|
Sponsored Links
Resources
.NET Research Library
Get .NET related white papers, case studies and webcasts
|
News
News
News
|
Messages: 34
Messages: 34
Messages: 34
Printer friendly
Printer friendly
Printer friendly
Post reply
Post reply
Post reply
XML
XML
XML
|
 |
SQL Server 2005: Pricing and Open Source
Microsoft has released the pricing model for SQL Server 2005 for all editions including the MSDE replacement Express edition. Also in the news is a statement by Tom Rizzo, Product Manager for SQL Server 2005 that Microsoft is considering, based on customer demand, open sourcing SQL Server 2005.
The pricing breakdown is as follows:
- Enterprise Edition $25,000/processor
- Standard Edition $6,000/processor
- Workgroup Edition $3,899/processor
- Express Edition FREE
Note that the new Intel and AMD dual core processors will count as one processor for Microsoft licensing. Microsoft will also not charge separate fees for SQL Server instances used for passive cluster nodes, backup servers, or hot standby servers.
During an interview, Tom Rizzo said that Microsoft might release SQL Server 2005 as part of its Shared Source License.It's not finalized. It's not anything there, but if a lot of customers demand it, we'll definitely look at doing shared source with SQL Server Tom states that the while most users won't change the code, that many will get a "warm feeling that there are no back doors, no security violations".
Read more about the Tom Rizzo Interview on CNET
|
|
|
Message #158568
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Shared Source != Open Source
Shared Source is not OpenSource.
You cannot freely reuse it. You cannot change it. Only look, and even this is for money.
|
|
|
Message #158618
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Terrible Mistake?
Publishing Microsoft SQL 2005 as open source would lead to a huge increase in hacking, and successful hacking. Making SQL 2005 open source does exactly what? What is gained by doing so? Remember, open source doesn't mean "FREE", it just means that you can see the source. And publishing the source to essentially what we all struggle to keep secure isn't very wise in this mans opinion ....
|
|
|
Message #158620
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
What about Small Business Server
There were no comments regarding SBS standard and premium editions. Any idea of pricing and features for SQL in new SBS?
|
|
|
Message #158621
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
I don't think SQL 2005 is in the next version of SBS
The info I gto from the MS Connections seesion is that the new version os ISA is in but not the new version of SQL.
|
|
|
Message #158624
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
What about Reporting Services
There are signifigant improvements to reporting services in sql 2005. What is the pricing for that or is it included in the sql pricing? Also how much of the reporting is avaliable in the express free version?
|
|
|
Message #158641
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Shared Source != Open Source
I'm not sure exactly what the precise definition of "Open Source" is, or if it's even been set by any formal governance body. For the title of this article, I was mostly quoting the CNET interview, and so I'll leave the title the same.
However, the Shared Source License does not allow for modifications to the code and it does not allow for "derivitive works" aka extending the product and reselling it. I think the reason Microsoft was considering "shared sourcing" it is to give those customers who would feel better seeing the code a chance to confirm that it's solid and secure.
I however agree with Mike, that exposing your source code will just lead to hacks. No way has Microsoft thought of everything and SQL Server is just too juicy a target to pass up.
|
|
|
Message #158643
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Reporting Services and SBS Info
I'm checking into this and will get an answer for you asap.
|
|
|
Message #158652
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Shared Source != Open Source
I'm not sure exactly what the precise definition of "Open Source" is, or if it's even been set by any formal governance body.
http://www.opensource.org/
The Open Source Initiative has a formal definition. All the licenses it features have to meet certain criteria to be considered "open source." As you stated, the Shared Source License does NOT meet this criteria.
|
|
|
Message #158663
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
It is obvious....
Shared source is not open source (http://opensource.planetjava.org/advocacy/shared_source.php). So what. Shared source is still useful. MS has done open source stuff with WTL and WIX. But come on wouldn't you want to make some money if you created one of the best database systems in the world?
<shameless_plug>
If you want a run down on the licenses go get my book Open Source .Net development and look at the chapter on licensing. :)
</shameless_plug>
|
|
|
Message #158680
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Are you quite sure?
Publishing Microsoft SQL 2005 as open source would lead to a huge increase in hacking, and successful hacking....
This statement seems at odds with one of the fundamental ideals of Open Source: more eyes = better code. (In this case, "better" includes "more secure".) Following your line of reasoning, Linux should be a very easy hacking target, but this doesn't seem to be the case.
Please to explain your line of thought...
best,
assmund
|
|
|
Message #158682
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Are you quite sure... Well pretty much
Many eyes on source code does not necessarily mean safer software. There is no empirical evidence supporting this, just suppositions and conjecture.
The reason that Linux hasn't been seriously hacked is the same reason that Microsoft so often is. Marketshare. As a hacker, why would I want to spend my time finding a hack in an OS that a relatively low percentage of people use. On the reverse side, Windows because of it's popularity is a HUGE target, therefore it is targeted by hackers more often.
SQL Server, while it doesn't carry the marketshare that Oracle does, would still be a significant target by virtue of the number of websites that use SQL Server as a backend. Oracle on the other hand is used less often as a web backend and more as a mission critical database infrastructure within corporations (IMO, I have no real evidence to support this other than my experiences). By placing the Oracle database within the enterprise firewall it is a much more difficult target.
What IS interesting is Tom Rizzo's statement that showing the source code might make customer's feel "warm" about the stability and security of SQL Server 2005 while Steve Ballmer clearly has stated that access to source code leads to less safe products.
|
|
|
Message #158700
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Are you quite sure?
This statement seems at odds with one of the fundamental ideals of Open Source: more eyes = better code. (In this case, "better" includes "more secure".)
Your question is your answer, if "more eyes = better code = more secure" then publishing it means folks will peruse the code and find weaknesses they might and probably wouldn't have ever found. But when this weakness if found and publish on some site, for 6 months or more we wait on a patch while our database is corrupted and or stolen.
Honestly, more eyes = more secure? if so why would you do it publically in front of the hacking community? Your argument is old and doesn't hold water. Open source isn't more secure, we use the PHPBB forums and believe me, that system is under constant attack (and hacked successfully time and time again) because it is open source.
|
|
|
Message #158702
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Are you quite sure... Well pretty much
Paul,
The reason that Linux hasn't been seriously hacked is the same reason that Microsoft so often is. Marketshare
Mmhhh, I think something is wrong here. Applying that reasoning, Apache would be the web server more hacked, don't you think? Also, Linux is the playground for hackers. It's the place you learn how to hack. It's easier than in Windows, because you can have acces to the sources.
SQL Server, ... would still be a significant target by virtue of the number of websites that use SQL Server as a backend. By placing the Oracle database within the enterprise firewall it is a much more difficult target.
Dear Paul, using a database as a web site backend doesn't mean you expose it to the internet, nor it should stand in front of the firewall. Again, applying that reasoning: since more sites use Apache as web server, and MySQL as backend, then MySQL would be heavily hacked. I agree MS products are a more palatable target for hackers, but I feel MS has (ab)used it as a poor excuse for not paying enough attention to security.
And let's use the common acceptance of the open source term: something you can freely see. And with shared source you can't freely see. On purpose, I ommited the phrase "freely use", because there are even in open source some restrictions.
Cheers.
|
|
|
Message #158743
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Are you quite sure... Well pretty much
There is no empirical evidence supporting this, just suppositions and conjecture.
No Empirical evidence...
If there is one thing, there is emperical evidence.
Apache, with more that 3 times the number of internet facing sites (netcraft) doesnt have anywhere near the number of widespread attacks that IIS has...
I will agree with you that "many eyes make safe code" isnt a maxim that always holds true. Its possible - but its not guaranteed.
Similarly, closed software might be more secure because of fewer prying eyes - but it is certainly not guaranteed.
Its also an interesting theory you have about why Oracle, though greater in market share, has had fewer attacks than SQL Server... (since market share is oft-touted as the defence of why so many microsoft products are hacked)
But in fact, I know that many of the biggest web sites are backed by Oracle - and I dont know of any serious internet facing sites that have the database server on the internet - or even in the 1st DMZ... (and in our case, not even in the 2nd DMZ...)
Ultimately, the empirical evidence would suggest that:
a) Open Source is not inherantly dangerous or vulnerable
b) Closed Source isnt inherantly safe.
There is some interesting reading on security myths here.
-Nick
|
|
|
Message #158754
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Are you quite sure... Well pretty much
Applying that reasoning, Apache would be the web server more hacked, don't you think? One would think... but then again, I didn't mention Apache or web server software. But in this case I would concede that Apache may in fact be more secure than IIS. But back to the OS discussion...
The fact that hackers enjoy Linux (and this is a selling point for Linux?) doesn't really have any bearing on who they target. If you're going to steal it makes more sense to rob a real bank, not a piggy bank even though you have one at home to practice on.Dear Paul, using a database as a web site backend doesn't mean you expose it to the internet, nor it should stand in front of the firewall. Pardon the phrase but... Duh! However, using a database as a backend to a web server DOES mean that it's accessible to a public facing system and therefore less secure. Otherwise we wouldn't be seeing so many SQL Injection attacks. Hijack the web server and you can get to the database.I agree MS products are a more palatable target for hackers, but I feel MS has (ab)used it as a poor excuse for not paying enough attention to security. What software company in the world has done more in the area of securing their products than Microsoft? This argument is dated and based on assertions made about Windows 95, not XP SP2. The only difference is now there's a loud minority screaming bloody murder any time the slightest permutation of a security flaw is discovered. And when do they scream? AFTER the hole has been fixed when the patch announcements come out. There have been flaws in Linux too, so why doesn't anybody scream about those? Because the majority of people, the ones who run Windows, just don't care.
What's more people don't seem to understand how completely unsafe web browsing is. So let's take away the browser's CSS colored view of the world and look at what web browsing really means.
Every day (you're doing it now), we hook into an enormous network of computers located all over the world. Some of those computers are owned by reputable people and some aren't. We then access those other machines, usually over unencrypted transports, and then willfully and with a complete disregard for our own security execute instructions from that distant machine ON OUR COMPUTER, in our network. Of course that's not going to be safe. But why blame Microsoft when it was us who downloaded the special viewer from SpankMe.com or the file "sharing" utility to "borrow" copyrighted material. No browser or operating system in the world can fully protect itself from users who actively navigate an unknown network to unknown servers run by unknown people and execute unknown instructions. The only way to be completely safe is to stay off the Internet.
But since we are all unlikely to do that, I'd put Windows XP SP2 or Windows Server 2K3 up against Linux any day. In fact, Gartner did just that.
Now, for those of you ready to label me as a Microsoft mouthpiece, you should know that I started out my illustrious career doing development in OS/2 and then (brace yourself) Solaris and Netscape iPlanet Servers accessing Oracle before eventually moving to Java and Dynamo. And I like many of my colleagues loved to spend an evening bashing Microsoft and their products. But since those days, I have actually taken the time to learn the Microsoft toolsets and get to know many of the people at Microsoft. My opinion has changed as the times have changed and as the products have changed. The Microsoft of today is not the same as it was 5 years ago.
|
|
|
Message #158758
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Are you quite sure... Well pretty much
Apache, with more that 3 times the number of internet facing sites (netcraft) doesnt have anywhere near the number of widespread attacks that IIS has...
See earlier reply about not speaking specifically of web server software OR of databases exposed to the internet.
Many of the biggest web sites may be backed by Oracle (not sure who or where but I'd assume that this is probably the case) but I believe that there are in fact more total websites running using SQL Server than Oracle.
|
|
|
Message #158762
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Are you quite sure... Well pretty much
Many eyes on source code does not necessarily mean safer software.There is no empirical evidence supporting this, just suppositions and conjecture. Absence of evidence is not evidence of absence. In other words, just because there's no evidence doesn't mean it's *not* true just the same. There is neither any evidence that closed source software is "safer". We'll both have to wait until there is sound data. (And I won't hold my breath: MS won't soon be releasing software quality metrics.)
The reason that Linux hasn't been seriously hacked is the same reason that Microsoft so often is. Marketshare. I can think of other interpretations: maybe hacking MS is a lot easier than hacking Linux; or maybe more people have it in for MS than for Linux.
As a hacker, why would I want to spend my time finding a hack in an OS that a relatively low percentage of people use. Why hack Linux? I'd rather try to hack a safe than a child's piggy bank, both for the challenge or for the hacking community prestige. Besides, that "low percentage of people" includes growing numbers of banks, hospitals, financial institutions, schools, websites, etc. There's lots of valuable data stored on open source systems too.
Steve Ballmer clearly has stated that access to source code leads to less safe products. Can you think of any other reasons Mr. Ballmer would speak out against open source software?
|
|
|
Message #158765
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Are you quite sure?
Your question is your answer, if "more eyes = better code = more secure" then publishing it means folks will peruse the code and find weaknesses they might and probably wouldn't have ever found. Is it a good thing for security flaws to hide for years in critical software? Wouldn't you rather have flaws found, exploited and fixed sooner, creating more secure software in the long run?
Open source isn't more secure, we use the PHPBB forums and believe me, that system is under constant attack (and hacked successfully time and time again) because it is open source. How do you know that your system is under attack because it is open source? Can you prove this? And if your system is hacked "time and time again," isn't it time you switched to another system?
But when this weakness if found and publish on some site, for 6 months or more we wait on a patch while our database is corrupted and or stolen. This comment is priceless. If you had used truly open source database software, you'd have your patch within a day or two, not six months. MS has never been known for speedy resolutions to security flaws.
|
|
|
Message #158782
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Are you quite sure... Well pretty much
Paul,
I feel you're overreacting. Perhaps because of the tone on my former post (English is not my mother tonge but Spanish is, but I try hard to communicate in your language). From my point of view, there are many missunderstandings.
But in this case I would concede that Apache may in fact be more secure than IIS. But back to the OS discussion...
Sorry, I thought it was about SQL server discussion, then I made a comparison with Apache, and then ....
The fact that hackers enjoy Linux (and this is a selling point for Linux?)
1. I didn't imply it's a Linux selling point
2. What I said was that Linux is a hackers' playground. What I meant is that Linux is actually a dangerous thing to chose if one is not as able as the hackers
3. I think you took it as a pro-Linux statement
If you're going to steal it makes more sense to rob a real bank, not a piggy bank even though you have one at home to practice on.
One of my customers is a major securities intitution in Mexico. They are migrating things to a new IBM's mainframe with Suse Linux. It's not a "piggy bank". OTOH it doesn't mean Linux is higher, stronger, speedier or better that Windows. OK?
Dear Paul, using a database as a web site backend doesn't mean you expose it to the internet, nor it should stand in front of the firewall. Pardon the phrase but... Duh! However, using a database as a backend to a web server DOES mean that it's accessible to a public facing system and therefore less secure. Otherwise we wouldn't be seeing so many SQL Injection attacks. Hijack the web server and you can get to the database.
You said before:
(SQL Server)would still be a significant target by virtue of the number of websites that use SQL Server as a backend.
I attacked that assertion before because I disagree with it. But I don't disagree because think that open source tools are better. I said:
using a database as a web site backend doesn't mean you expose it to the internet, nor it should stand in front of the firewall. Again, applying that reasoning: since more sites use Apache as web server, and MySQL as backend, then MySQL would be heavily hacked
Paul, I think this is a forum were many people comes to learn. If we imply that by using X or Y product technology they're will be safe, I think we're doing wrong. It doesn't matter if I use Apache/IIS, SQL Server/MySQL, if I develop things poorly, then I will suffer SQL injection attacks. It doesn't depend on the marketshare, or if it is commercial or not.
I agree MS products are a more palatable target for hackers, but I feel MS has (ab)used it as a poor excuse for not paying enough attention to security. What software company in the world has done more in the area of securing their products than Microsoft? This argument is dated and based on assertions made about Windows 95, not XP SP2.
That assertion Paul was made in spite of things made wrong before XP SP2. Again, it doesn't mean MS products are inherently bad, there are good MS products and very smart people there, and they have very intelligent users, but a number of things were terribly implemented, and now they require to invest an amount of money proportionally big as
But why blame Microsoft when it was us who downloaded the special viewer from SpankMe.com or the file "sharing" utility to "borrow" copyrighted material.
I didn't blame MS for anything. At least have the courtesy of say "Why *people*"
No browser or operating system in the world can fully protect itself from users who actively navigate an unknown network to unknown servers run by unknown people and execute unknown instructions. I'd put Windows XP SP2 or Windows Server 2K3 up against Linux any day. In fact, Gartner did just that.
That's the kind of "proofs" I think we shouldn't use in this forums instead of technical advise. Gartner also said "Dump IIS in favor of Apache". I didn't tell any of my customers "Dump all your applications"
Now, for those of you ready to label me as a Microsoft mouthpiece,
I didn't labeled you as that. Tell me where and for sure I will apologize. Otherwise, I'll have to ask you to not put words on my mouth.
Paul, I think you're a smart person. Perhaps you had a bad day, or got upset because you were flamed in other messages.
Javier
|
|
|
Message #158789
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Are you quite sure?
Honestly, more eyes = more secure? if so why would you do it publically in front of the hacking community? Your argument is old and doesn't hold water. Open source isn't more secure, we use the PHPBB forums and believe me, that system is under constant attack (and hacked successfully time and time again) because it is open source.
Mike,
I think both commercial and open source products are under constant attack, not because you use open source/closed source. I'd make a call to really fulfill sys admin functions and to really put care when developing applications. I find myself trying to convince people of this idea either in open source forums (where people gets upset if you tell them there are problems with open source products) and in this forums, where some people thinks open source is bad (or evil)
I guess less than 1% of open source projects worth it. Most of them are poorly developed. And some of them are from regular projects to very good projects. weshouldn't generalize... ups, I just did that with my estimate figures :-o
Bottom line, I agree with you: more eyes doesn't mean it's more secure as as rule of thumb.
Cheers
|
|
|
Message #158791
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Are you quite sure... Well pretty much
Arrrgghhhh! No preview mode and not enough caffeine, bad combination. Here goes again my rant.
Paul,
I feel you're overreacting. Perhaps because of the tone on my former post (English is not my mother tonge but Spanish, but I try hard to communicate in your language). From my point of view, there are many missunderstandings.
But in this case I would concede that Apache may in fact be more secure than IIS. But back to the OS discussion...
Sorry, I thought it was about SQL server discussion, then I made a comparison with Apache, and then ...
The fact that hackers enjoy Linux (and this is a selling point for Linux?)
1. I didn't imply it's a Linux selling point
2. What I said was that Linux is a hackers' playground. What I meant is that Linux is actually a dangerous thing to chose if one is not as able as the hackers
3. I think you took it as a pro-Linux statement.
If you're going to steal it makes more sense to rob a real bank, not a piggy bank even though you have one at home to practice on.
One of my customers is a major securities intitution in Mexico. They are migrating things to a new IBM's mainframe with Suse Linux. It's not a "piggy bank". OTOH it doesn't mean Linux is higher, stronger, speedier or better that Windows. OK?
Dear Paul, using a database as a web site backend doesn't mean you expose it to the internet, nor it should stand in front of the firewall. Pardon the phrase but... Duh! However, using a database as a backend to a web server DOES mean that it's accessible to a public facing system and therefore less secure. Otherwise we wouldn't be seeing so many SQL Injection attacks. Hijack the web server and you can get to the database.
You as editor should have the courtesy of conceding some intelligence to the users of the forum. You said before:
(SQL Server)would still be a significant target by virtue of the number of websites that use SQL Server as a backend.
I attacked that assertion before because I disagree with it. But I don't disagree because think that open source tools are better or have no basic knowledge on web apps design. I said:
using a database as a web site backend doesn't mean you expose it to the internet, nor it should stand in front of the firewall. Again, applying that reasoning: since more sites use Apache as web server, and MySQL as backend, then MySQL would be heavily hacked
Paul, I think this is a forum were many people comes to learn. If we imply that by using X or Y product technology they will be safe, I think we're doing wrong. It doesn't matter if I use Apache/IIS, SQL Server/MySQL, if I develop things poorly, then I will suffer SQL injection attacks. It doesn't depend on the marketshare, or if it is commercial or not.
I agree MS products are a more palatable target for hackers, but I feel MS has (ab)used it as a poor excuse for not paying enough attention to security. What software company in the world has done more in the area of securing their products than Microsoft? This argument is dated and based on assertions made about Windows 95, not XP SP2.
My assertion Paul was made in spite of things made wrong before XP SP2. Again, it doesn't mean MS products are inherently bad, there are good MS products and very smart people there, and they have very intelligent users, but a number of things were terribly implemented, and now they require to invest an amount of money proportionally as big as their previous mistakes. What software company in the world sells as much as MS? For me is obvious that they have to invest a lot in many things.
But why blame Microsoft when it was us who downloaded the special viewer from SpankMe.com or the file "sharing" utility to "borrow" copyrighted material.
I didn't blame MS for anything. At least have the courtesy of say "Why *people* blame MS?"
No browser or operating system in the world can fully protect itself from users who actively navigate an unknown network to unknown servers run by unknown people and execute unknown instructions.
I fully agree
I'd put Windows XP SP2 or Windows Server 2K3 up against Linux any day. In fact, Gartner did just that.
That's the kind of "proofs" I think we shouldn't use in these forums instead of technical advise. Gartner also said "Dump IIS in favor of Apache". Do you rememeber? I didn't tell any of my customers "Dump all your ASP applications"
Now, for those of you ready to label me as a Microsoft mouthpiece,
I didn't labeled you as that. Tell me where and for sure I will apologize. Otherwise, I'll have to ask you to stop putting words on my mouth.
Paul, I think you're a smart person. Perhaps you had a bad day, or got upset because you were flamed in other messages. There's no need to be defensive, but the same arguments you're using to defend SQL Server/Windows/whatever are those that I've seen to defend MySQL/Linux/whatever. And yes, people in open source forums have fell attacked by me because I told them there are gooid things in the commercial side and bad things in the open source side.
Good bye and have a nice day
Javier
|
|
|
Message #158826
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
IIE is 4-5 times more common than Apache
"Apache, with more that 3 times the number of internet facing sites (netcraft) doesnt have anywhere near the number of widespread attacks that IIS has..."
This is one of the most idiotic persistent urban myths around. Netcraft include hundreds of thousands of computers were up to 1000 IP numbers share a single install of Apache. In fact IIE is 4-5 times more common than Apache in installations counted, companies that have their own server.
That Open Source has quoted this statistic so many times only show two things,
1) Their intellectual level – discernment so to speak - is not on par .
2) They must be really desperate.
Or maybe it can be chalked down to "wishful thinking?"
"The reason that Linux hasn't been seriously hacked is the same reason that Microsoft so often is. Marketshare."
That is true but only part of the truth. There is an international lynch mob against Microsoft around the world based on hate and envy. Also a lot of unix users spent their time trying to discredit MS. That is proven by what happened to SCO,
But the Gartner study is only one of many reports that Linux has more server security breaches that Windows. (35 per week right now I believe)
"Everything that does not kill you make you stronger"
Nietze is right.
Regards
Rolf Tollerud
|
|
|
Message #158950
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Not aiming directly at you
Javier,
My reply to your post wasn't directly specifically at you and yes, I was overreacting a bit, mostly because I enjoy the debate with those who hold Linux as being something more spiritual or moral instead of just lines of code that will be mostly forgotte in 10 years anyway (as will all of today's software). I did apparently misunderstand your statements about Linux being a hacker's playground, I believed you considered that a good thing. My mistake.
Rest assured that there are not nor would there ever be any hard feelings for you or anybody else telling me they think I'm an idiot. Often I am. :-) Also know that the only times I will tend to express my opinion on the site, I do so as just another reader, not the Editor.
|
|
|
Message #158966
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
IIE is 4-5 times more common than Apache
>>This is one of the most idiotic persistent urban myths around<<
It's not a myth. It's true. The fact is IIS WAS an insecure webserver until IIS. There seems to be enough evidence out there to support tha fact that IIS6 currently is a more secure webserver than the latest incarnation of Apache.
|
|
|
Message #158988
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
"It's not a myth. It's true"
Is that so.
Why don't you give some link or other evidence? And please do not cite Netcraft. Netcraft counts a computer with a single Apache installation and 1000 IP addresses as 1000 Apache installations. Besides, ISP hosting does not contain serious web applications, only companies that have their own server should count.
Microsoft Leads Port80 Web Server Study
According to that survey, 53.5 percent of the sites surveyed ran Microsoft IIS. This was more than double the 19.3 percent running Apache.
It seems reasonable to extrapolate that there are 4-5 times as many IIS servers if you take into account all companies that has their own server, not only the top 1000 corporate Web sites. (As MS traditionally has been stronger in the small to midsize market).
Regards
Rolf Tollerud
|
|
|
Message #159102
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Not aiming directly at you
No hard feelings Paul from my part!!!
Being assured about your position and feelings, I feel more compelled to participate.
Cheers
Javier
|
|
|
Message #159104
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
"It's not a myth. It's true"
I agree with Rolf about the marketshare of IIS is different among Fortune 300, 500 and 1000 companies, and this has been an issue measured some time ago (circa 2000):
http://www.pegasus3d.com/server_share.html
http://www.serverwatch.com/tutorials/article.php/1127941
http://www.port80software.com/surveys/top1000webservers/
However I disagree with him regarding following argument:
And please do not cite Netcraft. Netcraft counts a computer with a single Apache installation and 1000 IP addresses as 1000 Apache installations. Besides, ISP hosting does not contain serious web applications, only companies that have their own server should count.
Same problem with Fortune 1000 survey. The survey only takes in account what is also called "brochure sites" and not the serious. In my country almost all banks run their www sites on IIS, but the e-banking is done on other servers than IIS.
Again, don't take this as an apology for Apache. Is just that I think pro-MS people and anti-MS people use the same arguments indeed, just commute the names of their favorite products.
|
|
|
Message #159111
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
about political correctness
"In order to stave off criticism from the Open Source community, we must point out that if small businesses were included in the BizNix survey the results would certainly put Apache in the lead".
Interesting statement in view of that MS traditionally always has been stronger in the small to midsize market.
Paul: "I enjoy the debate with those who hold Linux as being something more spiritual or moral instead of just lines of code"
They want so hard OSS to come out top. I almost feel sorry for them when their inferior reasoning is pointed out.
Unfortunatly the fact remains.
1) Windows Server 2003 is better, faster and more secure than Linux.
2) IIS 6.0 is better, faster and more secure then Apache.
Regards
Rolf Tollerud
|
|
|
Message #159341
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Are you quite sure... Well pretty much
Many eyes would lead to safer code if a good number of eyes can make a change and close the threat. In shared source you dont have the previlege to do that. So, Shared Source is insecure because the authority to distribute patches and close the security holes is only from one source, MSFT. At the sametime many people have access to Source code.
|
|
|
Message #159447
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
MSDE Release A vs MSDE 2000 sp3
Anyone have a link that breaks down the differences between MSDE Release A and MSDE 2000?
|
|
|
| |
|
| New content on TheServerSide.NETNew content on TheServerSide.NETNew content on TheServerSide.NET |
|
|
Language "mashups" will become more prominent, and developers will become polyglots, one programmer suggests.
SearchWinDevelopment.com offers an introduction to the language, performance, testing and data management improvements in VS 2008.
VBCode.com code snippets cover all aspects of application development, from data binding to security to the user interface.
Get up to date on XAML best practices with a variety of articles, tutorials and webcasts. [SearchWinDevelopment.com]
One team's experience with the VSTS DB edition suggests that it can improve workflow for dev teams. It also enhanced Agile efforts.
(June 24, Article)
Microsoft has begun to include DSL tools in the VSTS kit. A new book by Steve Cook and other VSTS team members helps set the stage.
(June 24, Article)
Cartoon: Be it ever so humble there is no place like your home after you get a Microsoft Home Server .
(June 18, Cartoon)
Microsoft's Thom Robbins says new technology to highlight in NET 3.5 includes AJAX, LINQ for both C# and VB, as well as tooling enhancements intended to ease the task of building WPF, WF and WCF apps.
(June 29, Podcast)
Venkat Subramaniam discusses AJAX bottlenecks, the tenets of Agile development and more. He spoke at the Ajax Experience.
(June 25, Tech Talk)
In the second of a two-part series, Michele Leroux Bustamente discusses design decisions related to the claims-based security model. Read the story and walk through the process for creating a set of claims-based utilities to encapsulate claims authorization at the service tier.
(May 24, Article)
Understanding why the Entity Framework exists and learning where it can fit into your projects can get you prepared for the eventual release early next year.
(May 10, Article)
Resource: This learning guide gives you quick access to useful links on Windows Communication Foundation security information.
(April 24, Article)
TSS.NET's Jack Vaughan spoke recently spoke with Microsoft's Brad Abrams to find out what he is seeing in the field and what the chefs in Redmond are cooking. Along the way he discusses patterns of AJAX frameworks.
(April 11, Article)
In a two-part series, Michele Leroux Bustamente explains how claims-based security is supported by WCF, and how you can implement a claims-based security model for your services.
(March 29, Article)
Windows Workflow Foundation is a new technology that many developers will need to get their heads around. In a brief excerpt adapted from Programming Windows Workflow Foundation: Practical WF Techniques and Examples using XAML and C#, K.Scott Allen considers aspects of workflow definition.
(March 22, Chapter Excerpt)
|
|
