lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: lame bitching about xpsp2

James Patterson Wicks wrote:

James,

       Don't take this the wrong way, you've got a point in your e-mail 
here, but I'm going to call you on some FUD in your message.

>The business world cannot afford to "start from zero" and retrain tens
>of millions of workers who use Windows desktops every day.  The business
>world needs secretaries to manage calendars and write memos, not learn
>command line syntax.  The business world needs lawyers who can sit down
>and knock out a brief in Word in a few minutes, not someone who needs to
>learn a bunch of keyboard shortcuts in a command-line text editor.  Time
>is money, and it cost too much money to re-train a world of Windows
>users.
>
>  
>
"Unix is a command line..."  (repeated ad nauseum)

I love this argument.  As if those of us who argue for Free Software 
solutions want lawyers and sales associates to write memos in vi. 

(actually, I'm going to nix the pro-Unix argument because, frankly, 
"Unix" isn't the viable alternative, GNU/Linux is...)

GNU/Linux is not just a command line.  It's a full suite of 
applications.  Between Mozilla and Open Office you can do any business 
function in GNU/Linux that you can in MS Windows in the GUI.  In fact, 
I'd argue that there's more variance in the interfaces of MS apps 
between versions than there are between MS Apps and Free Software apps.  

If you haven't looked at it in a while (I'm going to venture that you 
haven't -- otherwise you wouldn't be making the statements that you are 
regarding command-line editors) I'd suggest you try it again.


>The cost to send one of our lower-level sales associates to a one-week
>Unix class is between $2300 and $2500.  Add to that the man hours that
>you lose when the person is out for a week (40 hrs * $15/hr = $600).
>That's around $3000 for one class.  Who can learn command-line in one
>week?  Let's say that it takes two classes for the sales associate to
>become proficient enough to run *nix from the command line.  That's
>around $6,000 to learn a new OS.  Even if you went the freebie route and
>installed all open-source OS and applications, what about the cost to
>have someone come in and install them?  Then you have the cost to train
>the sales associate on the new applications (another weeklong course for
>$2000 + and salary).  Then you have data migration costs.  I
>conservative estimate would set the cost to move ONE employee from
>Windows to *nix would be around $10k.  Multiply that by the number of
>employees (with adjustments for salary) and a company of 300 and you are
>talking over $3 million to move USERS to *nix.  This number does not
>even address the cost of data migration, retraining administrators and
>changing to *nix on the servers.  This number also does not calculate
>soft costs like loss of productivity during the migration, but you
>should get the point.  Unless you are starting up a business now, going
>with *nix can be incredibly cost prohibitive.  It's not about
>"stupidity" or someone getting their ego hurt, it's about the cost of
>doing business and remaining competitive.
>
>  
>
Those numbers are HIGHLY inflated.  You don't need to send your sales 
associates to Unix class anymore than you needed to send them to MS 
Windows class.  There goes over half of your $10,000 figure.  
Installation, re-tooling, and retraining your IT staff are legitimate 
concerns, though. 

There are definately issues to consider, but let's be realistic about 
things here and not go off the deep end, thanks.

             -Barry

p.s. Aren't we getting a bit off topic here?  I love a good FUD fight 
just like anyone else... but this should probably get back on topic.

OK - how about the cost of having your infrastructure overtaken by 
crackers?  How much would that cost a fortune 1000 company?  If you said 
"more than the inflated migration numbers I cited above" -- then you're 
right.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ