Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 14 Aug 2003 14:03:49 -0700 (PDT)
From:      Mike Hoskins <mike@adept.org>
To:        twig les <twigles@yahoo.com>
Cc:        Robert Watson <rwatson@freebsd.org>
Subject:    Re: Certification (was RE: realpath(3) et al) - jumping to -advocacy
Message-ID:  <20030814135153.I19401@fubar.adept.org>
In-Reply-To: <20030814191319.27694.qmail@web10101.mail.yahoo.com>
References:  <20030814191319.27694.qmail@web10101.mail.yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help

-security CC removed...  retaining the others in case you're not on
advocacy.

On Thu, 14 Aug 2003, twig les wrote:
> I have the distinct pleasure of working at a huge telco so I
> have a pretty good sense of what big business wants in
> computing, which is: big-name company, commercial, supported,
> reliable software/hardware with "canned" interoperability with
> other like hardware/software.

how about stability, performance/robustness, ease of
upgradability/maintainability...  i agree with what you say, but we should
remember our current strengths as well when making the corporate case.  i
don't believe we're bad for the corporate world now, just that we could be
better.

> RSA Ace server natively, which I believe the library exists, it
> just costs $2000 or so, so this one might be BS.

how feasible is this?  i can't really comment.

> A large company that has a roll-out hardware/software package.
> This includes support.  I *know* that it is easy to patch/make
> world, but the number of "computer engineers" that have never
> heard of SSH is astounding.  Management needs a 3rd-party to
> bitch about and know will still be around in 5 years.

support's one thing -- just don't turn the project into RH.  no offense to
the RH fans, but i don't personally like the way they've went.  computer
engineers that haven't heard of SSH is...  more of a training issue,
right?  i'm not saying it wouldn't behoove us to help those people along,
but it is a slightly different topic perhaps.  along those lines, i'm
trying to workup a script that uses the various FreeBSD security
checklists to 'secure' a base system.  something like bastille, for BSD.
(and probably only CLI-based, for now.)  others have had that idea as
well, and i've sort of been waiting to see if it materializes.

> A console port on the hardware platform.  Have you ever tried
> sending management to the pcweasel web site?

that depends on the hardware, yes?  i just got a handfull of new dell
1650s that have serial port/console redirection built into the BIOS.  i'm
going to play with getting that working on 4.8-s later today...  i'm
hoping it's cake, so don't expect a need for any sort of writeup.  if
that's not the case, i'll write a little howto and link it into the
codereview.org site.

> As silly as it sounds (and I understand how silly it sounds), a
> certification like the Red Hack one would help.  I apologize
> profusely for saying that.

this is just like my request for 3rd-party security certification...
getting the cert doesn't (necessarily) say anything about your product,
it's more of a PR/press issue.  i think it has value, just like 3rd-party
security certs, in that it encourages acceptance amongst certain types of
people who may otherwise never consider our product.

that said...  how would we make it a reality?

> I'm sure I'm missing a lot but if we want a corporate sponsor
> like my massive mother company (which rhymes with AT&C) then it
> seems like we need different medium companies pushing FreeBSD
> instead of redhat as a packaged solution.

i fight the war every day to replace RH with FreeBSD.  in the places i've
been (admittedly, only a few), that wasn't too hard (if you're willing to
do the work yourself).  the only time it's been hard, to date, has been
places (including now) where a lot of RH boxes are being used to run
backend Java apps.  Java's came a long way, and i thank all the folks
that've made the patchsets happen...  but it's hard to justify that switch
in production environments right now.  i've found it easier to switch to
more-manageable Linux environments in those cases, like Gentoo.  still,
since IBM (the JDK we currently use) develops specifically on RH...  the
guys with the money like to see RH on the backend.  (for now.)

-mrh

--
From: "Spam Catcher" <spam-catcher@adept.org>
To: spam-catcher@adept.org
Do NOT send email to the address listed above or
you will be added to a blacklist!



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030814135153.I19401>