Windows 7 screens look like KDE 4!!

[kraftman]

Your right, closed source corporate development does have better bugtracking then what is typically found in opensource projects. Patches and shit in a corporate development team isn't spread through a bugzilla db, forums, mailing lists, blogs, etc. They are usually more organized then their open counterparts.

I don't think so. Just search for long standing security flaws in Windowses or better in Macoses and many other bugs. Freebsd uses closed development model and as far as I remember there were over six hundred of unfixed bugs in Freebsd 6.x. And it depends what to what you're comparing. When there's critical security bug in Linux it's fixed in few days (don't rely on secunia, because they're really lame).

EDIT:

And other thing is - if more eyes watch it's greater chance for finding and fixing bugs.

[deanjo]

I don't think so. Just search for long standing security flaws in Windowses or better in Macoses and many other bugs. Freebsd uses closed development model and as far as I remember there were over six hundred of unfixed bugs in Freebsd 6.x. And it depends what to what you're comparing. When there's critical security bug in Linux it's fixed in few days (don't rely on secunia, because they're really lame).

EDIT:

And other thing is - if more eyes watch it's greater chance for finding and fixing bugs.

There has been many cases of security flaws in linux where security flaws have gone unnoticed for a long time (sometimes years). Also there are literally hundreds of security firms scrutinizing windows security that far exceed the number of people running linux that actually scrutinize it's security and code. Lets face it the number of people that actually audit linux is extremely small vs the number of people that audit windows. Linux enjoys most of it's security through obscurity.

[jeffro-tull]

There has been many cases of security flaws in linux where security flaws have gone unnoticed for a long time (sometimes years).

Well, I guess it's only a vulnerability when others know about it and can actually use it.

Unless I'm reading it wrong, it looks like you're missing kraftman's point. That being, when the security flaws in Linux are noticed, they tend to get taken care of pretty quick, and then the distros hop on that and pass it along to the users. No waiting a few weeks for the next "Patch Tuesday."

[deanjo]

Well, I guess it's only a vulnerability when others know about it and can actually use it.

Unless I'm reading it wrong, it looks like you're missing kraftman's point. That being, when the security flaws in Linux are noticed, they tend to get taken care of pretty quick, and then the distros hop on that and pass it along to the users. No waiting a few weeks for the next "Patch Tuesday."

There are MANY distro's that do not do regular security updates. The only ones that are usually anal about getting the patches out there in a reasonable time frame are your larger distro's. Hell alot of distro's don't even have a update app. Also many times the length of those security updates often is a very short time unless it's a LTS solution.

[kraftman]

There are MANY distro's that do not do regular security updates. The only ones that are usually anal about getting the patches out there in a reasonable time frame are your larger distro's. Hell alot of distro's don't even have a update app. Also many times the length of those security updates often is a very short time unless it's a LTS solution.

We don't talk about "damn small and hey, let's make another one" distros here. Serious security bugs in main Linux distributions are fixed almost immediately. Some serious security flaws weren't fixed for months (or even years) in Macos and Windows.

Lets face it the number of people that actually audit linux is extremely small vs the number of people that audit windows. Linux enjoys most of it's security through obscurity.

You're repeating popular myths.

Here's great article:

http://www.theregister.co.uk/2004/10...dows_vs_linux/

[deanjo]

We don't talk about "damn small and hey, let's make another one" distros here. Serious security bugs in main Linux distributions are fixed almost immediately. Some serious security flaws weren't fixed for months (or even years) in Macos and Windows.



You're repeating popular myths.

Here's great article:

http://www.theregister.co.uk/2004/10...dows_vs_linux/

There is no myth about it. Having done many many many security audits in the past I can't tell you the amount of time's I have seen linux setups running distro's that no longer have security updates being made for them (Web Hosts have to be the absolute worst at this with many of them not even offering a current LTS release). Hell there are literally millions of servers out there running antiquated kernels, php, apache, ruby etc with serious security flaws. If the admin is not constantly following the known issues on those packages and manually applying the patches himself the server is sitting there just begging to be attacked. MS on the other hand does have a much longer support period and patches are made to address issues critical flaws well after the product is no longer being made.

[kraftman]

There is no myth about it. Having done many many many security audits in the past I can't tell you the amount of time's I have seen linux setups running distro's that no longer have security updates being made for them (Web Hosts have to be the absolute worst at this with many of them not even offering a current LTS release). Hell there are literally millions of servers out there running antiquated kernels, php, apache, ruby etc with serious security flaws. If the admin is not constantly following the known issues on those packages and manually applying the patches himself the server is sitting there just begging to be attacked. MS on the other hand does have a much longer support period and patches are made to address issues critical flaws well after the product is no longer being made.

Those aren't Linux or its distribution problems, but people who don't upgrade software. Security patches are ported back. MS whith its reaction time isn't good example, but it's better than Macos. I think that you're starting to play in posts.

[deanjo]

Security patches are ported back.

Bullshit, show me one distro that backports patches to their releases 7+ years old OS's. Once the EOL ends on a distro release security patches are up to the administrator. For example opensuse 10.2 no longer recieves security patches and it's only two years old. Even LTS solutions from ubuntu and novell only go back 3 years. After that your on your own. RHEL would be the closest for long term support but even it falls short and of course this is all done on a paid subsription basis. Cent would be the execption to the rule as it will support it clones RHEL support cycle. XP on the other hand will continue being patched until 2014.

[kraftman]

Bullshit, show me one distro that backports patches to their releases 7+ years old OS's. Once the EOL ends on a distro release security patches are up to the administrator. For example opensuse 10.2 no longer recieves security patches and it's only two years old. Even LTS solutions from ubuntu and novell only go back 3 years. After that your on your own. RHEL would be the closest for long term support but even it falls short and of course this is all done on a paid subsription basis. Cent would be the execption to the rule as it will support it clones RHEL support cycle. XP on the other hand will continue being patched until 2014.

I'm talking about backporting patches for older kernels and for single applications. Btw. Linux users don't have to wait 10 years for next Windows Server, because Linux systems appear much more frequently. Who will stick with such old and slow piece of crap like XP for such a long time? I only get few patches a month for xp and they're almost always critical (someone can take control of your computer bla bla bla). Maybe they'll fix 1/3 of security holes before 2014, but I wouldn't be so sure.

[jeffro-tull]

@deanjo:

I'm with kraftman. I fail to see how that is the fault of Linux. I mean, yeah, if you had to (HAD to!) pay for your operating system, and it only provided fixes for a couple months, I'd be pissed. Especially if, to get additional fixes, I had to buy a new operating system. But:

1) you have to pay for Windows. If it cost what it did and Microsoft DIDN'T back the product for a good amount of time, there'd be an uproar.

2) Linux distributions that have been "abandoned" (as far as fixes are concerned) are free. Free as in speech, free as in beer. "Hey, you asshole, fix this thing I paid no money for and you are under no obligation to fix!" Right....

3) Linux distributions that ARE paid for (read: Suse Linux Enterprise, Red Hat Enterprise, etc) have a longer support lifeline. Typically, when support for one of their products ends, it is long after it has been super-ceded. Assuming you are still paying for your license/support contract/whatever, you're not boned. Novell, Red Hat, or whomever else won't keep supporting the system you're using, but they will help migrate you to a newer system.

And no, by "help" I don't mean "they'll send a guy over with a DVD and do it for you". I mean, I'm pretty sure your license/support contract/whatever will migrate to the new system (let's say you're running SLED 10, a few months back SLED 10.1 came out, and you still have, say, a year on your contract. Should be able to contact Novell and move your systems up to SLED 10.1 for the remainder of your contract), and people will be available from Novell should you have issues.