This isn't insightful at all. A non-administered OpenBSD box has the functionality of a paper weight. Shit, using your logic, I bet a non-administered dos box (just io.sys, msdos.sys, and command.com) will be more secure and resistant to remote exploits than a default OpenBSD install.
As much as I agree with this...I must ask if you have ever worked in a corporate environment. In all the corporate environments I've worked in, a penny saved is a penny earned is how they operate. So, although I agree with this statement, I wouldn't be able to implement it.
I work in a large data center, we don't even have a damn server jack for loading heavy servers into the racks. It doesn't matter to them that one workers comp case would more than pay for the jack. In corporate environments, people are the commodity.
In addition the higher ups in their infinate wisdom would rather spend money to get cheaper equipment and pay me to get it to work for the next six months, than buy a solution that works as close to out the box as possible for a few thousand more. Forget that they spend a few times that on my salary that I could be doing something more productive like posting to slashdot.
1) Take existing distro (RedHat), recompile for 586 2) Join all separate patches in SRPMS into one big patch, making things hard to separate from each other. 3) Make further changes to make distro more incompatible with original distro 4) ??? 5) Profit...oh wait, I'm talking about Mandrake
As for the update system, you could always just use good ol AutoRPM. It handles dependencies and installation of RPM's quite nicely.
But every Windows user does however have WordPad, which can write to Word. You may not be able to read all word files with wordpad, but Microsoft Word should be able to read all wordpad files.
I don't know about you, but making a $75 machine into a web/mail server is not bone rocking in my book. I've been doing this for years now with Linux on older alpha's and older sparcs.
Yeah, if you want to run a beowulf of Dreamcast, but for any real work it's gotta be Linux, FreeBSD, or OpenBSD.
FreeBSD has it's optimization, OpenBSD has it's security, and Linux has the commercial support and fast evolution cycle. What's NetBSD got? It runs on my wristwatch. Well cool beans.....will a database and web farm made from wristwatches run on our enterprise network? No. Well then who gives a shit!
That's going to be fun dealing with after RedHat drops support for 7.3. Suddenly no more updates, and it's either go to RH 10 or run an insecure box. I personally would either opt out for the RH Enterprise products or stick with good ol' Debian and/or FreeBSD.
If keeping your boxes secure is important to you. Remember, even if you decided to roll your own updates, you wouldn't be able to get the cert advisories and what not before the fixes were released by vendors anyways, most of the time.
Just so you know, I started this whole thing out with LOL because you put yourself in such a rediculous spot, by choice. I'm in the exact same spot, but not by choice.
Ah, you mean like the RabbIT proxy. Personally I run this on my box on a t1 and use it whenever I am stuck with all but dialup.
Speeds things up so much, it's not even funny. Although it does require that you have a machine on a decent, faster than dialup connection to make it work well.
Or worse yet, how about the road warriors. Laptop users running Windows may get bit at home when using their DSL and bring it into work the next day. Makes for a pleasant surprise.
That is probably one of the worse idea's I have ever heard.
Personally if he is going to diverge from Gentoo, then the simplest setup would probably be the good ol' Qmail Toaster. It's a few src.rpm's that you simply --rebuild and voila.
Ok, how about internet games. Suddenly a host of games won't work with a firewall, and there will be people calling up bitching about how they pay for this service and it's not working!
there are plenty of free pdf software, not having anything to do with adobe. There are other proprietary software not having anything to do with pdf. PDF is not proprietary..DOC is proprietary. In fact, do you have any idea what pdf stands for?
Portable Document Format
Mac & Linux are both able to print directly to pdf, and the software is included. Normally you gotta pay for Win to have the same feature.
Tech Support Rep> Hi this is blahISP.com, how can I help you? Ex-AOL'er> Hi, I was modifying my firewall rules on the web site and now I can't go anywhere. TSR> Sir, what have you blocked? EA'er> Everything, I'm security concious TSR> *Smacks Head*, you know....you're the thirty'th person to call with this problem.......
See the problem? I can see this as continuing overhead!
How bout instead of filtering at the isp level, isp's start distributing their installation crapware (excuse me, software) with a software firewall that blocks all incoming data that wasn't asked for, like NAT does.
This will ensure that most regular end-users install it without asking questions and get the protection they can't provide for themselves, and more technically competent users typically don't bother insalling that shit anyways, so they would have no restrictions. This sounds like a great middle ground.
Only problem would be supporting this app when it comes to things like pcANY incoming, Online Games, and things of that nature.
Slashdot Mirror
This isn't insightful at all. A non-administered OpenBSD box has the functionality of a paper weight. Shit, using your logic, I bet a non-administered dos box (just io.sys, msdos.sys, and command.com) will be more secure and resistant to remote exploits than a default OpenBSD install.
Off the top of me head, I know of Knoppix, Morphix, Damn Small Linux, and Puppy Linux.
There are a few others, but I don't remember them off the top of my head.
As much as I agree with this...I must ask if you have ever worked in a corporate environment. In all the corporate environments I've worked in, a penny saved is a penny earned is how they operate. So, although I agree with this statement, I wouldn't be able to implement it.
I work in a large data center, we don't even have a damn server jack for loading heavy servers into the racks. It doesn't matter to them that one workers comp case would more than pay for the jack. In corporate environments, people are the commodity.
In addition the higher ups in their infinate wisdom would rather spend money to get cheaper equipment and pay me to get it to work for the next six months, than buy a solution that works as close to out the box as possible for a few thousand more. Forget that they spend a few times that on my salary that I could be doing something more productive like posting to slashdot.
Ok, the Mozilla nitpick was a bit lame. Regardless of who is the maintainer of the code it was still open source from Netscape.
SGI released XFS for the Linux kernel, and if someone else picked up the project it would still be Open Source by SGI!
Yeah, they're real good samaritans...
1) Take existing distro (RedHat), recompile for 586
2) Join all separate patches in SRPMS into one big patch, making things hard to separate from each other.
3) Make further changes to make distro more incompatible with original distro
4) ???
5) Profit...oh wait, I'm talking about Mandrake
As for the update system, you could always just use good ol AutoRPM. It handles dependencies and installation of RPM's quite nicely.
But every Windows user does however have WordPad, which can write to Word. You may not be able to read all word files with wordpad, but Microsoft Word should be able to read all wordpad files.
The whole point of an antitrust trail is in cases where there is no competition!
I wish I could have an e-mail addy @microsoft-antitrust.gov, that's a sweet domain. I bet they could fund the fight by selling off e-mail forwards.
I don't know about you, but making a $75 machine into a web/mail server is not bone rocking in my book. I've been doing this for years now with Linux on older alpha's and older sparcs.
Thats if you are being compliant with standards, but not everyone follows the standards on the internet.
I wonder if postmaster@usps.com is the mail administrator of usps.com or the actual postmaster
Yeah, if you want to run a beowulf of Dreamcast, but for any real work it's gotta be Linux, FreeBSD, or OpenBSD.
FreeBSD has it's optimization, OpenBSD has it's security, and Linux has the commercial support and fast evolution cycle. What's NetBSD got? It runs on my wristwatch. Well cool beans.....will a database and web farm made from wristwatches run on our enterprise network? No. Well then who gives a shit!
LOL!
That's going to be fun dealing with after RedHat drops support for 7.3. Suddenly no more updates, and it's either go to RH 10 or run an insecure box. I personally would either opt out for the RH Enterprise products or stick with good ol' Debian and/or FreeBSD.
If keeping your boxes secure is important to you. Remember, even if you decided to roll your own updates, you wouldn't be able to get the cert advisories and what not before the fixes were released by vendors anyways, most of the time.
Just so you know, I started this whole thing out with LOL because you put yourself in such a rediculous spot, by choice. I'm in the exact same spot, but not by choice.
Ah, you mean like the RabbIT proxy. Personally I run this on my box on a t1 and use it whenever I am stuck with all but dialup.
Speeds things up so much, it's not even funny. Although it does require that you have a machine on a decent, faster than dialup connection to make it work well.
Actually in all the enterprises I have worked in, it was a lot simpler than that.
1) Test Update
2) Approve Update on SUS
3) ???
4) Profit
Or worse yet, how about the road warriors. Laptop users running Windows may get bit at home when using their DSL and bring it into work the next day. Makes for a pleasant surprise.
That is probably one of the worse idea's I have ever heard.
Personally if he is going to diverge from Gentoo, then the simplest setup would probably be the good ol' Qmail Toaster. It's a few src.rpm's that you simply --rebuild and voila.
Actually, not to nitpick but it's UW-IMAP, as in University of Washington, the makers of pico.
WU == Washington University, as in the makers of the dangerously buggy ftp server. I'd never use code from that place to run as root personally.......
Damn, forgot to preview...sorry. Here's what I really meant to say.
/etc/group
/etc/sudoers
.bashrc for sysadmin's /bin/su"
/etc/shadow
root:*:12286:0:99999:7:::
root:x:0:root,me,him,othersysadmin
%root ALL=(ALL) ALL
and last
alias su="/usr/bin/sudo -u root
Ok how about this! /etc/shadow /etc/group /etc/sudoers
.bashrc for sysadmin's /bin/su"
root:*:12286:0:99999:7:::
root:x:0:root,me,him,othersysadmin
%root ALL=(ALL) ALL
and last
alias su="/usr/bin/sudo -u root
Only drawback is that everyones own password will be the same as a root password, thus they should be guarded as such.
I resent that remark!
My way of stifling innovation has nothing to do with wheels....
Ok, how about internet games. Suddenly a host of games won't work with a firewall, and there will be people calling up bitching about how they pay for this service and it's not working!
Personally I think Macromedia is the devil incarnate!!!
I'd be happier both without Flash and those damn Cold Fusion servers.
there are plenty of free pdf software, not having anything to do with adobe. There are other proprietary software not having anything to do with pdf. PDF is not proprietary. .DOC is proprietary. In fact, do you have any idea what pdf stands for?
Portable
Document
Format
Mac & Linux are both able to print directly to pdf, and the software is included. Normally you gotta pay for Win to have the same feature.
yeah no continuing administrative overhead.....
Tech Support Rep> Hi this is blahISP.com, how can I help you?
Ex-AOL'er> Hi, I was modifying my firewall rules on the web site and now I can't go anywhere.
TSR> Sir, what have you blocked?
EA'er> Everything, I'm security concious
TSR> *Smacks Head*, you know....you're the thirty'th person to call with this problem.......
See the problem? I can see this as continuing overhead!
Maybe we're looking at the problem all wrong!
How bout instead of filtering at the isp level, isp's start distributing their installation crapware (excuse me, software) with a software firewall that blocks all incoming data that wasn't asked for, like NAT does.
This will ensure that most regular end-users install it without asking questions and get the protection they can't provide for themselves, and more technically competent users typically don't bother insalling that shit anyways, so they would have no restrictions. This sounds like a great middle ground.
Only problem would be supporting this app when it comes to things like pcANY incoming, Online Games, and things of that nature.