OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Managing Innovation

[ Lists Home | Date Index | Thread Index ]


we have (and have had for a long time) mandated installation items and
practices to maximise reliability - part of which is constant upgrading.

as part of that i get the security feeds from cert - www.cert.org - and
monitor them carefully. it's interesting that open source software is
still having potential problems logged, and as i mentioned, often within
24 hours, but certainly a couple of days, redhat is distributing a
patch. i think they really set the standard here - oss coders for the
fixes, and redhat for getting it out there.

ms has hardly been mentioned lately which i guess means they've been
successful and fixed all their security issues (sic).

i'm waiting o see xml security issues start appearing - and wondering
about how they will be fixed.


On Fri, 2003-10-03 at 00:46, Bullard, Claude L (Len) wrote:
> I don't have experience with Red Hat.  My experience with 
> MS is improving quickly.  The announcements now come fast 
> and the Windows Upgrade process is easy.  That's a desktop 
> perspective, but I do have SQL Server running locally, and 
> so far, so good.  When the Love bug hit the wires, we had 
> some serious problems here.  Since then, our IT department 
> has become not politely but strenuously insistent, to the 
> point of Draconian measures when needed to get the attention 
> of the droid owners.  Hopefully, everyone has gotten the 
> message that security is a serious business issue.  But have they?
> Here is the kind of thing that frustrates the IT folks:
> "It's no secret that the advantages of upgrading operating systems or
> application software has diminished quite significantly over the last few
> years. If you look back over history, there were great advantages from one
> release to another. You just don't get that anymore. You just don't get the
> bang for your buck switching from 2000 to XP. 
> --Toni Duboise"
> It's just dead wrong and spreading the idea contributes to 
> the problems by insisting there is no value 
> in getting a better operating system.  XP is waaaay better 
> than 2000 and one can see that easily by dropping some 
> more RAM into the machine and watching what happens. 
> Security is better but not perfect.  There is something 
> to be said for killing Outlook Express whereever one 
> finds it.  Scripting inside mail systems is a bad brew.
> So part of the problem is the old legacy not having been 
> fully patched, part of it is competence in that sloppy 
> code gets released, part of it is institutional in that 
> sloppy code isn't discovered early enough, part of it is 
> architectural in that the trade offs of ease and security 
> aren't fully understood and implemented, and part of 
> it is cultural, in that the web culture has yet to 
> mature to the point to realize the deep nature of its 
> interdependencies and the folly of unsavory or ill-informed 
> opportunism.
> Everyone is learning.  We need to encourage collboration 
> on solving these problems, learn to improvise and work 
> together quickly, and stop stomping on each others lines 
> or riffs just to get more of the spotlight on ourselves. 
> A theatre troup banishes an actor who does that and any
> technician that helps them.  A jam band beats them up. ;-)
> len
> From: Rick Marshall [mailto:rjm@zenucom.com]
> that's why i primarily use windows 2000/xp and redhat linux distros -
> redhat in particular is very fast at getting fixes out - so they
> obviously recognise the problem from a business perspective. ximian has
> an alternative that is almost as good. microsoft does the job, but i
> find it's response a bit patchy although i haven't done the stats.
> basically i watch the announcements from cert and then how long to get a
> fix from the vendor.
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> The list archives are at http://lists.xml.org/archives/xml-dev/
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://lists.xml.org/ob/adm.pl>


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS