software sucks and costs about 5x an off-the-shelf solution. Plus, who has the budget for full-time developers to make software that is already on the market for 1/5 the cost??
Re:One by One (Score:4, Interesting)
Microsoft Security is pretty decent and granular in an all Windows 2000 / Active Directory environment. Try implementing group policy and acls in Linux or Solaris.... it can be done, but you do not know anyone who can.
Why would you want to? If I need to, I can fire up man pages and search google. I administer about 10 fileservers across three departments totaling a good 15-20TB and hundreds of users and have never run into a situation where ACLs are needed.
Comparing your Windows XP desktop computer's uptime to your Linux boxes' is not a valid comparison.
Why not? I use Linux on the desktop as well. The problem with Windows boxes is that mgmt. often thinks that trained monkeys can administer a box. And it's probably true. Until something fails. Then "Monkey Boy" does you no good.
Similar contracts from Dell or Compaq for Intel hardware cost about 1/2 of a similar Unix contract.
Probably. Better reason to use Linux on Intel.
If you have ever worked in a large IT shop with lots of custom applications, you will know that custom software sucks and costs about 5x an off-the-shelf solution. Plus, who has the budget for full-time developers to make software that is already on the market for 1/5 the cost??
Now you're confusing "custom software" with "non-shrinkwrapped software". There's plenty of software floating around here running everything from the web server to our ticketing system to databases, and none of it is written in house. The cost to replace them with shrinkwrapped equivalents far exceeds the cost of a few highly trained system administrators . Oh, did I mention we're often times in contact with the authors of said software, and they're usually pretty responsive to bug patches and feature requests.
Re:One by One (Score:2)
What I can't understand is when windows server security patch comes out and requires you to REBOOT your server how do you keep it up?
And after you install several "hot fixes" and "roll up patches" how do you keep the windows server stable? How do you experiance strange errors that require some more installation of "hot fixes" and reboots which generally follow the installation of said "hot fixes" and "roll up patches".
You do patch you windows servers and keep them secure don't you?
See we have this problem where I work. Our windows admins are pretty good but they are constantly playing wack a mole with the windows servers keeping them patched and secure.
The unix/linux servers however don't need a reboot unless the kernel needs to be patched.
Re:One by One (Score:5, Funny)
Don't forget the Registry, DLL Hell, Office File Format Lock-In, EULA-of-the-Month Club, DRM, the Upgrade Treadmill, the GUI Frontal Lobotomy, BSA Audits, Drive Letters, IE Everywhere, Competitor Aquire and Crush, False Advertising, Not Engineered for Security, Automatic Updates, #1 Virus Host, Tax Evasion, 3rd World Corruption, Congress Payroll, Embrace and Extend, and the Microsoft "we got you where we want you" XPerience.
How it all works. (Score:5, Interesting)
But you know what 100% Microsoft translates to? 100% downtime when the next "melissa" or "nimda" hits. I've BEEN there. I've worked at companies like this. Just wait--they'll get tagged by the next Outlook script and the entire site will be down for a day or two while ONE MCSE pokes at the keyboard, surrounded by one or two other MCSEs standing and staring at the guy typing--all the while pulling in huge $$$ in overtime, on top of the huge $$$ they get just for having a 4-letter Microsoft-approved title. Everything is on hold until the next virus update to "fix" the problem, since goodness knows there isn't much in terms if diagnostics and repair you can do in WinNT by itself.
There's a reason why I gave up being a sysadmin--100% Microsoft is mostly why. Can anyone else stuck in 100% Microsoft/MCSE land corrorborate the above story? I'd be surprised if the exact same song-and-dance didn't happen at every Microsoft site.
Re:How it all works. (Score:2, Insightful)
At work, we have a win2k server which shares our internet connection, provides a domain controller for the windows boxen, and basically serves files all day. Big deal...
Problem. DNS entries and isp continues to be flaky. Solution? reboot the win2k server..
How is that a diagnostic solution? It isn't... Which is why I am steering people to the linux world, and other alternatives.
Microsoft has been a joke in security, configuration and ease of use for YEARS. I think the masses are finally starting to sense something wrong with the herd, and moving on to a better pasture.
Hopefully.
Your comment is totally on the money, even though you ARE an AC, but I'll let that slide.
Re:How it all works. (Score:4, Insightful)
Re:How it all works. (Score:3, Insightful)
Part of the problem is the attitude apparently shipped with MS products that MSCE==competent sysadmin for those systems.
I don't have the numbers on my fingertips, but I suspect that none of the major Win-exploits of the past few years used a new hole. They spread so badly because of poor administration. By that token, it would seem that a competent sysadmin could indeed run a secure Win-based business.
But a few weeks back there was a new kid in town, and this time it hit Linux - slapper. From what I understand, this was a newly discovered hole that was made into a worm in record time. Still the infection rate turned out to be minor, mostly because of competent sysadmins and the **rapid release** of a security fix.
Slapper broke new ground in several respects, between hole-to-worm time and its use of peer-to-peer. Now try running this combination against the more common (not yours obviously, though you can only deploy released patches) Windows security environment. Add to this the chilling effect of the DMCA on grey-hat activities, especially in the closed-source security arena.
The Ultimate NT Lie (Score:3, Insightful)
Your story is yet another of the scores of examples which contradict the long-touted "feature" of (NT|2k|XP) that it is "easy to administer." If it was truly easy to administer, then the administration would not need to be done by competent administration; i.e., anyone should be able to do it.
I maintain that (NT|2k|XP) is equally difficult to administer as *nix and has always been. One may be better than the other for certain tasks, but effective administration for both has been and still is difficult and requires highly skilled professionals to do it right.
I think that my biggest problems with NT systems was the outright deceit which pervaded the marketing surrounding said systems. (See also: "NT Workstation and NT Server are completely different operating systems. Really. I mean it. Pay no attention to the identical kernels.")
Re:How it all works. (Score:3, Funny)
The US Government has that part covered.
They'll just declare virus writing/deploying as a terrorist act and use as an excuse to invade the Philipines or other asian countries.
Re:How it all works. (Score:3, Informative)
And we're punished every time some schmuck writes one of these macrovirii, because of this uniform, Microsoft infrastructure.
Microsoft *is* the choice for Dept of Interior (Score:5, Insightful)
Re:Microsoft *is* the choice for Dept of Interior (Score:2)
Interesting, so you're saying that MS systems connected to the internet CAN'T stay up for days? Hmm, well then I'd better check my server again because I could SWEAR it's running Windows 2000 Server.... Yep, it is. It's also been up for about 40 days straight now. Yes, that DOES mean that there are critical patches, including the NetBIOS venurability, that haven't been applied. It's not affected though. Why? I took the time to secure it in the first place. None of the venurabilities are relivant since none of the services they affect are turned on or allowed through the firewall.
Of course far more important than uptime, which is something that many Linux users seem inordinatly obsessed with, is unscheduled downtime. It is acceptable and expected that a non-critical system like a webserver will go down for scheduled matenence. Hell, most systems do. I'm a night person and from time ot time when I try and do something like pay my phone bill on the web at 3am it tells me that their finincal system is down for matenence. E-bay goes down every week for matenece at a certian time in the morning. Downtime is only a problem if it is unscheduled, ie happening because of a failure.
In the case of my 2k server it has been down precisely once: when the power failed. It has never been hacked, or crashed.
Really, the incessant ragging on MS is just unwarranted. If people would bother to take the time to learn a little about Windows server and secure them, and then keep current with patches, there wouldn't be near so many problem. The patch for code red came out long before it hit the fan and none of the servers I admin were affected. Hell, if you do a good job with securing the server, many patches you don't even have to worry about and can put off until your next scheduled matenence since the services they effect are either turned off or protected by firewall.
As the receant Linux worm showed, it's bad administrators that are the real problem, not the OS.
Netcraft Link ? (Score:2)
Interesting, so you're saying that MS systems connected to the internet CAN'T stay up for days?
In the interests of transparency and to prove you are not just another MS Astroturfer perhaps you could prove this rather than just claiming it by supplying a Netcraft link.
Re:Microsoft *is* the choice for Dept of Interior (Score:5, Funny)
It's also been up for about 40 days straight now.
Only a friend of Bill would brag about 40 days of uptime.
/. Editors should know the safty tips. (Score:5, Funny)
Peter: "Why not cross the streams?"
Egon: "It would be bad."
Peter: "Define bad."
Egon: "Imagine all life as you know it stopping instantainiously, and every molocule in your body exploding at the speed of light."
Peter: "Ok that's bad. Important safety tip."
Ontopic example.
Hemos: "Don't post links to That server!"
chrisd: "Why?"
Hemos: "It would be bad."
chrisd: "Define bad."
Hemos: "Imagine all internet traffic as you know it stopping instantainiously, and every packet on the network bombarding the server at the speed of light." chrisd: "Ok, that's bad. Important safety tip."
Can someone explain to me... (Score:2)
Somehow the idea of a government office being unwilling to accept any license is soo evil that even some traditional free software advocates are against it, yet standardizing on a single vendor is so commonn that it rarely get mentioned.
Re:Can someone explain to me... (Score:4, Insightful)
The effective of a MS solution is not justified by its cost period - and as a taxpayer, I say its a problem.
Re:Can someone explain to me... (Score:2)
Or, for you hick types, look at the general health status of normal people versus inbreds (the O'Higgins living accross the tracks, or the britshit royal family).
So..... (Score:3, Insightful)
And this time they didnt boil the frog, the put it in hot water first!
On the other hand, all is there is something by satanishere, geocities is trashed. So no proof. Is this story true? And Mr.Editors you know too well not to post links to geocities.. dont you. Better aproach would have been to download the images and then put them on slashdot.Nobody here knows what that memo contains, what is there in it, so before this post goes to the HALL OF FAME maybe we can see the images please. [slashdot.org]
Another thing, apparently DOI has 70000 employees, are any of them on slashdot.. I really want to hear what they say about it. Or if none of them are there onWhy should we stop them (Score:3, Insightful)
Beside the fact that the employees probably had almost nothing to do with the decision, it is objectively bad for the government to lock up our information in a propriatary format.
The real tragedy of this will come down the road, when not even current MS crap (if they survive) will be able to read the obsolete Word2002 formats stored in the archive. Even today, I expect that you would have some problems reading at least some old windows document formats in the most current editions.
MS development processes are so ad-hoc and market driven that they cannot even keep track of all the external representation formats that they have created. They just don't get it. The reason that experienced and skilled software architects and designers insist on supporting mature standards is because otherwise it turns into an unmanagable mess. Stability is way more important than wiz bang features. Note that this is also the source of many of their security problems, at least the ones that aren't due to allowing program fragments to run from untrusted sources, but I digress.
This is also why the Linux platform is so much better. Even though it is not yet at a maturity and stability level that satisfies us, it is still completely usable because it doesn't just abandon standards in an attempt to gain market dominance. Once a standard is established and has become stable, you can be certain that it will be widely adopted. In this environment, any number of projects can implement that standard, and users have a choice to stay with the old reliable tool, or upgrade to get more features and functionality. Or even use both situationally.
Mirror (Score:2, Informative)
Much to my surprise, though, all I was able to mirror for you guys is this: http://home.centurytel.net/mraymer/sorry.gif
Never underestimate the power of a Slashdoting, I guess. ;)
lets not get emotional (Score:3, Interesting)
The biggest joke is perhaps the part about lower costs from more reliable services. Sorry, but I don't know of anyone who has knowledge of Unix and Windows systems than can attest to better MS reliability, ever. It would seem that it would have been just as valid for the report (when naming reasons) to say, "MS has cool commercials" and "The trees around Redmond are really pretty this time of year."
Windows is definitely the solution in the case of desktops, especially with users already used to Windows. However, for backend reliability Windows has proven that it is only reliable in attracting exploiters and malicious code. This is just another example of blind bureacracy in action. The licensing costs alone will put the budget to a point that the equivelent agency that runs Linux backends would be able to buy 100's of more computers. I would like to see some detailed studies by the DOI as to backup their financial claims. However, they do have one point that is valid. If starting from scratch, it is indeed easier and cheaper to train administrators (at least to a partially competent technician level) in Windows than in any *nix. Call everyone monkeys if you wish, but the fact that a well organized GUI can be quickly adapted to by many will produce much more technicians than the unorganized mess (usually the fault of app/package and distro producers admittingly) that is *nix. Too many times, people trying to simply get the damn thing to work will ask, "where do I find out all the details on how to make X happen?" Often the answer is not there, or buried deep within a chaotic cavern of unorganized information and references. When asked about the silly redundancy (good example is Apache, where in writting to the httpd.conf you must often put certain definitions and features in multiple places) I can't answer except say, "Well I think someone just wanted it that way." (don't get me wrong, I love Apache... but that is an oft repeated question by many)
DOI ? (Score:3, Funny)
Notice it's the ACTING cio (Score:2)
My favorite stand in govt official is "Acting Assistant Deputy Secretary" - that actually exists!
Not that strange that they do this. (Score:3, Interesting)
One thing i have hard to understand is how they can prise interoperability on one hand and not demand open standards at the same time.
Bidding process? (Score:2, Insightful)
If you used all Sun, Linux, or Apple software/hardware, you'd have the same compatibility bonuses as you do with Microsoft. Compatibility is not unique, or even native, to Microsoft. Hell, they removed from Office XP the ability to open other office suites' documents with the default install; isn't that a step BACKWARDS for compatibility?
Comment removed (Score:4, Informative)
Waiver allows other tools (Score:2)
This means a Linux box will be allowed in the DOI if it's really necessary. All this really does is prevent the l337 h4x0r downstairs from running a Linux box he doesn't understand and can't make secure.
The "100% Open Source" policies would not allow anything Microsoft, even if it is the best tool (gasp!), based purely on ideological (read: impractical) reasoning.
Open Source as a requirement not unfair... (Score:2, Interesting)
I believe open source needs to be looked at the same way...and, in fact, many gvt's around the world are doing just that.
Stop saying that requiring open source EXCLUDES MS. It does NOT. The problem is that MS does not have any products which meet the customer's system requirement for multiple sources for system components.
MS (the company) is not excluded, their closed-source products are. If they wish to compete for systems that require multiply-sourced components,they should make products for that market.
Ten Year Ban (Score:5, Interesting)
we knew MS would win (Score:3, Insightful)
But we knew this would happen. With a pro-corp prez in place, MS would get off, and now it is being espoused by the government. Nice going, morons. We don't want to punish MS for being a monopoly, no, we want to have them continue to publish wonderless software, and we'll even use them!
If I could convince my gf and my ex (for the kids), I'd move to Canada already, or even Europe. Sure, freedoms and technology are not the same, but so what. These areas of the world are getting it (except Blair, what's he gonna get for his support?). Some Superpower....what's that saying? Power corrupts, and absolute power corrupts absolutely. Thanks Bushki!
as a DOI employee (Score:5, Insightful)
All specialized applications are UNIX, and will be waived.
The major problem is with administrators. There arent enough qualified people here to run a multimode environment. They cant pay enough to get qualified Americans to work for them, and they cant contract out to H1Bs.
in short, I dont think this will have much of an effect.
Re:as a DOI employee (Score:2)
Re:as a DOI employee (Score:2, Interesting)
My entire IT office is up in arms about this. With NO comments from the rank and file, many people are upset.
Re:as a DOI employee (Score:3, Interesting)
- New (note I said NEW) contractors looking to work with the DoI will see this as an indicator that NEW stuff will be done on a Microsoft platform.
- MILLIONS will be spent by vendors, contractors, etc. in training and otherwise getting up to speed on said Microsoft platforms
- A lot of CIOs will take their cue from this and do the same thing
- Microsoft will market the S%*t out of this, using it as an argument against other government departments (not just US ones) who are pro-OSS
- Other US departments will follow suit...and it will all repeat
Now, I'm not saying OSS is dead in the DoI. But I am betting OSS will be slowly phased out if this policy stands, as any NEW projects will be hard pressed to justify those waivers.But I admit: I could be wrong.
Re:as a DOI employee (Score:3, Funny)
There are currently thousands of highly qualified people available now who will work for half or even a third of the salary as average. This is why the government conspired with wall street to bust the big bubble, because no one would work for the government anymore (no stock options). And unlike H-1Bs, who have to be paid what the average person makes, you can legally pay Americans way under average. So now there are plenty of admins available ... and programmers, too. Just post the openings here [slashdot.org] and watch the geeks resumes come flooding in.
Re:as a DOI employee (Score:2)
Sometimes a standard just is a standard... (Score:5, Interesting)
Email went down for three days while they blamed the Exchange box, I had explain MX records to them and prove that it was disk overload on their primary MX (sendmail +Redhat 5.2). They couldn't even remember who had the root password.
What I discovered was that government is still the last big company around. The place where no one ever gets fired, or laid off. Where the new technology approval board is run entirely by people whose only IT training is in Cobol and Unisys 2200. The few really smart people are full of great ideas, but they are rendered inert by the great mass of "lifers".
In Texas, most of the real IT work gets done by big name consulting firms, at extraordinary costs and questionable quality.
Purchasing policy (Score:2)
I find it amazing that a government department should have an official policy of only purchasing from one particular vendor. I would have thought a fundamental factor in defining a purchasing policy in any large organisation would be making sure that there is competition amongst your suppliers. It's basic business sense, isn't it?
not too surprising... (Score:5, Interesting)
pfS.
[Ironically, when the DOI web site was heavily attacked by the Chinese after we accidentally blew up their embassy in Bosnia, our Unix-based Apache web site, a left-over from a previous webmaster (bless his unix-loving butt), administered by a new-to-unix admin.(me), faired pretty well while the Park Service's M$ IIS4-based web site was hammered through an anonymous ftp account and was down for weeks. (Everything was secure but the gifs. I thought I had everything buttoned up, but for some reason, when I uploaded files to the server via Hummingbird, the gifs (& only the gifs) permissions were set to 'w' for everyone. So we had little Chinese flags all over DOI Home page for about 12 hours. Coulda been worse. Oddly, the Chinese sent tons of XXX-rated mail to the webmaster email address. Ow, ow. ]
Linux/Solaris using DOI employee says... (Score:4, Interesting)
Thus this unfunded mandate to move to some standard platform.
Given that there is no money behind it, and we're talking 40+ mill in LICENCES ALONE!!!
I don't see this happening anytime soon.
On the other hand, it is almost easier for Linux to interoperate with MS stuff than Novell, except Exchange/Outlook, which does have a non-free solution (Evolution).
Further, we have several pieces of Unix only software, and I don't see those being ported soon.
Not surprised, don't care, sucks to be them. (Score:2)
Frankly, this doesn't come as a shock. Government agencies like the USDOI have always been of the attitude that if they pay more, and do less, it's better in the long run. But if they plan on running their entire networks on Microsoft servers, I plan on watching the news for hack reports.
DOI turned off web in 2001 (Score:2)
This is Great News!!! (Score:2)
We don't need the Freedom of Information Act anymore... and I was worrying about our rights being taken away
But what about Palladium and DRM? (Score:3, Interesting)
a) The authentication server at MS crashes or screws up so all the Windows XP desktops can't phone home to get Bill's permission to run?
b) One of those lovely IIS virii starts sending sensitive documents out to every pr0n vendor in anyone's mail spool?
c) The DRM system determines that a critical bit of multimedia presentation, which might decide the creation of a policy, can't be shown since it hasn't been authorized and therefore MIGHT be a violation of someone's copyright?
If you thought your Government was lazy before... man!
DOI? (Score:2, Funny)
Good match if you ask me.
Oh well, couldn't resist
I'm a DOI contractor .. (Score:5, Informative)
At the installation where I work, we've got dozens of legacy systems running on UNIX boxes as far as the eye can see. Some of these are processor-hungry image processing applications that run on high-end boxes from SGI and Sun. These systems are not going away anytime soon, regardless of what some tech-clueless bureaucrat at the top of the chain would like to think.
I'm posting this from an SGI O2, sitting on my desk next to a PC that dual boots Win2K and Linux. All of the developers in the cube farm outside my office door are doing UNIX development on Linux PCs. In the past couple of years, we have started to shun more expensive solutions in favor of software like Apache, PHP, PostgreSQL/MySQL. There are currently several efforts underway to port existing systems from proprietary UNIX (i.e., IRIX or Solaris) to Linux so that we can leverage inexpensive, commodity hardware platforms and get away from paying exorbitant maintenance fees.
We're moving pretty aggressively towards open standards and free software, and I would guess that this memo will have exactly zilch effect on that.
Re:I'm a DOI contractor .. (Score:3, Interesting)
Doubtful. The relationship between contractors and many government agencies is changing. We're moving away from old models where government personnel were actively involved in technical aspects of day-to-day work and into a new model called PBC (Performance-Based Contracting.) In that model, the government serves more of an oversight role (in terms of things like budget and schedule) and assumes a more hands-off role when it comes to how the work is actually done.
This is, of course, how it should be.
Huh? (Score:3, Funny)
Had to spend all that Indian money (Score:3, Insightful)
DOI IT - IDIOT (Score:3, Funny)
Re:gone (Score:3, Informative)
Re:why is this news? (Score:3, Insightful)
1. This applies not just to desktop but to ALL servers as well. and...
2. In order to use non-MicroSoft stuff, you need a waiver (which, based on the way government works, I'm sure is easy to get.)
Sorry to state the obvious, but this seems rather closed-minded on the DOI's part. Especially when you consider MicroSoft's track record for security.
Did you even read any of the above? Or did you just go into 'Troll' mode?
Re:why is this news? (Score:2)
Then theres no problem is there.
Re:why is this news? (Score:2)
(which, based on the way government works, I'm sure is easy to get.)
Then theres no problem is there.
Then why make the policy at all ?
Re:why is this news? (Score:2)
Which part of "everybody will use this single piece of proprietary software" allows people to choose a solution which fits their needs?
It's more likely that they are running Linux or some other system and this decision is forcing them to change to something that doesn't suit their requirements.
NB: taking this all with a grain of salt. A geocities page with some "leaked documents" that slashdots within 5 minutes might just be a hoax.
Re:why is this news? (Score:2)
Re:why is this news? (Score:2)
They should use *nix because its far more secure than windows (on the servers). If you lock down windows on the desktoip so that all files are stored on a NFS/Samba server than use windows on the desktop..
The crap about a learning curve is just that, crap.
Re:why is this news? (Score:5, Funny)
2) Microsoft gets called to task for doing really really bad things by the United States Government.
3) Microsoft is told sternly to stop being such a big meanie, given an affectionate pat on it's cute lil corporate head, and sent to think about how really really bad it had been. Monopolies will be monopolies, after all.
4) Microsoft promises it isn't really really bad anymore, Scout's Honor.
5) Significant portion of United States Government mandantes the use of Microsoft Software.
Does this mean I can go down to the local bar, beat the crap out of the proprietor, steal everything he owns, drive him out of business, and take over the place? Then when I get caught, I'll promise to be a good boy from now on, keep all my ill-gotten gains, and turn the place into a cop bar. Then I'll have enough money to hire some muscle and really move up in the world.
In all seriousness, however, Microsoft has made sincere strides toward policing its own actions (someone has to, right?). For example, from a recent press release:
"SEATTLE -- Microsoft Corporation is pleased to unveil, over the coming weeks, a series of strategic alliances designed to further the goals of our Trusted Computing Initiative.
Beginning next month, to ease customer transition to and acceptance of Licensing 6.0, all Microsoft End User License Agreements will be accompanied by a single-use packet of high-quality non-pretroleum-based personal lubricant. In line with our Software Choice Program, we have partnered with both AstroGlide and Wet* to provide this service to our Valued Customers.
In response to continuing customer concerns regarding the clarity of our various End User License Agreements, we have elected to move to a Unified EULA structure (patent pending) that we feel will more clearly outline the agreements attached to our Software Products. Beginning November 1, 2002, the following EULA will apply to all newly licensed Microsoft Products. Please note that present Microsoft Customers will still be able to benefit from the new EULA scheme, as we will be attaching it to all vital Software Security Updates and Hotfixes for previous Microsoft Products.
'[Product Name]
END-USER LICENSE AGREEMENT
IMPORTANT-READ CAREFULLY: This End-User
License Agreement ("EULA") is a legal agreement between you (either an individual or a single entity) and Microsoft Corporation for the Microsoft software product identified above,
which includes computer software and may include associated media, printed materials, "online" or electronic documentation, and Internet-based services ("Product"). An amendment or addendum to this EULA may accompany the Product.
YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA BY INSTALLING, COPYING, OR OTHERWISE USING THE PRODUCT (THIS INCLUDES THE ACT OF PLACING THE PRODUCT MEDIA INTO YOUR CD/DVD-ROM DRIVE).
1) ALL YOUR COMPUTER ARE BELONG TO US!'
We hope that the new Unified Eula (patent pending) system will clear up any lingering customer concerns regarding our Product Licensing.
*This promotion applies to Wet Light only. Wet Platinum is currently unavailable. Offer good in the United States and Canada only, subject to availability."
Re:why is this news? (Score:3, Insightful)
A policy like this is PREVENTING them to running a solution that fits their needs best. If you think that "run whatever Microsoft gives us" is running the best solution, you are either pretty gullible or have Microsoft-stock (or both as being gullible is a prerequesite for having Microsoft-stock, just look at their P/E)
It also illustrates the incredible Microsoft double-standard. A Microsoft-only policy is great, but an open-source-only policy (which is much less restricting because it is multi-vendor) is evil, evil, evil.
I personally don't like either policy, BTW.
Re:why is this news? (Score:2, Insightful)
From my experience with the bidding process there was probably a requirement in the RFP that any software be able to 100% read MS word/excel documents. Again, very difficult to prove.
The Government RFP process makes it very difficult to factor in TCO for a purchase. They generally can only look at the lowest initial cost (that meets the requirements).
Re:why is this news? (Score:2)
Re:All-Microsoft? (Score:4, Informative)
Troll? Maybe. But I would expect those principled people who go on about the "freedom to innovate" to object to a strict Microsoft-only policy -- simply because they objected to other, less stringent policies, such as the "open source software must be considered" policies. These policies didn't rule out the use of commercial software. This policy rules out the use of anything but Microsoft software. Where's the "freedom to innovate?"
Re:All-Microsoft? (Score:3, Insightful)
I'd complain just as bitterly if some naive bureaucrat declared "nothing but open source is allowed to be considered". So what's your point?
Re:All-Microsoft? (Score:5, Insightful)
As a taxpayer, I don't like the idea of my tax dollars being used to get locked into some monopoly; and I'm not talking about MS' business monopoly here. For example: all the documents created in Office2K or whatever will not readable (faithfully) by any other software, including OpenOffice.
If USDOI wants to go with MS exclusively, then they should have a plan in place to be able to use replacement software in an emergency situation. In other words, make MS release the specs for the documents created using MSOffice before finalising this deal.
I urge all the readers to contact your local congressperson and state Senator about this. Here's a list of the senators in the Interior subcommittee (the department comes under Appropriations):
Senators Byrd, Leahy, Hollings, Reid, Dorgan, Feinstein, Murray, Inouye, Burns, Stevens, Cochran, Domenici, Bennett, Gregg, Campbell.
Of these, Sen Feinstein may be the one who can be most influenced by the geeks here.
If possible, write (deadtree letter) or FAX them; an email just doesn't cut it.
Re:All-Microsoft? (Score:4, Insightful)
I'm sure Hollings will be really receptive to my concerns about locking in the DOI to Microsoft-only systems. Not.
But, as you pointed out, my interest does run deeper than making "snide remarks." I am a taxpayer. I live in Raleigh, N.C. I plan to call Senator Jesse Helms' office and ask him to review the DOI's decision to lock out non-Microsoft products in favor of those made by Microsoft -- a monopoly currently being prosecuted by the federal government. I'll point out that there are other U.S. software companies that make fine products, and it's in the government's interest to avoid single sources for their systems. I'll mention RedHat -- based in Raleigh, just like Senator Helms. I'll mention Sun and Apple. I'll mention IBM and Oracle.
win2k/xp doesn't fix reboot problem (Score:5, Interesting)
That's true if the machines aren't connected to the Internet, and if they're not heavily utilized workstations, etc.
In practice, a connected server needs to be rebooted more often than that, if only to apply the latest security patches.
Heavily utilized WinNT/2K/XP workstations need to be rebooted regularly to overcome kernel memory leaks and the like.
If you'd like to see this for yourself, try this test: load enough copies of IE that you run out of kernel memory or other resources. You'll know you've reached that point because it will silently refuse to open another window. Now close all the windows you've just opened. Carry on using the machine and see how long it is before you find that new applications can't be run, that menus don't drop down, etc. To get some sense of what's happening, monitor the numbers on the performance tab of the task manager while you're doing all this, particularly kernel memory - it goes up, but mostly doesn't come down. That might be fine if it was reusing the allocated memory, except that it doesn't - it ultimately cripples the machine.
The bottom line is that Win2K/XP is fine for light-duty use and applications not connected to the Internet. For serious computing, though, you need a real operating system.
Can't upgrade a kernel w/o rebooting - So? (Score:2)
How many of those aforementioned updates require a reboot?
All of em'.
When a *web browser* patch requires a reboot, there is something fundamentally WRONG WITH THE SYSTEM.
At worst case under Linux, a web browser patch to Tux will require unloading and reloading a kernal modules. If you're using any other web server, you can do an upgrade, and restart the webserver. Total downtime? Restarting Apache takes a fraction of a second.
This is the difference between Unix and Windows - Unix requires a reboot only for the most major upgrade of all, the kernel. Anything else doesn't require a reboot. Windows, on the other hand, needs an update for damn near any system update you'd like to make, and a significant number of system changes require an update too. You need to reboot to change *font scaling* for chrissakes. (Let's not get into the fact that there is no need whatsoever for any server machine to be running a GUI at all times because it's an unnecessary waste of resources - A true server should be 100% administratable without even a video card and just a serial console for worst-case scenarios when the network goes wonky.)
Re:Can't upgrade a kernel w/o rebooting - So? (Score:2)
Like I said, light loads and low uptime (Score:2)
It has now been up for 4 and a half months and the last reboot was to install SP2.
Contrast that with the most recently rebooted Linux server I deal with - 300 days uptime, rebooted because of a power failure due to storms, which outlasted backup power.
You say you installed SP2 - what about the post-SP2 hotfixes, or SP3? The countdown to your next reboot has begun... Luckily, you may not have to worry about those as much in your case, because some of the security problems affect IIS, and you're running Apache. So yes, by staying away from Microsoft server products, you do achieve greater uptimes, which is my whole point.
Your 410,000 hits a month is very low traffic. Some of the servers I work with routinely serve that much in a day, and they're not the busiest by any means. But ability to handle load is not really the issue at this point - since about Win2K, Windows has done much better at this (NT4/IIS4 was pretty pathetic at that, also due to memory leaks).
I'm not saying longer uptimes can't possibly be done, but compared to real operating systems, Windows requires more reboots in practice, because of the number of mainly Internet-related security problems it's had over the past few years.
I work with both Windows and Unix machines doing software development and consulting on administration issues, so I have plenty of direct experience with administering Windows boxes. I've worked with WindowsNT/2K/XP since the betas of NT 3.1 in around '91. In my experience, there's just no comparison between the two in terms of security, stability, and ability to run for truly long periods without reboots. If you think otherwise, my guess is it's just because you haven't had much experience with Unix.
Re:The real story ... (Score:2)
> The real story is about how government agencies
> are shooting themselves in the foot by NOT going
> with Microsoft, especially
> this can be found at AngryCoder [angrycoder.com].
Read the link you posted. The waste of millions was because they changed platforms half way through the development effort. If they had started in Java and then moved to
The waste would not have occurred if they decided at the *start* of the project that vendor lock in was an issue and had gone with Java.
Loathe as I am to recommend Microsoft, yes, it is better to make decisions at the start of projects, on what is best for that project and stick to your decision. Arbitrary department and company wide decisions to go with one vendor and chuck out all the existing work is a massive waste of time and money that no good manager should allow.
That being said, Microsoft's various problems with security and reliablity should put it on the bottom of the list of consideration. Their ambitions and repeated breaking of anti-trust laws should give any government agency serious concerns about doing business with them.
BTW, does anyone know if Microsoft has had the cheek to try to audit a federal government agency? I know they have gone after city governments and poor schools...
"At this moment, it has control of systems all over the world.
And...we can't do a damn thing to stop it."
Miyasaka, "Godzilla 2000 Millennium" (Japanese version)
Don't worry, Godzilla is coming to stomp it!