If someone likes your house, and they take it away from you, you no longer have it. If someone likes your house, and replicates it on their own property (the method is unimportant to this discussion), does that diminish the value of your home?
Shut up!!! Um, uh, think of the children! The starving children of penniless artists unappreciated in their own time!!
Why do you, as an artist feel that you should be able to mooch off your one big work for the rest of your life (and your children's lives, etc.)? Do you think it would be equitable for the person who painted your house to receive a royalty check every time someone admires your house? Should the plumber get a check every time you flush your toilet?
No, I'm not kidding. Keep in mind I run on empirical, not theoretical. I'm not sure why you think it's reasonable to compare "a well designed SCSI system" which you admit requires multiple cards and channels with a single-port AoE system.
I recently replaced a ~2 TB duplexed u320 SCSI RAID array with a ~8 TB AoE array. Same hosts - same OS - no changes except from SCSI RAID to AoE RAID. My bus is PCI-133 and I have two GB ethernet ports on the motherboard, four more on two Intel PCI cards (not all of those are used for Aoe, obviously).
I have a data store that contains well over 13 million files that I need to back up regularly. Base backups that took five days now complete in 2 days, which means I can get it in a weekend, and that rsync --link-dest backups can be done overnight every night during the week.
I haven't rigorously analyzed the situation, and I never will, because I've solved my problem cheaply and effectively. So, to you this is anecdotal - but to me, it is rock-solid and reproducible, and I really don't care about theoretical numbers published by companies that want to sell me SCSI.
I've used Mylex, HP (mostly LSI), Tekram, Adaptec, DCA, etc. etc. probably every SCSI controller and subsystem out there including DEC (both real SCSI and DSSI) and Sun and Apple. AoE is cheaper and gives me empirically better performance for the buck. It's not ready for non-professionals yet, perhaps, but that's not a big deal to me since it's Open Source and the coders are reasonably easy to deal with.
I spent about $8000 for a complete rig, including fifteen 500GB disks and a couple of cat6 crossover cables for the links. I'm not currently doing multi-host simultaneous access so I don't need a fancy file system, it's just a regular block device to the OS.
I'm using it to back up a couple of terabytes nightly with rsync --link-dest. (See Mike Rubel's site if you're not familiar with that trick).
Performance feels about the same as the $200,000 (US dollars) fiberchannel SAN array sitting next to it, but I haven't actually measured.
I've got a coraid array that can saturate the host PCI bus running on ATA-over-Ethernet technology, which is faster & simpler than SCSI-over-IP. Performance comparable to my giant expensive fiber channel SAN at a tiny fraction of the cost.
If you don't like Open Source, you won't like it yet. Wait a few years and there will be a version you'll like, the economics of it are compelling. But right now you need to be able to write your own init scripts.
Why buy a $600 RAID controller when I can get the same performance from a $60 gigabit ethernet card?
I am supporting Win98SE and Mac OS9 for family and friends right now. Win98 kicks the pants of OS9, particularly in application support. I'm not having any driver issues regardless of which hardware base I'm on (since I hand out salvaged hardware, the platform changes every six to eight months. I'm currently on 2 powerMacs and 10 1.8 GHz Celerons - no driver problems).
Myself, I prefer Ubuntu or Slackware. But for end users Win98se is a fine platform that runs Firefox, IE, and hundreds (if not thousands) of games just fine. Wireless works easily on it too.
OS9, though, is a pig (and has severely limited hardware compatibility). I prefer OS7 or OSX personally; they don't crash as often.
You need old Adobe reader, old ZoneAlarm, and a good antivirus for Win98se, but even with an antivirus running full-time Win98se outperforms XP on the same hardware.
And what's really impressive is MS-DOS dentist office management software on a 2 GHz P4. Effectively instantaneous response yields fantastic productivity for the end-user. Backup and database management is lighting-fast, too - reindexing and archiving ten years worth of data (which was a tedious weekly chore on a 16 MHz 386) can be handled nightly in under ten minutes.
Linux is a hard OS to administer without training. It's not something you can just dive into, and a lot of admins get it shoved on them because upper management decides on a software package that requires it. The result? Downtime because the admin is unfamiliar with Linux and doesn't know where to find the answers. So in that sense, this report is spot-on.
Because you made it clear that your training and expertise is entirely in MSWindows, that's a very intelligent comment. The converse is also true:
Microsoft Windows is a hard OS to administer without training. It's not something you can just dive into, and a lot of admins get it shoved on them because upper management decides on a software package that requires it. The result? Downtime because the admin is unfamiliar with Windows and doesn't know where to find the answers.
I personally can find the answers for any problem with a dozen operating systems faster than I can find the answer to a Windows 2003 problem. That's because we don't use Windows servers very much (it's too expensive for my budget, particularly in hardware terms) so my staff has relatively little experience in it.
A successful business should seek out people that can make shit work and then give those people a budget that will allow them to meet the business's needs. Operating systems matter far less than people - let them use whatever they want! If you chose the right people, you will succeed, if not, the operating system will not be what killed you.
Incidentally, I have a dozen or so mission-critical Red Hat servers that've been running since 2003 with no unscheduled downtime (we do reboot them for kernel security patches, but those are scheduled in advance). I wish I could say that about our memory-leaking windows servers... or our HP-UX servers, for that matter. The Suns have been pretty bulletproof, but they have very little workload compared to any of the others.
IT may overnominalize, but (unlike law and accounting), we tend not to completely redefine perfectly good words for our own uses
Like bit, nibble, archive, file, directory, etc. etc. etc. those words always meant what they mean in IT, right?
Learning what a TCP/IP stack does takes some effort, but once you know the phrase, you know the phrase.
Are you sure? A cursory glance at some standard IT resources, like, hmmmm... the Internet for example, shows that most people who are saying "TCP/IP stack" are actually talking about the IP stack of which TCP is one part. Sometimes they aren't even that close to being correct; they'll refer to ARP, for example, as part of TCP/IP, or start talking about MAC addresses.
I use a table-driven script calling rsync --link-dest onto coraid aoe racks, then archive offsite to LTO3. I back up everything nightly.
But the guys here who wanted to buy a product, rather than build a solution, spent months researching all the alternatives and they even got demo hardware and software and trialed the majors on site. Their finding was that Comvault knocks the doors off everything out there for really large volumes of data on multiple operating systems. Veritas and Legato were among the ones they trialed, I don't remember any more details (sorry!). We've tried Time Navigator and Arkeia and Retrospect in the past, none of those scaled for us.
We now run both systems (commvault and my custom one) so that we have a backup system and a backup backup system.
"Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway." - Variously attributed, frequently to Andrew Tanenbaum
I was in a meeting with the late Dr. John Hendrickson in the 1990s or 80s and file transfer options for moving large files between the Academy of Natural Sciences in Philadelphia and the Benedict Estuarian Research Labs near Washington, D.C. were being discussed. Today, we'd transfer the data constantly over a broadband connection while making local backup archives. Back then we were running processing and data gathering in batches, and we were running all our voice and data traffic between the sites on a single fractional T1.
John, who was a biostatistician and the finest mathematician I have ever known, turned to me and asked what the capacity of a 9-inch reel tape was (I don't remember, I do remember we were getting 6250 bpi though). He then calculated in his head the rough bandwith of his car (because he knew how big the cargo area was and how long it took to drive to Benedict) and discovered that the fastest and most economical way for us to get the job done was shipping tapes. I was willing to take his word for it - he did that kind of thing all the time - but some of the other scientists had him explain the calculation anyway.
What John said at the time (I don't really know if it was orginal to him, but it was the first time I'd heard it) was "never underestimate the bandwidth of a station wagon full of mag tapes". No hurtling involved, he was a cautious driver.
Vendors are already liable for their bugs, they just pay out of their userbase instead of their pockets. Which comes out of their pockets indirectly at a later point.
If that were true, shelfware vendors would go out of business. Most shelfware goes on the shelf not because it is unneeded, but because it's so buggy as to be unuseable.
Apple doesn't rank #1 for customer service and pretty much everything else in Consumer Reports year after year for nothing.
I am a pretty big fan of Consumer Reports (I subscribe) and I have a Mac on the desk, right next to the linux and WinXP boxes that I also use daily.
That being said, Consumer Reports is probably the worst place you could get computer advice from. They are great on evaluating paint, clotheswashers, and cars, but they suck hard on computer knowledge.
As the man said, Let them alone: they be blind leaders of the blind. And if the blind lead the blind, both shall fall into the ditch.
You can prevent forgery now with SPF (v1, "classic" - forget that stupid broken patent-encumbered Microsoft SenderID that claims to be SPF v2). There's obviously a problem with sites that refuse to participate still being easily forged, but since the biggies (Gmail, AOL, etc.) are using it already the number of forgeable sites is shrinking.
DKIM (successor to Yahoo's DomainKeys) will do even better when it gets more traction in the MTA and MUA segment, but for right now do SPFv1 and get the issues with forwarding worked out (if you have any - many sites won't) before DKIM arrives.
Anti-forgery is only part of the solution, though - it just forces the spammers to register real domains (throwaway domains, granted) or use exclusively cracked hosts and botnets. The other parts of the solution are 1) heavy punishments for crackbot spammers (yay AOL and Microsoft for pushing this!) instead of law enforcement looking the other way as they have in the past and 2) consumer reaction against domain registrars that knowingly support spam gangs.
The key thing to understand about anti-forgery measures is they allow other techniques (like blackholing and legal prosecution) to work. If your mail administrator isn't implementing at least the publishing side of SPFv1, that person is not doing his or her job properly.
Geez, I said "Yay AOL and Microsoft". You don't see that on Slashdot much!
Well, as I stated I'm very very familiar with RPM. And the corporate suits are comfortable with the Red Hat business model - up2date is just a wonderful wonderful thing in a large heavily regulated business.
But you're right as far as debian being a nice solid server platform. Don't know about Ubuntu for that yet, it will be interesting to see if they can match debian's stability.
He's involved, certainly, but you're right; he's not writing the code. And since ithey are OSS projects there are really many hands at work in all versions of sendmail currently available (sendmail X has chunks taken from OpenBSD in it).
a. How does encouraging people to seek one of several alternatives to a certain behaviour count as groupthink?
The decades-old chant of "sendmail is insecure, just look at its history" is classic mindless repetition, like the "blue star acid" urban legend. I've stood up in seminars and challenged speakers to support this claim for at least the last eight years - none of them has made any argument that couldn't be easily demolished with readily available documented facts. Encouraging people to use more modern, easier to configure MTAs is fine (as long as they understand they are sacrificing some features that most people will never need) but slamming sendmail for "security" is the intellectual equivalent of joining a lynch mob.
b. What in the world is "Most alternatives to sendmail are basically less functional sendmail clones" supposed to mean?
Postfix was written by Wietse Venema as a more secure-by-design sendmail clone. That's a great thing; privilege separation in sendmail is a hack, and makes configuration even more counter-intuitive than it already was. However, postfix does not currently have anything comparable to sendmail's milter API so it is less functional. All the other mailers of note (Exim, Qmail, etc.) were also built to replace sendmail, and thus are to some extent clones (most can be called with sendmail semantics). They do not, however, support sendmail's full feature set (UUCP, Bitnet, DECnet, other antique stuff as well as powerful recursive address munging and again the milter interface) although they are certainly fine for most people's needs.
That's like saying most web browsers are basically Mosaic clones.
Not really. Modern browsers incorporate fundamentally new technologies (Java, anyone? CSS? Mouse gestures?) that aren't in Mosaic and never will be. This is nothing like the situation with MTAs, probably because Mosaic was abandoned instead of evolving with the Internet like sendmail did.
Maybe they are, maybe they aren't, depending how strictly you define "clone"; but really, what's it matter?
I'm the sort of intransigent pedant who doesn't like a bunch of drones spreading false allegations about the work of internet pioneers (in this case Eric Allman). Compared to nearly any other 30-year old software package, certainly compared to any other of similar utility and complexity, sendmail has an exemplary security record - issues have been addressed with integrity and rapidity for decades. Curiously, the willingess of the sendmail authors to address security issues (even when the real issue was with the underlying OS and not sendmail, even when the exploit was totally theoretical) has contributed to this FUD - idiots comparing patch counts as if not patching a product somehow makes it better.
You can certainly say with authority that sendmail 8 suffers from antique design and that it is difficult for n00bs to configure. You can accurately say that many of its features are effectively obsolete. But saying it's got a "poor security record" is just being ignorant.
The big difference is that the distros you mentioned are RPM-based (Red Hat and a Red Hat knockoff) while Ubuntu uses debian-style packaging.
If you are already familiar with RPM, or you want advanced architechture support not available with.debs, you might find this to be a significant issue.
I have to say, though, that Ubuntu is lightyears ahead of Red Hat (including Fedora) in terms of polish and hardware support. After spending a week hacking Fedora C5 to get wireless partially working on my laptop, I threw up my hands and installed breezy... which pretty much worked out of the box, done deal. The only parts I had to tinker with were 915resolution (10 minute fix to get maximum screen res, same as on Fedora) and WPA_supplicant (which is supposed to be working on Dapper, but I haven't tried it yet).
I'm sticking with RHEL on my big corporate server farms for now, because I understand its strengths (up2date rulez!) and weaknesses (bugzillas from end-users are consistently ignored). I'm running Ubuntu on the test servers and laptop, though, to get familiar with the system, and if it works out I'll think seriously about cutting the servers over too.
Slashdot Mirror
Hey, everybody, look over there! A terrorist!
Communications software judged a success while purposely spurning the most widely implemented form of communication.
Right.... you funny, fanboy.
I was a beta tester for Exchange versions 1.0 through 3.0 (the total rewrite version).
The original version didn't even support SMTP, fanboy.
You have no idea what you are talking about.
No, I'm not kidding. Keep in mind I run on empirical, not theoretical. I'm not sure why you think it's reasonable to compare "a well designed SCSI system" which you admit requires multiple cards and channels with a single-port AoE system.
I recently replaced a ~2 TB duplexed u320 SCSI RAID array with a ~8 TB AoE array. Same hosts - same OS - no changes except from SCSI RAID to AoE RAID. My bus is PCI-133 and I have two GB ethernet ports on the motherboard, four more on two Intel PCI cards (not all of those are used for Aoe, obviously).
I have a data store that contains well over 13 million files that I need to back up regularly. Base backups that took five days now complete in 2 days, which means I can get it in a weekend, and that rsync --link-dest backups can be done overnight every night during the week.
I haven't rigorously analyzed the situation, and I never will, because I've solved my problem cheaply and effectively. So, to you this is anecdotal - but to me, it is rock-solid and reproducible, and I really don't care about theoretical numbers published by companies that want to sell me SCSI.
I've used Mylex, HP (mostly LSI), Tekram, Adaptec, DCA, etc. etc. probably every SCSI controller and subsystem out there including DEC (both real SCSI and DSSI) and Sun and Apple. AoE is cheaper and gives me empirically better performance for the buck. It's not ready for non-professionals yet, perhaps, but that's not a big deal to me since it's Open Source and the coders are reasonably easy to deal with.
I spent about $8000 for a complete rig, including fifteen 500GB disks and a couple of cat6 crossover cables for the links. I'm not currently doing multi-host simultaneous access so I don't need a fancy file system, it's just a regular block device to the OS.
I'm using it to back up a couple of terabytes nightly with rsync --link-dest. (See Mike Rubel's site if you're not familiar with that trick).
Performance feels about the same as the $200,000 (US dollars) fiberchannel SAN array sitting next to it, but I haven't actually measured.
I've got a coraid array that can saturate the host PCI bus running on ATA-over-Ethernet technology, which is faster & simpler than SCSI-over-IP. Performance comparable to my giant expensive fiber channel SAN at a tiny fraction of the cost.
These guys are behind the technology: http://www.coraid.com/
If you don't like Open Source, you won't like it yet. Wait a few years and there will be a version you'll like, the economics of it are compelling. But right now you need to be able to write your own init scripts.
Why buy a $600 RAID controller when I can get the same performance from a $60 gigabit ethernet card?
It's not an URL.
/etc/hosts).
It's the original InterNIC site.
Where all the hostnames were before DNS (we downloaded them every day into
A single site that broke the Internet. Several times.
rs.internic.net
I am supporting Win98SE and Mac OS9 for family and friends right now. Win98 kicks the pants of OS9, particularly in application support. I'm not having any driver issues regardless of which hardware base I'm on (since I hand out salvaged hardware, the platform changes every six to eight months. I'm currently on 2 powerMacs and 10 1.8 GHz Celerons - no driver problems).
Myself, I prefer Ubuntu or Slackware. But for end users Win98se is a fine platform that runs Firefox, IE, and hundreds (if not thousands) of games just fine. Wireless works easily on it too.
OS9, though, is a pig (and has severely limited hardware compatibility). I prefer OS7 or OSX personally; they don't crash as often.
You need old Adobe reader, old ZoneAlarm, and a good antivirus for Win98se, but even with an antivirus running full-time Win98se outperforms XP on the same hardware.
And what's really impressive is MS-DOS dentist office management software on a 2 GHz P4. Effectively instantaneous response yields fantastic productivity for the end-user. Backup and database management is lighting-fast, too - reindexing and archiving ten years worth of data (which was a tedious weekly chore on a 16 MHz 386) can be handled nightly in under ten minutes.
Microsoft Windows is a hard OS to administer without training. It's not something you can just dive into, and a lot of admins get it shoved on them because upper management decides on a software package that requires it. The result? Downtime because the admin is unfamiliar with Windows and doesn't know where to find the answers.
I personally can find the answers for any problem with a dozen operating systems faster than I can find the answer to a Windows 2003 problem. That's because we don't use Windows servers very much (it's too expensive for my budget, particularly in hardware terms) so my staff has relatively little experience in it.
A successful business should seek out people that can make shit work and then give those people a budget that will allow them to meet the business's needs. Operating systems matter far less than people - let them use whatever they want! If you chose the right people, you will succeed, if not, the operating system will not be what killed you.
Incidentally, I have a dozen or so mission-critical Red Hat servers that've been running since 2003 with no unscheduled downtime (we do reboot them for kernel security patches, but those are scheduled in advance). I wish I could say that about our memory-leaking windows servers... or our HP-UX servers, for that matter. The Suns have been pretty bulletproof, but they have very little workload compared to any of the others.
To misquote Juvenal again, it seems that all it takes to defuse the "democratic public oversight" is bread and circuses.
Obese celebrity-obsessed Americans don't have the cojones (or the attention span) to do anything but complain.
D'OH, I think I just proved my own point. Better go home and write my congressdrone!
"Who shall watch the watchers?" --Decimus Iunius Iuvenalis
Are you sure? A cursory glance at some standard IT resources, like, hmmmm... the Internet for example, shows that most people who are saying "TCP/IP stack" are actually talking about the IP stack of which TCP is one part. Sometimes they aren't even that close to being correct; they'll refer to ARP, for example, as part of TCP/IP, or start talking about MAC addresses.
I use a table-driven script calling rsync --link-dest onto coraid aoe racks, then archive offsite to LTO3. I back up everything nightly.
But the guys here who wanted to buy a product, rather than build a solution, spent months researching all the alternatives and they even got demo hardware and software and trialed the majors on site. Their finding was that Comvault knocks the doors off everything out there for really large volumes of data on multiple operating systems. Veritas and Legato were among the ones they trialed, I don't remember any more details (sorry!). We've tried Time Navigator and Arkeia and Retrospect in the past, none of those scaled for us.
We now run both systems (commvault and my custom one) so that we have a backup system and a backup backup system.
John, who was a biostatistician and the finest mathematician I have ever known, turned to me and asked what the capacity of a 9-inch reel tape was (I don't remember, I do remember we were getting 6250 bpi though). He then calculated in his head the rough bandwith of his car (because he knew how big the cargo area was and how long it took to drive to Benedict) and discovered that the fastest and most economical way for us to get the job done was shipping tapes. I was willing to take his word for it - he did that kind of thing all the time - but some of the other scientists had him explain the calculation anyway.
What John said at the time (I don't really know if it was orginal to him, but it was the first time I'd heard it) was "never underestimate the bandwidth of a station wagon full of mag tapes". No hurtling involved, he was a cautious driver.
That being said, Consumer Reports is probably the worst place you could get computer advice from. They are great on evaluating paint, clotheswashers, and cars, but they suck hard on computer knowledge.
As the man said, Let them alone: they be blind leaders of the blind. And if the blind lead the blind, both shall fall into the ditch.
You can prevent forgery now with SPF (v1, "classic" - forget that stupid broken patent-encumbered Microsoft SenderID that claims to be SPF v2). There's obviously a problem with sites that refuse to participate still being easily forged, but since the biggies (Gmail, AOL, etc.) are using it already the number of forgeable sites is shrinking.
DKIM (successor to Yahoo's DomainKeys) will do even better when it gets more traction in the MTA and MUA segment, but for right now do SPFv1 and get the issues with forwarding worked out (if you have any - many sites won't) before DKIM arrives.
Anti-forgery is only part of the solution, though - it just forces the spammers to register real domains (throwaway domains, granted) or use exclusively cracked hosts and botnets. The other parts of the solution are 1) heavy punishments for crackbot spammers (yay AOL and Microsoft for pushing this!) instead of law enforcement looking the other way as they have in the past and 2) consumer reaction against domain registrars that knowingly support spam gangs.
The key thing to understand about anti-forgery measures is they allow other techniques (like blackholing and legal prosecution) to work. If your mail administrator isn't implementing at least the publishing side of SPFv1, that person is not doing his or her job properly.
Geez, I said "Yay AOL and Microsoft". You don't see that on Slashdot much!
Well, as I stated I'm very very familiar with RPM. And the corporate suits are comfortable with the Red Hat business model - up2date is just a wonderful wonderful thing in a large heavily regulated business.
But you're right as far as debian being a nice solid server platform. Don't know about Ubuntu for that yet, it will be interesting to see if they can match debian's stability.
He's involved, certainly, but you're right; he's not writing the code. And since ithey are OSS projects there are really many hands at work in all versions of sendmail currently available (sendmail X has chunks taken from OpenBSD in it).
Thanks for the clarification!
You can certainly say with authority that sendmail 8 suffers from antique design and that it is difficult for n00bs to configure. You can accurately say that many of its features are effectively obsolete. But saying it's got a "poor security record" is just being ignorant.
I've had enough of their paedophilic shenanigans... Captain Feathersword? Please!!!
Keep Pirate Bay shut down and put the Wiggles in prison where they belong!
Er, what? Oh... I see. Never mind!
The big difference is that the distros you mentioned are RPM-based (Red Hat and a Red Hat knockoff) while Ubuntu uses debian-style packaging.
.debs, you might find this to be a significant issue.
If you are already familiar with RPM, or you want advanced architechture support not available with
I have to say, though, that Ubuntu is lightyears ahead of Red Hat (including Fedora) in terms of polish and hardware support. After spending a week hacking Fedora C5 to get wireless partially working on my laptop, I threw up my hands and installed breezy... which pretty much worked out of the box, done deal. The only parts I had to tinker with were 915resolution (10 minute fix to get maximum screen res, same as on Fedora) and WPA_supplicant (which is supposed to be working on Dapper, but I haven't tried it yet).
I'm sticking with RHEL on my big corporate server farms for now, because I understand its strengths (up2date rulez!) and weaknesses (bugzillas from end-users are consistently ignored). I'm running Ubuntu on the test servers and laptop, though, to get familiar with the system, and if it works out I'll think seriously about cutting the servers over too.