[ISN] Linux report stirs hornets nest (Two messages)

InfoSec News isn at c4i.org
Tue Apr 19 09:11:40 EDT 2005


Forwarded from: Jeff Berner <JBerner at infinitycomp.com>
Cc: security curmudgeon <jericho at attrition.org>, isn at c4i.org

Thanks for the response. I didn't actually think you would give me the
time of day.  I see articles like this Yankee Group report all the
time that contain bad information, questionable research/reporting and
such. Unfortunately I am not in the same position as you to have the
luxury to be able to comment about them.

Normally I am very happy to see what your opinions are.  This
particular article cross referenced with other articles that I have
seen from you in the past seemed to lean (indirectly) toward the pro
Linux view while at the same time (directly) trying to discredit the
Yankee Group's report.

I agree with you on you views that, yes, the report does appear shady
and suspicious but at the same time your references to GrokLaw (are
they truly unbiased?) and simple Microsoft searches didn't inspire me
to fully believe in your rebuttal while leaving me to feel that your
rebuttal research was done over roughly a 1 hour time period.

All I am asking is that you spend a little more time finding more
concrete references other than Microsoft mentioning the Yankee Group
in a few other articles.

If you dig deep enough you will find me all over Microsoft's site, but
that certainly doesn't mean that I am a huge Microsoft supporter.  
Most of my references are in KB articles where I was fixing Microsoft
problems for them or winning some MS company competitions that do
nothing but make fluffy articles about how my company helped another
companies by installing a SBS server or something to that ilk.  Like
you I truly believe that Linux is a far superior product on many
fronts and internally I run my single most important company
applications on Linux boxes while maintaining my day to day office and
communication functions across various MS server.

As a person on the outside of the MS/Linux debate I was reading
between the lines of your article and pointing out that if your were
not a Linux fan you probably would not have written that response and
like most people in the MS world would have done nothing more than
seen it for the fluff that is probably is and just ignored it.

The last paragraph that you comment on was simply referencing that you
are feverishly supportive and active defender of your opinions.  The
point that it was making is that I believe that if you had been around
during the hot rod days you would have some stinging commentary if
someone told you your big block was outperformed by a small bore
engine or the other way around(think 1950's).

The FUD comment comes from my opinion concerning what I felt was
quoting weak sources and obscure articles to make a connection about a
weak article with no apparent sources.  That is FUD fighting FUD.  
That is bad reporting.



-=-



Forwarded from: security curmudgeon <jericho at attrition.org>
Cc: Jeff Berner <JBerner at infinitycomp.com>, isn at c4i.org


: Thanks for the response. I didn't actually think you would give me the
: time of day.  I see articles like this Yankee Group report all the time
: that contain bad information, questionable research/reporting and such.
: Unfortunately I am not in the same position as you to have the luxury to
: be able to comment about them.

Out of curiosity.. why not? You certainly had a very well written
response to me. You could have spent the same amount of time
questioning their report as my reply to the article.

: Normally I am very happy to see what your opinions are.  This particular
: article cross referenced with other articles that I have seen from you
: in the past seemed to lean (indirectly) toward the pro Linux view while
: at the same time (directly) trying to discredit the Yankee Group's
: report.

In general I am pro-linux, if for no other reason than rooting for the
underdog. Or if it makes you or others more comfortable, the enemy of
my enemy.. =) But before that is taken out of context, I see flaws in
both sides of the 'OS war'. I just feel that Microsoft is a lot more
shady, and a lot less ethical so I spend more time pointing that out.

: I agree with you on you views that, yes, the report does appear shady
: and suspicious but at the same time your references to GrokLaw (are they
: truly unbiased?) and simple Microsoft searches didn't inspire me to
: fully believe in your rebuttal while leaving me to feel that your
: rebuttal research was done over roughly a 1 hour time period.

My rebuttal was done over a one hour time period. The real question
should be.. if I can dig up that much in one hour, imagine what else
there is to find, or what else they are managing to keep out of the
public eye.

If Yankee Group can find a bunch of Windows users, and partner with a
company that has a vested interest in keeping Microsoft happy, and the
YG *has* been funded by MS to carry out other surveys.. so what if I
quote GrokLaw? I don't make any claims as to their bias, only that
others beside myself have seen flaws in the original 'research'.

: All I am asking is that you spend a little more time finding more
: concrete references other than Microsoft mentioning the Yankee Group in
: a few other articles.

Why? Microsoft and Yankee Group (specifically DiDio) have a history
together as far as I can tell. Read the Microsoft summary of the Brown
University Case Study for example [1]:

  This case study, by the Yankee Group, reports how Brown University, an
  Ivy League college in Rhode Island, thoroughly investigated the
  technological and business aspects of Linux and Windows to determine
  which server operating system would offer the university's
  Department of Psychiatry optimal total cost of ownership and return 
  on investment with minimal risk of intellectual property lawsuits. 
  Microsoft Windows Server 2003 scored highest.

Yet read the report itself [2] and there is no "thorough
investigation". It is a single case filled with opinion and
perspective, not research and fact. And since when does a network
admin for a university have the time and ability to "thoroughly
research" something like Operating System Indemnification as it
relates to deploying technology on their network? The last university
network admin I heard about was deathly scared of my girlfriend for
using SSH to connect to a "hacker" system to check her mail. Do you
think indemnification came to mind in the terminal client she used?
The crypto that program used?

: As a person on the outside of the MS/Linux debate I was reading between
: the lines of your article and pointing out that if your were not a Linux
: fan you probably would not have written that response and like most
: people in the MS world would have done nothing more than seen it for the
: fluff that is probably is and just ignored it.

If I saw a fluff piece that touted Linux as much as that report did,
with as little evidence and justification as that one had, I would
write a respond challenging it just as much. I care more about fair
reporting and honest research than Linux, Windows or who is winning
the holy war.

: The last paragraph that you comment on was simply referencing that you
: are feverishly supportive and active defender of your opinions.  The
: point that it was making is that I believe that if you had been around
: during the hot rod days you would have some stinging commentary if
: someone told you your big block was outperformed by a small bore engine
: or the other way around(think 1950's).

Right.. to carry this analogy through.. what operating system do I
run?

If you are going to judge me and say that I would be just as rabid
over an engine block as I would be over my operating system.. isn't it
fair for you to *at least know what operating system i use*? What if
my big block was a 50/50 hybrid of the two big brands of the era? What
does that say about what I would or would not argue?

: The FUD comment comes from my opinion concerning what I felt was quoting
: weak sources and obscure articles to make a connection about a weak
: article with no apparent sources.  That is FUD fighting FUD.  That is
: bad reporting.

Except, I cited my sources. Did Yankee Group?

Brian





More information about the ISN mailing list