OT Google buys AOL chunks

... snip

I'm assuming that those banks don't allow XP either because of the direct door to Msoft that Msoft won't allow to be closed. I know that in my world that gave significant headaches to various groups.

+--------------------------------------------------------------------------------+ If you're gonna be dumb, you better be tough +--------------------------------------------------------------------------------+

ATMs were predominantly run on OS/2 for a very long time. IBM dropped support for OS/2 a couple of years ago and ATM networks started making the move to Microsoft Windows. I'm sure there are some *nix ATMs.

I have no idea what they use at teller stations in branch offices (I haven't been inside a bank in ages, and they were using green screen terminals there).

In our hosting center, admins aren't allowed to connect directly to any server, they connect to a BladeLogic server instead, which connects to the server on their behalf and limits the commands they're allowed to run as well as logging every keystroke.

On 12/24/2005 4:10 PM George Shouse mumbled something about the following:

Our ATM division has only recently started trying to use Windows, most are still running OS/2, but almost all development on them is Java.

Of course not. It's interesting that at least one online bank has gone to shipping Knoppix (Linux) Live CDs to their customers for use of their banking site. "Here's a hardened OS for your PC, to connect to us with". Yeah, I can dig up a cite if you want to be confrontational.

Yes, I'm familiar with those.

We must work in very different financial industries. Which is odd since the banks whose names are probably on cards in your wallet, don't care what OS we're running anything on. Even the more annoying ones.

5 years ago we had a guy saying much the same thing you are. We made the changes anyway, where appropriate, and the sky continued to not fall, the customers (banks) continued not to stay away in droves, the auditors (internal, government, and "sent by customers") just want to see the vulnerabilities and what we've done about them; not what kernel a piece of hardware is running.

Maybe it's not your boss, who needs the upgrading.

Well, sure. Whatever you have, especially exposed, needs to be secure. But I don't know of anyone who suggests that Linux is less secure than Unix, what with them all running the same stuff for the most part anyway.

How's bladelogic working for you guys? We're _this_ close to buying; it's in the budget for '06 and I'm looking forward to it. We should probably make sure we don't work for direct competitors before comparing notes, though.

> (mind the wrap)

Google confirms that it's all one thread. Please check your facts before trying to give anyone a "lesson", because you look like an arrogant twit when you get it wrong. Hint: There is more than one page of results on the thread search in google.

Using it for the admins and pushing out patches is great. Using it for CRC checks to make sure nothing has changed sucks. Seems it will still check files that you've told to ignore, triggering flags that auditors just LOVE to look at.

Doesn't matter to me. Connecting to the bank's web interface is considerably different than the server running the apps.

2 of the banks who's cards are in my wallet I KNOW won't allow us to run the apps/database on Linux unless we have a software assurance agreement in place (we have to have it for ANY OS we have for them). RedHat and SuSE (the only 2 64bit Linux versions we have working) both cost well over $1200 a year for their server licensing.

It's not about the kernel, it's about having someone responsible for an issue. Running Linux isn't the problem, it's running a version with no support.

I just go by what we are told. We were told we had to have licensed software for those reasons I mentioned. I'm not the one paying for them, it's ultimately the bank that pays for those licenses, so they dictate what they want to pay for.

And it always has been.

My favourite:

"So many stupid people-so few comets"

I work for one of the top 100 corporations in the world that happens to be a bank. Their policy is the same in large part due to SOX & OCC requirements. Open Source including Linux can be used for non-monetary and non-reporting applications like analytics or campaign management. If it is mission critical, customer facing, handles monetary transactions or participates in external reporting there must be a vendor support agreement in place.

Smaller banks within a single state and especially community banks can play a lot faster and looser.

You say those two things like they're related somehow? Of course you can get a support contract for Linux. Anyone saying otherwise is spreading FUD, either through ignorance, or due to an agenda.

The company I work for (for the next two weeks; just gave notice) is, let's say, a large name in the mortgage insurance business. We've got the same governmental requirements, and were temporarily delayed on several Linux projects by the whole SCO idiocy thing, but I stand by my statement that the SOX and other folks want to know about recordkeeping and policies and procedures, how vulerabilities are handled, and all that, more than what type of Unix we're running.

You snipped a little too much. Odinn typed "won't allow us to use Linux unless we pay for support" which is true for us,too. We actually have some Linux supported by IBM.

I've been audited by OCC, PwC, E&Y, and the 2 internal groups. All but the internal groups are interested in the supportability of the OS and all other software as a SOX control point. I suppose that it might be possible to argue that the necessary support exists within the organization but I've generally heard from other bank IT guys that the path of least resistance with the highest level of CYOA is hire that control point out. I've always gotten away with convincing them that we are purely analytic.