It's such a big hit because the reason for buying mac OSx server in
the first place was to have an apple supported unix based server OS
that can blend the advantages of the GUI and a standard supported set
of unix tools together so as specifically to not have to deal with
special builds of components that then become unmaintainable.
I'm just finding Apple to be delivering less than I hoped for.
Sorry for the top post - iphone
--
Angus - terse email from iPhone
On 25 Jul 2008, at 19:40, Jaime Magiera <email@hidden>
wrote:
On Jul 25, 2008, at 2:07 PM, John C. Welch wrote:
If I have to roll my own DNS, then so much for that nifty easy to
administrate stuff. If my DNS server is just a DNS server, then
Apple's
advantage there is slim to begin with. This kind of garbage erases
it.
C'mon John, you make it sound like building the Taj Mahal. I just
rolled out the BIND update to another one of my networks a few
minutes ago, and again, ~4 minutes. How is this such a big hit on
time and energy?
Name one major OS with a good DNS server that hasn't patched, who
isn't
Apple.
In fact, name another major *nix vendor who is slower to patch
components
than Apple.
Name any OS that has such tight integration of the various services
OSXS provides? Linux is a constant battle of making sure such-n-such
works with such-n-such.
Besides, let's look at it. I just ran a Nessus scan on my newest
Xserve,
absolutely up to date. IN addition to DNS, it's got PHP issues. Oh,
so just
roll my own PHP. Okay, now that's DNS and PHP. Oh, DHCP issues.
Okay, roll
my own there. Oh, Perl hole. Roll my own there.
Now, I could be looking at this wrong, but if I'm continually
rolling my own
components to make up for Apple being the slowest vendor on the
planet to
patch, exactly where is my advantage over the Linux in the "long
haul". In
fact, considering how hard that just made version updates, I'll
point out
that the "oh just patch <component>" meme makes OS X MORE work over
the long
haul, because now I have to deal with duplicates of major
functional areas.
You're taking this one DNS example and trying to define a trend.
There has not been a vulnerability of this nature in a long time.
The other vulnerabilities are not so dire. There is no trend. To
imply that there is a slippery slope of constantly updating
components is not realistic. It's not like PHP, Perl, etc. are
updated often.
I would not be surprised in soon-to-be-released Apple update comes
that tackles more than just the DNS.
At any rate, arguing on the mailing list won't help anyone. If Dan
wants to leave Apple server products, that's his choice. However, I
would argue that we all know Apple is still new to this and is very
much a bureaucratic corporation like any other. We have an
opportunity to let them know that improvement is needed.
Again, I'm not saying that they couldn't be faster. However,
installing the updated BIND to get around the problem, and calling
Apple to say "Hey, stop slacking", will probably get the best results.
