Ah. So, problems with mozilla are problems with SuSE. Or, problems with apache are problems with redhat. Or problems with SSH are problems with OpenBSD. Or problems with wuftpd are problems with debian.
Now, I agree with you. I hate how a lot of people in the OSS world move quickly to blame others for interface problems, buggy code, version incompatibility, etc. However, some people would disagree with both of us, saying that these are problems with specific pieces of software, not with the distro.
I just think that, if people can say that SSH problems are not the fault of OpenBSD, despite being packaged (and people do), then it's equally possible to say problems with IE are not problems inherent to the Windows kernel / core OS. And I think that may have been what the Windows exec said. Now, I'm not saying he's right about being almost exploit free, but I'm saying, given the definition of "Windows" as the core os and kernel, he may be more right than we give him credit for.
Hehe... You know, I've thought of setting it up on a system just to see what it would do, how many files would get corrupted. Just for fun.
But, I know there was like a couple of hours where people downloaded it becuase it was on slashdot or wherever, or someone had a computer set up to finger kernel.org thousands of times.
By default install, I meant that you had to *turn shit on* in order to make anything usable. Without turning any services on, you get a fully installed system, with everything off except SSH. It's like buying a car, and sitting in it with the keys in your lap in the car lot, and being proud that this car has never been in a wreck.
Oh, and answer me this? What's the super user on OpenBSD? It certainly is not root. Cause, I had an OpenBSD system, and I wanted to set my password. User account will. So I'm logged in as will, and I type passwd. It won't let me change my pasword to anything less complicated than Jce&2C!@7lf.&*$%jal. I don't want my password that complicated. So I su - to root. I type passwd will. It WILL NOT let me set a non-complicated password. I'm sorry, spit out an error, and don't let the minions change their passwords to dumb things, but when I'm root, I AM GOD. Fuck you, this is my world, I am king of all that I survey. But, not on OpenBSD. I can't even open the shadow file to put a pre-encrypted password into the file, cause THERE IS NO SHADOW FILE.
Fuck OpenBSD. It's easy to make an operating system free of remote holes in the default install: don't fucking listen on any port but ssh. WOW, I'm a GENIUS. But, then, you end up turning stuff on. Oops, security guarantee not valid. Plus, when you're root, we're not going to let you do everything you want to do. We're going to restrict you.
Whatever, that OS sucks. Bottom of the barrel, as far as I'm concerned.
Step 2.) Start -> Control Panel -> Add/Remove Programs -> Uninstall Internet Explorer
Thank you, thank you. For other things that are "integrated into the windows kernel", see Outlook, IIS, Outlook Express, MSN Messenger, Net Meeting. Don't forget to tip your waitress.
Dude, if you're going to MS bash, get on top of your shit first. I'm not saying they're not evil, all I'm saying is if we're going to attack them, we need to understand them.
They're not? My copy of Windows shipped with IE, Outlook, and IIS. If they're on the Windows CD, integrated into Windows, and installed by default, than security problems with them are Windows problems.
My linux CD came with Apache, gcc, wu-ftpd, bind, and sendmail. They were installed by default. Security problems with these are obviously linux problems, correct?
1.) Microsoft end of lifed windows98 on Jan 16th of 2004. That's 6 years of supporting an operating system, folks. That's impressive. $100, and you got downloadable updates for 6 years? RHN subscriptions or enterprise linux don't touch that. So, if they don't provide security updates for it anymore, it's only because, in terms of software, it's ancient and it should be phased out. Upgrading to get security sux, but who'd buy a new computer and willingly want to use their old win98 on it (i know slashdotters can always come up with whatever reasons for anything, but in the general public).
Yes the Linux kernel, even back to 2.2, is still being updated. And yes, linux updates don't cost money. But, what if I have just downloaded kernel 2.4.11, and it works great, and oops, we found a problem in 2.4.11. The solution is to upgrade. Not patch. What if going to the new kernel breaks stuff that used to work, while in the process patching an old hole? This is different, but similar to MS. "You have a problem with 2.2.7? You should try to upgrade to 2.2.26 or 2.4.24." "You have a problem with windows98? You should upgrade to ME or XP."
2.) The article claims windows has not had security holes that were exploited before a patch was available. I don't think this was true, but keep in mind, the VAST VAST majority of Microsoft problems are with outlook, internet explorer, office, IIS, exchange, etc. Technically, these are not windows problems. It's like saying that wu-ftpd has an exploit that gives a user root access (which is almost always true), and then blaiming that on the kernel dev team.
Or, it's like OpenBSD. "Only one remote hole in the default install, in 7 years". My ass. The default install is unusable as an OS. How do they accomplish their security claim? Partially through well-written systems. Partially through turning off every freaking useful service known to man that you would want to run on a server. And yet, people hold them up as a paragon of security. The holes in OpenBSD are from other programs, the masses cry. But no one thinks about the same thing in terms of microsoft.
3.) The time warp thing is confusing me. Everyone is saying that it's a logical fallacy that Microsoft could have released patches for security bugs that are not yet discovered? Or, what, i'm not following. The have the code, they test it, they find a bug, they try to release a patch before it gets exploited. This involves, as has been discussed, not mentioning that there is a bug, but i suppose security through obscurity is still security.
How many times have we seen a story on slashdot that exclaims how microsoft has yet another hole (!!!!1!) and then, 40 minutes after the bashers have played their part, someone comes on and says "people should have applied this patch (link) which is discussed in MS Knowledge base 7498923298232"? I see it all the time.
The average linux user is smarter than the average windows user. Therefore, we tend to keep our shit up to date. Microsoft tries to make it as easy as they can, but there's no such thing as idiot proof (i mean, in windows XP, the windows update service pops up on the first run of the OS and asks you if it can run in the background, checking for updates, and downloading / installing them automatically for you!).
I'm not trying to defend microsoft here, all I'm saying is that, before you bash them, think.
I don't know the number, but it's one of the DNS RFC's. Technically, it's not a mail protocol. What I'm talking about is the standard practive of when you are given a hostname, and look up it's IP, and then look up the same IP, it resolves to the same old hostname.
A grep through my rfc.txt turns up a few, but i'm not sure it's one of these: rfc+2219 Use of DNS Aliases for Network Services. M. Hamilton, R. Wright. October 1997. (Format: TXT=17858 bytes) (Also BCP0017) (Status: BEST CURRENT PRACTICE) rfc+2181 Clarifications to the DNS Specification. R. Elz, R. Bush. July 1997. (Format: TXT=36989 bytes) (Updates RFC1034, RFC1035, RFC1123) (Status: PROPOSED STANDARD)
Labelling all SMTP servers on DSL lines as spam relays is really over the line.
However, labeling *most* SMTP servers on DSL lines as spam relays is probably accurate.
Spam blocking is the science of pissing off the least people while blocking the most spam. If you block end-user level isp customers, you block a lot of spam, and only piss off a few people. It's a win, even if it sucks for people that know what they're doing.
Oh, i don't mean where the mail says it's "from". I mean where the connection is initiated from, to our mail server.
The "from" address on email is arbitrary. It's like the return address on an envelope (snail mail). I write my home address on my power bill's return envelope, but I mail it from the drop box next to the post office. If it needs to be returned, it's going to be returned to me at home, not to that drop box.
Same thing with email. That "from" address is wherever you have your email client set up to reply to. The drop box at the post office is like your ISP's SMTP server.
This happens all the time with the company where I work - clients have their from address on their mail client at home set to me@whateverdomain.com, and they use their ISP's SMTP server. Then someone replies to their message, and it goes to the "from" address, which is on our mail server. The client then checks their mail from our POP3. Everything works smoothly.
But what I'm talking about is when someone replies, and a mail is sent to our mail server - it doesn't matter that it was dropped off in "mail.eastcoast.roadrunner.com" and that it's for "bob@bobsconcrete.com", what we care about is that the connecting computer ("smtp.isp.com") looks up to a valid address, and not to dhcp-23.45.67.89.isp.com.
The contents of the mail are inconsequential for the connection. All we want is to know that, when someone says "here's some mail for bob, it came from steve", and they say "i'm the mail man, and my name is jim", that their name is actually jim and not zaphod or whatever. We don't care who steve is, and as long as bob is a local user, we're cool with that.
After working at a webhost, I'm a firm believer in "use your damn isp's SMTP server, that's what it's there for". Any half-decent ISP will just have their SMTP server forward whatever you send to it, spam or not, but obviously the advantage is that you have a name, an IP, and a customer attached to any spam if they actually care to go look through logs.
No, I don't worry about blocking people's homebrew SMTP's. They're a big source of spam anyway. By "in-house", I mean someone's small office of 4 people has it's own mail server, which isn't set up correctly. Those get blocked, people get pissed, we tell them to fix their DNS, they're like, it works fine, blah blah blah.
One of the most effective ways I've ever seen to filter out mail is to just simply follow the RFC. When you get mail from a domain name, look up the ip address, when you get the ip address, reverse lookup the name. If forward and backward don't match, reject the mail.
Unfortunately, this rarely is implemented. Why? People can't seem to figure out how to set up their DNS zones. So whenever I've implemented it, we always get calls from people saying "my mail is getting bounced, error code 0-B". And we go and look, and it's some client trying to send mail from their in-house mail server legitimately, but they don't have it configured properly in DNS.
The volume that we get of people complaining about it is high enough that we can't leave it turned on, and I'm unwilling to do tech support on someone else's name server. So, even though it blocks about 1/3 of all the spam we get, it stays off.
I remember now. All the wire that we added going to and from external "internal" batteries was 8AWG for the 5U rackmount APC SmartUPSes. They use 10AWG on the inside, and we thought we'd go one up on that. I remember because we had to buy ring terminals from the local electrical supply (which, being the only game in town, is pretty pricey) that were made to fit 8AWG, because they make them that fit 12/10AWG, but the 8AWG ones cost so much more. I think a box of 20 of the 12/10AWG ring terminals cost $5, but the 8AWG ring terminals were $0.80 a piece, and unshielded to boot. (electrical tape was a friend).
Ah. OK, makes perfect sense. At 60 Hz (wall current U.S.), stranded copper won't make too much difference.
That may save money in the future.
Question, though. What about when you install something like a car stereo? I've seen the one that my brother had installed in his car, and it uses an 8 AWG wire from the battery to the amp. But, it's very very finely stranded - it looks like you could rip it in half with your hands if not for the jacket. Is there an advantage using DC current and stranded wire? I'm not entirely up on my electrical theory as much as I should be.
See, that's what we do. Buy a used UPS. Preferably without batteries, which are usually what is non-functional on a non-functional UPS.
The only thing is, when you say "replace the batteries", we say "buy batteries, and wire the internal battery connectors to the external batteries".
I'm not sure how much $110CAD is, but we usually pay $250 for a 5U APC rackmount UPS rated at 2200VA, without batteries, shipping included, and mabey $240 for sealed gel batteries. But, that's a carpload of power.
Like the other guy that replied to your post, I wouldn't worry too much.
UPSes are dumb. They're not controlled by microprocessors, they don't have an intelligent learning capability, etc.
When a UPS is charging, all the UPS knows is "hey, those batteries aren't pushing back as hard against my current, so i'll let current naturally flow to them". It does this until they are at sufficient voltage. Period. There's no timer or anything. And I say this, but I don't mean that *no* ups has none of this intelligence, but we fairly regularly mod 5U APC SmartUPSes, which retail for over $2000, and they have none of it. The smartest thing that any of them have is an snmp management "box" that broadcasts the status of the thing out on the network, and that's just a little ribbon cable that attaches to electrical leads that it polls for "on" or "off" status, or mabey voltage (I forget exactly what the snmp thingie does. We only have a few with this feature, and we don't know their passwords, so we just snooped to see what IP they're broadcasting information to, and set up an interface on a spare comptuer with that IP address and no gateway to listen, and then we just dump the packets and grep their contents. It's how our paging system knows when the power goes out).
Anyway, the charging stuff goes slow at a low extra voltage and low extra amperage. The problem is that it can take (obviously) longer to charge 135 amp-hour batteries than 12 amp-hour batteries. So, it's a good idea to active-cool the UPS, because the longer charging cycle could cause excess heat. Keep in mind, though, we're talking charging for 12 hours instead of 2 or 3, and you'd think that if it was going to overheat, 2 or 3 hours would be enough. We never did it with the Tripplite BCPro's, because they (with the removal of the batteries) had plenty of airflow and plenty of extra space, and they never overheated or anything. Also, our datacenter has like 5 air conditioners (it's pretty chilly, especially considering from about november-march in Blacksburg (bleaksburg??) it doesn't get above 50F, and goes down to, oh, -10 or so). The rackmount UPSes do cool themselves - they all have a 120mm fan in the front that spins when the UPS is charging or discharging. That may be tied into a temperature sensor or it may just be a feature of the internal electrical system, I'm not sure. I am inclined to think it's just tied in, because the fan comes on immediately whenever we do a power test and cut the power at the breaker.
As far as melting wires, that's a feature of amperage, not voltage. We're storing more electricity, but not using any more than was previously available. Remember, we're keeping our 25-30 comptuers on for 3 hours, rather than 45 minutes like the included batteries would, but during that 3 hours, they're using the same amperage as they would during the 45 minutes. If the wires don't melt in 45 minutes (which they shouldn't, as the UPS should be built to handle this, or what's the point), they won't melt in 3 hours. When you wire in more batteries, though, always use high quality wire, at least of the AWG that's inside the UPS, if not a lower (bigger) diameter. Stranded copper is prefered.
Same thing with the relay. It's not pulling more power, just for a longer time. If the relay doesn't freeze when it flips, or in the first 45 min, it's not going to freeze after 2h.
It is dangerous any time that you are using 24 volts at 5 amps. Plus, there are capacitors inside of UPS's and, if you're not careful, there are wires that you may think are dead that are live.
As a general rule when ever doing something like this, there are some ideas that I try to follow: 1.) Use fuses. On a setup like a 5U APC UPS, you're going to have a 20 amp wall circuit and 48-52 volts on the batteries. I always put a 100A fuse in the middle of the batteries. It may not prevent catastrophies, but it might, and it just feels safer. 2.) This is a reason that I really like the plugs that come with the APC UPS's. They are able to be plugged in without sparking and without touching wires, etc. Very solid. So use connectors that are shielded (like shielded spade connectors on the Tripplites or specific plugs on the APC's), and use electrical tape anytime you do anything like connect two wires. Doing a google image search, I came up with this as an example of the connectors that are in the APC's: it's the yellow thing, although this isn't quite it, but it's close. The connectors are made by Anderson Power Products, and they're rated for 600V at 50A. 3.) Wear gloves, work on carpet (not on concrete), don't ground yourself, wear rubber-soled tennis shoes, etc. Obvious stuff. 4.) Use wire designed for the amperage you need. For 5 amps, you don't need a HUGE wire, but for the rackmount stuff where it's possible that you'd be pulling 15-16 amps, you need big wire. Stranded copper works best, because (i think, this could be wrong) amperage travels along the outside of wire. Figure out what size wire you need, and go one bigger for safety. We use 10AWG for the rackmounts, cause that's what they use on the inside. It might be 8AWG, i'm not sure. I know they use 10AWG in the APC SmartUPS rackmounts.
It takes a bit to make a battery explode. It's not that common. But ALWAYS, caution is in order.
Also, as long as we're disclaimering, obviously this is dangerous / voids your warranty / should be only done by trained professionals etc. The guy who taught me how to do this was my boss (the guy that owns Netmar, Cengiz Akinli), who has taken numerous electrical engineering classes at Virginia Tech (he's mostly done with a triple aerospace engineering / math / physics degree). So, while yes this sounds risky, it can be done safely, and we've worked all this stuff out mathematically, too, as well as having put it into use in real situations for several years.
I'm going to go ahead and point out my UPS modding thread from yesterday, complete now with additional instructions, a few pictures, and a hand-drawn diagram of how to do an APC SmartUPS.
I'm going to write this up more formally, and at least put it in my/. journal, and mabey make a decent little webpage with instructions and pics and stuff. Mabey I'll submit it to/..
Anyway, this is a great geek hardware hacking project. If you have any questions on how to do it, let me know. I always read replies.
See, I think you overestimate the intelligence of UPS's.
The Triplite BCPro's that I've modded are obviously stupid.
However, I've done this to APC "SmartUPS"s, and, despite their name actually having "smart" in it, they're equally dumb. They have no internal computer or timer or clock or processor of any kind. They only work by (for charging) pushing out 52 volts as (load+5amps), and when the batteries push back at 52, it drops back down to expecting 48 volts, and only pulling (load) from the wall. Regardless of the time it takes.
NOW, KEEP IN MIND... This solution is for running 25 computers for 2 hours, NOT for running one computer for 20 hours. It's just that the origional capacity of the SmartUPSs is 12 amp-hours. Pulling 15 amps, that's only 45 minutes of backup, and we didn't like that.
1.) Almost all UPS chargers, and certainly all that I've modded, charge by just pushing 1 or 2 extra volts down the line at a reasonable number of amps. Usually (load of attached equip + 2 amps or so). They charge as long as they are putting out under 26 volts (for 24 volt UPS's). When they hold 26-ish, the voltage from the unit drops to 24, and over time it equalizes. Plus, the amperage drops back to just what the equipment draws. There is no time factor here, it all just happens by natural laws of electrical flow. Charging larger batteries obviously takes longer, but it's of no consequence to the unit, all it knows is that the batteries don't yet read 26 volts.
2.) a good (or even marginal) quality inverter should be able to run for quite some time. As long as heat can be dissapated, it should be OK. As far as heat goes, when you mod a basic UPS like a tripplite, you take the old batteries out, so there's a lot more room for air to flow inside the casing. As far as like a rackmount UPS, such as an APC smart-UPS, there's usually a 120 MM fan that kicks on as soon as the inverter is on, or during a charging cycle.
Trust me, I've been doing this for years, and have yet to have problem one, except for occasional battery deaths due to natural causes, like being charged and discharged during a testing cycle once a month for 3 years, or human error such as overfilling a non-sealed battery.
I'm kind of a little hesitant to say this, but Netmar did this for quite a while. Some might see it as ghetto, we saw it as innovative and cost-effective.
The 135 amp-hour batteries didn't last all that long, probably 2 years. But, it might have been because of the nature of the battery and the usage. The UPS's send a little charge all the time to the batteries, and you have to make sure they're filled up enough, but not too much, which takes practice. But, at any rate, marine deep-cycle batteries cost about $60 from somewhere like walmart or costco. A Die-Hard one will probably set you back ~$100.
By comparason, a while back, we switched to rackmount UPS's with custom-wired external batteries, and we use 40 amp-hour sealed gel lead-acid batteries, which seem to never need any help as far as taking care fo them. These are about $60 each, and obviously are far less amperage (read: time for backup), but even 40 amps is far more than the standard 12 in a rack mount UPS or 5-8 amp-hours in a small UPS.
So many people have had a posative reaction to this that I've taken some pictures of this process, using Trip-lite BCPro's, and put them here: elvis.netmar.com/~will/ups/.
I have lots to do at the moment, but I'll get back to this thread in a bit and explain or answer more questions. But, yes, this is very workable.
trying to power a desktop computer for 8 hours when your power's out requires something a bit more expensive than a small UPS.
1.) Purchase small ups. Or, get one used from ebay.
2.) Borrow someone's voltmeter.
3.) Open UPS, figure out how much voltage the batteries have (ballpark - if it's 26, it probably means 24, I've never seen a UPS that had a voltage not a multiple of 12, 26 probably means charging voltage).
4.) Unplug batteries. Hook wires up to battery plugs, snake wires outside of UPS.
5.) Purchase 12 volt 135 amp-hour deep-cycle marine batteries (1 per 12 volts of ups battery, obviously). Alternatively, if you don't want to keep distilled water hanging around, go online or to a "battery store" (i.e. batteries plus) and buy sealed lead acid batteries (which probably will cost more for less amp-hours).
6.) Wire up external batteries in series to bring total voltage to standard for UPS.
Congratulations, your 12 amp-hour UPS has just been upgraded to 135 amp-hours. For more power, wire in additional serieses in paralell (not reccomended unless you have a good understanding of charging currents and regulation of power across battery banks).
Slashdot Mirror
Ah. So, problems with mozilla are problems with SuSE. Or, problems with apache are problems with redhat. Or problems with SSH are problems with OpenBSD. Or problems with wuftpd are problems with debian.
Now, I agree with you. I hate how a lot of people in the OSS world move quickly to blame others for interface problems, buggy code, version incompatibility, etc. However, some people would disagree with both of us, saying that these are problems with specific pieces of software, not with the distro.
I just think that, if people can say that SSH problems are not the fault of OpenBSD, despite being packaged (and people do), then it's equally possible to say problems with IE are not problems inherent to the Windows kernel / core OS. And I think that may have been what the Windows exec said. Now, I'm not saying he's right about being almost exploit free, but I'm saying, given the definition of "Windows" as the core os and kernel, he may be more right than we give him credit for.
~Will
Hehe... You know, I've thought of setting it up on a system just to see what it would do, how many files would get corrupted. Just for fun.
But, I know there was like a couple of hours where people downloaded it becuase it was on slashdot or wherever, or someone had a computer set up to finger kernel.org thousands of times.
And how many of those machines have holes?
None? Or none that you know about.
By default install, I meant that you had to *turn shit on* in order to make anything usable. Without turning any services on, you get a fully installed system, with everything off except SSH. It's like buying a car, and sitting in it with the keys in your lap in the car lot, and being proud that this car has never been in a wreck.
Oh, and answer me this? What's the super user on OpenBSD? It certainly is not root. Cause, I had an OpenBSD system, and I wanted to set my password. User account will. So I'm logged in as will, and I type passwd. It won't let me change my pasword to anything less complicated than Jce&2C!@7lf.&*$%jal. I don't want my password that complicated. So I su - to root. I type passwd will. It WILL NOT let me set a non-complicated password. I'm sorry, spit out an error, and don't let the minions change their passwords to dumb things, but when I'm root, I AM GOD. Fuck you, this is my world, I am king of all that I survey. But, not on OpenBSD. I can't even open the shadow file to put a pre-encrypted password into the file, cause THERE IS NO SHADOW FILE.
Fuck OpenBSD. It's easy to make an operating system free of remote holes in the default install: don't fucking listen on any port but ssh. WOW, I'm a GENIUS. But, then, you end up turning stuff on. Oops, security guarantee not valid. Plus, when you're root, we're not going to let you do everything you want to do. We're going to restrict you.
Whatever, that OS sucks. Bottom of the barrel, as far as I'm concerned.
~Will
How to uninstall internet explorer.
Step 1.) Install XP service pack one.
Step 2.) Start -> Control Panel -> Add/Remove Programs -> Uninstall Internet Explorer
Thank you, thank you. For other things that are "integrated into the windows kernel", see Outlook, IIS, Outlook Express, MSN Messenger, Net Meeting. Don't forget to tip your waitress.
Dude, if you're going to MS bash, get on top of your shit first. I'm not saying they're not evil, all I'm saying is if we're going to attack them, we need to understand them.
~Will
They're not? My copy of Windows shipped with IE, Outlook, and IIS. If they're on the Windows CD, integrated into Windows, and installed by default, than security problems with them are Windows problems.
My linux CD came with Apache, gcc, wu-ftpd, bind, and sendmail. They were installed by default. Security problems with these are obviously linux problems, correct?
I deliberately chose 2.4.11 because of this.
Few quick observations...
1.) Microsoft end of lifed windows98 on Jan 16th of 2004. That's 6 years of supporting an operating system, folks. That's impressive. $100, and you got downloadable updates for 6 years? RHN subscriptions or enterprise linux don't touch that. So, if they don't provide security updates for it anymore, it's only because, in terms of software, it's ancient and it should be phased out. Upgrading to get security sux, but who'd buy a new computer and willingly want to use their old win98 on it (i know slashdotters can always come up with whatever reasons for anything, but in the general public).
Yes the Linux kernel, even back to 2.2, is still being updated. And yes, linux updates don't cost money. But, what if I have just downloaded kernel 2.4.11, and it works great, and oops, we found a problem in 2.4.11. The solution is to upgrade. Not patch. What if going to the new kernel breaks stuff that used to work, while in the process patching an old hole?
This is different, but similar to MS. "You have a problem with 2.2.7? You should try to upgrade to 2.2.26 or 2.4.24." "You have a problem with windows98? You should upgrade to ME or XP."
2.) The article claims windows has not had security holes that were exploited before a patch was available. I don't think this was true, but keep in mind, the VAST VAST majority of Microsoft problems are with outlook, internet explorer, office, IIS, exchange, etc. Technically, these are not windows problems. It's like saying that wu-ftpd has an exploit that gives a user root access (which is almost always true), and then blaiming that on the kernel dev team.
Or, it's like OpenBSD. "Only one remote hole in the default install, in 7 years". My ass. The default install is unusable as an OS. How do they accomplish their security claim? Partially through well-written systems. Partially through turning off every freaking useful service known to man that you would want to run on a server. And yet, people hold them up as a paragon of security. The holes in OpenBSD are from other programs, the masses cry. But no one thinks about the same thing in terms of microsoft.
3.) The time warp thing is confusing me. Everyone is saying that it's a logical fallacy that Microsoft could have released patches for security bugs that are not yet discovered? Or, what, i'm not following. The have the code, they test it, they find a bug, they try to release a patch before it gets exploited. This involves, as has been discussed, not mentioning that there is a bug, but i suppose security through obscurity is still security.
How many times have we seen a story on slashdot that exclaims how microsoft has yet another hole (!!!!1!) and then, 40 minutes after the bashers have played their part, someone comes on and says "people should have applied this patch (link) which is discussed in MS Knowledge base 7498923298232"? I see it all the time.
The average linux user is smarter than the average windows user. Therefore, we tend to keep our shit up to date. Microsoft tries to make it as easy as they can, but there's no such thing as idiot proof (i mean, in windows XP, the windows update service pops up on the first run of the OS and asks you if it can run in the background, checking for updates, and downloading / installing them automatically for you!).
I'm not trying to defend microsoft here, all I'm saying is that, before you bash them, think.
~Will
I don't know the number, but it's one of the DNS RFC's. Technically, it's not a mail protocol. What I'm talking about is the standard practive of when you are given a hostname, and look up it's IP, and then look up the same IP, it resolves to the same old hostname.
A grep through my rfc.txt turns up a few, but i'm not sure it's one of these:
rfc+2219 Use of DNS Aliases for Network Services. M. Hamilton, R. Wright. October 1997. (Format: TXT=17858 bytes) (Also BCP0017) (Status: BEST CURRENT PRACTICE)
rfc+2181 Clarifications to the DNS Specification. R. Elz, R. Bush. July 1997. (Format: TXT=36989 bytes) (Updates RFC1034, RFC1035, RFC1123) (Status: PROPOSED STANDARD)
or there are a couple of others.
~Will
Labelling all SMTP servers on DSL lines as spam relays is really over the line.
However, labeling *most* SMTP servers on DSL lines as spam relays is probably accurate.
Spam blocking is the science of pissing off the least people while blocking the most spam. If you block end-user level isp customers, you block a lot of spam, and only piss off a few people. It's a win, even if it sucks for people that know what they're doing.
~Will
Oh, i don't mean where the mail says it's "from". I mean where the connection is initiated from, to our mail server.
The "from" address on email is arbitrary. It's like the return address on an envelope (snail mail). I write my home address on my power bill's return envelope, but I mail it from the drop box next to the post office. If it needs to be returned, it's going to be returned to me at home, not to that drop box.
Same thing with email. That "from" address is wherever you have your email client set up to reply to. The drop box at the post office is like your ISP's SMTP server.
This happens all the time with the company where I work - clients have their from address on their mail client at home set to me@whateverdomain.com, and they use their ISP's SMTP server. Then someone replies to their message, and it goes to the "from" address, which is on our mail server. The client then checks their mail from our POP3. Everything works smoothly.
But what I'm talking about is when someone replies, and a mail is sent to our mail server - it doesn't matter that it was dropped off in "mail.eastcoast.roadrunner.com" and that it's for "bob@bobsconcrete.com", what we care about is that the connecting computer ("smtp.isp.com") looks up to a valid address, and not to dhcp-23.45.67.89.isp.com.
The contents of the mail are inconsequential for the connection. All we want is to know that, when someone says "here's some mail for bob, it came from steve", and they say "i'm the mail man, and my name is jim", that their name is actually jim and not zaphod or whatever. We don't care who steve is, and as long as bob is a local user, we're cool with that.
I use metaphors, but does this make sense?
~Will
Oh, I know.
After working at a webhost, I'm a firm believer in "use your damn isp's SMTP server, that's what it's there for". Any half-decent ISP will just have their SMTP server forward whatever you send to it, spam or not, but obviously the advantage is that you have a name, an IP, and a customer attached to any spam if they actually care to go look through logs.
No, I don't worry about blocking people's homebrew SMTP's. They're a big source of spam anyway. By "in-house", I mean someone's small office of 4 people has it's own mail server, which isn't set up correctly. Those get blocked, people get pissed, we tell them to fix their DNS, they're like, it works fine, blah blah blah.
~Will
One of the most effective ways I've ever seen to filter out mail is to just simply follow the RFC. When you get mail from a domain name, look up the ip address, when you get the ip address, reverse lookup the name. If forward and backward don't match, reject the mail.
Unfortunately, this rarely is implemented. Why? People can't seem to figure out how to set up their DNS zones. So whenever I've implemented it, we always get calls from people saying "my mail is getting bounced, error code 0-B". And we go and look, and it's some client trying to send mail from their in-house mail server legitimately, but they don't have it configured properly in DNS.
The volume that we get of people complaining about it is high enough that we can't leave it turned on, and I'm unwilling to do tech support on someone else's name server. So, even though it blocks about 1/3 of all the spam we get, it stays off.
~Will
I remember now. All the wire that we added going to and from external "internal" batteries was 8AWG for the 5U rackmount APC SmartUPSes. They use 10AWG on the inside, and we thought we'd go one up on that. I remember because we had to buy ring terminals from the local electrical supply (which, being the only game in town, is pretty pricey) that were made to fit 8AWG, because they make them that fit 12/10AWG, but the 8AWG ones cost so much more. I think a box of 20 of the 12/10AWG ring terminals cost $5, but the 8AWG ring terminals were $0.80 a piece, and unshielded to boot. (electrical tape was a friend).
~Will
Ah. OK, makes perfect sense. At 60 Hz (wall current U.S.), stranded copper won't make too much difference.
That may save money in the future.
Question, though. What about when you install something like a car stereo? I've seen the one that my brother had installed in his car, and it uses an 8 AWG wire from the battery to the amp. But, it's very very finely stranded - it looks like you could rip it in half with your hands if not for the jacket. Is there an advantage using DC current and stranded wire? I'm not entirely up on my electrical theory as much as I should be.
~Will
In case anyone thinks he's joking, or has a hard time visualizing this:
here's a page with a diagram.
~Will
Again, disclaimer. Please don't kill yourself, it voids warranty, read elsewhere about it, be careful.
But, best of luck to you!
See, that's what we do. Buy a used UPS. Preferably without batteries, which are usually what is non-functional on a non-functional UPS.
The only thing is, when you say "replace the batteries", we say "buy batteries, and wire the internal battery connectors to the external batteries".
I'm not sure how much $110CAD is, but we usually pay $250 for a 5U APC rackmount UPS rated at 2200VA, without batteries, shipping included, and mabey $240 for sealed gel batteries. But, that's a carpload of power.
~Will
...I'm "it"?
~Will
Like the other guy that replied to your post, I wouldn't worry too much.
UPSes are dumb. They're not controlled by microprocessors, they don't have an intelligent learning capability, etc.
When a UPS is charging, all the UPS knows is "hey, those batteries aren't pushing back as hard against my current, so i'll let current naturally flow to them". It does this until they are at sufficient voltage. Period. There's no timer or anything. And I say this, but I don't mean that *no* ups has none of this intelligence, but we fairly regularly mod 5U APC SmartUPSes, which retail for over $2000, and they have none of it. The smartest thing that any of them have is an snmp management "box" that broadcasts the status of the thing out on the network, and that's just a little ribbon cable that attaches to electrical leads that it polls for "on" or "off" status, or mabey voltage (I forget exactly what the snmp thingie does. We only have a few with this feature, and we don't know their passwords, so we just snooped to see what IP they're broadcasting information to, and set up an interface on a spare comptuer with that IP address and no gateway to listen, and then we just dump the packets and grep their contents. It's how our paging system knows when the power goes out).
Anyway, the charging stuff goes slow at a low extra voltage and low extra amperage. The problem is that it can take (obviously) longer to charge 135 amp-hour batteries than 12 amp-hour batteries. So, it's a good idea to active-cool the UPS, because the longer charging cycle could cause excess heat. Keep in mind, though, we're talking charging for 12 hours instead of 2 or 3, and you'd think that if it was going to overheat, 2 or 3 hours would be enough. We never did it with the Tripplite BCPro's, because they (with the removal of the batteries) had plenty of airflow and plenty of extra space, and they never overheated or anything. Also, our datacenter has like 5 air conditioners (it's pretty chilly, especially considering from about november-march in Blacksburg (bleaksburg??) it doesn't get above 50F, and goes down to, oh, -10 or so). The rackmount UPSes do cool themselves - they all have a 120mm fan in the front that spins when the UPS is charging or discharging. That may be tied into a temperature sensor or it may just be a feature of the internal electrical system, I'm not sure. I am inclined to think it's just tied in, because the fan comes on immediately whenever we do a power test and cut the power at the breaker.
As far as melting wires, that's a feature of amperage, not voltage. We're storing more electricity, but not using any more than was previously available. Remember, we're keeping our 25-30 comptuers on for 3 hours, rather than 45 minutes like the included batteries would, but during that 3 hours, they're using the same amperage as they would during the 45 minutes. If the wires don't melt in 45 minutes (which they shouldn't, as the UPS should be built to handle this, or what's the point), they won't melt in 3 hours. When you wire in more batteries, though, always use high quality wire, at least of the AWG that's inside the UPS, if not a lower (bigger) diameter. Stranded copper is prefered.
Same thing with the relay. It's not pulling more power, just for a longer time. If the relay doesn't freeze when it flips, or in the first 45 min, it's not going to freeze after 2h.
~Will
Absolutely.
It is dangerous any time that you are using 24 volts at 5 amps. Plus, there are capacitors inside of UPS's and, if you're not careful, there are wires that you may think are dead that are live.
As a general rule when ever doing something like this, there are some ideas that I try to follow:
1.) Use fuses. On a setup like a 5U APC UPS, you're going to have a 20 amp wall circuit and 48-52 volts on the batteries. I always put a 100A fuse in the middle of the batteries. It may not prevent catastrophies, but it might, and it just feels safer.
2.) This is a reason that I really like the plugs that come with the APC UPS's. They are able to be plugged in without sparking and without touching wires, etc. Very solid. So use connectors that are shielded (like shielded spade connectors on the Tripplites or specific plugs on the APC's), and use electrical tape anytime you do anything like connect two wires. Doing a google image search, I came up with this as an example of the connectors that are in the APC's: it's the yellow thing, although this isn't quite it, but it's close. The connectors are made by Anderson Power Products, and they're rated for 600V at 50A.
3.) Wear gloves, work on carpet (not on concrete), don't ground yourself, wear rubber-soled tennis shoes, etc. Obvious stuff.
4.) Use wire designed for the amperage you need. For 5 amps, you don't need a HUGE wire, but for the rackmount stuff where it's possible that you'd be pulling 15-16 amps, you need big wire. Stranded copper works best, because (i think, this could be wrong) amperage travels along the outside of wire. Figure out what size wire you need, and go one bigger for safety. We use 10AWG for the rackmounts, cause that's what they use on the inside. It might be 8AWG, i'm not sure. I know they use 10AWG in the APC SmartUPS rackmounts.
It takes a bit to make a battery explode. It's not that common. But ALWAYS, caution is in order.
Also, as long as we're disclaimering, obviously this is dangerous / voids your warranty / should be only done by trained professionals etc. The guy who taught me how to do this was my boss (the guy that owns Netmar, Cengiz Akinli), who has taken numerous electrical engineering classes at Virginia Tech (he's mostly done with a triple aerospace engineering / math / physics degree). So, while yes this sounds risky, it can be done safely, and we've worked all this stuff out mathematically, too, as well as having put it into use in real situations for several years.
~Will
I'm going to go ahead and point out my UPS modding thread from yesterday, complete now with additional instructions, a few pictures, and a hand-drawn diagram of how to do an APC SmartUPS.
4 299.
/. journal, and mabey make a decent little webpage with instructions and pics and stuff. Mabey I'll submit it to /..
http://slashdot.org/comments.pl?sid=98025&cid=837
Pictures here:
elvis.netmar.com/~will/ups/
I'm going to write this up more formally, and at least put it in my
Anyway, this is a great geek hardware hacking project. If you have any questions on how to do it, let me know. I always read replies.
~Will
See, I think you overestimate the intelligence of UPS's.
The Triplite BCPro's that I've modded are obviously stupid.
However, I've done this to APC "SmartUPS"s, and, despite their name actually having "smart" in it, they're equally dumb. They have no internal computer or timer or clock or processor of any kind. They only work by (for charging) pushing out 52 volts as (load+5amps), and when the batteries push back at 52, it drops back down to expecting 48 volts, and only pulling (load) from the wall. Regardless of the time it takes.
NOW, KEEP IN MIND... This solution is for running 25 computers for 2 hours, NOT for running one computer for 20 hours. It's just that the origional capacity of the SmartUPSs is 12 amp-hours. Pulling 15 amps, that's only 45 minutes of backup, and we didn't like that.
~Will
1.) Almost all UPS chargers, and certainly all that I've modded, charge by just pushing 1 or 2 extra volts down the line at a reasonable number of amps. Usually (load of attached equip + 2 amps or so). They charge as long as they are putting out under 26 volts (for 24 volt UPS's). When they hold 26-ish, the voltage from the unit drops to 24, and over time it equalizes. Plus, the amperage drops back to just what the equipment draws. There is no time factor here, it all just happens by natural laws of electrical flow. Charging larger batteries obviously takes longer, but it's of no consequence to the unit, all it knows is that the batteries don't yet read 26 volts.
2.) a good (or even marginal) quality inverter should be able to run for quite some time. As long as heat can be dissapated, it should be OK. As far as heat goes, when you mod a basic UPS like a tripplite, you take the old batteries out, so there's a lot more room for air to flow inside the casing. As far as like a rackmount UPS, such as an APC smart-UPS, there's usually a 120 MM fan that kicks on as soon as the inverter is on, or during a charging cycle.
Trust me, I've been doing this for years, and have yet to have problem one, except for occasional battery deaths due to natural causes, like being charged and discharged during a testing cycle once a month for 3 years, or human error such as overfilling a non-sealed battery.
~Will
Oh, I always check replies =)
I'm kind of a little hesitant to say this, but Netmar did this for quite a while. Some might see it as ghetto, we saw it as innovative and cost-effective.
The 135 amp-hour batteries didn't last all that long, probably 2 years. But, it might have been because of the nature of the battery and the usage. The UPS's send a little charge all the time to the batteries, and you have to make sure they're filled up enough, but not too much, which takes practice. But, at any rate, marine deep-cycle batteries cost about $60 from somewhere like walmart or costco. A Die-Hard one will probably set you back ~$100.
By comparason, a while back, we switched to rackmount UPS's with custom-wired external batteries, and we use 40 amp-hour sealed gel lead-acid batteries, which seem to never need any help as far as taking care fo them. These are about $60 each, and obviously are far less amperage (read: time for backup), but even 40 amps is far more than the standard 12 in a rack mount UPS or 5-8 amp-hours in a small UPS.
So many people have had a posative reaction to this that I've taken some pictures of this process, using Trip-lite BCPro's, and put them here: elvis.netmar.com/~will/ups/.
I have lots to do at the moment, but I'll get back to this thread in a bit and explain or answer more questions. But, yes, this is very workable.
~Will
trying to power a desktop computer for 8 hours when your power's out requires something a bit more expensive than a small UPS.
1.) Purchase small ups. Or, get one used from ebay.
2.) Borrow someone's voltmeter.
3.) Open UPS, figure out how much voltage the batteries have (ballpark - if it's 26, it probably means 24, I've never seen a UPS that had a voltage not a multiple of 12, 26 probably means charging voltage).
4.) Unplug batteries. Hook wires up to battery plugs, snake wires outside of UPS.
5.) Purchase 12 volt 135 amp-hour deep-cycle marine batteries (1 per 12 volts of ups battery, obviously). Alternatively, if you don't want to keep distilled water hanging around, go online or to a "battery store" (i.e. batteries plus) and buy sealed lead acid batteries (which probably will cost more for less amp-hours).
6.) Wire up external batteries in series to bring total voltage to standard for UPS.
Congratulations, your 12 amp-hour UPS has just been upgraded to 135 amp-hours. For more power, wire in additional serieses in paralell (not reccomended unless you have a good understanding of charging currents and regulation of power across battery banks).
~Will