Did you stop reading after that? Perhaps you didn't get so far as to read the fact that my cluster runs in full 64 bit using Rocksclusters.Org, a rebuilt Enterprise Linux. All from source, all Free, all 64 Bit.
It's the perfect way to not only test drive RedHat Enterprise, but build a cluster in record time.
I had no issues installing RedHat 8.0 on the Dual Opteron in 32 bit. In addition, Rocksclusters.org's rebuilt 64 bit Red Hat Enterprise Linux works like a champ on that hardware with the dual scsi. I am running it on a cluster of 160 identical nodes.
I am not a lawyer, but I will try to answer this in that I have spoken with Red Hat directly before regarding most of this stuff.
Now that RedHat no longer offers a free desktop version of their product, would it be possible that a Linux-running site could be sued by RedHat for illegally running a 'pirated' copy of Red Hat Advanced Server?
Only if you actually purchased a license do you give Red Hat permission to audit your facilities for license violations. Installing Linux is allowed by the GPL, as many times over as you would like. But you are only entitled to Red Hat services on the machine you paid for. IE NO UPDATES/BUG FIXES.
Would this be any different to Microsoft calling in the BSA to investigate a site running unlicensed copies of Windows?
Not really, you can always get Red Hat workalikes built from the source code available to us all. For Free! White box Linux Tao Linux CentOS Just to name a few.
What if the RedHat site was running a hybrid type of installation, with portions of the distro taken from the unlicensed 'illegally obtained' version of RHAS, but others, such as package management (apt-get, for example), taken from the free GNU/Debian distro?
Depends on whether the machine is licensed or not. I assume a jacked up installation (debian packages on rh system) would void any warranty or compatability assurances that come with Red Hat.
Mandrake clustering is not all that great, and their sales and support team are both sub standard.
I tried to e-mail as an initial form of contact, and the e-mail was rejected because they have TLS enabled but no cert. Confidence in servers, at least mail, waning. Later I tried phone, which is just a voicemail box in Pasadena, confidence in reaching a live person also waning. After repeated attempts I was never able to get anything from them in terms of pricing for any of their products. No wonder they are dying.
Regardless, this thread was a response to a user who wanted to run web and e-mail services. Not from Mandrake Move but the standard Mandrake. Either way, I wouldn't trust my servers to updates/patches provided by a comany that can't fucking run it's own mail server.
I would recommend not using a Desktop oriented OS such as Mandrake as a server OS. Your best bet, if price is an issue, would be to use White Box Linux (Free Built from Src Red Hat Enterprise) or pay for a subscription from progeny for your existing install.
However, like most flash ram, it can probably only take 10K writes on each sector. Might not sound like a lot, but for $1,500 it doesn't sound like a good deal.
You'd be surprised how fast that can wear down, especially if it has a dumb filesystem (fat).
Depends on what the "web server" is; it might be expensive SQL stuff, for example.
Funny I was thought the same thing, but that wasn't in the post at all. My original post was mostly about how weird of a question, if it even is a question, this posting was.
10-30 concurrent users I interpret as meaning 10-30 requests per second.
I don't. Most browsers by default have 4 connections to a server, and 30 users would have 120 requests per second max. Now at most only 30 would be dynamic requests, unless the pictures are generated dynamically.
To put it in perspective: 10 req/s is 864,000 req/day. 30 req/s is 2,592,000 req/day. If every page in your system is 30 KB in size, then 10 req/s is equivalent to a constant bandwidth usage of 300 KB/s.
He said users 10-30 users not requests, stop changing the posts meaning. 10 - 30 users on any site is nothing. Think those ten users hit refresh every goddamn second of their lives to fill 300 KB/sec of bandwidth?
What is it exactly that you are asking? Is there a feature you need that these don't provide? Would you like us to write a config file for you?
Please be specific enough for knowledgeable users to know what you are asking.
I read this ask slashdot as 'I need to do x, found y and z that does x.' Also if you're only going to have 10-30 users, why bother doing a reverse cache? If your web server can't handle 10-30 users, a cache isn't going to help much.
Just because you can change the firmware out and replace it with a custom built image does not make it any less of a black box.
In addition making your own kernel/etc. has the distinct disadvantage of losing access to the 802.11g wireless card because there are currently no available linux drivers. So no matter what, even building your own kernel, etc would still leave you with a bit of black box'ed-ness which is what I was trying to say.
Besides this guy doesn't seem to know the differences between all these routers, and wants to get it for his parent's and your solution is to do it yourself. That's just bad advice.
Reality check, the dot com bust, H1B visa influx, mass outsourcing and overall failure of the tech industray has resulted in many highly skilled, educated, certified and talented people having to take jobs outside of the field.
Are we talking about the same industry here? In most of the place I worked at, there were a good half dozen MCSE 2000 Losers that didn't know jack shit about Active Directory, Networking, or anything else covered on those god damn test.
The problem is NOT the abundance of "highly skilled, educated, certified and talented people", but more the paper factor. All these certified people who have no idea what they are doing have, with their incompetence, have filled all the jobs that would otherwise be taken by people who know what they are doing.
I would still consider that a black box because the sources that they have released are not sufficient to build a working kernel.
In addition, we do not know the quality of the 801.11g driver it comes with because the source has not been released. There are many layers to the security onion, and simply knowing it runs Linux doesn't tell us much.
Was it hardened? What iptables rules does it have? Where is the driver for the wireless card? Has the tcp/ip stack been modified? Why was the dev series kernel used instead of the stable series? What modules are enabled/disabled?
How about because usb keys are a basically a useless *JOKE* that are hyped mostly by brain-dead gamers like *YOU*.
Actually I am a Sysadmin for a Fortune 500 company. I don't own any gaming systems and would hardly call myself a gamer, much less a brain dead. In addition USB keys are very useful. Booting puppy linux, and doing maintenance on a downed Linux box, storing files too small to waste a cd on but too large for a floppy, etc.
Let's see. I'm going to carry all my critical/vital data in my pocket on a keychain?!? I don't *THINK* so. And not let's get into the *STUPID* design of these things.
Who says I carry anything critical/vital or otherwise. Flashing bios' or re-creating a recovery Linux is as simple as dd if=puppy.img of=/dev/sda1. Hell I even keep mine in read-only mode and in a place where I know exactly where to get to them.
They really are only pratical if you have a machine that has usb ports in the *FRONT* of the case that the key will actually *FIT* into. If not you're going to be dragging a usb extention cord around with you. Sort of defeats the purpose of the damn thing doesn't it?
Actually mine are the kingstons that come with small half-foot extensions. And yes, I use them all the time.
But if a packet should arrive on the external interface with a target IP address on the internal network, then NAT doesn't kick in and if the router is acting as a router (IOW it routes packets from interface to interface), then only a firewall will stop the incoming packet.
NAT tables have source and destination information. If a packet passes through the router, then it is because it matches the source, has the right destination and has passed the tcp/ip handshake. Spoofing a packet that would get past NAT would be damn near improbable (but not impossible). So the firewalling is due to the NAT.
What you are confused about is 1:1 NAT and Port based NAT. On 1:1 NAT you would also need a firewall, however on Port based Natting, the rules are different.
The number of computers that actually support booting from a bootable USB key is *vanishingly* small compared to the number of "legacy" PCs that DON'T.
Who gives a shit, this is for MY COMPUTER, and it works for ME. In addition the newer machines that do not have floppies, would probably have the ability to boot off of usb. Machines that can't boot off of USB, I use bootdisk.com and flash in DOS. For the machines I work on, USB is just easier.
WPA isn't all that great either. But you are right, WPA is better than WEP.
Wireless is never going to be all that secure, so long as it is transmitted in the airwaves, someone will be able to pick it up. The best line of defense is knowing this and changing your habits accordingly. I always use encryption at the protocol level, when there is important data whizzing by.
imaps, instead of imap pop3s, instead of pop3 ssh, instead of telnet or ftp https, instead of http
The list goes on and on. By using these protocols you are also not nearly as susceptible to man in the middle attacks.
SIDE NOTE: The latest WPA patch from Microsoft (KB826942) broke my wireless capability severly. I could no longer connect to any wireless access point that had encryption disabled, like coffee shops or T-mobile. If anyone else is having problems connecting to unsecured access points, try uninstalling this. Just passin on the knowledge...
It just happens to be a side effect of doing network address translation. Nothing comes in that isn't requested or related to connections made.
They also have a default DENY policy which means that they are all about as secure as the other. The only problem would be if they came out with a new teardrop-like exploit that crashes the tcp/ip stack of the little routers, and that wouldn't affect security internally and would probably be solved by a firmware update.
Because most are black boxes, you have to take whoever the manufacturers word for it that they have a solid tcp/ip stack that won't be susceptible to this sort of attack.
Main thing I would worry about is the speed, find out what wireless firewalls are rated as the fastest. Make sure WEP is enabled and you have Mac Address filtering. It's still not going to be nearly as secure as a cable.
If you want to be secure, get a software firewall as well (ZoneAlarm, Tiny Personal, Norton, etc.), run Spybot or Ad-Aware, run a Virus Scanner and keep your software up to date.
Slashdot Mirror
Did you stop reading after that? Perhaps you didn't get so far as to read the fact that my cluster runs in full 64 bit using Rocksclusters.Org, a rebuilt Enterprise Linux. All from source, all Free, all 64 Bit.
It's the perfect way to not only test drive RedHat Enterprise, but build a cluster in record time.
You must be retarded, or a downright troll.
I had no issues installing RedHat 8.0 on the Dual Opteron in 32 bit. In addition, Rocksclusters.org's rebuilt 64 bit Red Hat Enterprise Linux works like a champ on that hardware with the dual scsi. I am running it on a cluster of 160 identical nodes.
So what, we know he exists.
Come on people, he's not fucking BigFoot or anything. How in the hell is this News For Nerds?
What's next, Linus sighted at public rest room...it has been confirmed that his shit does NOT stink....
I am not a lawyer, but I will try to answer this in that I have spoken with Red Hat directly before regarding most of this stuff.
Now that RedHat no longer offers a free desktop version of their product, would it be possible that a Linux-running site could be sued by RedHat for illegally running a 'pirated' copy of Red Hat Advanced Server?
Only if you actually purchased a license do you give Red Hat permission to audit your facilities for license violations. Installing Linux is allowed by the GPL, as many times over as you would like. But you are only entitled to Red Hat services on the machine you paid for. IE NO UPDATES/BUG FIXES.
Would this be any different to Microsoft calling in the BSA to investigate a site running unlicensed copies of Windows?
Not really, you can always get Red Hat workalikes built from the source code available to us all. For Free!
White box Linux
Tao Linux
CentOS
Just to name a few.
What if the RedHat site was running a hybrid type of installation, with portions of the distro taken from the unlicensed 'illegally obtained' version of RHAS, but others, such as package management (apt-get, for example), taken from the free GNU/Debian distro?
Depends on whether the machine is licensed or not. I assume a jacked up installation (debian packages on rh system) would void any warranty or compatability assurances that come with Red Hat.
Mandrake clustering is not all that great, and their sales and support team are both sub standard.
I tried to e-mail as an initial form of contact, and the e-mail was rejected because they have TLS enabled but no cert. Confidence in servers, at least mail, waning. Later I tried phone, which is just a voicemail box in Pasadena, confidence in reaching a live person also waning. After repeated attempts I was never able to get anything from them in terms of pricing for any of their products. No wonder they are dying.
Regardless, this thread was a response to a user who wanted to run web and e-mail services. Not from Mandrake Move but the standard Mandrake. Either way, I wouldn't trust my servers to updates/patches provided by a comany that can't fucking run it's own mail server.
I would recommend not using a Desktop oriented OS such as Mandrake as a server OS. Your best bet, if price is an issue, would be to use White Box Linux (Free Built from Src Red Hat Enterprise) or pay for a subscription from progeny for your existing install.
Yeah right, the French arm of google, google.fr probably went like this:
SCO: You owe us money for Linux licenses
Google: (Wait Six Weeks) Surrenders full payment
Other people seem to have it figured out.
Go to http://bb.softbankbb.co.jp/ybb45m/ from babelfish (using Japanese to English).
You're lookin at 45 mbps down, 3 mbps up for around $40 US from Yahoo!. The same Yahoo! we got here, you know the BSD zealots favorite website.
You can use PXE and kickstart for the best of both worlds.
However, like most flash ram, it can probably only take 10K writes on each sector. Might not sound like a lot, but for $1,500 it doesn't sound like a good deal.
You'd be surprised how fast that can wear down, especially if it has a dumb filesystem (fat).
I have not tried it, however i do know that AOL pays quite a bit to embed the free (already installed on peoples machines) Internet Explorer.
I would wager that either AOL's license fee would cover Netscape ISP, or perhaps AOL would have to pay for a separate license for the entity.
Either way they are a customer of Microsoft.
Yeah Netscape sure got the short end of the stick.
It couldn't compete with Microsoft, so they released the code and spun of Mozilla.
Mozilla kicked it's ass with features, stability and useability until AOL decided it wasn't worth working on any longer.
Netscape becomes an ISP, which then uses Microsoft Internet Explorer as the default browser.
Now there's irony, the company that sued Microsoft for being too popular dies and comes back as a customer of Microsoft.
There are separate downloads for ease of installation. A lot of people had issues installing it out the box.
If your Exchange client automatically attempts to fetch the image, you prevent it from doing so with a firewall.
Yeah, all firewalls are set to block images on the web.
Depends on what the "web server" is; it might be expensive SQL stuff, for example.
Funny I was thought the same thing, but that wasn't in the post at all. My original post was mostly about how weird of a question, if it even is a question, this posting was.
10-30 concurrent users I interpret as meaning 10-30 requests per second.
I don't. Most browsers by default have 4 connections to a server, and 30 users would have 120 requests per second max. Now at most only 30 would be dynamic requests, unless the pictures are generated dynamically.
To put it in perspective: 10 req/s is 864,000 req/day. 30 req/s is 2,592,000 req/day. If every page in your system is 30 KB in size, then 10 req/s is equivalent to a constant bandwidth usage of 300 KB/s.
He said users 10-30 users not requests, stop changing the posts meaning. 10 - 30 users on any site is nothing. Think those ten users hit refresh every goddamn second of their lives to fill 300 KB/sec of bandwidth?
Both ISA Server and Squid do what you want?
What is it exactly that you are asking? Is there a feature you need that these don't provide? Would you like us to write a config file for you?
Please be specific enough for knowledgeable users to know what you are asking.
I read this ask slashdot as 'I need to do x, found y and z that does x.' Also if you're only going to have 10-30 users, why bother doing a reverse cache? If your web server can't handle 10-30 users, a cache isn't going to help much.
Just because you can change the firmware out and replace it with a custom built image does not make it any less of a black box.
In addition making your own kernel/etc. has the distinct disadvantage of losing access to the 802.11g wireless card because there are currently no available linux drivers. So no matter what, even building your own kernel, etc would still leave you with a bit of black box'ed-ness which is what I was trying to say.
Besides this guy doesn't seem to know the differences between all these routers, and wants to get it for his parent's and your solution is to do it yourself. That's just bad advice.
Reality check, the dot com bust, H1B visa influx, mass outsourcing and overall failure of the tech industray has resulted in many highly skilled, educated, certified and talented people having to take jobs outside of the field.
Are we talking about the same industry here? In most of the place I worked at, there were a good half dozen MCSE 2000 Losers that didn't know jack shit about Active Directory, Networking, or anything else covered on those god damn test.
The problem is NOT the abundance of "highly skilled, educated, certified and talented people", but more the paper factor. All these certified people who have no idea what they are doing have, with their incompetence, have filled all the jobs that would otherwise be taken by people who know what they are doing.
they'll be phb and people down to earth.
Well which is it? Will they be PHB? Or will they be down to earth? I believe those terms are mutually exclusive.
I would still consider that a black box because the sources that they have released are not sufficient to build a working kernel.
In addition, we do not know the quality of the 801.11g driver it comes with because the source has not been released. There are many layers to the security onion, and simply knowing it runs Linux doesn't tell us much.
Was it hardened? What iptables rules does it have? Where is the driver for the wireless card? Has the tcp/ip stack been modified? Why was the dev series kernel used instead of the stable series? What modules are enabled/disabled?
The list goes on....
How about because usb keys are a basically a useless *JOKE* that are hyped mostly by brain-dead gamers like *YOU*.
Actually I am a Sysadmin for a Fortune 500 company. I don't own any gaming systems and would hardly call myself a gamer, much less a brain dead. In addition USB keys are very useful. Booting puppy linux, and doing maintenance on a downed Linux box, storing files too small to waste a cd on but too large for a floppy, etc.
Let's see. I'm going to carry all my critical/vital data in my pocket on a keychain?!? I don't *THINK* so. And not let's get into the *STUPID* design of these things.
Who says I carry anything critical/vital or otherwise. Flashing bios' or re-creating a recovery Linux is as simple as dd if=puppy.img of=/dev/sda1. Hell I even keep mine in read-only mode and in a place where I know exactly where to get to them.
They really are only pratical if you have a machine that has usb ports in the *FRONT* of the case that the key will actually *FIT* into. If not you're going to be dragging a usb extention cord around with you. Sort of defeats the purpose of the damn thing doesn't it?
Actually mine are the kingstons that come with small half-foot extensions. And yes, I use them all the time.
But if a packet should arrive on the external interface with a target IP address on the internal network, then NAT doesn't kick in and if the router is acting as a router (IOW it routes packets from interface to interface), then only a firewall will stop the incoming packet.
NAT tables have source and destination information. If a packet passes through the router, then it is because it matches the source, has the right destination and has passed the tcp/ip handshake. Spoofing a packet that would get past NAT would be damn near improbable (but not impossible). So the firewalling is due to the NAT.
What you are confused about is 1:1 NAT and Port based NAT. On 1:1 NAT you would also need a firewall, however on Port based Natting, the rules are different.
The number of computers that actually support booting from a bootable USB key is *vanishingly* small compared to the number of "legacy" PCs that DON'T.
Who gives a shit, this is for MY COMPUTER, and it works for ME. In addition the newer machines that do not have floppies, would probably have the ability to boot off of usb. Machines that can't boot off of USB, I use bootdisk.com and flash in DOS. For the machines I work on, USB is just easier.
WPA isn't all that great either. But you are right, WPA is better than WEP.
Wireless is never going to be all that secure, so long as it is transmitted in the airwaves, someone will be able to pick it up. The best line of defense is knowing this and changing your habits accordingly. I always use encryption at the protocol level, when there is important data whizzing by.
imaps, instead of imap
pop3s, instead of pop3
ssh, instead of telnet or ftp
https, instead of http
The list goes on and on. By using these protocols you are also not nearly as susceptible to man in the middle attacks.
SIDE NOTE: The latest WPA patch from Microsoft (KB826942) broke my wireless capability severly. I could no longer connect to any wireless access point that had encryption disabled, like coffee shops or T-mobile. If anyone else is having problems connecting to unsecured access points, try uninstalling this. Just passin on the knowledge...
It just happens to be a side effect of doing network address translation. Nothing comes in that isn't requested or related to connections made.
They also have a default DENY policy which means that they are all about as secure as the other. The only problem would be if they came out with a new teardrop-like exploit that crashes the tcp/ip stack of the little routers, and that wouldn't affect security internally and would probably be solved by a firmware update.
Because most are black boxes, you have to take whoever the manufacturers word for it that they have a solid tcp/ip stack that won't be susceptible to this sort of attack.
Main thing I would worry about is the speed, find out what wireless firewalls are rated as the fastest. Make sure WEP is enabled and you have Mac Address filtering. It's still not going to be nearly as secure as a cable.
If you want to be secure, get a software firewall as well (ZoneAlarm, Tiny Personal, Norton, etc.), run Spybot or Ad-Aware, run a Virus Scanner and keep your software up to date.