For months, in secret, the Free Software Foundation, a Boston-based group that controls the licensing process for Linux and other "free" programs, has been making threats to Cisco Systems (nasdaq: CSCO - news - people ) and Broadcom (nasdaq: BRCM - news - people ) over a networking router that runs the Linux operating system.
First thing I spotted, but this farrago of FUD is loaded with inaccuracies (like, claiming the code is embedded in a Broadcom chip, and claiming the SCO suit and the FSF's attempts to get Linksys to clean up their shop are equivalent).
There has been no secret about the pressure that's been put on Linksys to divulge their code!
And, the reason Cisco is pissed off is not that the FSF is going to make them reveal source for a product from their recent acquisition (linksys) but because the idiots at Linksys have apparently lost the source code so they couldn't post it if they wanted to!
The code I wrote to gather data from static-testing solid fuel rocket motors is still running strong today, on a PDP-11/34 with 1MB RAM and RL02 20 MB removable hard drives. It's all custom code over RSX-11m, a very reliable OS with excellent real-time capabilities. Just down the road from it is a PDP-11/24 based thrust vector controller, too.
I also know of an Apple ][ that's still in daily use to run a pneumatic controller in a robotic apatosaurus. Natural history museums don't have a lot of money to replace systems that still work.
Personally, I'm running a 400 Mhz P2 in an original PC case (not an XT, a PC, model A) and my main linux server is in a Honeywell DPS6 case (which I have gutted, no more 11" hard drives in there). I have an old VAX too, but I don't ever bother to boot it up any more so it doesn't count.
My impression of Linux/Unix systems has always been that each host has it's own set of user accounts and if I have 3 hosts it means that I have to maintain 3 sets of passwords. With NT4/Win2000, my servers share a common userspace so that you only have to maintain a single user account. Is there something under Linux/Unix that does this?
Yes. There are actually lots of ways to do this, some obsolete, some not-ready-for-prime-time, and some that are just stupid and ill-conceived.
Microsoft's methods fell into the last category until recently, when they copied the Kerberos system (originally unix/linux) and added incompatibility "features".
Given the current state of affairs, you want samba+OpenLDAP+SASL+Kerberos. You should be warned that while Samba is extremely easy to set up and administer - far less work than the MS boxes it replaces - OpenLDAP has only recently reached corporate-level stability and the documentation is still spotty. Kerberos is reasonably mature but not at all easy to set up, and SASL is a bit of a nightmare.
If your skillz are not strong enough for SASL/Kerberos, just do the OpenLDAP/Samba thing and you'll get a system at least as flexible and manageable as Windows Networking, and a bit more reliable. If your skillz are very weak, just do samba and run your central user authentication hosts on Windows or Novell.
How easy is it to drop a Samba server into an existing Win2000 network?
Very. People do it all the time.
Our Novell 5 server is starting to show it's age (file/printing only) and I'm starting to wonder whether to move to a later version of Novell, switch to Linux/Samba, use a NAS device, or just load up another Win2000 server.
*nixes have a nasty learning curve, it's a bit worse than Windows. On the other hand if you truly understand NDS you can pick up OpenLDAP's conceptual model quite easily, and if you really grok Win2K networking samba's a snap by comparison.
My car has over 56 independent nodes running on three separate LAN protocols in a star topology centered on a multi-protocol gateway. Runs great, extremely reliable.
Delaware is a "business-friendly" state. Fiscally conservative, socially liberal, with low taxes for large corporations, low filing fees to license corporations, and best of all the Delaware Chancery Court.
The Chancery handles cases like this, and while in most states corporate lawsuits can drag on for years (if not decades) the Chancery is organized and motivated to resolve the issues in the absolute minimum amount of time. Businesses, especially banks and insurance companies for whom time really is money, love that.
So it's good that this is being resolved in Delaware, because it will be quick (by corporate legal standards, that is). It's bad in that the Chancery will not necessarily be morally outraged by SCO's shenanigans, because they probably see old-school stock-market profiteering (which is what this is really all about) as a very minor sin, not something worth getting all upset about.
I'd be suprised if Red Hat is not a Delaware corporation. Most US businesses are.
But the quote's attributed to Ma Ferguson; when she vetoed the use of Spanish in the Texas school system she is said to have waved her Bible and said something along the lines of "If the King's English was good enough for Jesus it's good enough for the children of Texas!" It gets phrased differently depending on who is telling the story.
You pay for Reiserfs's journalling, more efficient use of disk, and ability to represent more complex structures with CPU time.
You pay for the stability, recoverability and backwards compatibility of ext3 with speed of access.
The corporate-ported filesystems (XFS and JFS, which were developed by IBM and SGI using untold googols of man-hours and investment) have better raw performance figures than the relatively newly created, volunteer-funded filesystems.
And ext2 still works just fine, is very easy to set up, and is reasonably fast due to its' lack of journalling or space optimization.
It's nice to see the commonly accepted viewpoint confirmed with numbers, but none of this seems very suprising. Use the fs that is appropriate to your particular needs and philosophy, they all have their place.
Right, all Bush did was spend more money. Unless you count the destruction of the Taliban, crippling of al Qaeda, and liberation of the Afhan people, but why bother with details?
Oy veh.
The Taliban still exists.
Al Quaeda is still active.
The Afghan people would rather not be "liberated" into the arms of Gulbuddin Hekmatyar and the Northern Alliance of despotic criminals.
Oh, and Osama is very probably in many thousands of pieces at Tora Bora
That would be nice. Don't bet the farm on it.
That's just funny, considering this sub-thread started with yet another whine about the 2000 election.
Well, Taco says if you can't be insightful be amusing. And I too am tired of the whining about the 2000 election; the shrub stole it fair and square as far as I'm concerned. Besides, the Gorebot couldn't have beaten Bozo the Clown with his campaign strategies.
Sorry to burst your little persecution complex, but I don't give a rat's ass about Clinton. I pointed out the three major causes of the recession (which we're recovering from nicely; I know how that must disappoint you), and exactly zero of them are due to Bush's actions in office.
Three causes - Clinton, Clinton, Clinton.
I don't feel persecuted and disappointed, but I guess I can take your word on it. Oh well, at least I have a job, which is tough in the shrub economy. Talk to any of those Timken Bearing employees lately?
I am also very amused by the way we've been "recovering nicely" from this "recession" ever since Bush got in office. I read about it every day in the "liberal" media!
They developed time travel and went back to 1996, where they assumed top positions at Enron and Worldcom, deliberately inflated the stock market bubble, and convinced Clinton not to do anything about Osama.
Um, hate to break this to you, but many of the people who were in "top positions at Enron and Worldcom" in the 90s are in top positions at the White House today.
Look it up. Assuming you are one of the few Clinton-obsessed shrub apologists who can read.
And incidentally, I seem to remember Clinton firing cruise missiles at Osama. "Conservatives" in the media and government lambasted him for it, too - even though he got just as close to knocking the pious bastard off as George Bush ever did, and spent a hell of a lot less taxpayer dollars to do it!
Are you sure it wasn't Rush Limbaugh who invented that time machine? The right wing needs to get past this whole Clinton thing, I mean, it really makes them look like a bunch of chumps. The rest of us are ready to move on.
While I agree with much of what you've said, I have to disagree that "there WAS advance notice".
If you shout your plans into a hole in the ground, that does not comprise advance notice. And since Verisign clearly can't tell assholes from holes in the ground, telling ICANN is... oh never mind.
I have been a DNS admin for well over a decade (I have a 3-character NIC handle) and they sure as hell didn't send me any advance notice!
It's always been a major pain in the tuchux to have to key down some new-to-you flora or fauna that you've happened upon.
If the organism is previously undiscovered, or out of its normal range, you're going to spend ludicrous amounts of time poring through dusty tomes, because you will look in local guides first, then gradually move up to the really comprehensive stuff only found in research institutes and specialist libraries.
But one of my co-workers found a Black Witch Butterfly in the parking lot the other day, about 3000 miles outside its normal range (previously unknown in this area) and I keyed it down in about five minutes using the Internet.
It sure sounds like you are saying monoculture is not a bad thing!
Chant the mantra with me now: "Diversity enhances Survivability". Repeat until you reach inner peace.
All exploitable bugs start life as undetected exploitable bugs. Patching does not fix bugs which are not detected by the patcher. The Bad Guys (TM) are not motivated to disclose all exploitable bugs to the patcher. Therefore, there are going to be (at some point in time) exploits for bugs without patches.
In a high-bandwidth software monoculture (such as exists in many if not most large corporations) this is a recipe for disaster. Google for blaster and nachia/welchia if you don't believe me!
Software (particularly OS) diversity is the ONLY "real solution", as you put it, to this problem. The really hard-core high-availability guys are now implementing dual-OS redundant systems; a Win2K box that takes over from a linux machine or an Tru64 box that can substitute itself for a Sun system.
Scott Adams says you should even encourage users to get whatever system they find most useful for their desktop, so that macs, linux, BSD, Windows, BEOS, etc. are all represented on the corporate network. It seems to me that would only work in low-turnover knowledge-worker type environments, though; otherwise the support burden would probably outweigh the productivity and survivability increases.
Obviously, you should patch. But that's a reactive rather than an active solution, and it's not a remedy for the fabled zero-day exploit anyway.
It's just a clever ploy to reduce the bandwidth bills on the Badtz Maru.
Requires zero desk space...
on
The "Spider Case"
·
· Score: 2, Interesting
...if you hang it from the ceiling, or stick it on a wall.
Seriously, who the hell would put a case like this on their desk? It's room art, there's a certain compromise of normal function required by abnormal form.
If you gave your OpenSSH version number, and the distribution you are running it on, and whether you installed from distro packages or built from source, I could answer your question accurately.
Without that, I'd offer this usually correct advice: The default config file is supposed to be built with the default configuration, only commented out. So, when you see #UsePAM yes in your configuration, you can be fairly sure that PAM is in fact enabled. Further, if you have a PAMified distribution such as HP-UX, Red Hat Linux, or Solaris (which is a wonderful thing, incidentally, PAM is *great*) you can't disable PAM without breaking your system.
In short; if you are PAMified, you need PAM enabled. If you are not, you shouldn't have it enabled. It's not a trivial thing that you switch on and off on a whim.
You're immune to one part of it. You're not immune to the rest.
Why are you assuming I'm running windows? Why are you assuming I let random code claw its way out of my firewalls? Why do you think I allow open smb shares to exist in my vicinity?
But you are right, I was rude, because I felt the FUD factor of the original post warranted it.
And incidentally, you should specify which sobig you are talking about. The next one's due out rather soon, and we don't know what it will do yet.
You're still requiring a co-operative node outside the restrictions of your ISP. Using UUCP to communicate between that node and your cable node is just one way to do it.
I'm not trying to say you shouldn't use UUCP, use whatever you want. I'm saying UUCP is no longer an indispensible part of a *nix system, because it does not perform any tasks that can't be accomplished in other ways.
Using almost any standard linux distribution, you could probably come up with a dozen ways to do what you need - having an external friendly node makes the whole problem fairly trivial. Solving the same problem without any external assistance, now that'd be a tricky thing.
Slashdot Mirror
Yow, I see your point. Thanks for the link!
I'd say this guy has a personal beef with the Free Software community. Did RMS pee in his wheaties or something?
There has been no secret about the pressure that's been put on Linksys to divulge their code!
And, the reason Cisco is pissed off is not that the FSF is going to make them reveal source for a product from their recent acquisition (linksys) but because the idiots at Linksys have apparently lost the source code so they couldn't post it if they wanted to!
The code I wrote to gather data from static-testing solid fuel rocket motors is still running strong today, on a PDP-11/34 with 1MB RAM and RL02 20 MB removable hard drives. It's all custom code over RSX-11m, a very reliable OS with excellent real-time capabilities. Just down the road from it is a PDP-11/24 based thrust vector controller, too.
I also know of an Apple ][ that's still in daily use to run a pneumatic controller in a robotic apatosaurus. Natural history museums don't have a lot of money to replace systems that still work.
Personally, I'm running a 400 Mhz P2 in an original PC case (not an XT, a PC, model A) and my main linux server is in a Honeywell DPS6 case (which I have gutted, no more 11" hard drives in there). I have an old VAX too, but I don't ever bother to boot it up any more so it doesn't count.
Ignorant IT staff?
We here on the IT staff are exceptionally bright and well-informed. And don't you forget it!
What is a mac, anyway?
Samba 3 is a very different beast from 2.2, your remark is equivalent to basing an opinion of Windows 2K on your experiences with DOS 5.0.
The numbers are in the dead-tree edition, I'm told. I don't know if they actually show any real information, because I haven't seen them.
Samba had a 2x speed advantage over Windows NT 3.51 when that was the current MS offering, though, so I don't find this completely unbelievable.
Microsoft's methods fell into the last category until recently, when they copied the Kerberos system (originally unix/linux) and added incompatibility "features".
Given the current state of affairs, you want samba+OpenLDAP+SASL+Kerberos. You should be warned that while Samba is extremely easy to set up and administer - far less work than the MS boxes it replaces - OpenLDAP has only recently reached corporate-level stability and the documentation is still spotty. Kerberos is reasonably mature but not at all easy to set up, and SASL is a bit of a nightmare.
If your skillz are not strong enough for SASL/Kerberos, just do the OpenLDAP/Samba thing and you'll get a system at least as flexible and manageable as Windows Networking, and a bit more reliable. If your skillz are very weak, just do samba and run your central user authentication hosts on Windows or Novell.
Very. People do it all the time.
*nixes have a nasty learning curve, it's a bit worse than Windows. On the other hand if you truly understand NDS you can pick up OpenLDAP's conceptual model quite easily, and if you really grok Win2K networking samba's a snap by comparison.
My car has over 56 independent nodes running on three separate LAN protocols in a star topology centered on a multi-protocol gateway. Runs great, extremely reliable.
Well, it's kind of a mixed bag.
Delaware is a "business-friendly" state. Fiscally conservative, socially liberal, with low taxes for large corporations, low filing fees to license corporations, and best of all the Delaware Chancery Court.
The Chancery handles cases like this, and while in most states corporate lawsuits can drag on for years (if not decades) the Chancery is organized and motivated to resolve the issues in the absolute minimum amount of time. Businesses, especially banks and insurance companies for whom time really is money, love that.
So it's good that this is being resolved in Delaware, because it will be quick (by corporate legal standards, that is). It's bad in that the Chancery will not necessarily be morally outraged by SCO's shenanigans, because they probably see old-school stock-market profiteering (which is what this is really all about) as a very minor sin, not something worth getting all upset about.
I'd be suprised if Red Hat is not a Delaware corporation. Most US businesses are.
I got an email this morning from a hospital employee... and on the bottom was the infamous "hotbar" plug.
Hospitals are subject to the Health Insurance Portability and Accountability Act which makes any use of spyware toolbars (such as hotbar or yahoo etc.) on systems that may be used to access private medical records illegal.
RPM tracks dependencies, which is the main reason to use it.
It is a user-hostile, old-skool *nix horror, but it's a hell of an improvement on HP-UX's dreaded "depot" system.
And possibly Greek or Latin, too.
But the quote's attributed to Ma Ferguson; when she vetoed the use of Spanish in the Texas school system she is said to have waved her Bible and said something along the lines of "If the King's English was good enough for Jesus it's good enough for the children of Texas!" It gets phrased differently depending on who is telling the story.
So, as I read it:
You pay for Reiserfs's journalling, more efficient use of disk, and ability to represent more complex structures with CPU time.
You pay for the stability, recoverability and backwards compatibility of ext3 with speed of access.
The corporate-ported filesystems (XFS and JFS, which were developed by IBM and SGI using untold googols of man-hours and investment) have better raw performance figures than the relatively newly created, volunteer-funded filesystems.
And ext2 still works just fine, is very easy to set up, and is reasonably fast due to its' lack of journalling or space optimization.
It's nice to see the commonly accepted viewpoint confirmed with numbers, but none of this seems very suprising. Use the fs that is appropriate to your particular needs and philosophy, they all have their place.
Your sig is a paraphrase of one of Ma Ferguson's famous quotes.
"If English was good enough for Jesus it's good enough for us." -- Miriam Amanda Wallace Ferguson (1875-1961), first woman governor of Texas.
The Taliban still exists.
Al Quaeda is still active.
The Afghan people would rather not be "liberated" into the arms of Gulbuddin Hekmatyar and the Northern Alliance of despotic criminals.
That would be nice. Don't bet the farm on it.
Well, Taco says if you can't be insightful be amusing. And I too am tired of the whining about the 2000 election; the shrub stole it fair and square as far as I'm concerned. Besides, the Gorebot couldn't have beaten Bozo the Clown with his campaign strategies.
Three causes - Clinton, Clinton, Clinton.
I don't feel persecuted and disappointed, but I guess I can take your word on it. Oh well, at least I have a job, which is tough in the shrub economy. Talk to any of those Timken Bearing employees lately?
I am also very amused by the way we've been "recovering nicely" from this "recession" ever since Bush got in office. I read about it every day in the "liberal" media!
You guys bag me up....
Look it up. Assuming you are one of the few Clinton-obsessed shrub apologists who can read.
And incidentally, I seem to remember Clinton firing cruise missiles at Osama. "Conservatives" in the media and government lambasted him for it, too - even though he got just as close to knocking the pious bastard off as George Bush ever did, and spent a hell of a lot less taxpayer dollars to do it!
Are you sure it wasn't Rush Limbaugh who invented that time machine? The right wing needs to get past this whole Clinton thing, I mean, it really makes them look like a bunch of chumps. The rest of us are ready to move on.
While I agree with much of what you've said, I have to disagree that "there WAS advance notice".
If you shout your plans into a hole in the ground, that does not comprise advance notice. And since Verisign clearly can't tell assholes from holes in the ground, telling ICANN is... oh never mind.
I have been a DNS admin for well over a decade (I have a 3-character NIC handle) and they sure as hell didn't send me any advance notice!
It's always been a major pain in the tuchux to have to key down some new-to-you flora or fauna that you've happened upon.
If the organism is previously undiscovered, or out of its normal range, you're going to spend ludicrous amounts of time poring through dusty tomes, because you will look in local guides first, then gradually move up to the really comprehensive stuff only found in research institutes and specialist libraries.
But one of my co-workers found a Black Witch Butterfly in the parking lot the other day, about 3000 miles outside its normal range (previously unknown in this area) and I keyed it down in about five minutes using the Internet.
Huh?
It sure sounds like you are saying monoculture is not a bad thing!
Chant the mantra with me now: "Diversity enhances Survivability". Repeat until you reach inner peace.
All exploitable bugs start life as undetected exploitable bugs. Patching does not fix bugs which are not detected by the patcher. The Bad Guys (TM) are not motivated to disclose all exploitable bugs to the patcher. Therefore, there are going to be (at some point in time) exploits for bugs without patches.
In a high-bandwidth software monoculture (such as exists in many if not most large corporations) this is a recipe for disaster. Google for blaster and nachia/welchia if you don't believe me!
Software (particularly OS) diversity is the ONLY "real solution", as you put it, to this problem. The really hard-core high-availability guys are now implementing dual-OS redundant systems; a Win2K box that takes over from a linux machine or an Tru64 box that can substitute itself for a Sun system.
Scott Adams says you should even encourage users to get whatever system they find most useful for their desktop, so that macs, linux, BSD, Windows, BEOS, etc. are all represented on the corporate network. It seems to me that would only work in low-turnover knowledge-worker type environments, though; otherwise the support burden would probably outweigh the productivity and survivability increases.
Obviously, you should patch. But that's a reactive rather than an active solution, and it's not a remedy for the fabled zero-day exploit anyway.
It's just a clever ploy to reduce the bandwidth bills on the Badtz Maru.
...if you hang it from the ceiling, or stick it on a wall.
Seriously, who the hell would put a case like this on their desk? It's room art, there's a certain compromise of normal function required by abnormal form.
If you gave your OpenSSH version number, and the distribution you are running it on, and whether you installed from distro packages or built from source, I could answer your question accurately.
Without that, I'd offer this usually correct advice: The default config file is supposed to be built with the default configuration, only commented out. So, when you see
#UsePAM yes
in your configuration, you can be fairly sure that PAM is in fact enabled.
Further, if you have a PAMified distribution such as HP-UX, Red Hat Linux, or Solaris (which is a wonderful thing, incidentally, PAM is *great*) you can't disable PAM without breaking your system.
In short; if you are PAMified, you need PAM enabled. If you are not, you shouldn't have it enabled. It's not a trivial thing that you switch on and off on a whim.
Are you trolling or incredibly uninformed?
Last I checked, Alan Cox, Havoc Pennington and Erik Troan are all Red Hat coders...
But you are right, I was rude, because I felt the FUD factor of the original post warranted it.
And incidentally, you should specify which sobig you are talking about. The next one's due out rather soon, and we don't know what it will do yet.
Perhaps it will even infect smug rude people!
Sobig exploits the known location of the Outlook address book, and uses that as a source of addresses for both target and false-source.
I am in fact immune to sobig, because I don't run Outlook, and therefore have no Outlook address book.
So, you are fundamentally incorrect and should not be modded INSIGHTFUL. Moderators take note.
Your link makes the same mistake. It doesn't call people bigots, though.
Do the experiment for real next time instead of constructing a faulty simulation.
You're still requiring a co-operative node outside the restrictions of your ISP. Using UUCP to communicate between that node and your cable node is just one way to do it.
I'm not trying to say you shouldn't use UUCP, use whatever you want. I'm saying UUCP is no longer an indispensible part of a *nix system, because it does not perform any tasks that can't be accomplished in other ways.
Using almost any standard linux distribution, you could probably come up with a dozen ways to do what you need - having an external friendly node makes the whole problem fairly trivial. Solving the same problem without any external assistance, now that'd be a tricky thing.