The title of this blog post will be a scandal in many people’s eyes; however, I will justify what I mean later in this post.
In the technical circles there are many that continually bash the big commercial software companies, Microsoft, Apple, Adobe and so on for producing software that contains bugs and security flaws and to some extent rightly so, in an ideal world software that is released should be perfect, however, this is almost impossible to achieve.
I am recently recovering one of my servers for another hack, and as you may have gathered from the subject of this post, this server was not a Windows server but a Debian Linux software. While trawling through the logs trying to find how and where they got in, I started to think, I have four dedicated servers, two Microsoft (windows 2000 and windows 2003) and two Linux (Debian and Ubuntu 8.x), and you know what, the Linux boxes have been hacked more times than I care to count and to date the windows boxes have never been hacked, they have been subjected to a denial of service attack (DOS) but never actually hacked.
This is not due to the use of the servers either; all my servers are used for similar things, indeed the windows boxes host more websites in total than the Linux ones.
You are going to come back and tell me that with the move to Ubuntu, Debian is no longer recommended or being actively developed, and that Ubuntu 8.x is old, and you would be completely right, however, Windows 2000 is 10 years old, much older than the version of Debian I am using and is in much the same situation. One can not be expected to move hundreds of websites simply to upgrade from a distro that the open source community has chosen to drop.
As a project manager on a large software development project (circa £3 million) I know very well the problems faced by software companies in producing fault free software. The amount of times that we have released a new version of our software only to find that a change to feature Z has actually broken something in feature A that we developed 3 years ago. It is the inherent problem with large software projects, to maintain the balance between testing and actually getting to the software released.
Risk management is key, we operate a system where the company critical aspects of the software have more rigorous testing than those within the bells and whistles functions that if broken would not jeopardies the running of the company.
I therefore recognise the difficulties faced by both software companies and the open source community; however, in our little software development team we have to answer to the company board as to why we have released buggy software, fortunately for us our Managing Director understands these difficulties.
Open source software has no commercial liability
Open source software has no commercial liability to keep it in check, by this I mean that the large software companies such as Microsoft have a commercial standing to maintain, share holders to answer to and balance sheets to tally. If they release bad software, all that is put into jeopardy, their commercial standing is damaged and as such they will do everything in their power to ensure that their software is as faultless as possible, and when faults are found that they patch them.
Open source software has no such commercial checks to keep it in line, and the very nature of community development results in a free for all in development with no management or corporate responsibility keeping it in check. This results in software that maybe fantastically feature rich and cleaver but just does not deliver the secure and stable environment now let alone in the future when the community chooses at a whim to drop that particular distro.
As both an web master and web host security is the most important aspect of my business. Down time for servers costs money, I am therefore considering my strategic position at this time.
It is something that I have often said, open source is not free, and perhaps the cost of the windows server license is actually worth it in comparison to the cost of the down time.
Simply because it is free just does not cut it anymore, if Linux and open source are to get to the standing that they want to, if they are to take a larger proportion of the desktop market, if they are to continue to establish themselves in the web hosting and server industries they need to become rather more commercially aware and commercially structures to deliver the stable secure systems that corporations and business require.
Related posts:
- Disk Space Monitor Bash Script For Linux Having setup the media storage and samba shares on the network at home, I do loose some control via windows of monitoring the space left...
- Open House For Viewings Saturday 28th May We are having an open house for viewings at our property on Belvedere road in Hessle, Saturday 28th May between 2pm and 4pm. If you...
- House For Sale Open Day Belvedere Road In Hessle West Hull We are holding an open day at hour house that is for sale in Hessle, West Hull, East Yorkshire. If you are looking for a...
- Home Computer Network Finally Finished Recently I have posted about my tribulations with setting up my perfect network at home. A quick re-cap is that we have two Windows Media...
