I bet you can. MRTG just uses a flat text file right? And you can massage data any way you want to for RRDs, I bet it's fairly easy, especially since they're both written by Tobi Oetiker.
Oh Absolutely. MRTG is my best friend. However, it's failing for our man here in a big way when trying to aggregate lots of graph data into one 'megagraph'. That kind of stuff begs to be put in a database. I think if they've got several OC3s for instance, to aggregate, why not spend the $400 and build a stats analysis machine.
You can try Cacti. It's a web interface in PHP built around MySQL and RRDtool, the much more flexible successor to the flexible-as-hell MRTG. A friend just showed it to me yesterday, and I'm playing now. Looks very very nice. Homepage for Oetikers RRDTool is here
My company, 80 users, uses a Nortel Contivity 1700, which provides up to 5000 end user tunnels. We've got a couple of Branch Office tunnels set up, and they also work great. It was in the area of $3700, and it's easy to administer and install.
Bummer parts, I've not really been able to test the Unix/MacOS client, but it costs money. Only the Windows clients are included with the device. You can use FreeSWAN, but AFAIK, you have to make a Branch Office Tunnel for each FreeSWAN connection, which would suck. I haven't bothered for myself quite yet.
My company does not pay for net access for our users (not even IT staff:-(), I wouldn't expect it though, we're still too small a company.
Overall, I'd say stick with the Nortel. The client is good, 2k Domains work great, and most importantly, it's easy for users without much (any) technical skill to install and get running, or you can make packages for them with custom client distributions.
I can then track KPI's in my CRM to make sure I meet my SLA's. Then plug all that into the STFU to achieve total FUBAR compliance, all without RTFM, but I bet my job gets EOL'd and I get RIF'd
You stated that you refused to use any online service running IIS. That seems a bit on the xenophobic and fanatical side.
I would certainly trust bn.com with my money. There is no reason for me to high-tail it to Amazon simply because bn.com uses IIS.
The Average User running nmap is another matter entirely.
The Average User would have to install WinPCAP. Unless the average user is running Linux in this case, where nmap must be run as root to use the -O switch.
Shortly, there is no reason for the average user to have nmap installed on their machine (linux or Win32). Same reason that the avg. user doesn't know how to use TCPDump, Ettercap, etc. NetCraft is easily accessible by anyone.
Of course, nothing's perfect. NetCraft goes by banners largely, so you end up with sites like Walmart.com, running IIS5 on Linux or Solaris.
Posting from work, I didn't have the time to respond past a quick rant. Nor did I ever expect a reasoned response. I really appreciate the fact that you took the time to read the article here and reply to posts, that says a/lot/ about your veracity. Good stuff.
The article struck me as a simplified rundown of what's been happening. Which is good, because that's what it was supposed to be.
Getting into recommendations, however... Saying that everyone should NMAP with OS detection every e-commerce site they go to is pretty unsound advice. Besides which, he's making a huge blanket statement that IIS admins all suck, and that any site using IIS/MS on the backend is a huge risk that no one should take.
He must not buy much on the web then, unless he keeps a root shell around to run with -O. Quicker to just use NetCraft.
But even the characterization of all the Operations staff at Ebay, Staples.com and Barnes and Noble as being completely inept soup-fed-droolers, since they run IIS and therefore are risking their customers, is childish and whiny. Why should I trust a Linux admin over an NT admin, in the context of ECommerce? One would hope that if Barnes and Noble runs an ECommerce site, that they would have the foresight not to hire a wet behind the ears MCSE.
If Staples, bn.com, and Ebay all get owned, I might have to rethink my rant I guess...
The way towards security is not in me as an admin saying "Buy Linux servers, they're going to be 'secure'". The way towards security is in an admin saying "What you running, w2k? We can secure that". Security is not a product, and Linux does (clearly) not equal security.
I'm a (primarily) Windows admin. I do agree that if you have an average guy, he'll be able to deal with fewer machines than your avg Linux admin. But the whole thing is scripting. Although I would NEVER want to deal with multiple hundreds of Windows machines by myself (which I know some Unix admins do), several dozen are easily managable.
Windows can be scripted to an extent, while less malleable than Linux, you can still automate a lot of tasks. Is Jonny MCSE gonna do this? No. Neither is some dork who bought a book and got an RHCE.
In the right environment, either system is easily managed and scripted (and even stable). But the number of "Windows Admins" drives down the price of us, therefore we have more men per machine.
The exec. assistant in my office has a very clear outline of what would appear to be the standard NT login box on her 17" Sony tube. This monitor is maybe 3 years old.
I'd always been told from monitor vendors, engineers, everyone down the line that burn-in was a thing of the past, but don't believe the hype. It's not going to happen in minutes, my guess is that she probably went on vacation and left it or something. But then, that box jumps around, so I'm unsure what it really is. Perhaps she just left it logged in with a window there for a week.
ISS has been complained about and complained about from both sides of the Full Disclosure issue. Full disclosure to Bugtraq is great, but when ISS or certain others release without vendor notification/vendor acknowledgment, it's just dangerous and rude.
I'm personally glad that they aren't held up as the norm in the community. Most people seem to follow some variation of Rain Forest Puppys RFPolicy concerning vendor contact and reasonable time tables for releasing to the community when faced with unresponsive/uncaring vendors.
Good for X-Force, good for the community for browbeating X-Force.
And, yes, it would be different if this were Linux, or BSD, or even MacOS. All those operating systems come with companies or communities who take security seriously, and they respect their users enough to not foist insecure features on them.
I am a GNU hippy, I avoid using Windows on the desktop except when necessary, but I have to disagree.
RedHat has ISOs for every version of the distro since 1.0 on their FTP site.
However, it's likely to get owned pretty fast if you just put a stock, say, RH4.2 machine out in the world. What might not be a bad idea is to take 6.2, compile the latest 2.2 series kernel with no bells and whistles, and minimize the hoggish servers running on the box. It can obviously be made to be much quicker than a standard 6.2 install.
However, everyone else in my office is completely oblivious to the fact of the size of an email and replication. a 10MB attachment sent to 200 people occupies a lot of space REALLY quick.
In most sane email servers, a 10MB attachment sent to 200 people would take up... 10MB plus pointers. What are you using?
But the ones I have include a nasty UI bug, in message composition, I HAVE to shift-tab to move from the message box into the address boxes, mouse clicking does not work here. Also it seems to leave a lot of orphan processes when it quits, even if you quit gracefully. Often after exiting Evolution I cannot relaunch without doing killall evolution-mail first.
This is with Evolution 1.0.5 and 1.0.8, as well as 1.0.3 (supported), on RH 7.1 and 7.3 in KDE2 & 3.
I haven't tried Connector because I'm too lazy and cheap, but it works great with IMAP.
Bummer. They should look exactly as they do in Windows. I'm using Freetype, RH 7.1 -> 7.3, in KDE2 and KDE3 on various machines. First thing I do is go get those MS Core TTFs.
Well, used to work GREAT on my laptop. Probably still does. It would actually change, not just the damn virtual desktop. Now I have to figure out why it just changes virtual desktops on my 'real computer'.
Thanks for making much more work for me today:-).
Of course, this now changes the list of non-issues slightly, since it's no longer as trivial as I thought. No one's gonna want to edit XF86Config-4.
On the other hand, screw 'em. Pick a res and stay with it. Do the highest you can read and go on with life, heh. I can't remember the last time I changed res in Windows or Linux for anything.
Anti Aliasing isn't the end-all be-all of fonts. What matters is to have good fonts to begin with. If you go get the Microsoft ttf fonts and install them, you'll be much better off in programs that don't support anti-aliasing (easily) like Mozilla. Moz. is infinitely usable and looks just like Moz. Win32 if you use the same fonts.
I mention that because he complains about anti-aliasing, especially in Mozilla, both on the 10 things needing fixing page, and on the Top N Things That Have Been Solved page.
"Best Browser":) Opera for speed, all the way. Konqueror is a REAL close second though. The "font problems" are non-existant, use KDE, Opera-shared-QT and tweak from the preferences menu IF you want to. No "config files" to "fiddle with". The only major bitch I have with Opera is viewing the CNN website. It's just sad and probably easily fixable, doesn't screw up in Windows2k.
"Printing":) CUPS. Easy, web-based, simple management. Add KUPS (for KDE), makes it even better than the Win32 tool.
"Soft Wrapping Editor":) Use VIM, if you live and die by the gui, use GVIM.
"Changing RES":) When you first set up X, select every resolution available to you at the highest color depth. Maybe someone should make an app where the "increase res" and "Decrease res" buttons hit the damn key combo for us. We could make it pretty.
They have to be Xeons, AFAIK, non-Xeon Intel CPUs won't do 4-way. And even if you CAN do 4 way on regular PIII's, which you cannot, MS wouldn't, they would have Xeons.
I'm imagining this machine to be a Compaq 6400r or the like, from the timeframe of the build it's probably 550s or 700(?), since they have a very close relationship to Compaq for servers.
Slashdot Mirror
I bet you can. MRTG just uses a flat text file right? And you can massage data any way you want to for RRDs, I bet it's fairly easy, especially since they're both written by Tobi Oetiker.
Oh Absolutely. MRTG is my best friend. However, it's failing for our man here in a big way when trying to aggregate lots of graph data into one 'megagraph'. That kind of stuff begs to be put in a database. I think if they've got several OC3s for instance, to aggregate, why not spend the $400 and build a stats analysis machine.
You can try Cacti. It's a web interface in PHP built around MySQL and RRDtool, the much more flexible successor to the flexible-as-hell MRTG. A friend just showed it to me yesterday, and I'm playing now. Looks very very nice. Homepage for Oetikers RRDTool is here
My company, 80 users, uses a Nortel Contivity 1700, which provides up to 5000 end user tunnels. We've got a couple of Branch Office tunnels set up, and they also work great. It was in the area of $3700, and it's easy to administer and install.
:-(), I wouldn't expect it though, we're still too small a company.
Bummer parts, I've not really been able to test the Unix/MacOS client, but it costs money. Only the Windows clients are included with the device. You can use FreeSWAN, but AFAIK, you have to make a Branch Office Tunnel for each FreeSWAN connection, which would suck. I haven't bothered for myself quite yet.
My company does not pay for net access for our users (not even IT staff
Overall, I'd say stick with the Nortel. The client is good, 2k Domains work great, and most importantly, it's easy for users without much (any) technical skill to install and get running, or you can make packages for them with custom client distributions.
I can then track KPI's in my CRM to make sure I meet my SLA's. Then plug all that into the STFU to achieve total FUBAR compliance, all without RTFM, but I bet my job gets EOL'd and I get RIF'd
Always mount a scratch monkey
Especially in cases where alcohol is involoved, don't want the natives getting restless when the Monkey dies.
It will give me my email, show me sports scores, it has a compass built in, and this 'thing' which tells time...
You stated that you refused to use any online service running IIS. That seems a bit on the xenophobic and fanatical side.
/lot/ about your veracity. Good stuff.
I would certainly trust bn.com with my money. There is no reason for me to high-tail it to Amazon simply because bn.com uses IIS.
The Average User running nmap is another matter entirely.
The Average User would have to install WinPCAP. Unless the average user is running Linux in this case, where nmap must be run as root to use the -O switch.
Shortly, there is no reason for the average user to have nmap installed on their machine (linux or Win32). Same reason that the avg. user doesn't know how to use TCPDump, Ettercap, etc. NetCraft is easily accessible by anyone.
Of course, nothing's perfect. NetCraft goes by banners largely, so you end up with sites like Walmart.com, running IIS5 on Linux or Solaris.
Posting from work, I didn't have the time to respond past a quick rant. Nor did I ever expect a reasoned response. I really appreciate the fact that you took the time to read the article here and reply to posts, that says a
Thanks.
Getting into recommendations, however... Saying that everyone should NMAP with OS detection every e-commerce site they go to is pretty unsound advice. Besides which, he's making a huge blanket statement that IIS admins all suck, and that any site using IIS/MS on the backend is a huge risk that no one should take.
He must not buy much on the web then, unless he keeps a root shell around to run with -O. Quicker to just use NetCraft.
But even the characterization of all the Operations staff at Ebay, Staples.com and Barnes and Noble as being completely inept soup-fed-droolers, since they run IIS and therefore are risking their customers, is childish and whiny. Why should I trust a Linux admin over an NT admin, in the context of ECommerce? One would hope that if Barnes and Noble runs an ECommerce site, that they would have the foresight not to hire a wet behind the ears MCSE.
If Staples, bn.com, and Ebay all get owned, I might have to rethink my rant I guess...
The way towards security is not in me as an admin saying "Buy Linux servers, they're going to be 'secure'". The way towards security is in an admin saying "What you running, w2k? We can secure that". Security is not a product, and Linux does (clearly) not equal security.
I'm a (primarily) Windows admin. I do agree that if you have an average guy, he'll be able to deal with fewer machines than your avg Linux admin. But the whole thing is scripting. Although I would NEVER want to deal with multiple hundreds of Windows machines by myself (which I know some Unix admins do), several dozen are easily managable.
Windows can be scripted to an extent, while less malleable than Linux, you can still automate a lot of tasks. Is Jonny MCSE gonna do this? No. Neither is some dork who bought a book and got an RHCE.
In the right environment, either system is easily managed and scripted (and even stable). But the number of "Windows Admins" drives down the price of us, therefore we have more men per machine.
If you leave your watch at your desk, your laptop doesn't auto-encrypt, you get pwned, and get fired for leaking company (govt. whatever) secrets.
:-)
Clearly, the only solution is implants.
The exec. assistant in my office has a very clear outline of what would appear to be the standard NT login box on her 17" Sony tube. This monitor is maybe 3 years old.
I'd always been told from monitor vendors, engineers, everyone down the line that burn-in was a thing of the past, but don't believe the hype. It's not going to happen in minutes, my guess is that she probably went on vacation and left it or something. But then, that box jumps around, so I'm unsure what it really is. Perhaps she just left it logged in with a window there for a week.
But regardless, it's not impossible.
ISS has been complained about and complained about from both sides of the Full Disclosure issue. Full disclosure to Bugtraq is great, but when ISS or certain others release without vendor notification/vendor acknowledgment, it's just dangerous and rude.
I'm personally glad that they aren't held up as the norm in the community. Most people seem to follow some variation of Rain Forest Puppys RFPolicy concerning vendor contact and reasonable time tables for releasing to the community when faced with unresponsive/uncaring vendors.
Good for X-Force, good for the community for browbeating X-Force.
Opera, as of 6.1, allows you to use your current KDE theme/widgets.
I am a GNU hippy, I avoid using Windows on the desktop except when necessary, but I have to disagree.
Insecure features like:
- RPC
- LPD
- WUFTPd
- Telnet
- Sendmail
- BIND(? BIND for christs sake?)
- X listening remotely
All running by default?Go ahead, shoot Messenger. It's had its fair share of bugs too...
Whoopsie
Daisy
However, it's likely to get owned pretty fast if you just put a stock, say, RH4.2 machine out in the world. What might not be a bad idea is to take 6.2, compile the latest 2.2 series kernel with no bells and whistles, and minimize the hoggish servers running on the box. It can obviously be made to be much quicker than a standard 6.2 install.
In most sane email servers, a 10MB attachment sent to 200 people would take up ... 10MB plus pointers. What are you using?
Something tells me it ain't cheap, but this is swell and runs on Unix. My company had a loaner on an older RS6000 running AIX.
But the ones I have include a nasty UI bug, in message composition, I HAVE to shift-tab to move from the message box into the address boxes, mouse clicking does not work here. Also it seems to leave a lot of orphan processes when it quits, even if you quit gracefully. Often after exiting Evolution I cannot relaunch without doing killall evolution-mail first.
This is with Evolution 1.0.5 and 1.0.8, as well as 1.0.3 (supported), on RH 7.1 and 7.3 in KDE2 & 3.
I haven't tried Connector because I'm too lazy and cheap, but it works great with IMAP.
Bummer. They should look exactly as they do in Windows. I'm using Freetype, RH 7.1 -> 7.3, in KDE2 and KDE3 on various machines. First thing I do is go get those MS Core TTFs.
Keep plugging away, it's worth it.
Well, used to work GREAT on my laptop. Probably still does. It would actually change, not just the damn virtual desktop. Now I have to figure out why it just changes virtual desktops on my 'real computer'.
:-).
Thanks for making much more work for me today
Of course, this now changes the list of non-issues slightly, since it's no longer as trivial as I thought. No one's gonna want to edit XF86Config-4.
On the other hand, screw 'em. Pick a res and stay with it. Do the highest you can read and go on with life, heh. I can't remember the last time I changed res in Windows or Linux for anything.
Anti Aliasing isn't the end-all be-all of fonts. What matters is to have good fonts to begin with. If you go get the Microsoft ttf fonts and install them, you'll be much better off in programs that don't support anti-aliasing (easily) like Mozilla. Moz. is infinitely usable and looks just like Moz. Win32 if you use the same fonts.
s .html, http://www.linux.org/docs/ldp/howto/mini/TT-Debian -7.html, http://linux.org.mt/article/ttfonts.
I mention that because he complains about anti-aliasing, especially in Mozilla, both on the 10 things needing fixing page, and on the Top N Things That Have Been Solved page.
Microsoft core TTFs are available here: MS TTFs
Install guides and scripts are available several places: http://www-uxsup.csx.cam.ac.uk/~jw35/docs/ms-font
The best script to auto-install to RedHat that I've found is here, he has lots of other goodies to boot: http://www.linuxquebec.com/~nomis80/
"Best Browser":) Opera for speed, all the way. Konqueror is a REAL close second though. The "font problems" are non-existant, use KDE, Opera-shared-QT and tweak from the preferences menu IF you want to. No "config files" to "fiddle with". The only major bitch I have with Opera is viewing the CNN website. It's just sad and probably easily fixable, doesn't screw up in Windows2k.
"Printing":) CUPS. Easy, web-based, simple management. Add KUPS (for KDE), makes it even better than the Win32 tool.
"Soft Wrapping Editor":) Use VIM, if you live and die by the gui, use GVIM.
"Changing RES":) When you first set up X, select every resolution available to you at the highest color depth. Maybe someone should make an app where the "increase res" and "Decrease res" buttons hit the damn key combo for us. We could make it pretty.
They have to be Xeons, AFAIK, non-Xeon Intel CPUs won't do 4-way. And even if you CAN do 4 way on regular PIII's, which you cannot, MS wouldn't, they would have Xeons.
I'm imagining this machine to be a Compaq 6400r or the like, from the timeframe of the build it's probably 550s or 700(?), since they have a very close relationship to Compaq for servers.