www.eolas.ie, www.droghedacu.ie, www.portlaoisecu.ie DEFACED script kiddies !

LegacyUser

www.eolas.ie, www.droghedacu.ie, www.portlaoisecu.ie

A lot more Irish domains are under attack some lamer is posting me the address and shouting out to me with them I dont know ho my guess is its jerry.

Regards

Tom.

ecksor

1 - I never defaced a site in my life.
2 - If I did, do you honestly think I'd be doing it to impress someone as clueless as you?

DeVore

Defacing has to really be the sadest thing going, I mean its like children scrawling on the walls.

Its such an inherently destructive thing, it teachs nothing, it creates nothing, its not even artful. Its a loner's cry for attention.

DeVore.

Lord Khan

bubbles

nah seriously site defacing is really low though beneath script kiddies maybe?

Lenny

site's are all down now..
anyone got a saved page of them?

wintermute

I think that the recent defacings are a welcome wake-up call to remind some people that security isn't static but rather an ongoing process. Hopefully, it will prompt many organisations to examine the security of their own systems before a serious breach takes place.

If you think that this is perhaps a strange point of view, then take a case I was involved in not too long ago:

I get a phone call from a fairly new client saying that their website had been defaced. Because of the nature of the client's business, I carried out a full incident recovery, which discovered that it was nothing more than a standard script kiddie.

Now the scary part: This breach prompts them to retain me for a full audit. It turned out that they had a guy who had been in their system for about six weeks. This was no script-kiddie, he knew what he was doing and what data he wanted from the site.

If they hadn't been prompted a by a simple defacement to get a full audit then this guy would probably still be there, mining away.

In my opinion, a defaced website may be a pain in the ass and PR problem but, on a scale of 1 to 10, it's a 1.

Evil Phil

Somebody apparently has 'issues' with Irish Credit Unions. Perhaps they couldn't get a loan without their parents permission?

Hobbes

<font face="Verdana, Arial" size="2">Originally posted by Lord Khan:
I think the main reason people hate script kiddies is simply they are out to destroy/damage not to do anything else. I </font>

I think it's more because the script kiddie tends to have 0 clue about what thier doing.

The only thing I hate about defacements is the kiddie shows thier l33t HTML skill by posting a text file or 2 lines of text. I mean how lame is that. If your going to deface a site at least do a good job and make people laugh at it.

Also a lot of those "shoutz" seem to point to people who would shop the kiddie in a heartbeat if the cops came to them.

regi

<font face="Verdana, Arial" size="2">But will they have fixed the problem (and checked for any other patches they missed)! Actually more to the point, why wern't they keeping up with the patching of their servers . </font>

The trouble here is that very often Microsoft patches are terribly badly tested and badly implemented. I've seen MS patches kill more installations than powercuts, script kiddies and clumsy people with big feet.

I think if every admin could install the latest patch with confidence, rather than try it out on test machines, we wouldn't see nearly as many defacements. Most people reading this thread will remember the carnage caused by sp4 and sp6

Ronin

The box's aren't hosted by esat as such, they are hosted within our webfarm. The people who own the box are responsible for their maintanence and security, or lack of in this case .

All are most likely running some version of IIS

Paul.

root

Can we shut up with all this Script Kiddie nonsense.

script kiddie has now become synonymous with any website defacement.

Before you call someone a script kiddie, consider why you can them a script kiddie..

- Do you know them ?

- Do you know their knowledge/skills ?
No, if you don't know their identify you can't claim to have better skills than the "script kiddie".

- Why do you revert to stupid steriotyping ?
That's not very intelligent.

- If you haven't researched what hole they
exploited or what they have actually done
besides the defacement , you don't have an
awful lot to go on.

Unless you know the person and are willing to state their name in public and risk legal action then calling them script kiddies make you sound like the kid.

If a company has paid 5000 for a website a zero for security I see this as their own fault.These defacements are a fact of life and will continue while incompetentent people administer security and websites.

You can't judge someone unless you know them.

Hobbes

<font face="Verdana, Arial" size="2">Originally posted by root:

script kiddie has now become synonymous with any website defacement.</font>

script kiddies pl.n. The lowest form of cracker; script kiddies do mischief with scripts and programs written by others, often without understanding the exploit.


Considering the IIS exploit is very well known it doesn't require a genius to run it.

Btw, big deal someone knows how to break into boxes using posted known exploits. They want some kind of recognition of how c00l they are and how l4m3 the admin is? Gimmie a break. The only people who should be getting credit are the people who found the exploit in the first case.

All script kiddies are is vandels.

DeVore

Root, explain this to me.

1. Boards.ie was defaced. It was a script, it wasnt even a very good script as it errored.

2. We didnt pay anything for this website design and cover the costs of the server from our pockets. We secure it by patching it ourselves. Patches are not necessarily good things, in fact it may be a recent patch that is causing us current instability.

3. The kidiot who did it didnt leave any indication of how they did it, so how are we to know what hole it is we were attacked through. Its likely the kiddiot himself doesnt know.

4. We do this for the community. You are using the boards we provide you to call us morons effectively. See those ads? They are non-paid for community ads, we've run them for anyone who has asked. How about you give something back to the community and post here latest relevant information on fixes and patches.

5. Why do you laud people who are effectively vandals and insult people who are trying to give the ordinary joe on the net somewhere to hang out. We arent a big corporate with millions of quid behind us, we're a bunch of regular net users trying to form a community that isnt backed by a big media company. We'd be a whole lot better off if we didnt have to spend a lot of our spare time rebooting the server and watching for this sort of crap.


DeVore.

DeVore

Also, you imply that we will have "learned" something from the experience. Well all I've learned is that we shouldn't have féckin bothered to try something different and you should all be left to the tender mercies of big companies like Esat No Limits and Eircom.

By attacking just anyone they drive the small guys out of business and the big guys have the budget to cover themselves. Congratulations.

But what does our kidiot care, he got his name in lights for 5 hours, and he's up on attrition.org right?

There used to be a political point to defacements but now its the cyber equivalent of "hey mom, look at me!" *waves*.

If you cant create, dont destroy the work of others and dont *even* give me that "its for the good of humanity and security" bull, its for immature self agrandisement.

*Greetz!*

DeVore.

dahamsta

Well said DeVore.

Root, in all seriousness, I have no idea why you're taking offense.

The simple fact of the matter is that people who deface websites deserve absolutely no respect, not from us, not from their peers, not from anyone. "Script Kiddies" has come to be defined as someone who defaces a website using little or no skill, and it's used because 99% of the people who deface websites fit into this category. It's very, very likely that the people who defaced all of these sites over the past week or so fit into that category, so fvck them, I'll call them script kiddies.

If they want to stop me calling them script kiddies, they can start showing some respect for the people who own these sites. They don't have to stop hacking, in fact they can even continue using the tools that REAL hackers write if they want, but they can use them PROPERLY. Find a hole, report it. Got root, report it. If they _really_ need to prove how big their d1cks are, stick a page somewhere else on the website instead of putting their idiotic hax0r <rap up there.

I respect security consultants. I respect hackers. But I will never, ever respect website defacers, even if they're ninety and they write machine code. They can go s<rew themselves, and I for one will take great pleasure in beating the living crap out of the first one I catch. I'll call all my sysadmin buddies too, so they can have a go, because I KNOW they'll buy me drink for weeks afterwards.

adam

Lord Khan

hehe nice theory phil

i'd be right in thinking all those websites are on the same server ... haven't checked before making this post. same probably goes for the other post.

but I dunno ... Irish Companies really don't seem to take computer security too seriously. I worked with a few multinationals and I know they have really tough security policies.
I know quite a few view it as a really expensive task ... and it is, and most will say they'll accept the risk.

I think the main reason people hate script kiddies is simply they are out to destroy/damage not to do anything else. I know quite a few guys who do get into system but they always email the sysadmin( some times from his own acc ) about it and the how and possible way to fix it.

Script kiddies are the probably the main reason why I support laws which can land them in jail for a few years( unfortunately the laws are full of loop holes here ).

it's a pain in the ass alright, any descent company will have restored the webpage within an hour.

tom ... can we stop pointing fingers, that's as bad as being a script kiddie is accusing people.

root

"Well all I've learned is that we shouldn't have féckin bothered to try something different and you should all be left to the tender mercies of big companies like Esat No Limits and Eircom." DeVore.

Well if that's you attitute jack the projet in no.Boards.ie is a nice ubb board and very popular.I'm not detracting from boards.ie in any way,shape or form.

What I do get annoyed with is the continual use of the term script kiddie.It seem to be the popular term to use to brand anyone who defaces a website.This is steriotyping and I think most people agree that steriotyping isn't a very good idea."all irish are drunks" etc...

Big deal, your website got defaced.It sucks.Get over it.

No where in my previous message did I condone website defacing.I just hate the stupid term script kiddie.It's as annoying as b3|nG 3l33t ! That's the whole point of my former message.

logic1

<font face="Verdana, Arial" size="2">Originally posted by Hobbes:
The only thing I hate about defacements is the kiddie shows thier l33t HTML skill by posting a text file or 2 lines of text. I mean how lame is that. If your going to deface a site at least do a good job and make people laugh at it. </font>

I actually think this is due to most of the exploits only allowing the remote user to plant arbitary code into a file. E.g. sticking text in index.html. I know this is the case for the unicode exploit which has been very popular lately and maybe some others.

Root I think your blowing this script kiddie thing way out of proportion. It almost seems as if your taking this term of reference as a personal insult which can only lead us to believe that you partake in this cracking activity. I myself used to do a bit of it when I was alot younger and I think it can be a valuable learning experience (my sites were good though hobbes ) and I always mailed the admin with the exact method used for entry and a detailed patch description if not a link to a patch directly.

Also the practice of cracking a site planting your own index then deleting the rest of the directories cotent I find quite pathetic.

Some companies aren't up to date with patches etc.. because they are small low profit companies who have just spent 5 or 6 thousand on a new site and new company image and this has left them quite broke. They can't afford to employ someone to simply pathc their network non-stop. Now if it's a large multi national with the money and manpower for constant 24-hour server vigilance then all well and good they should be up to date but small companies can't be expected to be on the cutting edge of server security when their technical know how is limited to microsoft word!!!

Also alot of the "script kiddies" seem to think IIS is a piece of crap. Well if its so **** why don't ye get together and write something better? Is it that ye just like to moan because people alot more intelligent and skilled than ye will ever be are able to find the weak points of ANY program not just IIS and then give ye the little power and skill it takes to crack these services or programs using canned cracker tools? WHy not just moaning and causing damamge to other peoples property and go and create something better than the almighty microsoft could come up with and yes we all know about apache already exisiting but lets face it win2k and NT are always going to be there whteher we like it or not so wouldn't it be better to make it more secure and a better OS than complaining and continually attacking it?

The hacker ethic or improving software through co-operation doesn't seem to exist anymore... you people just seem to want to destroy anything ye can without ever trying to make it better.

.logic.

Lord Khan

yeah what he said :-)

root you are taking it a little personally

the term script kiddie is term like "Irish"
The point was made that they have "zero clue" which for the most part is true ... sure they were able to find a script ... not hard 5 mins with astalavista and you'd get one or at least a tut on how to make your own.

I seriously have the problem with them picking on the small companies like the ones mentioned here. I'd have less problem if they did it too say a large company like GEC ( GE capital ), because they can cover the cost and handle such. I think it is over statement saying that small companies spend £5-6k ... I'd say some spend less than £1k.

the point made by Dev about the patches is very true imho ... Some of the patches actually cause more trouble than they fix.

fisty

http://www.influence.org/~bedlam/misc/hacked/2001/05/21/www.eolas.ie/

Bedlam - why on your site do you put up copys of the hacked index.html?
Thats like rewarding these people.
That makes you as bad as them in my opinion.
Please come up with some lame response to this - thank you.
lol?

Hobbes

<font face="Verdana, Arial" size="2">Originally posted by X_OR:
This debate about apache/beta on Win32 has been done recently ...

http://www.securityfocus.com/templates/archive.p ike?threads=0&mid=175894&end=2001-04-12&fromthread=0&list=82&start=2001-04-06&

[This message has been edited by X_OR (edited 23-05-2001).]</font>

Ok point taken

Evil Phil

<font face="Verdana, Arial" size="2"> from the Win32 install of Apache:

WARNING: The Win32 release of Apache should still
be considered beta quality code. It does not meet
the normal standards of stability and security
that Unix releases do. There are numerous known
bugs and inconsistencies. There is also a much
greater chance of security holes being present in
the Win32 version of Apache.

</font>

'nuff said. (although said to nobody in particular)

I'm not saying that IIS is better than Apache on UNIX, but this isn't really about Apache v's IIS.

It's about some idiots defacing websites, including Cavan Credit Union's website. WTF?! Striking a blow for democracy and freedom are we? Credit Unions, I'll say that again. CREDIT UNIONS. hello? getting the message? or do I have to use more question marks on this thread? Script kiddies is a derogatory term, and it is used as such for a reason. They're idiots who can't 'hack' it in the real world so they pick on soft targets to make themselves feel big. They're the hacker equivalent of bullies.

logic1

<font face="Verdana, Arial" size="2">"We" don't need to. </font>

Well you seem to have placed yourself into the script kiddie group i was referring to so if "ye" are so happy with Apache stop whinging about IIS.

.logic.

Lord Khan

<font face="Verdana, Arial" size="2">Originally posted by Evil Phil:
It's about some idiots defacing websites, including Cavan Credit Union's website. WTF?! Striking a blow for democracy and freedom are we? Credit Unions, I'll say that again. CREDIT UNIONS. hello? getting the message? or do I have to use more question marks on this thread? Script kiddies is a derogatory term, and it is used as such for a reason. They're idiots who can't 'hack' it in the real world so they pick on soft targets to make themselves feel big. They're the hacker equivalent of bullies. [/B]</font>

ok I'm sorry but I've gotta say "roflol" the bit about the credit unions has me in stiches atm. ... I want to take this chance to say ... that should I die ... I nominate Evil Phil and Logic to continue posting for me ( Lads yer by far the most entertaining with out being stupid, quite intelligent in fact yer still a hippy though logic shave your head )

logic1

LOL I'll hippy you!

.logic.

Evil Phil

It would be an honour *shucks*.

dahamsta

<font face="Verdana, Arial" size="2">Apache is still beta, as you say, which would discourage lots of people from putting it in a production environment. Still, if ASP support was up the IISs level then it could take a lot of the market share perhaps. (I don't see that happening any time soon).</font>

If I was running a WinNT or Win2k server, I would place Apache on it before IIS. I ran Apache on my local Windows machine for development between 1.3.9 and 1.3.18, and I've driven it and never had a problem. There are bugs, but they're mostly things that just aren't possible within Windows.

All that being said, I would never, ever use a WinNT or Win2K server remotely. I run Red Hat, with a cron job running `up2date -u` daily, which clears up 99% of problems automatically. BUGTRAG picks everything else up for me.

<font face="Verdana, Arial" size="2">Well you seem to have placed yourself into the script kiddie group i was referring to so if "ye" are so happy with Apache stop whinging about IIS.</font>

No, that's what you wanted to read into it. The "we" was sarcastic, hence the quotation marks, a perfectly acceptable and recognised manner of demonstrating sarcasm in the written word. Next time I'll use italics too, if it'll make it easier for you.

And I'm not whinging about IIS, I'm saying it's security-hole laden piece of crap that I wouldn't run on one of my machines in a fit. It comes with security holes out of the box, and so do the patches. I don't even need to run it to discover this, I just need to read BUGTRAQ.

ecksor

Maybe you wouldn't use it, but ASP is a very attractive reason to use IIS, and apache on win32 still doesn't support it as well, nor is it likely to. If something doesn't have the required functionality, then how secure it is is beside the point when making a decision as to what to support.

As for Beta software, you can't trust it to have any kind of stability. Even if it has been observed to be stable by many people, it's still too much of a risk for some environments to take. No point in being secure if you're not stable, because you won't maximise your earnings.

dahamsta

<font face="Verdana, Arial" size="2">Maybe you wouldn't use it, but ASP is a very attractive reason to use IIS, and apache on win32 still doesn't support it as well, nor is it likely to. If something doesn't have the required functionality, then how secure it is is beside the point when making a decision as to what to support.</font>

Ok, I'll be honest with you and tell you that I've never used ASP, so I can't comment on anything but the server errors I've seen. But I do know that ChiliSoft ASP is out there, and although I know it doesn't replicate ASP exactly, it's reputed to be not far off the mark. I also have to say that the reason it's not perfect is almost entirely due to the fact that it's a replication of ASP, not a port, and the reason for _that_ is because Microsoft are afraid to open their source to peer review.

<font face="Verdana, Arial" size="2">As for Beta software, you can't trust it to have any kind of stability. Even if it has been observed to be stable by many people, it's still too much of a risk for some environments to take. No point in being secure if you're not stable, because you won't maximise your earnings.</font>

Well, the Apache people say it's beta, so it has to be considered non-stable. Personally speaking though - and it is only personal opinion - I'd still prefer to use it over IIS, and that's simply because I know that if I find a bug in Apache for Windows, I can pop onto Bugzilla and report it, and somebody will do something about it. I've tried reporting problems to Microsoft, and it was a complete waste of my time.

I'm not into flaming X_OR, I'm just stating the case for Apache and the case against IIS. Don't take it personal dude.

adam

ecksor

I'm not taking anything personally, I'm just trying to present the business point of view.

dahamsta

<font face="Verdana, Arial" size="2">Also alot of the "script kiddies" seem to think IIS is a piece of crap. Well if its so **** why don't ye get together and write something better?</font>

"We" don't need to. The Apache developers took NCSA apart years ago and did it for us. The Apache Foundation continue pushing new features into the product, month after month (1.3.20 has just been released, and Apache 2.0 went beta last month), BEFORE problems arise. And, I might add, it's still free software, _and_ the source is there for you to hack anytime you want. Don't like the standard rewrite_module? Hack it. Think mod_ssl could be more secure? Fix it. Do _that_ with IIS! The Apache Foundation produces the most popular and most secure webserver available today, and if you don't believe that, you can do something about it, instead of waiting for Microsoft to do it for you.

<font face="Verdana, Arial" size="2">and yes we all know about apache already exisiting but lets face it win2k and NT are always going to be there whteher we like it or not so wouldn't it be better to make it more secure and a better OS than complaining and continually attacking it?</font>

Although I'm somewhat sceptical that Windows is "always going to be there" in the face of all the .NET horseputty, this is beyond the point. Apache is a far better webserver than IIS, always has been and always will. And in case you're not aware, Apache runs on Windows. Even though it's still considered beta on the Windows platform on the Windows platform, it's far more secure than IIS.

But please, don't take my word for it. ApacheCon Europe is coming to Dublin in October, and the developers themselves will all be there. And, unlike Microsoft, they will actually sit down and talk to you about why they do what they do. They'll explain the inner workings of the server with you if you ask them about it. They'll tell you how to create your own modules that can be loaded into the binary when Apache is launched. If you have a suggestion, they'll listen to you, and they may even implement it.

I've emailed and gotten replies from Ken Coar, Ralf Engelshall (lead mod_ssl developer), Rasmus Lerdorf (the creator of PHP) and Andi Gutmans (lead PHP developer). If I can get Ken Coar down to Cork in October, I'll take him to kiss the Blarney Stone.

See the difference yet?

adam

ecksor

I'd rather you created a new thread if you're going to veer off like that.

Whether you think that bedlam's mirror site is a "reward" or not, saying it makes him as bad as a script kiddie is just taking the ****.

Hobbes

I notice boards.ie was down last night due to a contaiminated DNS. I guess we must of upset a script kiddie somewhere.

ecksor

Apache is still beta, as you say, which would discourage lots of people from putting it in a production environment. Still, if ASP support was up the IISs level then it could take a lot of the market share perhaps. (I don't see that happening any time soon).

Hobbes

They use Apache in WebSphere. I'd say that's production environment software.

fisty

well in my opinion it gives the sad defacers something to work towards "i got on bedlams site"
if nobody gave a $hite about the defacements and didnt mirror them maybe there wouldnt be so many.
And I also have the feeling that the law is going to cop this trend of defacements quite quickly (especially with lotto.ie done in)
even a fool could put together where to find the culprits with the amount of names / connections floating around. I'm kinda happy I couldn't hack my way out of a paper bag.

ecksor

This debate about apache/beta on Win32 has been done recently ...

http://www.securityfocus.com/templates/archive.p ike?threads=0&mid=175894&end=2001-04-12&fromthread=0&list=82&start=2001-04-06&

[This message has been edited by X_OR (edited 23-05-2001).]

dahamsta

I agree with you that that's how a lot of business think, but I honestly don't think they're right. I've built a reasonably successful business around Red Hat and other open source products. I've only ever had to pay for one single piece of software running on my servers - vBulletin, ironically - and I've always been able to solve my problems on web forums or using Google. The savings in licencing outlay far outweigh the cost of training myself.

I can see why some companies choose to use Microsoft software, if not on the server then certainly on the client. Linux is immature on the desktop, and the GUI is often messy and harder to work with, particularly after running in Windows for a while. But it's maturing rapidly, and with the release of Red Hat 7.1 and Mandrake 8.0, I think it's well on the road to becoming a serious competitor. I also think that Microsoft's greedy reorganisation of licencing is going to have a detrimental affect, since it's invariably the bean counters that make the decisions about software, and intelligent bean counters may just see though Microsoft's little ploy.

On a related note, again ironically, this morning I was forced to solve a problem with visitors to a client's site not being able to POST a form via SSL. The problem lay with flawed handling of keepalives in the SSL protocol in a certain browser, and I found the solution in five minutes with a little work on Google.

The irony lies in the browser responsible for the problem. Can you guess which one it was?

adam

Snaggle

<font face="Verdana, Arial" size="2">Originally posted by dahamsta:
Do _that_ with IIS! The Apache Foundation produces the most popular and most secure webserver available today, and if you don't believe that, you can do something about it, instead of waiting for Microsoft to do it for you.
</font>

I don't believe that Apache is the most secure webserver today, simply because it's not. There are more webservers than just IIS and Apache

Snaggle

<font face="Verdana, Arial" size="2">Originally posted by tom-thebox:
www.eolas.ie, www.droghedacu.ie, www.portlaoisecu.ie

A lot more Irish domains are under attack some lamer is posting me the address and shouting out to me with them I dont know ho my guess is its jerry.
</font>

I suspect it's you sending yourself shouts

dahamsta

Well, from the business point of view, we have to take it up one rung on the ladder, to WINNT. Using WINNT on a server is simply a waste of money and time. Linux is free, much more stable, and supported far better in the community than WINNT is by the developers. And since we're on the security boards, it's far less likely to be cracked, even with Ramen, Lion and the like.

ecksor

This is not how I have seen a lot of businesses think.

Microsoft offer a more attractive development platform for the typical sort of site that ASP/IIS/SQL Server are used for.

[This message has been edited by X_OR (edited 24-05-2001).]

spod

<font face="Verdana, Arial" size="2">Originally posted by Evil Phil:
Somebody apparently has 'issues' with Irish Credit Unions. Perhaps they couldn't get a loan without their parents permission?</font>

Probably more to do with a recent post on something like BUGTRAQ pointing out that a certain prominent provider of online Credit Union Sites had to ship a specifically customised version of NT which couldn't have certain Service Packs available to it..

That or just more iis stuff.

The annoying thing is, given two or three days to set up a iis box i'd probably make it tighter then the average "hardened" redhat box which had /etc/inetd.conf stripped.

http://www.oreilly.com/catalog/securwinserv/

Securing Windows NT/2000 Servers for the Internet
A Checklist for System Administrators

is a *must* read.

spod

<font face="Verdana, Arial" size="2">Originally posted by dahamsta:
I agree with you that that's how a lot of business think, but I honestly don't think they're right. I've built a reasonably successful business around Red Hat and other open source products. I've only ever had to pay for one single piece of software running on my servers - vBulletin, ironically - and I've always been able to solve my problems on web forums or using Google. The savings in licencing outlay far outweigh the cost of training myself.
</font>

Unfortunately non hobbyist admins/developers who work a 40hr week and aren't too passionate about the work are hard to find. It's the kind of dilbert evil hr thing.

Companies can get Server Insurance for IIS servers. Companies can get MCSEs with Internet+ streams. Companies can *easily* get vb programmers and send them on a course to re-train as "Internet" developers with ASP/IIS/Interdev.

The *cost* isn't an issue to most big companies.

What's more important is the ability to *easily* get adequately trained people who will do the job adequately and go home, not hard to manage awkward techies.

That's why solaris is still a popular unix solution, and given improvements with solaris 8 and coupled with quality hardware it's going to stay a big player.

<font face="Verdana, Arial" size="2">
I can see why some companies choose to use Microsoft software, if not on the server then certainly on the client. Linux is immature on the desktop, and the GUI is often messy and harder to work with, particularly after running in Windows for a while. But it's maturing rapidly, and with the release of Red Hat 7.1 and Mandrake 8.0, I think it's well on the road to becoming a serious competitor. I also think that Microsoft's greedy reorganisation of licencing is going to have a detrimental affect, since it's invariably the bean counters that make the decisions about software, and intelligent bean counters may just see though Microsoft's little ploy.
</font>

Why use an immature free product with awkward employees who insist on working flexible hours when they can get insurance and trained employees for the MS solution?

As a former webdeveloper, given a choice, I'd go for a well set up asp environment anyday. PHP is far too messy. JSP is a bit too complex unless your talking N-Tier stuff and you can set up a decent ejb server.

If you can hire a decent security firm to put in place good secure coding guidelines, to set up, build, and maintain your iis servers, and to put a sparc/solaris firewall/ids solution together for a couple of hundred grand a year, coupled with 24/7 monitoring, quarterly audits and if you want, occasional penetration tests by responsible tiger teams why try and save some money by using linux?

<font face="Verdana, Arial" size="2">
On a related note, again ironically, this morning I was forced to solve a problem with visitors to a client's site not being able to POST a form via SSL. The problem lay with flawed handling of keepalives in the SSL protocol in a certain browser, and I found the solution in five minutes with a little work on Google.
</font>

What if you don't want your employees wasting time on the net?
What if the msdn cds and monthly updates are a much better solution for you?

<font face="Verdana, Arial" size="2">
The irony lies in the browser responsible for the problem. Can you guess which one it was?
</font>

Probably mozilla :P


Ok, seriously, I'm trying to play devils advocate here.

Cost doesn't matter as much as mangeability and accountibility and insurance and audits and stuff to any company with more then a handful of employees.

They can't *afford* to let the company be too dependant on some sort of in house system cobbled together by an awkward tech who decides to leave the company after 5 years to set up a surf shop in clare

That's why documentation, another great *evil* bane of techies lifes is so important.

It really is like dilbert out there.

Free as in beer isn't important. Free as in we can snarf this, and slip it into our product with just a little credit saying portions of our code are dependant on work of the jpeg group or bsd is important.

Free as in GPL is a pain in the ass

spod

[This message has been edited by spod (edited 28-05-2001).]

ecksor

<font face="Verdana, Arial" size="2">Originally posted by spod:
The *cost* isn't an issue to most big companies.</font>

The cost of the software you mean. Choosing a free OS may end up costing more to a company in terms of how much they pay for the skills, or difficulty with using it.

<font face="Verdana, Arial" size="2">That's why solaris is still a popular unix solution, and given improvements with solaris 8 and coupled with quality hardware it's going to stay a big player.</font>

Plus the fact that it's rock solid, and a lot better at a lot of things than the free alternatives. It certainly kicks Linux's ass into next week.

Anyway, this thread is closed.