Marc, > In a meeting this morning the issue of the BASH security vulnerability was > brought up as a reason not to go the Ubuntu open > source route. I need to find out if this security vulnerability is something > we should be worried about to the point of not moving > forward with this project. It would mean 1000 of computers being sent for > recycling instead of repurposing them with FOSS.
The need to understand security risks and implement measures against them is consistent, regardless of the flavour of operating system you run. Yes, Linux systems are vulnerable to ShellShock, like Macs have been vulnerable to Flashback and Windows machines have been vulnerable to Conficker. And it's not just the operating system - don't forget that browsers on ANY operating system have been vulnerable to Blackhole, and even the specialised software written to control nuclear power plants has been vulnerable to Stuxnet! Most major operating systems have automated update mechanisms that can effortlessly deliver protection from such vulnerabilities, and Ubuntu is no exception. The sad irony is that, in order to keep "100% uptime" for "critical services", many administrators of public-facing servers choose to turn such automatic updates off. They have their reason, as updates sometimes introduce a slightly modified behaviour, and they don't want to upset the intricately balanced way their servers have been set up, Fortunately most people who run a thousand or more desktops would happily leave this automated protection, or at least have a group of "pilot PCs" who get the updates a week before everyone else to make sure the security updates don't cause any little niggles. > I work for a school board in Montreal, Quebec and we are transitioning > over to GAFE. This transition has allowed the acceptance of Ubuntu > (Lubuntu) as a perfect solution for converting our older labs which > painfully run on Windows 7. I hope that you disuade your colleagues from throwing away valuable equipment (and subsequently cash) merely on the basis of Fear, Uncertainty and Doubt. Many, many people have enjoyed rejuvenating their hardware with lightweight operating systems like Lubuntu only to find that the community support of the ecosystem around it makes it so easy to find answers to their questions. And they benefit not only the freedom of myriad software packages available for use without payment, but from the liberty to build upon and extend what they are given in the first place that turns FOSS computers into a a truly valuable resource, especially in an educational environment where people can really make the most of what they have available. Vulnerable? - Yes, for a time! - like so many bits of computer code have been over the years. However open source, and the communities built around using it, are founded on transparency. The vendor-commercial, closed source world contains opportunities and temptation to cover up some vulnerabilities users might be facing - in the long run FOSS users may actually find themselves in a more highly informed and empowered position. Hope this helps Artemgy -- Lubuntu-users mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
