Comments on: Novell News Summary – Part II: SUSE Studio and BridgeWays, Novell’s Proprietary Side Also

By: JohnD

JohnD — Mon, 12 Oct 2009 00:18:01 +0000

You might very well be correct about proprietary not being safer, but you may also be incorrect. The fact is – you don’t know, nor does anyone else. Personally I would use your statement above to support secret/proprietary software when creating security solutions. I’d rather have a program with a hundred holes no one can find than a program that has just 1 that everyone knows about.
Humans are imperfect creatures, hence all of our creations are flawed as well. All software will have holes,bugs etc there’s no way around it. The industry needs FOSS just as much as it needs proprietary.

By: Roy Schestowitz

Roy Schestowitz — Sun, 11 Oct 2009 23:59:07 +0000

Vulnerabilities are less frequently found in proprietary software because it’s secret. But it doesn’t mean it’s the real number of vulnerabilities (nor that it’s safer).

By: JohnD

JohnD — Sun, 11 Oct 2009 23:48:12 +0000

Please Roy let’s not do the semantics dance. Yes your statement is factual, I never said it wasn’t. It also leads the uninformed reader to draw an erroneous conclusion. Based upon what you’ve written the average person would infer that New York is making a bad decision for one of 3 possibilities:
A: The software has more than one vulnerability.
or
B: It’s proprietary
or A & B
Adding to your statement that the new vulnerability is only the 4th one found this year would also be correct, but would lead the reader to a different conclusion wouldn’t it?

By: Roy Schestowitz

Roy Schestowitz — Sun, 11 Oct 2009 22:58:34 +0000

I didn’t slam it. I wrote: “New York is to rely on Novell for security just as another vulnerability is found in Novell eDirectory, which is proprietary.”

That’s factual.

By: JohnD

JohnD — Sun, 11 Oct 2009 22:44:41 +0000

Let’s see, I’m defending eDirectory so one might conclude that’s my suggestion. It’s by far the most secure and mature offering out there. I realize I’ll be labeled a “traitor” to the movement, but there somethings in life that are worth paying money for and security is one of them in my opinion. While I am always impressed by the Linux project and how well it works – it’s not perfect. I give kudos to the community for quickly they work to patch holes etc, but I will always believe that to truly make products secure out of the gate you will need a group of people paid to make it that way. I know that many will say that by keeping it open you will get many more eyes looking for problems which is true. Even with all those eyes we keep finding holes in Linux. In the past Novell was able to market an incredibly secure product in Netware and even eDirectory without having all those eyes helping. If the IT industry is going to thrive again – there needs to be room for both ideologies.
Your attempt to slam eDirectory was a poor one.

By: Roy Schestowitz

Roy Schestowitz — Sun, 11 Oct 2009 22:16:25 +0000

Why don’t you recommend something then?

Most existing alternatives are also proprietary.

http://www.esyndicat.com/
http://www.phplinkdirectory.com/articlescript/index.php
http://www.phplynx.com/

By: JohnD

JohnD — Sun, 11 Oct 2009 22:07:00 +0000

Are you seriously trying to compare eDirectory to Samba4? You’re the one who constantly pans MS for touting products that aren’t even in stable form and here you are doing the same thing. BTW – Samba just ties into AD and provides an LDAP – hardly equating apples to apples. Of course you’re right in that it doesn’t have any security holes – yet. But Samba 3.x has 4 in 2009 and we won’t go into all the things it CAN’T do compared to eDirectory or AD.

By: Roy Schestowitz

Roy Schestowitz — Sun, 11 Oct 2009 21:56:10 +0000

Well...

By: JohnD

JohnD — Sun, 11 Oct 2009 21:50:44 +0000

What does that have to do with anything? eDirectory runs on several different host OS’s which in and of itself creates problems. You’re trying to make it sound like NY is making a mistake because they are switching to product that has a whopping 4 security issues this year. I also noticed you haven’t clued your readership into your preferred FOSS alternative to eDirectory/Active Directory.

By: Roy Schestowitz

Roy Schestowitz — Sun, 11 Oct 2009 00:13:17 +0000

Linux is a lot larger than eDirectory.

By: JohnD

JohnD — Sun, 11 Oct 2009 00:06:55 +0000

Oh please! Check out the Secunia site for the advisory statistics for eDirectory – only 4 for 2009 and a whopping 10 for 2008. Your beloved NONPROPRIETARY Linux kernel 2.6.x has 31 so far in 2009 and 23 in 2008. Looks to me like the city of NY made a smart choice.