As far as I'm concerned (and It's an informed opinion), shared passwords are BAD.
You'd be much better off with a distributed authentication system.
Set up RADIUS/TACACS+ for authentication for all your network devices. I'd suggest Radiator because it's extensible and reasonably quick, and cheap (not free, but you get the source).
Radiator can do it's password lookups by LDAP (and lots of other things), so you can set up LDAP to keep user's individual passwords. Configure samba, ftp, mail, apache, squid, etc all to do authentication against LDAP, and you'll never need a shared password again.
It only takes a simple web page to manage LDAP records, and I'm sure there's an open source one around.
This is probably a little more work than you were looking for, but this is one case where changing the process gives you a LOT of benefit now, and in the future.
Random searching is useless, you'll always miss someone. The only way we'll truly be safe on planes is to not allow baggage at all, checked or carry-on. Also make sure that all the passengers can't wear their own clothes on board.
The day when everybody is required to change into an airline-provided red jumpsuit and burn their belongings before boarding is the day that I'll start flying again.
It's not going to work for me for a number of reasons:
1. I'm in Australia, and bandwidth is expensive in Australia. Cable ISPs offer plans like 10gb per month, and some DSL ISPs offer up to 60-70gb per month. Some are upstream + downstream added together. It's not much when you're considering storing your stuff on the net.
2. I'm on cable, and the upstream bandwidth is terrible. 64k if I'm lucky. I really don't want to wait hours to store my files on somebody elses server.
3. I'm sure plenty of people will make statements like "What about the privacy!? I don't want google looking at pictures of my kids!". I don't really care, but it's certainly an issue.
Backups-to-disk are becoming much more popular, I suppose because disks are now so much cheaper than tapes, last longer (IMHO) and are much more reliable. I had a lot of trouble at a previous employer with backups to tape - mostly in the fact that I could *never* do a restore, because tapes would just lose stuff.
So I wrote dbackup (shameless plug for an open-source system here) to be an extremely simple way to backup multiple filesystems on multiple servers to a central archive (in my case on a NetApp filer), which then did it's own tape archive thing which never worked.
It's a couple of perl scripts, it's really really simple, and it takes minutes to set up.
My professional advice would be to stick with what you've got. If it's 6 years worth of C++ code, it's probably going to take roughly that amount of time to get to the same place with Java.
It'll be slightly quicker because you already know what you have to duplicate, but more than likely you will go through the same bugs and teething problems that were already solved years ago all over again.
If you get this offshore company to redevelop in Java, they are going to hand you a pile of code which you don't understand (because you're all used to C++), and don't have any stake in. Your developers are going to be less interested in fixing other people's bugs than their own (that's my experience anyway).
I think you'd be better off spending the money to hire some local contractors to cut down your codebase. Keep the language and functionality the same, but any project which has grown over 6 years is going to have crud that can be removed or rewritten. Spend your time imroving what you've got rather than starting again.
Also my experience of one offshore dev company was that they cut & pasted some open source (GPL) code, changed a few lines then tried to charge me for 3 months of development work.
It's noted in the manual that the auto-attack mode attacks slower than repeated clicking. So if you want to fight as well as your character can, you have to keep clicking madly.
This also means that you can't use some of your special abilities, as only the first 10 can have a hotkey, the others you have to click on. If you're clicking on them then you're not fighting. Also it's hard to click on the icons because they are terribly small and all look the same.
There's certainly no large variety of large colorful icons like WoW.
IMHO this sounds like a terrible idea. Are you going to try and get your developers to write their code inside the mozilla text edit box? It's much harder than using vi/emacs/textpad/MyFavEditor.
Wouldn't it be much better to have your wiki link to something like ViewVC so you can see what the current code looks like.
If this is because you're having trouble getting your developers to comment their code, it's not going to make it easier by commenting in Wiki.
Anyway I'm a firm believer in documenting the reason for code, not the working of the code. If you can read code, the working is right there in front of you, but you may not know WHY something was done.
I work in a large telco who's security policy is to restrict everything unless explicitly allowed, and the process to get anything allowed is a 3 month long waste of time.
I also have an ssh tunnel established from my work PC to my home connection, and I run pppd over that to create a VPN between my home network and the network at work. I realise that this is probably completely against company policy, but the "official" VPN solution only lets me hit the Exchange server, and doesn't let me actually do any work. Most of the company's "work" involves forwarding emails, so it's probably fine for them.
Anyway.. on to my anecdote (not required reading):
Part of my job involves working on a distributed monitoring system which is deployed in a star topography around the country. All the remote sites send & receive data from one central site (with one redundant central site) using a variety of protocols, like ssh, xmlrpc, dns, telnet, snmp, syslog, etc.
The network was designed by people who were given a set of instructions like "You will use these 2 vendor's systems" and "You must follow these corporate security policies which were written 10 years ago for phone networks", so it's terrible by today's standards (and for an ISP in general).
There are firewalls between all of my boxes, even though all my boxes are on the management lan, and they only allow a very small set of protocols through - not enough to let my software work. That wasn't the worst part. The worst was that the firewalls are also protecting the billing network so have very low tolerances for intrusion detection and flood protection and such. Basically I can only establish 5 connections per second *across the entire network*. This is clearly not enough for a busy monitoring system. So we decided to build a VPN between all of my boxes using ppp on ssh tunnels.
I now have a separate ppp interface from the central server to each of the remote datacenter servers, all on the 10.0.0.0/16 network. ip forwarding is enabled on the central site, so now remote datacenters can talk to each other (also blocked by the firewalls) and I can use all the connections I need to. I'm running quagga ( http://www.quagga.net/ ) on every remote datacenter and the central servers (along with the redundant one) so I can distribute routes to remote datacenter devices and cope with the death of one of the central servers without major service interruption.
However it really is quite slow. I can only get around 200kb/s over each ppp interface even though the physical links are 100+mbit each. But I really don't need huge bandwidth, just some that isn't firewalled.
This "solution" has been in production for 6 months now, and I'm sure as soon as the corporate security people find out they will shut it down and I'll go back to not being able to do my job.
I got the biggest productivity improvement by getting rid of the eye-candy gnome or kde window manager, and switching to ION (http://modeemi.cs.tut.fi/~tuomov/ion/). This is a tabbed window manager that defaults to showing one full-screen window per screen.
It uses keyboard shortcuts for everything, like switching windows, opening terminals resizing windows, etc. I don't need to touch the mouse, and I never spend time lining up my windows so I can see 3 things on screen at once without overlapping.
When I was at IBM, Domino was running on RS/6000 unix servers. A *lot* of them. It supports lots of features, but they could only get about 1000 users per server and they are expensive servers.
I have the situation that I don't really know what my job title is. I think officially I'd be a web developer because the application that I'm writing happens to have a web front-end.
However it's over 100,000 lines of PHP, JavaScript and Perl and is a lot more than just a web page.
I don't get classed as an application developer in my current company because I'm not working in C++ or Java.
Still, AU$150k is my current pay.. so convert that to $US if you like.
I quite frequently have this argument with my partner, as she doesn't understand why I feel it's such a problem, so I'm going to launch into it here. Obviously there is somebody out there who understands me.
Lately I've been playing a lot of World of Warcraft, and in general the spelling is pretty bad. However it's not the misspelling of common words that irritates me, it's the misuse of such words as their/they're/there.
Personally I find it quite difficult to read a sentence where the wrong one is used, as I have to switch from reading the words to reading the letters and pronouncing them in my head, which is a lot slower.
Unfortunately "sounding out the words" is how people are taught to read these days, so it makes no difference to them if a word is spelled incorrectly, as long as it still sounds the same.
That particular difference is something that I learned to deal with in perhaps the second grade. They are different words... they may sound very similar, but they are different! When I see this sort of thing appearing frequently in people's posts or chats, my estimation of their age and/or intelligence goes down very quickly.
Non-native English language speakers I find are much better. Quite often the word ordering is wrong, but the spelling is usually much better.
This is not a problem just with.us people. I'm in Australia, and I've been noticing it getting worse every day. At 25 years old I'm wondering just when kids stopped being taught to read and write, and started to learn how to SMS your life story in 7 letters.
I'm being completely serious. The Sims 2 lets you build an apartment and place lots of furniture wherever you like. You can then have people walk around it and see how efficient the layout is.
Sims 2 is fully 3D so you can get a proper look around as well.
This sort of thing has been happening in Oz for as long as I've been recording TV shows... The networks here *always* manage to have non prime-time shows start and finish late.. often by up to 20 minutes.
Even the prime-time shows often run overtime.
It's really quite frustrating to have to set the "finish recording 20 minutes late" on my MythTV box.
I've always envied the ability that US viewers (previously) have of being able to say "record from 8:30 - 9:30 and get the whole show.
Popcap games also make one called Rocket Mania.. unfortunately my girlfriend got me onto it and I got completely hooked.
I've never been so addicted to anything in my life.. I was seriously playing it *every* spare minute I had, losing sleep and not being able to concentrate at work.. I was always seeing little fuses wherever i looked, and I was trying to get my mind to rotate them.
I had to stop playing for my own health.. so I'm not going to get Bejeweled.
Also, the other problem with Rocket Mania is that if you are sufficiently crafty, the game never ends.. My last game went for 2 weeks with me playing at every moment.. I eventually quit and uninstalled it.
What about good ol' online forms? They are accessable from almost any PC, the users can't go changing the layout of the forms, data can be real-time, and there's no need for someone to parse the forms by hand.
I know from personal experience that IBM employ a LOT of people that are only there because of IBM's previous "Redeploy, not redundancy" policy. I worked in teams where hundreds of people spent their day printing out online forms, then typing them into another online form.
It seemed that they were creating jobs just to keep people there, when I was pushing for working smarter, and laying off 70% of the staff.
I find the best way to distribute root access is not to use passwords at all.
Disable the root password (or set it to something nobody knows), and only allow access via ssh's public/private key system. If you have a script which will set up the.ssh/authorized_keys file automatically, then removing someone's access or granting access to someone is a simple matter of running the script across all the systems.
This way nobody has to remember a password(s), you don't have to worry about cycling passwords, and if someone leaves you can remove all their access in minutes.
We have a policy of requiring all ssh private keys to have a passphrase of a reasonable length, so people can't go using other people's keys.
I have seen quite a few distro reviews, and most of them start with either "the graphical installer is nice" or "there's no graphic installer!".
Debian doesn't currently have a pretty graphical installer but I find that it's not necessary because I never need to reinstall, and it's functional and works over a serial console.
I know people who refuse to even give Debian a try because the installer (and the base install) isn't pretty enough.
Slashdot Mirror
Apparently, according to their user agreement, they don't permit search engines from indexing the site.
1. That's stupid.
2. Incorrect.. Search for "Dozier" on Google, and you'll find it.
While they do have a robots.txt file, it doesn't specify that search indexes should not index the site, only portions of it.
And the Zope management interface is available.
As far as I'm concerned (and It's an informed opinion), shared passwords are BAD.
You'd be much better off with a distributed authentication system.
Set up RADIUS/TACACS+ for authentication for all your network devices. I'd suggest Radiator because it's extensible and reasonably quick, and cheap (not free, but you get the source).
Radiator can do it's password lookups by LDAP (and lots of other things), so you can set up LDAP to keep user's individual passwords. Configure samba, ftp, mail, apache, squid, etc all to do authentication against LDAP, and you'll never need a shared password again.
It only takes a simple web page to manage LDAP records, and I'm sure there's an open source one around.
This is probably a little more work than you were looking for, but this is one case where changing the process gives you a LOT of benefit now, and in the future.
Random searching is useless, you'll always miss someone. The only way we'll truly be safe on planes is to not allow baggage at all, checked or carry-on. Also make sure that all the passengers can't wear their own clothes on board.
The day when everybody is required to change into an airline-provided red jumpsuit and burn their belongings before boarding is the day that I'll start flying again.
Anything less is lunacy.
I think I'm going to start taking bets now:
In 30 years (or whatever) when somebody builds a ship capable of getting somewhere useful really really fast, it will be called Enterprise.
My basis for this theory is that geeks work at NASA, and geeks watch Star Trek.
It'll happen, mark my words!
It's not going to work for me for a number of reasons:
1. I'm in Australia, and bandwidth is expensive in Australia. Cable ISPs offer plans like 10gb per month, and some DSL ISPs offer up to 60-70gb per month. Some are upstream + downstream added together. It's not much when you're considering storing your stuff on the net.
2. I'm on cable, and the upstream bandwidth is terrible. 64k if I'm lucky. I really don't want to wait hours to store my files on somebody elses server.
3. I'm sure plenty of people will make statements like "What about the privacy!? I don't want google looking at pictures of my kids!". I don't really care, but it's certainly an issue.
Backups-to-disk are becoming much more popular, I suppose because disks are now so much cheaper than tapes, last longer (IMHO) and are much more reliable. I had a lot of trouble at a previous employer with backups to tape - mostly in the fact that I could *never* do a restore, because tapes would just lose stuff.
So I wrote dbackup (shameless plug for an open-source system here) to be an extremely simple way to backup multiple filesystems on multiple servers to a central archive (in my case on a NetApp filer), which then did it's own tape archive thing which never worked.
It's a couple of perl scripts, it's really really simple, and it takes minutes to set up.
http://dparrish.com/dbackup/
My professional advice would be to stick with what you've got. If it's 6 years worth of C++ code, it's probably going to take roughly that amount of time to get to the same place with Java.
It'll be slightly quicker because you already know what you have to duplicate, but more than likely you will go through the same bugs and teething problems that were already solved years ago all over again.
If you get this offshore company to redevelop in Java, they are going to hand you a pile of code which you don't understand (because you're all used to C++), and don't have any stake in. Your developers are going to be less interested in fixing other people's bugs than their own (that's my experience anyway).
I think you'd be better off spending the money to hire some local contractors to cut down your codebase. Keep the language and functionality the same, but any project which has grown over 6 years is going to have crud that can be removed or rewritten. Spend your time imroving what you've got rather than starting again.
Also my experience of one offshore dev company was that they cut & pasted some open source (GPL) code, changed a few lines then tried to charge me for 3 months of development work.
It's noted in the manual that the auto-attack mode attacks slower than repeated clicking. So if you want to fight as well as your character can, you have to keep clicking madly.
This also means that you can't use some of your special abilities, as only the first 10 can have a hotkey, the others you have to click on. If you're clicking on them then you're not fighting. Also it's hard to click on the icons because they are terribly small and all look the same.
There's certainly no large variety of large colorful icons like WoW.
I don't run the system, I just whinge about it:
.doc files or .ppt files all the time it doesn't take long to fill the mailbox.
Exchange 2000 servers, 20000+ employees
10mb *per user*
It's terribly small, and when everybody is sending around Word
IMHO this sounds like a terrible idea. Are you going to try and get your developers to write their code inside the mozilla text edit box? It's much harder than using vi/emacs/textpad/MyFavEditor.
Wouldn't it be much better to have your wiki link to something like ViewVC so you can see what the current code looks like.
If this is because you're having trouble getting your developers to comment their code, it's not going to make it easier by commenting in Wiki.
Anyway I'm a firm believer in documenting the reason for code, not the working of the code. If you can read code, the working is right there in front of you, but you may not know WHY something was done.
I work in a large telco who's security policy is to restrict everything unless explicitly allowed, and the process to get anything allowed is a 3 month long waste of time.
h tml) but as nothing else but ssh is allowed out of the firewall at work, I don't have a lot of choice.
I also have an ssh tunnel established from my work PC to my home connection, and I run pppd over that to create a VPN between my home network and the network at work. I realise that this is probably completely against company policy, but the "official" VPN solution only lets me hit the Exchange server, and doesn't let me actually do any work. Most of the company's "work" involves forwarding emails, so it's probably fine for them.
Unfortunately tcp over tcp is really quite nasty (http://sites.inka.de/sites/bigred/devel/tcp-tcp.
A howto that I found quite helpful is at http://www.tldp.org/HOWTO/ppp-ssh/
Anyway.. on to my anecdote (not required reading):
Part of my job involves working on a distributed monitoring system which is deployed in a star topography around the country. All the remote sites send & receive data from one central site (with one redundant central site) using a variety of protocols, like ssh, xmlrpc, dns, telnet, snmp, syslog, etc.
The network was designed by people who were given a set of instructions like "You will use these 2 vendor's systems" and "You must follow these corporate security policies which were written 10 years ago for phone networks", so it's terrible by today's standards (and for an ISP in general).
There are firewalls between all of my boxes, even though all my boxes are on the management lan, and they only allow a very small set of protocols through - not enough to let my software work. That wasn't the worst part. The worst was that the firewalls are also protecting the billing network so have very low tolerances for intrusion detection and flood protection and such. Basically I can only establish 5 connections per second *across the entire network*. This is clearly not enough for a busy monitoring system. So we decided to build a VPN between all of my boxes using ppp on ssh tunnels.
I now have a separate ppp interface from the central server to each of the remote datacenter servers, all on the 10.0.0.0/16 network. ip forwarding is enabled on the central site, so now remote datacenters can talk to each other (also blocked by the firewalls) and I can use all the connections I need to. I'm running quagga ( http://www.quagga.net/ ) on every remote datacenter and the central servers (along with the redundant one) so I can distribute routes to remote datacenter devices and cope with the death of one of the central servers without major service interruption.
However it really is quite slow. I can only get around 200kb/s over each ppp interface even though the physical links are 100+mbit each. But I really don't need huge bandwidth, just some that isn't firewalled.
This "solution" has been in production for 6 months now, and I'm sure as soon as the corporate security people find out they will shut it down and I'll go back to not being able to do my job.
I got the biggest productivity improvement by getting rid of the eye-candy gnome or kde window manager, and switching to ION (http://modeemi.cs.tut.fi/~tuomov/ion/). This is a tabbed window manager that defaults to showing one full-screen window per screen.
It uses keyboard shortcuts for everything, like switching windows, opening terminals resizing windows, etc. I don't need to touch the mouse, and I never spend time lining up my windows so I can see 3 things on screen at once without overlapping.
When I was at IBM, Domino was running on RS/6000 unix servers. A *lot* of them.
It supports lots of features, but they could only get about 1000 users per server and they are expensive servers.
Don't quote me on that, it's been a few years.
I have the situation that I don't really know what my job title is. I think officially I'd be a web developer because the application that I'm writing happens to have a web front-end.
However it's over 100,000 lines of PHP, JavaScript and Perl and is a lot more than just a web page.
I don't get classed as an application developer in my current company because I'm not working in C++ or Java.
Still, AU$150k is my current pay.. so convert that to $US if you like.
I quite frequently have this argument with my partner, as she doesn't understand why I feel it's such a problem, so I'm going to launch into it here. Obviously there is somebody out there who understands me.
.us people. I'm in Australia, and I've been noticing it getting worse every day. At 25 years old I'm wondering just when kids stopped being taught to read and write, and started to learn how to SMS your life story in 7 letters.
Lately I've been playing a lot of World of Warcraft, and in general the spelling is pretty bad. However it's not the misspelling of common words that irritates me, it's the misuse of such words as their/they're/there.
Personally I find it quite difficult to read a sentence where the wrong one is used, as I have to switch from reading the words to reading the letters and pronouncing them in my head, which is a lot slower.
Unfortunately "sounding out the words" is how people are taught to read these days, so it makes no difference to them if a word is spelled incorrectly, as long as it still sounds the same.
That particular difference is something that I learned to deal with in perhaps the second grade. They are different words... they may sound very similar, but they are different! When I see this sort of thing appearing frequently in people's posts or chats, my estimation of their age and/or intelligence goes down very quickly.
Non-native English language speakers I find are much better. Quite often the word ordering is wrong, but the spelling is usually much better.
This is not a problem just with
Are you reading this man?
You're responsible for all the world's problems! The linux kernel, bitrot on my cds, war in Iraq, Guantanamo Bay, and now git!
Come on Linus, clean up your act!
(Sorry if this offends *anyone*)
I'm being completely serious. The Sims 2 lets you build an apartment and place lots of furniture wherever you like. You can then have people walk around it and see how efficient the layout is.
Sims 2 is fully 3D so you can get a proper look around as well.
This sort of thing has been happening in Oz for as long as I've been recording TV shows... The networks here *always* manage to have non prime-time shows start and finish late.. often by up to 20 minutes.
Even the prime-time shows often run overtime.
It's really quite frustrating to have to set the "finish recording 20 minutes late" on my MythTV box.
I've always envied the ability that US viewers (previously) have of being able to say "record from 8:30 - 9:30 and get the whole show.
Popcap games also make one called Rocket Mania.. unfortunately my girlfriend got me onto it and I got completely hooked.
I've never been so addicted to anything in my life.. I was seriously playing it *every* spare minute I had, losing sleep and not being able to concentrate at work.. I was always seeing little fuses wherever i looked, and I was trying to get my mind to rotate them.
I had to stop playing for my own health.. so I'm not going to get Bejeweled.
Also, the other problem with Rocket Mania is that if you are sufficiently crafty, the game never ends.. My last game went for 2 weeks with me playing at every moment.. I eventually quit and uninstalled it.
My experience was under Lou's "control".
What about good ol' online forms? They are accessable from almost any PC, the users can't go changing the layout of the forms, data can be real-time, and there's no need for someone to parse the forms by hand.
I know from personal experience that IBM employ a LOT of people that are only there because of IBM's previous "Redeploy, not redundancy" policy. I worked in teams where hundreds of people spent their day printing out online forms, then typing them into another online form.
It seemed that they were creating jobs just to keep people there, when I was pushing for working smarter, and laying off 70% of the staff.
I wasn't popular.
I find the best way to distribute root access is not to use passwords at all.
.ssh/authorized_keys file automatically, then removing someone's access or granting access to someone is a simple matter of running the script across all the systems.
Disable the root password (or set it to something nobody knows), and only allow access via ssh's public/private key system. If you have a script which will set up the
This way nobody has to remember a password(s), you don't have to worry about cycling passwords, and if someone leaves you can remove all their access in minutes.
We have a policy of requiring all ssh private keys to have a passphrase of a reasonable length, so people can't go using other people's keys.
sudu bash
I have seen quite a few distro reviews, and most of them start with either "the graphical installer is nice" or "there's no graphic installer!".
Debian doesn't currently have a pretty graphical installer but I find that it's not necessary because I never need to reinstall, and it's functional and works over a serial console.
I know people who refuse to even give Debian a try because the installer (and the base install) isn't pretty enough.