lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: pwicks at oxygen.com (James Patterson Wicks)
Subject: lame b!tching about xpsp2

Barry,

	All references to command-line were in direct reference to
Devis' comment " . . nothing more and shows how the typical M$ user is
scared as hell of having ever one day to learn Unix, go through RFCs (
what for ? M$ don't even read em themselves ), and use the command
line."  

I was simply pointing out that teaching everyone command-line is
unreasonable.  A lot of *nix gurus forget that there are millions of
people out there who think a korn shell is something you use for tacos.
When you are an administrator dealing with servers and applications, you
are sometimes too far removed from the real user.  Managers and
designers have think like a user when it comes to making
enterprise-level decisions.  Normal users cannot (and will not) use
command-line in an office.  Add to that the fact that people not only
dislike change, they try to resist it, even if it's for their benefit.
These are a few of the human-factor elements that must be considered
when making a change within an enterprise.

Ok, your point on cost is correct.  If you wanted to train your staff to
use Mandrake 9 (we did a beta in the office), the training costs would
be considerably less, but learning a new GUI and office application
suite still requires training.  Remember that not everyone in the
company is comfortable with a computer to begin with.  If you have ever
worked at the Help Desk in a company, you would understand that there
are some really dense people out there.  Three years ago, migrating 500
users from Windows 98 to Windows 2000 took a month and several "training
lunches" to educate the user community on the differences in the
operating systems.  Did the IT department feel it was necessary?  Nope.
Did HR feel it was necessary?  They sure did, and they were right.  As a
whole, people have to be gently through a change, even the majority of
Windows 2000 users felt it was unnecessary.  Ask any CTO.  The human
element is a killer when it comes to enterprise-wide IT decisions.

The minimum training period to move some
slightly-above-minimum-wage-earning mailroom dude from Windows/Office to
Linux/Open Office is a one-week training period.  That still about $2500
per user.  Then you have to give your Help Desk staff extra aspirin for
the hundreds of "I used to do it this way in Word, how do I do it now"
questions that they will receive.  You can cut cost even further with
in-office training, but there comes a point where you just have to
concede that the costs and headache are not worth it.


-----Original Message-----
From: Barry Fitzgerald [mailto:bkfsec@....lonestar.org] 
Sent: Friday, August 13, 2004 3:18 PM
To: James Patterson Wicks
Cc: Full-disclosure
Subject: Re: [Full-Disclosure] lame bitching about xpsp2

James Patterson Wicks wrote:

James,

       Don't take this the wrong way, you've got a point in your e-mail 
here, but I'm going to call you on some FUD in your message.

>The business world cannot afford to "start from zero" and retrain tens
>of millions of workers who use Windows desktops every day.  The
business
>world needs secretaries to manage calendars and write memos, not learn
>command line syntax.  The business world needs lawyers who can sit down
>and knock out a brief in Word in a few minutes, not someone who needs
to
>learn a bunch of keyboard shortcuts in a command-line text editor.
Time
>is money, and it cost too much money to re-train a world of Windows
>users.
>
>  
>
"Unix is a command line..."  (repeated ad nauseum)

I love this argument.  As if those of us who argue for Free Software 
solutions want lawyers and sales associates to write memos in vi. 

(actually, I'm going to nix the pro-Unix argument because, frankly, 
"Unix" isn't the viable alternative, GNU/Linux is...)

GNU/Linux is not just a command line.  It's a full suite of 
applications.  Between Mozilla and Open Office you can do any business 
function in GNU/Linux that you can in MS Windows in the GUI.  In fact, 
I'd argue that there's more variance in the interfaces of MS apps 
between versions than there are between MS Apps and Free Software apps.


If you haven't looked at it in a while (I'm going to venture that you 
haven't -- otherwise you wouldn't be making the statements that you are 
regarding command-line editors) I'd suggest you try it again.


>The cost to send one of our lower-level sales associates to a one-week
>Unix class is between $2300 and $2500.  Add to that the man hours that
>you lose when the person is out for a week (40 hrs * $15/hr = $600).
>That's around $3000 for one class.  Who can learn command-line in one
>week?  Let's say that it takes two classes for the sales associate to
>become proficient enough to run *nix from the command line.  That's
>around $6,000 to learn a new OS.  Even if you went the freebie route
and
>installed all open-source OS and applications, what about the cost to
>have someone come in and install them?  Then you have the cost to train
>the sales associate on the new applications (another weeklong course
for
>$2000 + and salary).  Then you have data migration costs.  I
>conservative estimate would set the cost to move ONE employee from
>Windows to *nix would be around $10k.  Multiply that by the number of
>employees (with adjustments for salary) and a company of 300 and you
are
>talking over $3 million to move USERS to *nix.  This number does not
>even address the cost of data migration, retraining administrators and
>changing to *nix on the servers.  This number also does not calculate
>soft costs like loss of productivity during the migration, but you
>should get the point.  Unless you are starting up a business now, going
>with *nix can be incredibly cost prohibitive.  It's not about
>"stupidity" or someone getting their ego hurt, it's about the cost of
>doing business and remaining competitive.
>
>  
>
Those numbers are HIGHLY inflated.  You don't need to send your sales 
associates to Unix class anymore than you needed to send them to MS 
Windows class.  There goes over half of your $10,000 figure.  
Installation, re-tooling, and retraining your IT staff are legitimate 
concerns, though. 

There are definately issues to consider, but let's be realistic about 
things here and not go off the deep end, thanks.

             -Barry

p.s. Aren't we getting a bit off topic here?  I love a good FUD fight 
just like anyone else... but this should probably get back on topic.

OK - how about the cost of having your infrastructure overtaken by 
crackers?  How much would that cost a fortune 1000 company?  If you said

"more than the inflated migration numbers I cited above" -- then you're 
right.








This e-mail is the property of Oxygen Media, LLC.  It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@...gen.com and destroy all electronic and paper copies of this e-mail.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ