Plug-n-Play Server And Network

shyster writes: "The IMASS is a server for the technophobes. Built on a Linux OS, it autodetects network segments in less than 5 minutes, and sets up DHCP, DNS, FTP, Email, file sharing, firewall, NAT, internet access, dial-up, etc. almost automagically. Pluses include a solid state drive for the OS, so the hard drive is only used for file storage and backup (seperate 120GB hard drive for backups.) seems to be just what some of my clients need to finally convince them that Linux CAN be easier to use than Windows, and they can, for the most part, manage the network themselves! Check out a review from PCMagazine."

Security?

[ymgve]

How's the security on such a device that automagically sets up everything and then some?

(Remember, it was the automatic detection of network services (UPNP) that compromised WinXP..)

Re:Security?

[blane.bramble]

You have a choice of automagically created passwords to enhance security. These are "password", "secret", "fred", "fido", "1234", and the ever-popular "******". So far, no senior manager has been able to hack in (to their own account).

Re:Security?

[ymgve]

Ok, to correct myself: it was a buffer overflow in the UPNP implementation that compromised WinXP. And the review says there is SOME configuration (five minutes or so) before it can be put to use. So it's probably not that insecure at all.

Re:Security?

[AnalogBoy]

Assume its the most insecure thing on the planet, until proven otherwise.

-- Tao of my sleep-deprived brain

Re:Security?

[Zocalo]

the ever-popular "******"

Like the Dilbert strip where Dilbert advises his boss to change the password to "******" to avoid having to explain why his keyboard puts the wrong characters on the screen when he types his password? And more importantly, what do you tell the same boss when he's upgraded to Windows XP and gets those natty blobs for his password "typo"? Typing "ALT+0183" (on the numeric keypad!) six times just doesn't seem like it's going to cut the mustard.

Re:Security?

[4of12]

Exactly.

My thoughts on all those services, too, were along the lines of "Whoa, Nelly!"

Just because it is possible for Linux to simultaneously make available all these different standard services reliably and inexpensively doesn't mean it is a good idea to do it by default.

Such a Ginsu knife device would be great as long as it started out with low services by default (https), with some intuitive feedback to help the novices notice dangerous combinations of configurations.

Also, it wouldn't hurt to put it in tandem with a honeypot machine to help in the detection arena. Certainly if my house had that many different open doors I'd be very anxious.

Re:Security?

[psych031337]

How's the security on such a device that automagically sets up everything and then some?

Well, i'd say it leaves room for quite some exploits. That's when the Plug'n'Play mode turns into Plug'n'Punish...

Re:Security?

[Crispin+Cowan]

Dunnow about what IMASS did, but the equivalent WireX server appliance protects itself with the suite of Immunix security tools.

Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase

Re:Security?

[epeus]

There are standardised ways of doing this well - have a look at http://www.zeroconf.org

Re:Security?

[joto]

If your physical security is so weak that anybody can just go up to your server and plug a card in, *or take one out* does it matter much about the IT security aspect?

Actually, yes!

Most people will not plug a card in. But it is not that unusual for people to probe random ip-addresses and infect you with trojans, or other forms of remote attacks. If you want to keep the server running, you'd better have some security there.

Remember that most servers aren't completely unsecured physically, they generally are inside some room in some building where most people don't just happen to walk by (and most of those passing by will be employees or people associated with the company in other ways, so they can for the most part be trusted to some degree). On the internet, the server is available to every person on the planet! So even if it isn't really secured physically, there is at least less chance of a physical than remote attack.

Compare a house in the city with a house on the countryside. Now, anyone can still get to the house on the country, but there will not be so many random bypassers, so the security is higher, even though it doesn't have better locks or alarm-systems.

Blurb ahoy

[CaptainAlbert]

Apparently, it runs a...

> Hardened & ruggedized Linux based UNIX kernel

?

Could someone from marketing please tell me what that means?

Re:Blurb ahoy

[liquidsin]

Somebody in marketing already told you what it means. It means "hardened & ruggedized Linux based UNIX kernel".

Damn marketing department...we need a babelfish translator for the marketing drones.

Re:Blurb ahoy

I tried to translate it back into English, but all I got was "The synergistic turnkey solution is an ideal e-business solution for tommorows iTransactions. The .NET based XML Java regidised engine transaction services compoenent technology provides a lower TCO and higher turnaround of your base assests. QED."

I think I may have accidentely translated it from Marketing to Management though.

Re:Blurb ahoy

[more]

hardened & ruggedized Linux based UNIX kernel.

It means that during the last 10 years the Linux kernel has been improved by volunteers. The company in question has participated by writing the glossy paged marketing material.

Re:Blurb ahoy

[iMASS]

• Apparently it runs a "Hardened & ruggedized Linux based UNIX kernel"

That is indeed marketese. What we tried to tell them was we stripped the Linux OS (not the kernel) down to a system that fits (kernel Apache, perl, php, qmail, and all) in 12 megs on a flash disk, and so it's much more reliable and will keep doing basic tasks (like routing) even if the disk dies.

Naturally, they thought an OS was the same as a kernel, and liked the word "ruggedized", and the rest is history...

Re:Blurb ahoy

[Sloppy]

Could someone from marketing please tell me what that means?

It's a holistic-approach solution, which empowers you to proactively leverage your synergy, by thinking outside the box.

Re:Blurb ahoy

[Afrosheen]

What's with the 2.2x series kernel? Shouldn't it be running iptables on 2.4.x instead? It is a firewall after all...

Re:Blurb ahoy

[Rasta+Prefect]

2.4.x, for a stable kernel really hasn't been. It's not something you want to put onto a server whos major selling point is "throw it in a corner and forget about it". 2.2.x is quite a bit more appropriate for this use.

Read at the bottom ...

[dago]

... of the page presenting this system :

Systemax PC's use genuine Microsoft® Windows®

www.microsoft.com/piracy/howtotell

Re:Read at the bottom ...

[An+Onerous+Coward]

But the iMass software page says:

* Hardened & ruggedized Linux based UNIX kernel
* SMB & AppleShare IP compatible file services
* SMTP, POP3, & IMAP4 mail protocols supported
* WebMail support
[blah blah blah]

So either the general statement doesn't apply in this instance, or the servers also include a copy of NT's kernel for no particular reason.

By the way, how does one "harden and ruggedize" a Linux-based kernel? Expose it to gamma radiation? Take it to see really violent movies? Make it do push-ups?

More interestingly, how does one do this, and then sell it with a computer, without releasing the source? I'm having trouble telling whether this is a "real" computer or an embedded device.

Almost

[squaretorus]

"sets up DHCP, DNS, FTP, Email, file sharing, firewall, NAT, internet access, dial-up, etc. almost automagically"

As we all know - that can be more annoying than not doing anything at all. Do what microsoft etc do - just miss out the almost.

It's not Plug and (mostly) Play is it?

Re:Almost

[Zocalo]

It's not Plug and (mostly) Play is it?

I suspect it's more like this:

Try DHCP - if OK great, configure eth0 accordingly, if not, not a problem for now

Put eth0 into promiscuous mode

Capture some traffic

Look for where connections are being opened for port 53 (DNS), port 20/21 (FTP), 25 (SMTP)...

Look at the source IPs for local IP's / subnet

Look for where traffic off-net is being sent for the default gateway(s)

etc.

Fill in some blanks with the above

Present harvested info to the user and ask them to fill in any required unknowns, make corrections and confirm the final settings This kind of thing isn't new, and there are lots of other tricks to farm data, like sending forged packets to illicit a response with useful data. Where you tend to come unstuck in what you can achieve though is when you plug the thing into a switch. It's a bit more difficult to find what you want when you can't see it...

Re:Almost

[SilentChris]

Good point. The same people who hate most of the automagic "wizards" in Microsoft products (myself included) are probably going to hate this design. Personally, I'd rather spend the extra 20 minutes setting it up manually -- and correctly -- than having to drill through all the menus wondering what it missed.

Additionally, I wonder what happens if you have identical devices on the network, like another DHCP server. Does this unit turn off its DHCP server? Attempt to "take over" DHCP responsibilities (had this happen with a wireless access point once -- nasty results)?

Re:Almost

[Zocalo]

and if your on a switched network ? surely you wouldn't recieve any relevant traffic ?

You would initially just see broadcast traffic, and that gives you some IP information to get started from. You could then send a continuous stream of forged packet to the switch pretending to be from MAC addresses you can see. Depending on the switch you may be able to force it to fail and start acting as a hub, or receive packets intended for the legitimate hosts you are faking.

It's a technique known as ARP spoofing, for which there are plenty of tools such as Dugsong's DSniff suite. Get Ethereal as well, capture some packets and see what you can derive about the network - it should be quite a lot. Add a packet generator into the mix and, well, the sky's the limit really. I should also point out that you can very easily break the law with these tools; be careful what you do and where...

Re:Almost

[FatOldGoth]

Sorry, I know I'm not supposed to respond to trolls, but there seem to have been a number of credulous responses to this.

What Microsoft network products are these that configure themselves automagically? A DNS server that needs no configuration? An email server that simply needs to be installed? A dial-up client that never needs to have the username, password or ISP's telephone number set?

While a lot of these things can be done out of the box with Windows it's a bit of a stretch to say it's not done almost automagically.

Re:Almost

[Zocalo]

I quite agree, hence the strongly worded disclaimer. However, you can gather a hell of a lot of information on a network without even tranmitting a single packet (I made an "ethernet" cable with the TX wires open while playing around with this - it's a great way to learn). If you *truly* just listen, there isn't an IDS in the world that is going to know you are there, and I doubt many IDSs are configured to pickup some of the the most basic probes, even if they are capable of doing so.

Besides isn't a statement like "when my IDS finds it. (And it WILL find it.)" akin to saying "Oracle is unbreakable" or "the Titanic is unsinkable"? Watch that trust level!

Re:Almost

[shyster]

Good point. The same people who hate most of the automagic "wizards" in Microsoft products (myself included) are probably going to hate this design. Personally, I'd rather spend the extra 20 minutes setting it up manually -- and correctly -- than having to drill through all the menus wondering what it missed. Additionally, I wonder what happens if you have identical devices on the network, like another DHCP server. Does this unit turn off its DHCP server? Attempt to "take over" DHCP responsibilities (had this happen with a wireless access point once -- nasty results)?

Of course, me and you (and most other /.ers) could build a similar system, using Linux, without too much difficulty. But the 20 person law firm I just set up with a Windows 2000 server could not. The reason they wanted Win2k? Because they felt that they could, if needed, administer it. Of course, I know that's bunk, and that the only administering they're going to be doing is changing tapes...or breaking something.

This IMASS would be great for small businesses that just need basic file and print sharing (what we used to use Netware for). As a bonus, it can do DNS, DHCP, dial-up, etc. Sure, a Pentium-133 with a FreeSCO disk will do similar, but a PHB can't set it up.

Good question on the DHCP server, though. I would think that the machine is configurable, both in the services it provides as well as in the options for those services. If you're using in a WAN/Remote type environment, then someone should know what they're doing and be able to configure it. If it's your only server in a small business environment, then it shouldn't need too much fussing, and you can cross your fingers and away we go.

Of course, on the downside, if this thing was ever heavily marketed, I could find myself un(der)employed. =)

Re:Almost

[SilentChris]

I agree to a point. Windows 2000 Server actually leaves a great deal of that "Wizard" crap out (except for the opening login dialog, which you can quickly turn off for good). When push comes to shove, I find it easier to administer a Windows 2000 machine than a Linux one. That doesn't make it better, worse or indifferent - it's when the program second-guesses the operator, without letting the operator make the decision first, that bad things really happen.

Re:Almost

[shyster]

I agree to a point. Windows 2000 Server actually leaves a great deal of that "Wizard" crap out (except for the opening login dialog, which you can quickly turn off for good). When push comes to shove, I find it easier to administer a Windows 2000 machine than a Linux one. That doesn't make it better, worse or indifferent - it's when the program second-guesses the operator, without letting the operator make the decision first, that bad things really happen.

I see your point, but you're wrong. (We have some lovely parting gifts for you, however.)

It's when the admin/operator doesn't know what the program is assuming or using for defaults that problems occur. You have to know the OS you administer, whether that be Linux, Windows, or BeOS. That means knowing what the defaults are (there's almost always a way to change it if you need to) and how to change them.

Windows is, source code modifications aside, almost as configurable as Linux. You just have to know how. Linux, for the most part, makes sure you know everything up front. Windows assumes that you don't know or don't care, but gives you ways to change it if you do. If you don't look for those ways, then it's your fault...not Windows'.

Re:Almost

[shyster]

As we all know - that can be more annoying than not doing anything at all. Do what microsoft etc do - just miss out the almost.

Well, I'm pretty sure you're going to have to provide some information. Such as ISP dial-up number, username/password combos for dial-in and POP accounts. Perhaps even shared drive structures, DNS zone info, DNS forwarders (if used), etc. There are some things I can't imagine that this thing could pick up by sniffing the network....Though, if it could, it would truly be wonderous....I could just use it as a replacment for sticky notes and my failing memory. =)

imagine..

[sluggie]

a beowulf cluster of those!

no, don't mod me down now! I really mean it!

So, what do you think could happen if you put more than one of those in a network.

do they recognize each other?
are they able to do some basic kind of load balancing (one does mail/ftp/NAT, the other one user homes/printer/etc)?
what if business grows bigger, so that you need more than one server?

I like such pseudo turnkey systems, but where is the scalability?

Re:imagine..

[danamania]

My worries would be upgrades etc. if someone hasn't the ability to set up a regular server, they probably don't have the full nous to keep everything up-to-date and secure. Scalability may never be a problem to most of their market - there would be tens of thousands of small businesses with say, less than ten staff. The security as it comes with standard may equal anything already in place, but that's always a temporary situation...

Re:imagine..

[sluggie]

So, just in case if they get sued by apple for the name "iMass" they can just convert to "Furby-server". (And then get sued by tiger elctronics, but this sure is another story ;))

Re:imagine..

[sluggie]

hmm you seem to be a bit ignorant.

Did you never see a business grow?
What if a starup company uses this server, and their human resources double? who is going to migrate this stuff?

Dammit you idiots, think before you post!

Thy shall not throw stone while sitting in glass house...

Re:imagine..

[Technician]

Apple started in a private home... Some businesses make it. It was a valid question.

Re:imagine..

[Alan]

True, but as the business grows so should the servers, and sometimes this means that they're going to get replaced. It might be a bit of a pita to take out solution X and put in solution Y, but by the time you've outgrown it, you might be at the point where you can afford to have a network guy who has the sole responsibility of keeping things up to date and going... well, you should already, but now you can pay him more so that he and his PFY can deal with integrating a new solution.

The same can be said for a start up business not getting themselves a huge expensive sun box to do their work.. sure if they grow from 5 people to 500 people they'll need it, but at this point it's far more cost effective to get the cheaper solution, which this appears to be. Scalability works both ways.

And heck who knows, maybe these machines do recognize each other and do funky things, but I doubt it. This system IMHO is just another of the linux-based web appliances that were all the rage a year or two ago, and it just has some new auto-detect technology (which someone described how it could be (and based on my experience doing the same type of things, is) done. Bet marketing was overjoyed they could create a new paradigm shift in their action items :)

Re:imagine..

[Afrosheen]

Don't you mean to escape cracking? A pretty significant distinction IMHO.

Re:imagine..

[shyster]

Did you never see a business grow? What if a starup company uses this server, and their human resources double? who is going to migrate this stuff?

Is it not in their budget then to hire a consulatant or full time admin? If not, then I submit that the start-up will have more trouble than migrating data.

Nice price comparison

[Whafro]

It's nice to see that they have under the traditional listing a server with every possible expensive option, while the opposite is true for the iMass.

Honestly, if you're going to have an IDE disk in the iMass, then clearly the "traditional" server you're comparing it to should also have an IDE disk. And what network of 2-150 users needs 25 mail servers? Clearly having a tape backup and a hard drive backup are vastly different in scope as well. They don't seem to be providing a way to keep the last year of daily backups on a shelf; or even the last week of backups plus the monthly.

They're just looking for the idiots who don't know what a CAL is or maybe once have seen the IBM linux commercials and look solely at the provided bottom-line.

Re:Nice price comparison

[kinkie]

"25 servers"? Apparently you got confused by the numbers of the comparison chart.

The "25" that appears there is the number of _client_ licenses for Exchange that you have to buy to get a 30-users mailserver.

Re:Nice price comparison

[Error27]

>>It's nice to see that they have under the traditional listing a server with every possible expensive option, while the opposite is true for the iMass.

I don't know that it's "traditional" to use Microsoft products, but it's certainly not unheard of.

Re:Nice price comparison

[sheldon]

I think you misunderstood CAL, but you are on the right track. This comparison of a ML350 to a low end Athlon desktop is ridiculous.

For $1200 I can buy a Compaq D500 Evo minitower with two 40 Gig IDE drives, 128Megs RAM and a 1.5Ghz P4. That's more than equivalent to the iMass hardware.

Now as far as software. The iMass comparison goes off showing full price of Win2k and Exchange. Great, but Microsoft's solution to the very problem iMass solves is Small Business Server.

If you go here:
http://www.microsoft.com/sbserver/howtobuy/defau lt .asp

SBS 2000 comes with 5 CALs, purchase another 25 for around $1300. So we're at $2800 for that, plus $1200 for the desktop puts us at $4000 compared to $2700 for the iMass.

Even so I'd still go with an ML320 at least, and a tape backup solution. Yes, it's going to be more expensive, but I've been there done that, and I think it's worth it.

Re:Nice price comparison

[Howie]

However, Exchange also gives you a lot more than just e-mail - shared calendaring, workflow routing etc. If that's important to you then there isn't a OSS solution to the same problem AFAIK...

I wouldn't fancy running 2K and Exchange on a PC with 128M RAM though. Win2K by itself is not much fun with 128M, let alone the rather porky Exchange server.

By comparison, a 128M system running QMail for 25 users is barely going to break a sweat.

Re:Nice price comparison

[sheldon]

This is true. I'm not ordering any new computers today with any less than 512Megs of RAM. I've found even our older PIII-550 machines are much much much more useful when fully loaded with RAM. There's no reason not to load a machine out with RAM.

I don't understand this fascination with 128M, that's like so 1999! :)

No network administration skills are needed ...

[FileNotFound]

No network administration skills are needed to deploy or maintain the iMass server. Simply, plug it into a power source, attach a second cable to an Internet feed and then turn the machine on. The iMass unit will automatically setup all network configuration parameters including firewall, file, print, Web, FTP, email services, DNS entries and DHCP.

Right. So they're all set up the same? Plug it in and let everyone in?

Sounds rather scary. I can understand Snap file servers etc..

But firewalls etc?

Chances are that to avoid things 'not working' everything is on, every port is open and everything works.

Uh, no

[S]eems to be just what some of my clients need to finally convince them that Linux CAN be easier to use than Windows

Sorry, but this product does not demonstrate any such thing. Using any OS in this kind of device makes it an embedded OS and therefore invisible to the end user. If it's invisible then by definition it has no usability, good or otherwise.

I'm sure Linux was a good choice for the OS in this product, as it's cheap and infinitely configurable. But the OS's inherent ease of use to the customer is not on the list.

Re:Uh, no

[pjc50]

Invisible things that do what you want _are_ good useability. An OS that needs no configuration or maintenance is much more useable than one that needs constant baby-sitting...

Re:Uh, no

[shyster]

Sorry, but this product does not demonstrate any such thing. Using any OS in this kind of device makes it an embedded OS and therefore invisible to the end user. If it's invisible then by definition it has no usability, good or otherwise. I'm sure Linux was a good choice for the OS in this product, as it's cheap and infinitely configurable. But the OS's inherent ease of use to the customer is not on the list.

While you could make an argument that it's an embedded OS, it'd be a stretch, since it runs the full Linux kernel.

And, I don't see how invisible translates to no usability. It's configurable by Webmin (or similar), and most non network admins would like a low or no maintenance server.

Oh, and BTW, among Linux's many fine traits, I have never found an "inherent ease of use" among them.

You, admins are just scared of becoming redundant!

[ext]

Well, sound really great! and even it migh have some drawbacks, but hey, everything must have, especially in the first stage! It will get better, and sound well enough now! Means there is no need for an 'dedicated' admin! hehe, great! :-A

Cant find where the Linux part of this is

[CDWert]

I cannot find where the linux part of this is.
The link on the article takes you to an Investor Realtion page, Of which the company that is distributing it is listed, no info there, anyone have any FTP info ?

Guess its time to pull the GPL clause to get my software via mail. BUT WHO THE HELL DO I SEND MY WRITTEN OFFER TO ?????

Re:Cant find where the Linux part of this is

[big.ears]

In my reading of the GPL, it has a few options for source redistribution. If they redistribute the source with the compiled binaries (e.g., on the imass itself), they do not need to redistribute the source otherwise. If they do not distribute the source on the same media, they must make the source available to all comers (and can charge a nominal fee)--even those who didn't buy it directly. I think there is a third option, where if they received a redistribution offer from another firm and they changed nothing, they don't need to do anything. (e.g., they can say "Its stock Red Hat--pick it up at redhat.com). So don't get in a huff if you say "gimme source" and they say "stickit".

*This* is what they would have used in ID4

[dustpuppy]

it autodetects network segments in less than 5 minutes, and sets up DHCP, DNS, FTP, Email, file sharing, firewall, NAT, internet access, dial-up, etc. almost automagically

This is the sort of system they would have used in Independence Day 4 to autoconnect to the alien network and upload that virus. None of that stupid Apple crap ...

Kernel 2.2.19

[CDWert]

Kernel version of this wonderbar unit is
2.2.19

And 128 meg ram ???

Re:Kernel 2.2.19

[nzhavok]

Well I guess they went for a more stable kernel, personally I haven't had any problem with 2.4 but others have as discussed in the kernal of pain last week.

128MB is a bit low, I'm a bit surprised by this given the price these days.

Re:I'm an idiot

[mccalli]

What's a CAL?

Client Access License.

Most commercial (application) servers are priced per so-many clients. These are measured in client access licenses. The most commonly encountered ones would be things like MS Exchange servers, but non-MS server software can use this model too.

Cheers,
Ian

GOOGLE

[Alsee]

Google search on CAL network Server you get the answer "Client Access License" on the third link. First two links are clearly Cal-State.

Google is great. It's like a swiss army knife. Not only can you search for web pages, definitions, etc etc etc, you can even use it to correct your spelling :)

-

Re:salaried admin || $3000 box?

[blane.bramble]

Better still, that classic question: "Is the internet down?"

Re:Uh oh

[SilentChris]

"This could actually be a simple task. It is currently unknown whether e + pi is in fact rational or irrational."

Geek! :) Sorry...

Offsite

[GedLandsEnd]

No tape to put in the safe?

Not having offsite backups available is definitely a bad idea in terms of emergencies. (The building goes up in flames, taking the nifty 'integrated drive backup' with it.)

You get what you pay for, of course. But I've worked with the intended technophobe market - they wouldn't know what they were missing until it was too late.

Re:salaried admin || $3000 box?

[RedX]

I don't know where you live that you know of $40/hr network consultants, but that rate doesn't even get you someone to do a desktop memory upgrade here in Ohio. I know that wasn't your point though.

Not just security...

[Chocky2]

Though security could easily be a nightmare, with auto-config and default settings providing excellent opportunities for things to go wrong, it isn't the only potential hole.

Almost all QOS issues are going to be a problem here - resilience for example (two NICs and a modem are nice, but I can't see "redundant power supply" written anywhere; or how about hardware support for RAID, even just mirroring). Also customisation/optimisation - nice that it does this automatically, but how easy is it to overide the automatic configuration (not an issue for many of the people who are buying these, but it will really limit there usefullness in big low-tech companies where you need to tie in with your corp-wan.

More detailed specs would be reassuring, the current descriptions are far too minimalist.

Re:Not just security...

[shyster]

Almost all QOS issues are going to be a problem here - resilience for example (two NICs and a modem are nice, but I can't see "redundant power supply" written anywhere; or how about hardware support for RAID, even just mirroring). Also customisation/optimisation - nice that it does this automatically, but how easy is it to overide the automatic configuration (not an issue for many of the people who are buying these, but it will really limit there usefullness in big low-tech companies where you need to tie in with your corp-wan.

Redundant P/S would be nice. The data drive is an IDE backed up to another IDE, so IDE-RAID aside, true RAID isn't an option. But, being backed up to a hard drive (and the OS on solid state) does make for easy recovery's.

I'd assume, though it's not a given, that most settings are user-configurable.

Security is Paramount

[atubbs]

The biggest problem with this sort of system is going to be the lazy factor. WinNT/2000 with IIS is great in some regards, because it allows the average peon with a year of experience using 98 to set up an Internet server, without much thought. However, that same peon hasn't a clue how to maintain it, so his box is one of the first infected by Code Red, and one of the last cleaned.

Now, make it even easier, by making something an even lesser peon (one with virtually no computer experience) can just plug in and let run without ANY suggestions of maintenance of the beast, and it starts to form a pretty massive DDoS system, if you ask me.

Re:Security is Paramount

[karot]

so his box is one of the first infected by Code Red, and one of the last cleaned.

Absolutely - I notice the absence of a virus-scanner of any sort being installed.

Not expensive to do these days, in fact LinuxJournal ran an article on a DIY SMTP virus scanner a few months back IIRC, and I'm sure that could be applied to HTTP etc etc...

How it's hardened...

[SomeoneGotMyNick]

Remember making things in high school shop class?

It was hardened by flaming it up to extremely high temperatures and then immediately thrown into cold water.

"Tempered UNIX Kernal" was too short of a phrase for marketing to use. It also sounds less aggressive

-------------

moron admins

[Proud+Geek]

I have to agree with you completely.

Remember code red and nimda? Both had patches released by Microsoft before they were out in the wild; all people had to do was install them.

Imagine that instead of being too lazy or dumb to keep up to date with patches, the admins just didn't know what a patch is, or how to apply one. I've seen several security patches from Linux vendors this month, and I don't keep up to date because I don't administer anything other than my home PC. This thing better have automatic download and install of patches.

Not to mention the idea of someone who has never seen your network deciding what the firewall should look like...

Just plain hideous...

[KC7GR]

IDE for the hard drive?

An additional hard drive for doing backups?

Geez... What if the "backup" drive fails with the last six months of critical accounting data on it? Data-recovery services are -not- cheap, and the cost of having to employ one would likely exceed the cost of a good DLT or DAT tape system AND a disaster-recovery plan many times over.

IDE is bad enough (though I will freely admit to being a SCSI bigot). Using a drive with non-removable (and safely stashable) media for backup, on what will likely be a primary server, is darn near worse than no backup plan at all!

Re:Just plain hideous...

[iMASS]

What if the "backup" drive fails with the last six months of critical accounting data on it? Data-recovery services are -not- cheap, and the cost of having to employ one would likely exceed the cost of a good DLT or DAT tape system AND a disaster-recovery plan many times over.

First of all, if your backup disk dies, you still have the primary, so your data isn't really lost.

You can swap idb drives using the front drive tray, so you can replace the backup disk, push the backup button on the front panel, and you're set.

You can also swap the backup disk whenever you want. idb does incremental backups, so you can, say, have a backup done three times a day for a week, then swap the disk and put it in safe storage, then do another week on another disk, then swap them back. The incremental backups are smart, so week 3's backups will automatically be incremental versus week 1, even if week 2's backups were on disk 2. (In this case, week 2's first backup was not incremental, since week 1 isn't on the same disk.)

idb is _very_ cool stuff, trust me.

That said, tapes seem a bit more resilient. But you can't beat the speed or capacity (or nowadays, even price) of a disk.

This is hardly news...

[technopinion]

Check the date at the bottom of the page: September, 2001. So now 4-month old PC Magazine blurbs are news? Stand back, I've got some posting to do!

newsqueak - squeak squeak

Re:Qmail licensing

[iMASS]

Not true. We explicitly checked with djb before we packaged qmail like this. It *is* allowed to distribute qmail in unmodified binary form *if* you do it as a tarball that follows his instructions... which we did.

Re:2.4 kernel

[iMASS]

Can it automagically upgrade the 2.4 kernel every couple of weeks and set the correct AC patches?

Yes! Although we tend to only upgrade the kernel when it's useful, not with every single release. Most of our customers don't care whether they're using 2.2 or 2.4 kernels, or apache 1.x or 2.0. I personally don't trust apache 2.0 yet.

Last time I checked, I think it takes three mouse clicks to upgrade the entire OS, which fits in 12 megs on a 32-meg flash disk (so you can hold two copies, and old "known working" one and a new "test" version). iMASS downloads the new version from our web site, verifies its integrity, and installs it automatically.

Unfortunately you have to reboot to upgrade the kernel. If it doesn't work for any reason, next time you reboot you get the old, safe version back automatically.

Re:More details.

[iMASS]

Anyone have more details on the specifics on the software? Sounds like a modified distro already set up to go with webmin to me.

We built our own distro from scratch. That's why it fits into 12 megs on a flash disk :)

Instant marketing

[Samrobb]

Anyone else notice this banner ad at the bottom of the IMASS page the article links to?

Either someone at the company submitted the story, or they have one of the most responsive marketing teams I've ever seen...

Re:Instant marketing

[Dartek.com]

Thank you for the nice comment about our responsive marketing team. And no we did not post the story.

e-smith server - same thing

[EdmondDantes]

I've been using e-smith server for over a year. Based on RH e-smith does the same things as the iMASS - with one notable exception - it's a free ISO download which can work on almost any Intel box (mine is a P90 w 32MB RAM :)). It works great as an firewall*(if you think proxy/NAT is a firewall)/email/web/print/storage server, it even comes with pppoe, dynamic dhcp client and IMP (webmail). Not that I'm shiling for e-smith, but damn if it ain't easy and frankly - good!

Re:Slashdot does Infomercials now?

[shyster]

This article is so misplaced. "Scared of Linux, try our box?" just does not seem the right message for /. 'Check out the review!' smells like blurb. Am I the only one who suspects someone is paying someone to get Infomercials onto Slashdot?

Well, damn, where's my check then? Check out my User Info if you think I'm being paid for this.

I ran across an ad in Computer Shopper for this product, checked it out (as I'm in the business of setting up servers for small companies), and saw that it used Linux. I thought, "That's an interesting application of Linux and shows a lot of promise. I wonder what the /. community thinks." and submitted the story.

Oh, and I figure dartek.com probably got a clue from their referral logs. Not everyone is as stupid as Samrobb seems to be.

But There are LOTS of These Server Appliances ...

[Crispin+Cowan]

Why does yet another server appliance rate a slashdot story? There are many companies selling this kind of SOHO (Small Office/Home Office) server appliance, starting with the venerable Cobalt Qube.

WireX (my company) has been selling this kind of product for a long time now. The WireX web-based management interface (as provisioned on Dell PowerApp servers) even won an "Emperor Class" award from Linux Magazine. And the WireX servers have the additional benefit of being protected with Immunix security, something which is especially needed by the kinds of users who choose "easy to use" server appliances.

Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase

Re:Uh oh

[AnalogBoy]

Well, first you'd have to have all of two irrational numbers. My original intention was to indicate that, due to some flaw in programming that if a computer returned a rational result for a otherwise correct calculation for an irrational number..

oh, bloody hell. nevermind.