|
Well, we all know that there is no secure OS.
People are looking - the origination of the one V5 vulnerability came from an external security specialist firm.
I normally use this information because most people think that all MS security problems are related to the desktop and not the server side of things.
I posted it today because I don't buy the attitude that MS does everything it can to fix a problem and IBM doesn't. Not definitive proof but to me it's enough to rule out the opinions that have been stated by some today.
Michael Crump
Manager, Computing Services
Saint-Gobain Containers, Inc.
1509 S. Macedonia Ave.
Muncie, IN 47302
765.741.7696
765.741.7012 f
Don't draw fire, it irritates the people around you.
This email and its attachments may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Saint-Gobain. If it did, it would be folded, mutilated, watered down, politically corrected, and would show up a week later if at all. If you are not the intended recipient of this email and its attachments, you must take no action based upon them, nor must you copy or show them to anyone.
Please contact the sender if you believe you have received this email in error.
-----Original Message-----
From: midrange-nontech-bounces@xxxxxxxxxxxx [mailto:midrange-nontech-bounces@xxxxxxxxxxxx] On Behalf Of Walden H. Leverich
Sent: Tuesday, January 15, 2008 3:54 PM
To: Non-Technical Discussion about the AS400 / iSeries
Subject: RE: i5 Youngsters
Between 2003 and 2008, i5/OS V5Rx was affected by 1 Secunia
issued advisory which was non critical and has been fixed.
Actually, if you include OS/400 V4 and V5 then you're up to 10. :) And IBM isn't exactly forthcoming with information about security and stability issues (see: information in "integrity ptf" cover letters, or rather the lack of information).
Seriously though. Given that every tom dick and harry can get a copy of W2K3 and bang on it in their free time does that surprise you? And most of these "advisories" were nearly impossible to exploit on a properly secured box anyway. How many people are actively looking for issues in i5/OS? Any? There are companies that do just that for Windows.
Now, I'll admit that's a double edged comment. You can say i5/OS doesn't need to be checked since it's so secure, and I'll say, they've not found as many issues because no one is looking.
-Walden
--
Walden H Leverich III
Tech Software
(516) 627-3800 x3051
WaldenL@xxxxxxxxxxxxxxx
http://www.TechSoftInc.com
Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)
-----Original Message-----
From: midrange-nontech-bounces@xxxxxxxxxxxx [mailto:midrange-nontech-bounces@xxxxxxxxxxxx] On Behalf Of Crump, Mike
Sent: Tuesday, January 15, 2008 3:26 PM
To: Non-Technical Discussion about the AS400 / iSeries
Subject: RE: i5 Youngsters
That's mostly because IBM has an "interesting" policy when it comes to >Security. IBM just ignores the problem forever, while Microsoft releases a >patch a few months later. Both are bad, but IBM is just worse.
Between 2003 and 2008, Microsoft Windows Server 2003 Enterprise Edition was affected by 147 Secunia issued advisories, 7% of which remain unfixed.
Between 2003 and 2008, i5/OS V5Rx was affected by 1 Secunia issued advisory which was non critical and has been fixed.
Granted this data does not definitively define vendor responsiveness. But neither has anything else I have heard.
Michael Crump
Manager, Computing Services
Saint-Gobain Containers, Inc.
1509 S. Macedonia Ave.
Muncie, IN 47302
765.741.7696
765.741.7012 f
Tradition
Just because you've always done it that way doesn't mean it's not incredibly stupid.
This email and its attachments may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Saint-Gobain. If it did, it would be folded, mutilated, watered down, politically corrected, and would show up a week later if at all. If you are not the intended recipient of this email and its attachments, you must take no action based upon them, nor must you copy or show them to anyone.
Please contact the sender if you believe you have received this email in error.
-----Original Message-----
From: midrange-nontech-bounces@xxxxxxxxxxxx [mailto:midrange-nontech-bounces@xxxxxxxxxxxx] On Behalf Of Lukas Beeler
Sent: Tuesday, January 15, 2008 1:58 PM
To: Non-Technical Discussion about the AS400 / iSeries
Subject: Re: i5 Youngsters
On 1/15/08, Jones, John (US) <John.Jones@xxxxxxxxxx> wrote:
Hardware quality may be similar but it is not the same. X86-class
servers are still engineered to a price point; POWER servers are
engineered to a desired performance/reliability standard. Price is a
factor but is not the overriding concern.
I disagree. This might've been true in the past, but i doubt it
applies today. Just open an x3650 and a Model 515. One of the two has
a well thought out interior. The other one doesn't.
Disks are essentially the same (though the i5 uses previous-gen
hardware, U320 instead of SAS), and doesn't have 2.5" disks.
PSUs are both from some factory in China or Taiwan, of the same quality level.
Internal bus is PCI-X (previous gen) in the System or PCI-E
(current-gen) in the x3650.
Of course, a low end machine like a System x3105 is different.
Your hardware sample size is arguably small. I've worked with over 300
It is.
AS/400s through System i systems over the years and my current employer
alone has over 1000 x86 servers. I've seen AS/400s run for years with
failed hard drives and have seen x86 servers literally have their
motherboards melt due to PSU failures. The x86 servers are "decent",
BTW, with brand-names like Dell, IBM, & Compaq.
I've seen a model 150 go up on flames, but i do not consider that to
be because of cheap hardware used by IBM ;)
As to software quality, specifically the OS, I'll only say this: We
rarely _have_ to apply i5/OS PTFs to fix a problem. Rarely means less
than annual. We do apply them periodically (a couple of times a year)
just to get current. There is no i5/OS "Patch Tuesday" because there
doesn't need to be one.
That's mostly because IBM has an "interesting" policy when it comes to
Security. IBM just ignores the problem forever, while Microsoft
releases a patch a few months later. Both are bad, but IBM is just
worse.
Just look at the version of BIND that ships with i5/OS - it's horribly outdated.
And look how many PTFs are constantly released - a clear indicator
that there ARE problems in i5/OS (which makes sense, it's made by
people after all).
In all other aspects the new environments is radically more complex, has
more components, more points of failure, costs more to operate, requires
more time to administer, has more difficult problem solving (involves
multiple teams v. just one), has more vendors to work with should issues
Why do you split that up onto multiple teams? Now, i'm not that
knowledgeful about IT in big american companies, but to me that
doesn't make alot of sense.
In theory it's more scalable and it probably is, but so is the iSeries
as we're in a 570 and are using nowhere near 16 CPUs. So where you'd
just "add a few front end servers" I'd just call IBM and get a license
to unlock a CPU.
A single, slow sub 2 Ghz CPU for a ridiculous price. Or buy a new
server with current-gen hardware, slowly phasing out the older front
end servers.
Where it is definitely better is the capital cost of scaling, however
higher operating costs will overcome that over time.
Maybe. But it will be able to provide a lot better uptime than an i5
IF done by people with the proper knowledge.
--
Read my blog at http://projectdream.org
--
This is the Non-Technical Discussion about the AS400 / iSeries (Midrange-NonTech) mailing list
To post a message email: Midrange-NonTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-nontech
or email: Midrange-NonTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-nontech.
--
This is the Non-Technical Discussion about the AS400 / iSeries (Midrange-NonTech) mailing list
To post a message email: Midrange-NonTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-nontech
or email: Midrange-NonTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-nontech.
--
This is the Non-Technical Discussion about the AS400 / iSeries (Midrange-NonTech) mailing list
To post a message email: Midrange-NonTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-nontech
or email: Midrange-NonTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-nontech.
--
This is the Non-Technical Discussion about the AS400 / iSeries (Midrange-NonTech) mailing list
To post a message email: Midrange-NonTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-nontech
or email: Midrange-NonTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-nontech.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.