Linked by Eugenia Loli on Fri 29th Aug 2003 13:40 UTC, submitted by Zaphrod
OS/2 and eComStation IBM is pushing Linux as the upgrade path for current users of IBM's venerable OS/2, but most customers of OS/2 computing, especially branch banking, are looking towards a Windows migration.
Order by: Score:
Oh hell ....
by Darius on Fri 29th Aug 2003 13:55 UTC

As everyone here probably knows, I am certainly no MS basher, but I really don't want my bank running Windows anything.

Re: Oh hell ....
by Kyle on Fri 29th Aug 2003 13:59 UTC

I agree 100%.

no no no no no no no
by Aitvo on Fri 29th Aug 2003 14:00 UTC

My bank switches to Windows ANYTHING, and they lose my business. Small business, ok.. Financial institutions, HELL NO!

CIBC
by me on Fri 29th Aug 2003 14:20 UTC

I was at CIBC bank the other day doing a deposit with a real teller, and she had KDE on her screen.. I asked her if she knew what it was, had no idea, but said it's nicer than their old system.

Looking towards a Windows migration
by AC on Fri 29th Aug 2003 14:21 UTC

Unlucky.

Bad idea
by Corey on Fri 29th Aug 2003 14:21 UTC

A couple of years ago I went to a local branch of RaboBank in Holland to open a new account. They said they couldn't do it that day because their computer system was down. When I asked what OS they were using I was told "NT". I didn't open my account there.

Question...
by CooCooCaChoo on Fri 29th Aug 2003 14:32 UTC

To these "Banking Guru's", On what basis are they deciding to go with Windows? is it because of the Microsoft factor (simpler to the X factor)? or have they offered a free holiday for all the IS staff if they recommend Windows to the techno-clueless upper managers?

haha
by Thom on Fri 29th Aug 2003 14:34 UTC

My bank doing Windows?

Hell, what's safer: keeping my money at home, in front of a window with lights shining on it and a sign that says: "Take it! Take my money!", or putting it in a bank using windows...

:P

What I reccommend,
by dasdas on Fri 29th Aug 2003 14:42 UTC

If you KNOW your bank is making the switch, ask to speak with the bank manager, or a loan officer and let them know that you don't use windows at home & will withdraw your accounts if they use it.

Banks only listen to "money talk."

lucky for people in the US, FDIC insures each bank account up to 100,000 us dollars, this of course is almost a subsidy for bankers to be lax with their security.

RE: What I reccommend,
by Leftbas on Fri 29th Aug 2003 15:06 UTC

Well, folks, unless you have a LOT of money to withdraw, I'm afraid most bank tellers wouldn't see the value of such a protest and would probably let it slide. I've done just that myself, for different reasons, and the teller frankly didn't giva a damn where I put my money

...
by CPUGuy on Fri 29th Aug 2003 15:08 UTC

It doesn't matter what the bank goes with as long as you have a staff that can secure it. Any number of things can happen with ANY system, pull your head out of your rear and grow the heck up.

RE: CIBC
by Leftbas on Fri 29th Aug 2003 15:10 UTC

> I was at CIBC bank the other day doing a deposit with a real teller, and she had KDE on her screen.. I asked her if she knew what it was, had no idea, but said it's nicer than their old system.

Halelujah! That speaks volumes about the usability of KDE in the real world. Apparently, even us non-geeks like KDE, and don't even know it. I'm not a Gnome basher, but I've always been bugged by the claims that KDE is not as 'user-friendly' as Gnome. That experience says otherwise, and reinforces what I've felt all along...the power of Linux and the beauty of KDE is a great combination, even for newbies.

RE: ...
by Leftbas on Fri 29th Aug 2003 15:21 UTC

I think it's you who needs to pull your head out, CPUGuy. I don't know how big the rock is that you've been living under, or maybe you've just come up for air. But I have a news flash for you: Microsoft Windows is buggy and vulnerable. The notion that all OSes are equally stable and secure is just plain rediculous rediculous. If that were true, we'd all still be using DOS and Mac System 6.

Goto www.activewin.com to see GPUGuy's stance on other things relating to information technology.

Re: Leftbas
by njm on Fri 29th Aug 2003 15:32 UTC

Keep in mind that their old system may very well have had some text-driven, terminal-based interface... I encounter such systems at more banks than not, yet. I should hope that KDE could trump such a system in usability!

...
by CPUGuy on Fri 29th Aug 2003 15:45 UTC

Leftbas, Linux is no more stable or secure than Windows is. Heck, take a look at the list of security patches for, say, RedHat. Take into account that Linux can be easily rooted. Take into account that if the IT department don't know what they are doing, then no matter what they use, they will be vulnerable... and as such, Windows can be very well secured with people who know what the heck they are doing.

RE:no no no no no no no
by Anonymous on Fri 29th Aug 2003 15:57 UTC

My bank switches to Windows ANYTHING, and they lose my business. Small business, ok.. Financial institutions, HELL NO!

You can honestly tell us that when you walk up to a random ATM you can instantly identify what OS it is running? For all you know the ATMs your bank is using already run Windows.

It's not like you're going to walk up to an ATM, see the Start button, and a Windows desktop. The ATMs will more than likely run Windows Embedded, won't have a recognizeable UI, and will be tested to here and back for security and stability.

Windows Embedded has already proven itself in this regard. Almost all modern video games of chance (e.g. video blackjack, video poker, video slots, etc...) that you see in Las Vegas and other gambling towns are running on Windows Embedded. Before any one of those machines can get placed into a casino (at least in Nevada), they are subjected to some of the most rigerous tests you could imaging. They do things like subject the games to the equivilent of a bolt of friggin' lightning to ensure that it doesn't expose any vulnerabilities. That's just one of hundreds of tests that each new game unit has to pass.

Is there any industry with similar security needs that has subjected any version of Linux to the same types of vulnerability tests?

RE: ...
by Roy on Fri 29th Aug 2003 16:26 UTC

I pretty much agree with you. All Windows versions using the NT kernel have been very stable (comparable to Linux). And yes, the security/insecurity of most systems today is more dependent on the competence of the administrators than the OS they are running. Also, the insecurity of MS OSes (NT based) has been largely overblown.

However, I can't hold MS blameless for some of the braindead security issues they've had. Most of the security issues come from the applications rather than the OS (as long as you consider IE an application). IE, Office(Outlook), and Outlook Express are probably the biggest offenders. Security was an extremely low priority (vs. adding features) in the development of these applications and it is much harder to add security than design it in. I believe that MS is working to address these issues and things are improving, but they've got a lot of work ahead of them given the long period of neglect.

ATMs...
by hy on Fri 29th Aug 2003 16:54 UTC

Alot of banks in the UK Natwest for one installed NT4 on their ATMs... and yes they crashed and showed the NT4 desktop or locked screen...

Your right you can not tell what the ATM machines are using just by looking at them.. but the old barclays (green text only) ATMs are much better then the new colour ones..

For one you can read the text in normal light conditions and secondly they are so much faster.... (maybe by as much as two minutes)

From IMHO I cant say that windows NT4/2000 comes even close to the stablity of a *nix

Prediction.
by Chuck Bermingham on Fri 29th Aug 2003 17:09 UTC

There's a LOT of money involved here. So....

Windows hawkers will go after the business (for the money, of course.)

Linux advocates and hawkers will go after the business (for the money, of course.)

Whichever one gets hit with the bigger scandal will see all that money dry up.

How do banks certify that their equipment and software (Windows, Linux, OS/2, whatever,) are secured from bank robberies and embezzlement?

I really like Linux, but were I a banker, I'd want to get down with the thing and make sure that my modernization protectects my customers. At the end of the day, I think I'd be platform-agnostic and choose the software that did the best job.

Oh---and I'd hold the vendor/consultant responsible for security, and liable if it failed. If they wouldn't stand for that, I'd find another vendor.

Let's all debate....
by Chuck Bermingham on Fri 29th Aug 2003 17:23 UTC

...whether Linux or Windows (or something else) is better for banks, shall we? Let's even get down to the nuts and bolts (e.g., whether one could more easily send an "agent" through Outlook, for instance, or by some Linux worm thing.

Whatever, it would worm its way into YOUR bank, and steal YOUR money from YOUR account.

Now, which one would YOU prefer at YOUR bank?

That's really the crux of the issue.

BTW, being nearly blind, I won't use ATM's anyway. I give a damn whether they're based on Windows.

Every slimeball waiting to steal my money can go get a Windows box and route around and make plans. Every one of them can also go on the web and download Linux and route around and make plans. They break into banks all the time and steal money. They hold guns at people's heads and take money.

Truth to tell, the real solution isn't Windows or Linux.

The real solution is license-plate manufacture, or making little rocks out of big ones, or being somebody's "wife" in jail.

There's one way I agree with the Microsoft security guy: Just because you leave your car unlocked doesn't give somebody the right to steal it. Just because I might have a "weak password" on an Internet-based "whatever" computer, doesn't mean any of you have the right to break into my accounts and fool around.

When the Hell are people going to get this through ther damn thick sculls? When people start lining them up in fromt of a firing squad?

I am waiting.......
by Ajay S. on Fri 29th Aug 2003 17:47 UTC

This is great news,,,, everyone gets tired of a job and will look to make some fast money,,,,, if you know any banks that have swictched to Windows, please do let me know about it...... and keep your money at such banks at your own risk.....

About banks and such...
by Jonas on Fri 29th Aug 2003 18:17 UTC

>>All Windows versions using the NT kernel have been very stable (comparable to Linux).

You must be kidding.

Anyway, my bank does run windows in ATM's and offices but I doubt if the run it on their backend servers.
They use NT4 on ATM's (I've seen some crashing) and on the office they use Win2000 with VBasic based clients. On Web Servers they used NT4 and switched to W2K recently.

On the other hand a known hardware site here in my country switched from Win2K/IIS/ASP to Linux/Apache/PHP. (I think that mostly had to do with scalability and implementation issues.)

The bottom line seems to be that banks and assurance companies tend to stay with technology for a very long time and they switch only when it makes sense (which is not the of bank).

Just a thought!

Regarding Windows at the ATM
by Chris on Fri 29th Aug 2003 18:21 UTC

Funny you should ask about being able to identify Windows at the ATM. Just yesterday I walked past an ATM displaying a blue screen of death. I see one or two of these a week. It usually takes a few days to get them back up and running.

I'd laugh your dumbass out of the building
by MoronPeeCeeUSR on Fri 29th Aug 2003 18:25 UTC

If you KNOW your bank is making the switch, ask to speak with the bank manager, or a loan officer and let them know that you don't use windows at home & will withdraw your accounts if they use it.

The first thing I'd ask is who you thought you were in relations to the bank's computing decisions.

Then I'd just smile as you closed out your $3 checking account and hit the door.

Oh CPUGuy.. :-P
by Aitvo on Fri 29th Aug 2003 18:30 UTC

>It doesn't matter what the bank goes with as long as you have a staff that can secure it.

Right, if they had source access they could close the remaining 10+ holes in IE.

> Any number of things can happen with ANY system, pull your head out of your rear and grow the heck up.

Yes, multiply that by 100 if they can't fix it themselves. Sounds like you are the one with the blinders on (hmm, seems we have discussions similar to this often. lol)

>Leftbas, Linux is no more stable or secure than Windows is. Heck, take a look at the list of

Sure it is.

> security patches for, say, RedHat. Take into account that Linux can be easily rooted. Take into

Oh look, they are all patches. How many holes are there in Windows? You don't know do you. Linux can be easily rooted? I'd gladly give you my IP address and put a computer in a DMZ for you if you would like to back that statement up.

>account that if the IT department don't know what they are doing, then no matter what they use, they will be vulnerable... and as such, Windows can be very well secured with people who know what the heck they are doing.

Right, long as you have access to the source or a contract that says the company providing the software will never deny that an exploit exists. LOL

by chicobaud on Fri 29th Aug 2003 18:43 UTC

Keep in mind that their old system may very well have had some text-driven, terminal-based interface...

Finnaly a clever post. Banks don't use (never will) Windows NT in the mainframes. They use windows in balcony/branch to connect to the WAN.

Bunch of ----- people.

RE:MoronPeeCeeUSR (IP: ---.client.attbi.com)
by BR on Fri 29th Aug 2003 18:51 UTC

"The first thing I'd ask is who you thought you were in relations to the bank's computing decisions.

Then I'd just smile as you closed out your $3 checking account and hit the door. "

Doubtful you've ever ran a business then.

If the walking issue was sky-high service fees? Would you question your customers fiscal knowledge in relation to your own, when they complained?

If the walking issue was the fact that the rest-rooms were in poor condition? Would you question your customers janitorial knowledge, in relation to your own, when they walked?

Yours is a poor attitude for any business to have, because it breeds arrogance. One may not always agree with one's customers, BUT you learn to LISTEN to what they have to say, and THINK about what they just said, instead of just handwaving it all away.

RE: Jonas & Aitvo
by Roy on Fri 29th Aug 2003 18:51 UTC

Too many Linux advocates harp on Windows stability nowadays. This is actually counterproductive because it is largely seen as a non-issue by Windows users. With the NT kernel, Windows reached an fairly high level of stability. I'm not saying that BSODs never occur anymore, just that they aren't the regular problem they were with Win95-ME. You aren't going to convince ANY Windows users to switch to Linux by complaining about BSODs anymore (unless they are still using Win95-ME).

Now, security IS an issue where Windows continues to have problems. If you are going to complain about Windows, at least complain about the right stuff. Otherwise, you lose your credibility.

BTW, I'm a Linux user (Libranet), but I have Win2K on a separate partition for games. The only crash issues I've had with either have been driver related (bad video driver on Win2K, bad sound driver on Libranet).

Hmm, I thought I was complaining about security.

RE: Aitvo
by Roy on Fri 29th Aug 2003 20:08 UTC

Sorry about that. Misread one of your comments.

">Leftbas, Linux is no more stable or secure than Windows is. Heck, take a look at the list of

Sure it is."

Yes, Linux currently is more secure (though less due to the actual OS than due to the fact that those insecure MS apps (IE, Outlook) aren't running on it. However, stability differences between Linux and Win2K have been marginal in my experience.

New ATMs
by DCMonkey on Fri 29th Aug 2003 20:20 UTC

I don't know what OS my bank uses on their ATM, but on our old ATM (yellow or white text on a blue background), I could enter my PIN rather quickly with 2 hands, but with the new ones (all graphical with pictures and icons and colors 'n stuff) the keyboard can't keep up with my input.

Especially in Singapore:
by Donny_S on Fri 29th Aug 2003 21:04 UTC

What the article seems to be saying is that IBM was/is 10 years ahead of M$ in terms of software technology, and anyone who's used OS/2 knows that it's basically a reliable system. Singapore however is not a free country nor is it a free market. The government is a ruling-class authoritarian state where business and national security decisions are made by a small group of Fujimori-like operatives, totally allied with national security operatives in the US and Britain. Since the implementation of Win ultimately results in loss of control and privacy for the user, and since the government wants to monitor and control all aspects of society there, it should come as no surprise that the conversion to M$ would take place once the M$ technology became mature enough. Political and large Corp. leaders in both the US and Canada have been quoted as saying that Singapore is the social model for a politically unified North American free trade zone. M$ technology apparently is to play a big part in the big plan.

National Bank of Canada use OS/2
by Anonymous on Fri 29th Aug 2003 21:21 UTC

Hello folks!

Well at the NBC we still use OS/2 on our ATM (I know since I saw at some point one on our ATM was down and has some OS/2 text boot message ;-)), and they are mostly from NCR who also use OS/2. But sadly like the article mention the bank want to change to Wincraps (dunno why). Even yesterday we got a speech from our VP in IT (also the CIO) that said we had OS/2 on our ATM and it was old! They want to upgrade alot of the old soft with some WinXP. Atleast most of our backend is done on Unix (Solaris) and of course some mainframe (IBM 370).

A nightmare!!!
by xander on Fri 29th Aug 2003 21:25 UTC

That is scary!! Next thing you know there will be a worm that'll infect banks and transfer money out of everyone's accounts to a numbered Swiss account. I can just see it now. lol

It really would be a BAD idea!! I use Windows here as my primary OS. But I surely don't want my bank using it!!

Well.
by tesmako on Fri 29th Aug 2003 22:41 UTC

Lots of ATMs here in sweden have been running Windows NT for years. Never heard of any problems beyond them running out of virtual memory way back in the day when they were introduced. You worry too much.

lol. you idiot
by MoronPeeCeeUSR on Fri 29th Aug 2003 22:42 UTC

Doubtful you've ever ran a business then.

I run one right now dumbass.

If the walking issue was sky-high service fees? Would you question your customers fiscal knowledge in relation to your own, when they complained?

There is a difference between someone coming in and complaining about fees than a customer coming in and trying to tell me how to setup a computing network and what computing platform our company should be using.

If the walking issue was the fact that the rest-rooms were in poor condition? Would you question your customers janitorial knowledge, in relation to your own, when they walked?

What does a dirty bathroom have to do with a computer ? Nothing. I take an issue on its merits. If someone says the bathroom is dirty, it gets clean. Cleaning the head won't cost thousands of dollars like switching a networking platform does.

Yours is a poor attitude for any business to have, because it breeds arrogance. One may not always agree with one's customers, BUT you learn to LISTEN to what they have to say, and THINK about what they just said, instead of just handwaving it all away.

Not at all. A customer coming in and bitching about what computers we use is totally out of the question. Its not any of their business unless it costs them money. The day that happens is the day I'll listen. Until then someone claiming we use computer X over computer Y or they'll leave and I'll gladly show them the door.

RE: CPUGuy
by Leftbas on Fri 29th Aug 2003 23:09 UTC

I don't know where you get off saying Linux is no more secure or stable than Windows. Have you forgotten about Blaster so soon? It targeted only Windows NT/2000/XP, not Win95/98/Me. (Hows' THAT for irony, folks?) Not to mention all the other worms that have come and gone, written solely to take advantage of security holes inherent in those OSes, holes so large you could land the space shuttle in them and have room to throw a party.

And I can't tell you how many times the users in my hospital, without anyone realizing that they've mistakenly been given local administrative privileges, have inadvertently downloaded and permitted the installation of adware and spyware. And that stuff can sometimes be very difficult to uninstall.

BTW, the number of security patches for RedHat or any other distro, pales in comparison to the number of fixes Microsoft's Service Packs address. It just looks nice and neat because they bundle them together.

Banrisul use linux ATMs
by Marcelo on Fri 29th Aug 2003 23:10 UTC

There are a bank here in Brazil that uses linux ATMs: Banrisul. See:

http://www.linux.org/people/banrisul_english.html

My bank switched from M$ DOS to Winblows and their ATMs becoming slow and failures increased.

Linux is ideal to personalized applications like ATMs.

RE: CPUGuy
by Leftbas on Fri 29th Aug 2003 23:12 UTC

Oh yeah, I forgot to mention that Linux does not allow standard users to be granted administrative rights. You wanna do something as root, you have to SU or log on as root. Period. I used to dislike that, but now I see the merits of it. Windows approach is like giving a loaded gun to a kid, in terms of system security.

ActiveWin.com
by Leftbas on Fri 29th Aug 2003 23:24 UTC

Thanks for the information, CooCooCaChoo. That makes a lot of sense. It's clear CPUGuy is pro-Microsoft.

Linux? Safe? Pfffff! yeah right
by Sagres on Fri 29th Aug 2003 23:50 UTC

Just look at the number of advisories for redhat for 2003 and count them:
http://www.linuxsecurity.com/advisories/redhat.html

Now count the number of advisories for openBSD for 2003:
http://www.linuxsecurity.com/advisories/openbsd.html
Oh look, THERE ISN'T ANY :-P

Yeah lunix is real safe aint it? Well, maybe inside zealots head anyway...

hmm
by Aitvo on Fri 29th Aug 2003 23:55 UTC

OpenBSD 3.2 Security Advisories
These are the OpenBSD 3.2 advisories -- all these problems are solved in OpenBSD current and the patch branch.

* August 25, 2003: Fix for a potential security issue in sendmail(8) with respect to DNS maps.
* August 4, 2003: An off-by-one error exists in the C library function realpath(3) may allow an attacker to gain escalated privileges.
* March 31, 2003: A buffer overflow in the address parsing in sendmail(8) may allow an attacker to gain root privileges.
* March 24, 2003: A cryptographic weaknesses in the Kerberos v4 protocol can be exploited on Kerberos v5 as well.
* March 19, 2003: OpenSSL is vulnerable to an extension of the ``Bleichenbacher'' attack designed by Czech researchers Klima, Pokorny and Rosa.
* March 18, 2003: Various SSL and TLS operations in OpenSSL are vulnerable to timing attacks.
* March 5, 2003: A buffer overflow in lprm(1) may allow an attacker to elevate privileges to user daemon..
* March 3, 2003: A buffer overflow in the envelope comments processing in sendmail(8) may allow an attacker to gain root privileges.
* February 25, 2003: httpd(8) leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.
* February 22, 2003: In ssl(8) an information leak can occur via timing by performing a MAC computation even if incorrect block cipher padding has been found, this is a countermeasure. Also, check for negative sizes, in allocation routines.
* January 20, 2003: A double free exists in cvs(1) that could lead to privilege escalation for cvs configurations where the cvs command is run as a privileged user.

RE: Pushing LINUX
by Bernie Thorne on Sat 30th Aug 2003 01:04 UTC

We shouldn't be pushing LINUX unless the arguments are concrete. WEhen the arguments are concrete/finished and the purchaser wants to go with some other OS that will cost in the long run... It might be worth a PR point to have them sign an "I Told You So" clause. Be worth a giggle now and another company moved over in the future.

Windows security
by Rayiner Hashem on Sat 30th Aug 2003 01:19 UTC

The security problems in Windows are rooted very deeply. Unless the architecture is drastically overhualed, that will probably never change.

Consider: Win9x was inherently unstable. Its memory model was designed to accomodate DOS applications at any cost, which meant that they Microsoft had to make certain compromises that made the system unstable all the time. Because large areas of critical memory were globally writable, it was a trival matter for a wayward pointer to crash the whole machine. Now matter how much development you did to the 9x kernel, it would always be unstable.

I'd argue that WinNT is similarly inherently insecure. The problems stem from a few places:
0) By Microsoft's own admittance, Windows was not designed for security from the start. Its a well established notion in CS that security cannot be retrofitted into existing products. Its like trying to plug-up leaks in a badly built dam. It will work for awhile, and if you throw enough money at it, it might work well enough for an indefinate time, but it will never be a solid, safe structure.

1) Microsoft's development model does not lend itself well to optimal security. Thousands of coders work in parallel on the source base. Contrast this to Linux, where there are a few key coders that do most of the work for a given subsystem. When one person has full knowledge of the workings of an entire subsystem, then it becomes much easier to ensure that that subsystem is as secure as the rest of the system.

2) This is the kicker. Microsoft made some very bad decisions when it came to the kernel. Actually, versions of NT prior to 4.0 were very well designed, but Microsoft collapsed good design that starting with NT 4.0. The basic problem is that Windows has far too much code. For mature products, there is a set number of bugs per lines of code. The more code you add, the more bugs you get. Each bug is a potential security disaster waiting to happen. The more total lines of code that lie in the execution path of an application, the higher the chances that there will be an exploitable bug somewhere in that path.

3) The code bloat problem is compounded by another one ---Windows has terrible seperation of privleges. A huge amount of code that has no business having control over the whole machine (for example, the GDI) runs in kernel space. Plus, lots of userspace applications are tightly coupled to the core OS. Microsoft itself insists that Internet Explorer is an integral part of the OS! The overall issue is that too much code has too much power. In contrast, Linux has much better seperation of privleges (though not as good as most microkernels). The net result is that while IE and Mozilla might be similarly large and buggy programs, exploiting a bug in Mozilla on Linux buys you a whole lot less than exploiting a similar bug in IE.

as usual, more linux bullshit... (nt)
by guest on Sat 30th Aug 2003 02:39 UTC

:)

Banks use DOS to archive your account info
by JT on Sat 30th Aug 2003 03:43 UTC

I worked for a company that sold/serviced DOS-based archive systems to banks across the US. Boo! Be afraid.
Only in the last few years were they migrating SOME of the larger banks to NT (later W2k). They also forced a migration of their Unix customers to NT/W2k. Aargh!

OT: I recently saw a McDonalds drive-thru screen BSOD. Come on guys, talk about over-Mcengineered.

Big Blue
by sabreman on Sat 30th Aug 2003 04:23 UTC

The true underlying story here is just how far down IBM has dropped over the years.

Not too-many years ago there was a strong "can do" and "we did it " attitude that was prevalent through-out IBM.

Today, their equipment is loosing its "first rate" position and they have been reduced to peddling other peoples software,more often than not,inferior to IBM's own products that it replaces.

The arguments being used by IBM's marketing divisions to sell these products is best described as "DRIVEL".

Truely pathetic.

Re: Windows security
by Sagres on Sat 30th Aug 2003 04:24 UTC

Very well said, I agree almost completely, except for the gdi in kernel part, sure, it's bad, but my guess is that they had no choice given the (bad) context switching performce on x86, i'm sure that once we're all running on athlon64s and itaniums o_O they'll remove it from the kernel (I hope).

re: CPUGuy
by Christopher X on Sat 30th Aug 2003 04:44 UTC

>>> Linux is no more stable or secure than Windows is. Heck, take a look at the list of security patches for, say, RedHat. Take into account that Linux can be easily rooted. Take into account that if the IT department don't know what they are doing, then no matter what they use, they will be vulnerable... and as such, Windows can be very well secured with people who know what the heck they are doing.

Ugh, where to start... The ammount of security patches availible mean nothing. Keep in mind that when you purchase Red Hat Linux your *NOT* just getting the o.s., you get a ton of apps too. The vast majority of those patches are for *APPLICATIONS* running on Linux, few are for the o.s. itself. This is in complete contrast to MS and their security patches, the vast majority of which are for the o.s. itself. Linux can be easily rooted, oie oie oie. Way back when the LinuxPPC distro was still alive they had a contest, whomever could hack their server won the hardware. They even provided the ROOT PASSWORD! It was never hacked to my knowledge. It was up for months before the contest died. This was around 1999/2000 I believe, MS had a similar test with Win 2K when it was about to be launched, it was hacked in under two weeks.

Now, can Windows be secured? Sure, but I'd take a hardened Linux box over a hardened Windows box any day of the week, without hesitation.

I think your core point, that its whomever admins the box that truely counts, is correct. Linux is not some golden promise of perfection and security, Linux can be hacked and often is when its misconfigured. OpenBSD can be hacked, given the right (or, in this case, wrong) admin. Nothings full proof.

Windows XP *is* more stable then many of the previous releases, but I can still get my install to crash fairly easily. Nonetheless its a huge improvement over NT 4.0 and Win 9X/ME. I've only had a Unix crash on me under two conditions, I was using a development kernel, or my hardware was defective. I'm no guru but I've been using Linux since 98 and, with a stable release, I've never had it crash. I've had cases where X-Windows would crash and I'd be kicked to the shell and the CD I was listening too continued to play! I love the seperation of GUI and kernel with Unix, if X-Windows acts stupid or locks up its just CTRL-Alt-Backspace and auto-kill it. No reboot, no lost data unless I didn't save something. I love that.

RE: Sagres (IP: 217.129.80.---)
by CooCooCaChoo on Sat 30th Aug 2003 05:31 UTC

Very well said, I agree almost completely, except for the gdi in kernel part, sure, it's bad, but my guess is that they had no choice given the (bad) context switching performce on x86, i'm sure that once we're all running on athlon64s and itaniums o_O they'll remove it from the kernel (I hope).

When you have a multi-billion dollar company like Microsoft, there are no excuses. There is a solution to every problem, it is just a matter of sitting down and thinking out the issue logicall then coming to a conclusion.

For example, there whole idea of the NT was designing to use it on multiple platforms, however, this was done at the detriment of stability.

In the x86 platform, there are 4 rings available for operating systems, NT only uses Ring 0 and Ring 3, however, what about Ring 1 and 2? One could have easily placed the GDI into Ring 1. It would have been fast enough for the user not to notice (vs putting GDI into Ring 3 which happened in the 3.x series) whilst maintaining seperation from the kernel.

If one were to really push the envelop and put stability ahead of anything:

Ring 0: Kernel
Ring 1: Drivers
Ring 2: GDI
Ring 3: User Space

Ultimately there was a solution there, Microsoft just chose to ignore it.

Cash Deposit Machine running Linux
by Silent on Sat 30th Aug 2003 07:34 UTC

My local bank here in Germany is currently testing cash deposit machines running Linux -- and found out that the installed OS is crashing frequently. Last time I ran across it showed a nice kernel panic. They will switch to Windows-based machines, eventually they said.

Sign the petition !!!
by Marco Radossevich on Sat 30th Aug 2003 07:51 UTC

Again, as i expected IBM is gradually killing OS/2.
Please sign the petition !

http://www.petitiononline.com/OS24FREE

re: Silent
by Christopher X on Sat 30th Aug 2003 09:52 UTC

Linux should not crash frequently, else no one would use it. Somethings horribly amiss, either their using a development kernel, unstable drivers, or funky hardware. My old work (a school) had a Linux server that only had down time when the building lost power, else the thing simply never went down - and it handled quite alot of work for such a small machine. It was the webserver, email, dns, proxy, firewall, and vpn - at once, on a lowly PII with 64 megs of RAM. The thing would chug. Never hacked either. Crash frequently? Whomever made those machines must be an idiot. It and the SCO database server were, without question, the most solid machines there. The Windows servers crashed fairly regularly (every few months my classroom server had to be rebooted, for example), but never the Unix ones.

GDI location
by Rayiner Hashem on Sat 30th Aug 2003 11:32 UTC

Putting the GDI in ring0 really doesn't buy you that much. A ring3 -> ring0 transition is still hugely expensive, which means that to get decent performance, you should be batching drawing calls. And if you're batching drawing calls anyway, you might as well make those buffers a little larger and put the GDI in a seperate process. This model works in the real world. In terms of raw drawing, XFree is a good bit faster than the GDI (the GDI isn't very fast anyway --- as of NT 4.0, it was faster to software draw into a buffer than than to render accelerated via GDI). What gets complicated in the seperate process case is synchronization and event handling and whatnot. However, very fast server-based GUIs like BeOS's and QNX's Photon show that the problem is just complicated, not unsolvable.

Now, putting the GDI in ring1 wouldn't be a good idea. Modern x86 processors suffer huge performance hits (500+ cycles on the P4) when switching between code segments. That's why they have special instructions (sysenter/sysexit) that do short-cut ring3 -> ring0 transitions. Also, segments are going away. In long mode, the x86-64 doesn't allow the use of the segmentation mechanism.

Linux
by Tony M on Sat 30th Aug 2003 16:36 UTC

What could be more secure and trim than a slimmed down gnu/linux (2.2 is secure) running the bare minimum and an ncurses based interface at an ATM.

That would be the most secure/stable combo I could think of.

quantify it
by Anonymous on Sat 30th Aug 2003 21:56 UTC

I'm an Engineer, I don't care about Apples vs Oranges. I care about "what is appropriate for the task", and it may well be Windows.

...
by Err on Sat 30th Aug 2003 22:09 UTC

""In the x86 platform, there are 4 rings available for operating systems, NT only uses Ring 0 and Ring 3, however, what about Ring 1 and 2? One could have easily placed the GDI into Ring 1. It would have been fast enough for the user not to notice (vs putting GDI into Ring 3 which happened in the 3.x series) whilst maintaining seperation from the kernel.

If one were to really push the envelop and put stability ahead of anything:

Ring 0: Kernel
Ring 1: Drivers
Ring 2: GDI
Ring 3: User Space

Ultimately there was a solution there, Microsoft just chose to ignore it.""

When using paging as your memory model instead of segmentation (Most modern OS on x86 use a flat memory model and paging, this effectively eliminates segmentation completely) pages are flagged as either Supervisor (Ring 0) or User (Ring 3). The other rings are ignored. The overhead, both in cycles and complexity, from using segmentation instead of paging to handle virtual memory is not insignificant, which is why paging is used. Besides which ring transitions take the same amount of time independent of which transition is being made, eg Ring 2 -> Ring 0 takes just as much time as Ring 3 -> Ring 0 because exactly the same steps have to be taken to change contexts.

Anyhow. Has anyone else noticed a tendency towards feature creep in the Linux kernel over the last few years? The kernel httpd might have gone, but there's other things that kinda tweak my interest as to why they are still in there.

As for the no crashing with X thing, that's just plain wrong. I, and probably others, have had X lock up the entire machine before due to buggy drivers (If I had another machine to connect to it on a network I could probably have killed X or something) the keyboard method described doesn't always work. Hasn't stopped me using Linux though :>.

Thank you for that. I need to sproose up my computer knowledge a bit.

Btw, how does Quartz work in relation to its location, aka, user or kernel? IIRC, isn't it like X and sits in user?

Ok, I have a story here...
by Chuck Hunnefield on Sun 31st Aug 2003 07:25 UTC

Years ago I used to work as a tech for a large consultant. Our biggest accounts were the local banks and boy were we busy. It was the mid-90's, and that was the go-go banking merger days. It wasn't just big banks swallowing up little banks anymore, it was big banks merging with just-as-big banks to form... Well... A HUGE mess for IT!

In one such disaster, our client (who I believe is now known as Wachovia), merged with a bank only slightly smaller than itself. Rather than take total control and have clear planning and strategy, upper management was for the most part left in place at the old firm. There was a LOT of resentment, but there was far more to come.

Shortly after this wonderful merger, they closed half their 'redundant' locations and 5,000+ people got laid off. The remainder was often shifted to new locations. Well, at least all the execs got healthy bonuses, eh?

Now here's where OS/2 actually enters into the picture. Understand that I was pretty new to the IT field at the time, and had never had a chance to see OS/2 in action before. It was truly humbling.

I had used Windows 95 since it was in beta, but it was primitive compared to what this bank was doing with OS/2. Remote updates - live, no reboots. True 32-bitness with great security. The interface was awesome, but more importantly, it fit into to everything the bank did perfectly. It was in the teller machines, the transaction servers, everything. Smooth, efficient, well thought out. Unlike my client's messy and slow 'solution'.

Our client's system was based on a Novell/Windows 3.1 deal - this in late 1996, mind you. Everything, and I mean everything was loaded from scripts from the network. Some of the clients networks were only running at 4 Mbit (Token Ring) - READ: SLOW. It could literally take 10-15 minutes to boot a client's computer from this network when it was busy.

Our job? Our job was to go to the merged bank's computers and replace those beautiful OS/2 setups with Windows 3.1 running completely off the network. The looks we got from those users were horrible. I always felt so terrible afterwards... "Just doing my job ma'am... Yeah, it usually takes this long on a Wednesday... Sorry about the desktop, corporate mandates the background logo..", etc.

But, even considering that these machines are, after all, supposed to be used for business, that would be fine if they'd WORK half the time! There was no end of network issues, not the least of which was the predictable stability of Windows 3.1.

I felt so sorry for those poor people. Being new in my career, I wasn't used to seeing such greed and stupidity effect so many lives and I simply didn't want to be a part of it anymore. Maybe converting users machines to Windows 3.1 isn't on the same moral plane as eliminating jobs for profit, but I felt like I was somehow contributing to the process and left soon afterwards anyway. I guess the geek in me simply couldn't stand being part of the inefficiency.

I'm not surprised that banks continue to use OS/2 and are reluctant to use Windows - I would be. I've spoken to many fellow IT people - some not even from this area who know all too well those troubled times in central PA's banking systems.

BTW, there is one more cynical reason why banks hold onto OS/2 - another helpful lesson I learned while working that job. A lot of banking execs continue to choose IBM networking equipment, servers, and OS's. They say it's because IBM is a well-known, very reliable company. I say, check out their stock portfolios...

So you have the answer ?
by MoronPeeCeeUSR on Sun 31st Aug 2003 15:05 UTC

Ultimately there was a solution there, Microsoft just chose to ignore it.

I'm going to just go with the assumption that David Cutler and the rest of the NT team know a little more about operating system design than you do.

no way
by Eightiesdude on Sun 31st Aug 2003 15:15 UTC

I installed os/2 warp 4 on a 486 once out of curiousity about the os. I was very surprised on how stable it was but of course a little behind in the times but stable it was. To later found out that os/2 runs certain teller machines etc. I was like wow. But to read that now they want to switch to windoze? Are they nuts? In my opinion that would be a ticking time bomb. Banks should run something like openbsd or linux not M$ tripe. If i found out my bank is running windows thats it I am going back to saving money somewhere else on my person. No way would I trust a bank running windows. They must be crazy i think the got used to os/2 and now they think all os are like os/2 man will they get a surprise.

Just wait...
by TheeOldeCrudge on Tue 2nd Sep 2003 03:19 UTC

Just wait for the next worm to show up, jump into a banks network and totally booger up all of their ATMs and workstations. Locally I've seen NT 4.0 up on the screens of the machines at The Royal Bank. Scary shite, lads, truly scary shite - make sure you have printed records of your bank accounts!

re: So you have the answer ?
by TheeOldeCrudge on Tue 2nd Sep 2003 03:23 UTC

I'm going to just go with the assumption that David Cutler and the rest of the NT team know a little more about operating system design than you do.

Definitely they have demonstrated that they can cobble up code with http://www.microsoft.com/security/security_bulletins/ms03-026.asp"&... better than the next guy...