27 March 2002

Solaris 6 Scan Results This test was against Solaris 6 on a Sparc 5 platform. Solaris 6 was installed with all default services (such as Telnet, RPC and FTP), scanned then again scanned after the cluster patch was applied.  With the cluster patch, this revealed little change from the default scan, similar to what we observed with Solaris 8. Perhaps we can now say that SUN looks at security differently from how NESSUS or we see it?  See the detailed scan results. [The Security Writers Guild] Yet more proof that you can't just use the default installation for anything. Check the detailed scan results for analysis of Solaris 8, Windows 2k and XP out of the box installs. 1:01:03 AM      comment []   Does Open Source Software Really Work? This article is about the use of Open Source software (primarily Linux) in the Enterprise. It has some good absolutely valid points about the lack of enterprise monitoring tools and scalability of Linux. But when it comes to the support issue, I just had to comment: "There are different reasons why people advocate open source. One reason for enterprise is, 'You have the source code; if it doesn't work, you can fix it.' But the fact is, if I'm an enterprise, I don't want to fix it. I want somebody else to fix it," Goldman said. "Who are you going to call when it doesn't work?" he asked. [NewsFactor] Most companies who sell highend appservers etc. have very expensive support contracts that they virtually require you to take out. With an exception of a few companies, it is my belief that these contracts are useless. Over the last 6 years, I have on almost every occasion known more than the support guy on the other end, because whoever developed the part that's causing an issue left 7 months ago. We will use good commercial packages when the budget is there for it and if required by architecture boards. But in many areas the opensource varieties are better written, better supported and fixable when who ever wrote the original code disappeared off the face of the planet. Serveral of my clients have paid $50k annual support contracts for nothing but frustration. Just look at Apache. IBM and Oracle stopped developing their own webservers and now ship Apache as standard with their appservers. Apache Tomcat has virtually become a defacto standard for small to midsize JSP/Servlet apps in banks and JBoss is starting to do the same for EJBs. Offering a complete J2EE Appserver in an opensource package. The moral? Just because a software package is Commercial, doesn't mean the support is any good. 12:55:43 AM      comment []   Security a growing concern for mobile devices `Corporations are concerned about the levels of security required in handheld and mobile devices,'' says Kevin Burden, manager of IDC's Smart Handheld Devices research. ``They are now recognizing security expenses as part of the overall cost of doing business in a widely distributed, increasingly wireless ebusiness environment.''  [PDABuzz.com] I don't know many financial companies who actually use their issued PDA's for financial apps yet. But that is bound to change. Sun's current push of a bunch of new API's for J2ME onto phones and PDA's looks particularly interesting for our industry, but Microsoft of course have a few tricks up their sleave too with .NET. In the coming months I'll keep an eye on the various emerging technologies as they are being developed and discuss their uses in the Financial Apps. By the nature of Mobile Apps, Security really will have to be the single most important factor when developing and deploying them, so we need to keep on top of this. 12:29:50 AM      comment []

© Copyright 2002 Pelle Braendgaard. Last update: 27/03/2002; 01:29:51. <