On 12/24/2005 2:54 PM Mark & Juanita mumbled something about the following:
I have no idea what they use at teller stations in branch offices (I
haven't been inside a bank in ages, and they were using green screen
In our hosting center, admins aren't allowed to connect directly to any
server, they connect to a BladeLogic server instead, which connects to
the server on their behalf and limits the commands they're allowed to
run as well as logging every keystroke.
How's bladelogic working for you guys? We're _this_ close to buying;
it's in the budget for '06 and I'm looking forward to it. We should
probably make sure we don't work for direct competitors before comparing
On 12/26/2005 10:02 AM Dave Hinz mumbled something about the following:
Using it for the admins and pushing out patches is great. Using it for
CRC checks to make sure nothing has changed sucks. Seems it will still
check files that you've told to ignore, triggering flags that auditors
just LOVE to look at.
Well, sure. Whatever you have, especially exposed, needs to be secure.
But I don't know of anyone who suggests that Linux is less secure than
Unix, what with them all running the same stuff for the most part
Of course not. It's interesting that at least one online bank has gone
to shipping Knoppix (Linux) Live CDs to their customers for use of their
banking site. "Here's a hardened OS for your PC, to connect to us
with". Yeah, I can dig up a cite if you want to be confrontational.
Yes, I'm familiar with those.
We must work in very different financial industries. Which is odd since
the banks whose names are probably on cards in your wallet, don't care
what OS we're running anything on. Even the more annoying ones.
5 years ago we had a guy saying much the same thing you are. We made
the changes anyway, where appropriate, and the sky continued to not
fall, the customers (banks) continued not to stay away in droves, the
auditors (internal, government, and "sent by customers") just want to
see the vulnerabilities and what we've done about them; not what kernel
a piece of hardware is running.
Maybe it's not your boss, who needs the upgrading.
On 12/26/2005 10:00 AM Dave Hinz mumbled something about the following:
Doesn't matter to me. Connecting to the bank's web interface is
considerably different than the server running the apps.
2 of the banks who's cards are in my wallet I KNOW won't allow us to run
the apps/database on Linux unless we have a software assurance agreement
in place (we have to have it for ANY OS we have for them). RedHat and
SuSE (the only 2 64bit Linux versions we have working) both cost well
over $1200 a year for their server licensing.
It's not about the kernel, it's about having someone responsible for an
issue. Running Linux isn't the problem, it's running a version with no
I just go by what we are told. We were told we had to have licensed
software for those reasons I mentioned. I'm not the one paying for
them, it's ultimately the bank that pays for those licenses, so they
dictate what they want to pay for.
I work for one of the top 100 corporations in the world that
happens to be a bank. Their policy is the same in large part
due to SOX & OCC requirements. Open Source including Linux can
be used for non-monetary and non-reporting applications like
analytics or campaign management. If it is mission critical,
customer facing, handles monetary transactions or participates
in external reporting there must be a vendor support agreement
Smaller banks within a single state and especially community
banks can play a lot faster and looser.
You say those two things like they're related somehow? Of course you
can get a support contract for Linux. Anyone saying otherwise is
spreading FUD, either through ignorance, or due to an agenda.
The company I work for (for the next two weeks; just gave notice) is,
let's say, a large name in the mortgage insurance business. We've got
the same governmental requirements, and were temporarily delayed on
several Linux projects by the whole SCO idiocy thing, but I stand by my
statement that the SOX and other folks want to know about recordkeeping
and policies and procedures, how vulerabilities are handled, and all
that, more than what type of Unix we're running.
You snipped a little too much. Odinn typed "won't allow us to
use Linux unless we pay for support" which is true for us,too.
We actually have some Linux supported by IBM.
I've been audited by OCC, PwC, E&Y, and the 2 internal groups.
All but the internal groups are interested in the supportability
of the OS and all other software as a SOX control point. I
suppose that it might be possible to argue that the necessary
support exists within the organization but I've generally heard
from other bank IT guys that the path of least resistance with
the highest level of CYOA is hire that control point out. I've
always gotten away with convincing them that we are purely
Well, if nothing else, you'll get some closure. I think you'll find
books 2 & 3 much more enjoyable reads, though. I found myself looking
forward to reading them every day, as opposed to book 1, which I sort
of slogged through.
Good joke Dave!
Having handled systems with various linux and Unix versions (solaris, redhat,
gentoo, debian etc) I can say that they are more stable than windows but
only don't require tweaking if nothing is done to them. If you keep
software, you will tweak forever. Installing software can be anything from a
of cake to a nightmare to an exercise in futility. I've had shells stop working
mysteriously, software come up with bizarre error messages and stop working
and so on. "nix" systems are better, but they are far from perfect.
I only wish "user friendly" wasn't a derogatory term among the linux crowd.
Yes, installing or building software does take time. But that's not
tweaking the OS with the virus-of-the-week updates now, is it. The
context given was "I can keep tweaking XP and it's just fine for
security and stability", which is considerably different from "I can
install software on a server".
Never said they were. I said they're secure and stable out of the box,
in sharp contrast to Microsoft's products which ship in "take me, big
Yawn. I'm sure there's some .advocacy group where people would be happy
to correct you on that.
FYI, I never mentioned "constant tweaking."
In fact, I rarely have to do anything to my system once the OS,
drivers and applications are installed and certain housekeeping things
Most of the "tweaking" steps required are to set certain services to
Automatic, Manual or Disabled; and deal with application options to
further enhance system performance. And with SP2 many of those
Services tweaks are now unecessary because they are turned off by
And, of course, it's effortless to turn a lengthy XP install down to a
hands off routine using a simple disk imaging app like Ghost or an
installation scripting routine.
But anyone who thinks that *nix can run without at least some amount
of tweaking (epecially when dealing with graphics hardware) is simply
stuck in a quaint little fantasy.
Here, on someplace I like to call Planet Earth, we all know better.
Maybe "tweaking" means something different in your world? To me, it
means "go back and change it again to get/keep it working". Are you
maybe using "Yes, that which you have autodetected is, in fact, my
hardware" as a definition for tweaking?
Whatever. Our experiences differ. Mine are current.
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.