On 7/25/08 2:40 PM, "Jaime Magiera" <email@hidden> wrote:
>> If I have to roll my own DNS, then so much for that nifty easy to
>> administrate stuff. If my DNS server is just a DNS server, then
>> Apple's
>> advantage there is slim to begin with. This kind of garbage erases it.
>
> C'mon John, you make it sound like building the Taj Mahal. I just
> rolled out the BIND update to another one of my networks a few minutes
> ago, and again, ~4 minutes. How is this such a big hit on time and
> energy?
One minute you say it's no big deal, the next you say Linux will be worse
over the long haul because you have to do "so much work" to keep it
integrated and up to date. Pick one, you can't have it both ways.
>
>> Name one major OS with a good DNS server that hasn't patched, who
>> isn't
>> Apple.
>>
>> In fact, name another major *nix vendor who is slower to patch
>> components
>> than Apple.
>
> Name any OS that has such tight integration of the various services
> OSXS provides? Linux is a constant battle of making sure such-n-such
> works with such-n-such.
Exactly what good is that integration doing me at the moment. DNS does NOT
require a lot of constant work to begin with, so the 'advantage' of the GUI,
(which for DNS is VERY small anyway), is only there at the outset, and when
I have to make the occasional change. If Apple were to catch up to say,
Windows circa 2000, and allow for better DDNS support, I'd not have to do
most of the changes I have to now.
External DNS is a utility server. I'm not running anything else on that box,
and in fact, my DNS servers are two minis, because the workload doesn't
justify a bigger box.
But the risk now makes me think about replacing them. If I'm going to bypass
Apple's software for the one thing I use them for, why do I need Apple's
hardware? I get some great deals from HP, FAR better than I do from Apple.
>
>> Besides, let's look at it. I just ran a Nessus scan on my newest
>> Xserve,
>> absolutely up to date. IN addition to DNS, it's got PHP issues. Oh,
>> so just
>> roll my own PHP. Okay, now that's DNS and PHP. Oh, DHCP issues.
>> Okay, roll
>> my own there. Oh, Perl hole. Roll my own there.
>
>> Now, I could be looking at this wrong, but if I'm continually
>> rolling my own
>> components to make up for Apple being the slowest vendor on the
>> planet to
>> patch, exactly where is my advantage over the Linux in the "long
>> haul". In
>> fact, considering how hard that just made version updates, I'll
>> point out
>> that the "oh just patch <component>" meme makes OS X MORE work over
>> the long
>> haul, because now I have to deal with duplicates of major functional
>> areas.
>
> You're taking this one DNS example and trying to define a trend. There
> has not been a vulnerability of this nature in a long time. The other
> vulnerabilities are not so dire. There is no trend. To imply that
> there is a slippery slope of constantly updating components is not
> realistic. It's not like PHP, Perl, etc. are updated often.
The trend is that Apple is slower than everyone else to patch
vulnerabilities, and if you look back at OS X, this IS a trend. As well, if
the vulnerability in question is the one you're getting attacked with, it is
indeed quite dire.
>
> I would not be surprised in soon-to-be-released Apple update comes
> that tackles more than just the DNS.
Nor would I.
When will that be? We don't know.
Why is Apple this far behind on a critical update that is, by every
competent account, easy to patch? We don't know.
Why didn't Apple release a single update just to address this issue, since
it is of a highly critical nature? We don't know.
The patching delta, combined with Apple's continuance of the "Screw you, we
tell you what we want, when we want" is doing them no favors, and I am NOT
one to get wild-eyed about such things.
>
> At any rate, arguing on the mailing list won't help anyone. If Dan
> wants to leave Apple server products, that's his choice. However, I
> would argue that we all know Apple is still new to this and is very
> much a bureaucratic corporation like any other. We have an opportunity
> to let them know that improvement is needed.
Bulldookey. Apple bought Next over ten years ago. The people running that OS
have been in this business for decades. Mac OS X has been a fully released
product for 8 years now. Apple is not "new" to anything here.
>
> Again, I'm not saying that they couldn't be faster. However,
> installing the updated BIND to get around the problem, and calling
> Apple to say "Hey, stop slacking", will probably get the best results.
Actually, telling apple "Hey, this stupid thing? It just cost you $n, and
will cost you $n over time" will get you FAR faster results. Hitting people
in the checkbook is ALWAYS going to get faster results.
--
John C. Welch Writer/Analyst
Bynkii.com Mac and other opinions
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
