Mike Miller wrote: > On Mon, 18 Oct 2004, Ryan Ware wrote: > >> On Fri, 15 Oct 2004 18:40:20 -0500 (CDT), Mike Miller >> >>> We have IT staff but they are just getting into Linux (they still >>> prefer to run VMS, believe it or not). >> >> >> VMS is about a rock solid as you can get in both stability and security. > > > > Yet there are *many* problems with your statement and with continuing > to use VMS. I have some comments below. I would be very interested > in hearing more from the people on this list. I am especially > interested in knowing any ways in which VMS is *superior* to Linux. > > Regarding stability: VMS may be a stable OS, but how stable is the > software that is running on VMS? Well, that depends. Some VMS > software is quite buggy and there is little hope that those bugs will > be fixed any time soon. This brings us to the big problem with VMS - > very little new software is being developed for VMS. Compare that > with Linux! We would like to run R... > > http://www.r-project.org/ > > ...but that will never happen on VMS. That's one example. There are > dozens of other examples. The corporations that have owned VMS over > the past few years (it has changed hands several times) have > threatened to put an end to it, but user protest has kept it going. > It's a "lock-in" problem for many users - they have code that runs on > VMS but not on Linux/UNIX. We have to fight lock-in. > DEC had a nice version of X and a POSIX layer so in principle it should be able to run R if it doesn't stray too far from the standards - assuming someone wants to go to the trouble. > Regarding security: Do you have evidence that VMS is secure? More > secure than Linux/UNIX? I would like to know more. What I see is > that we are running insecure protocols because either SSH is not > available for VMS, or our IT staff don't want to run it (maybe it is > prohibitively expensive). I have told them that telnet/ftp are not > secure - passwords are transmitted in the clear across the internet - > but they have not lifted a finger to change this situation in the 3 > years I've been here. (I just found a company that sells SSH for VMS, > but their price is high enough that they don't list it on their web > page, so I left a voice mail in their sales department.) > VMS is light years ahead of stock Linux as regards host security. Its object based security model is pretty much the same as the one in NT/2000/XP which works pretty well if developers take the time to do the analysis, but even simple things like access control lists make a big difference and have only recently shown up in Linux. Without getting into my opinion about security at the U in general and the School of Public Health in particular, suffice it to say that I have yet to meet anyone here that I would trust to secure my systems. The thing to keep in mind about VMS is that it hasn't been updated significantly since the days when all networks were considered trusted so its going to be much better against attacks on host security rather than those coming through the network - actually the same seems to be true of most of the IT folks around here :-) > Regarding cost: You didn't mention cost. We just started using spam > filtering software on VMS. On Linux, I believe you can get nice spam > filtering for free, but the spam filtering software we just ordered > for VMS is costing us $3,700 per year. That will be $37,000 in the > next decade just for spam filtering. That is just *one* minor > program. I doubt the VMS spam filtering software (PreciseMail; > www.process.com) is superior to the usual Linux spam filtering software. > > If someone can convince me that use of VMS on servers is a good plan > for a University department, please do so because it will make me feel > better about what's happening where I work. I would be especially > encouraged if you would recommend it for a new unit that has no server > system in place. I can certainly understand the cases where there are long-term projects tied to applications developed against software tightly tied to VMS - think CCCS or ARIC - where the cost of redeploying the applications isn't funded. But only a complete idiot would be doing new development against VMS. The Alpha chip is toast, there's no migration/upgrade path, support is going away, software is expensive/obsolete/proprietary, ... stop me anytime ... :-) --rick _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list