So for a business customer, the only smart move would be a business/enterprise license. There's no way I'd risk mission critical data to forum or chat support.
The service still requires a little more roll your own work than I'd prefer, and the use case seems to be FUD based, but for those in Germany or the EU it may be an option.
Sent from my Pixel 6 Pro using Tapatalk
For a Business Customer, the smartes way would be to get someone who knows his way around his Server and the Software he is using.
In my opinion, both softwares are more to be installed and maintained by People who know what they are doing.
Someone who hast to follow a tutorial on how to setup a basic webserver should neither install nor try to maintain it. I've deployed both Applications over the past 2 years with a lot of customers and have not had any major issues. If you understand how logs work, you can fix issues with easy.
Microsoft Products often only require click&run only and if you have realy big issues good luck getting help
I can only vouch for Nextcloud and Onlyoffice by now, have had way more Issues with Microsoft Products than i had with those
That is what an IT department or Service is for. Even then it is best that the customer get a business/enterprise license with 24/7 telephone support that the IT can contact when needed
Let Nexrcloud and Onlyoffice become popular enough to be noticed by the hacker community and the issues with them will start to become as noticeable as they are with Microsoft products. Are you aware that Dropbox, which is used by a lot of individuals as well as companies, was recently hacked and 130 code repositories stolen? Dropbox breached, GitHub repositories stolenMicrosoft Products often only require click&run only and if you have realy big issues good luck getting help
I can only vouch for Nextcloud and Onlyoffice by now, have had way more Issues with Microsoft Products than i had with those
Unfortunately, a lot of reputable software companies don’t offer live support as a standard.
Some are live chat only, and live support costs a fortune if you care to pay for it.
“I think you should treat good friends like a fine wine. That’s why I keep mine locked up in the basement.” - Tim Hawkins
We are in 2022... If someone still falls for Pishing Emails and enters their 2fa Code, i'd not realy want to call that "hacking" but messing with the dumbest users alive. But thats a topic for itself.
Of course they will also be targeted, but since both programs are opensource, i am expecting a development like with Linux Systems. Everyboy, even "White Hats" will be able to contribute their concers and solutions. From what i'Ve seen, Microsoft has had Security Issues way past stupid. Those Flaws would've easily been patched if someone would've cared...
It is up to everyone on what they want to use, what they want to sell to their customer. I like to go the "open source" way where i have 100% control of what happens to my customer but i understand if thats too much for someone who is possibly enrolling Office Applications "on the side" or someone who just does not want to have the extra effort
As opposed to the beyond stupid flaws found in OpenSSH (Heartbleed) or even OpenSSL or many other open source applications? Open source software is a great thing, however if the project has a limited number of maintainers then there is a larger risk of it being abandoned, superficially maintained, or even forked in some type of petty dispute. Also, unless you're really able to audit the code and dependent libraries yourself you're still just falling into the same cycle of trust as any other proprietary application. No piece of software is ever going to be perfect whether you can see the source code or not.
Never said that a open source code by itself is better.
The thing i have with it is following:
If i get any problems with the software i am deploying and it is open source, i can check for myself realy easily where the issues is and better investigate the cause. If i have a pre-packaged Program, i'll have to fully rely on the company that is creating those software packages. And i dont realy want to waste 1.5 hours in the microsoft support hotline just to be asked basic windows troubleshoot procedures if i tell them i have a problem with exchange server...
Also i can shut down certain parts of a software which might cause a problem while i can let the rest run just fine.
If a Open Source Project gets discontinued by the original author but it is still very popular, there will most likely be some great community forks for the years to come. Unlike the first Microsoft Server applications where they just cancelled all licenses...
The level of trust you put into the product also differs a bit: Buy a prebuild Product? You have to 100% trust the Author. Get a open source Product? You can give him 0% trust and check every single line of code if you want. It is up to you where you ant to draw the line...
Ah and those flaws of OpenSSH and such are nothing against Microsoft Products using 10 years or older code while just adding new layers over and over to make it seem new.
Almost all Zero Days and other major bugs are a result of decade old codes. One should've assumed that Microsoft has the Ressource to dedicate People looking into this stuff.
Ultimately everyone has to decide for themselves what they want. I am a die hard open source and IT Security guy so i might be a little bit biased about paid Products anyways.
It should realy be up to you
This Thread wasn't about the advantages or disadvantages of open source programs though, am i right?
So you go in and change something. Do you document what you are changing as you are doing so? What happens if you haven't documented something and you get killed by a drive by shooter as you leave the customer?
As for paid Products, there is always reverse engineering if you want to learn to correct problems with them.
I dont know about the US, but in Germany we are required by law to document every change made to a system with exact date and time if possible. Plus a Server still provides Logs by itself. Only time there would be no logs is when i do a fresh installation but then atleast someonese else knows, if.not my comoany and the customer both.
Also, the chances of a drive by shooting should be much lower in Germany
Reverse Engineering is not allowed by license of i'd say all Products out there. Doing so would be a crime which i will not promote on this website...
Bookmarks