Plus with Yahoo you can define up to 10 of your own filters, I use this feature to redirect mail to a folder called likely_junk and I haven't had a time yet where I couldn't just check all of those mails and delete them with 2 clicks. Yahoo servers also run FreeBSD (the power to serve). I've never had any issues with Yahoo, the only time their service was down was during the DDOS by Mafiaboy. The one annoying thing is that when they determine your browser to be IE, every friggin page refresh nags you to download Flash, which I can't install on this locked-down NT workstation at work, so I have to put up with the nags when Nutscrape's java engine goes south and I can't load any pages with it (happens about once a day).
OK, the person who posted this nonsense 15 times in a row is officially a knob. WRT the question posed, I agree completely, having specific ports that perform functional requests are far superior. Just look at the problems that MS had recently with providing print services over HTTP. Knowing precisely what functionality is provided via a specific port is the only way to effectively filter and block potentially malicious traffic. Nowadays it seems people want to be able to start and stop their dishwasher via HTTP/XML, it's lunacy IMHO, but then I'm very old-school. Still, I've never been cracked or infected so maybe I'm doing something right.
When I was a kid I used to be able to tell my parents when they had the television on from outside the house (as in through the windows) because I could hear the high-pitched noise. They thought it was a great party trick, they would turn the contrast right down so there was no image I could see and then ask everyone to be quiet and ask me if the television was on or off. It probably was pretty funny if you were half in the bag. Keep in mind this was the late 70's - early 80's, so the electronics weren't as advanced as nowadays, but I can still hear the high-pitched noise of the TV, but not as clearly as when I was younger. I guesst it's partly because your ears lose their sensitivity to high-frequency sound as you get older. But I hate how GDMF loud that PC's are - I'm not an Apple guy but I love the idea of a PC that doesn't need a fan, those cubes were a wicked piece of kit in my opinion. Too steep pricewise now that I have a mortgage and all or I'd have gotten one to run a PPC distro like Yellowdog.
I can't comment on MS' support, I imagine it would be pretty good for a thing like DataCenter (DC). I'd wouldn't be too surprised to find out that they will bend over backwards to give a DC customer every resource needed even at the expense of other customers with less fattened accounts. Here's a story of IBM's support. I work for a large outfit in Canada. We do A LOT of business with Big Blue, software and hardware. When we ran into troubles with IMS (an ancient d/b product that runs on OS/390 that predates DB2) they actually flew in a crit-sit team assembled from England, the US, Australia and Canadian offices that were IBM's best and brightest in this software and also really knowledgeable about the OS. Similar situation last week with me and a problem I ended up having to take care of. They didn't need to fly in a team in this situation but I had an IBM hand-holder sitting in my office calling the various software support teams directly, and I was getting so many calls and emails from IBM support teams that if I hadn't ignored some of them it would have been impeding getting the problem resolved. The problem was actually sent up to their DB2 development team at one point. You pay big bucks for the gold-plated support contract, but IBM pulls out all the stops when you get into a jam. Just thought I'd add a different perspective.
Ditto - my coworker uses an Olicom card on RH 7.1 I think. The Olicom driver is no longer in the newer kernels but he managed to build the support in and get it working on the 2.4 kernels (he's a Unix / Linux guru) and hasn't had a single problem on the network. We still have token ring and old dumb terminals in the warehouse as they are very reliable, though obsolete. Some companies (like ours) are just having trouble getting the budget to convert the old T-R stuff to eth., don't forget that some companies spent millions of $$ maybe 10 yrs ago to make their very extensive network T-R from old SNA architectures with IBM 3174 (or compatible type) controllers - you don't really want to know what a mess those things were. Sure we'd all like to be on gig-E but the bean counters always get in the way. I've found that most companies change over when the cost of support / maintenance for the T-R networks becomes higher than the cost to replace it all with ethernet. Maybe the poster (mjh) should approach it in this manner to try and get the T-R replaced.
Well, they can have fun tracking me 'cuz I'm a die-hard Lynxer... I don't often find the need to fall back Konqueror. Sometimes I'll browse using Mozilla too just to see how it's coming along, but I haven't used Netscrape or Internet Exploder in months now.
The responsible people who form the majority (but of course not all) of people who post legitimate bugs to Bugtraq do so after informing the vendor and after patches have been released by the vendor (in fact it's just happened while I'm writing this long-winded post). I also recall at least one posting submitted mid-day on a Monday rather than on a Friday when the poster had discovered it, the poster specifically said that he had not wanted to post it late in the day on a Friday as admins might not have the chance to patch their systems over the weekend.
Additionally, many of the actual exploits posted to the list by responsible people are not working code that a "script-kiddie" could cut and paste, there are deliberate mistakes in the code that other knowledgeable programmers would catch, incorrect offset values etc.
There are other posters who've made numerous attempts to contact the vendor over several months timespan only to receive no response, and finally have posted to the list. At the very least this makes others aware of the potential risk if they are using the product in question, and it might actually force the vendor to fix the problem as a bonus.
I do agree with you about MS however, many people may knock them but they seem to be pretty good with getting patches out quickly once they've been notified of a bug, and some of the posters to Bugtraq may give MS somewhat less time to come up with a patch than they might for other organizations.
I do really wish MS would concentrate on improving the security of their products however, rather than adding some new bell or whistle at the expense of security (MY security I might add). For instance, I have Win2K on one of my machines at home, I now have to download many megs of patches over a dialup account to feel my system is secure. Further, the default install of Win2K adds in many of these "features" that I surely neither wanted nor needed, such as a little webserver (started and listening by default of course).
I hate to say it, but the OpenBSD mentality of disabled by default would have really benefitted MS in the Code Red debacle. The OpenBSD documentation plainly states that there are very few services turned on by default (Sendmail and SSH daemon) and if the end-user feels they need one of the other services then they'll have to RTFM to turn it on, because at least that way THEY have made the conscious decision that it's necessary.
As a parting thought, let's consider the "recently discovered" telnetd exploit. This is a bug in code that seems to have been in use for nearly 20 years. From what I've read, it's been around since some part of the life of 4.3 BSD, which goes back as far as the 1981-1984 timeframe according to this document: http://www.UNIX-systems.org/images/chronology_big. gif. Not a single vendor found this bug, even though the original source code is widely available. Do you think that scut was the first to find the bug in those 15+ years (especially when the exploit author himself said it was very easy to spot)? How many people would have scoffed at the suggestion that there was a root-level compromise related to telnetd that affected every flavour of Unix available? The exploit code made it very difficult to dismiss however, didn't it? Unfortunately from the vague information in the original post the exploit release was forced by other events out of the poster's control. Apparently "script kiddies" got hold of some (presumably working) exploit code and thus the full-disclosure post was made to Bugtraq since_exploit_code_was_already_out_in_the_wild.
Just my two farthing's worth - peace.
Re:I made an assumption about the reader...
on
Breaking Windows
·
· Score: 1
As much as I love OpenBSD (I myself am a 2.7 user), you've got to remember that it's a much smaller (in terms of lines of code) operating system than Windows NT or Win2K. Microsoft constantly wants to incorporate new "features" into Windows thus adding to the code bloat which inevitably makes it harder to get all of the bugs out. Also, as I believe another poster pointed out, MS programmers have PHB's to report to who may think that this doodad (ie ISAPI) is the next coming of Bob ; - ) and don't want to hear about or overrule any security-related concerns that the programmers have regarding this new "feature". In fact, if I was the programmer, I might leave a beauty bug like this in my code if my boss had pissed me off big-time and it made him look bad.
Finally, the people in OS movements such as the BSD or Linux communities aren't under the same pressure to produce (not developers at Red Hat, SUSE etc, but the kernel developers and package maintainers) on a schedule. OpenBSD in particular has a zealous group of followers whom I believe almost to a person would agree that they'd rather have the code late but tight than sooner and buggy (this accurately reflects my feelings).
MS OTOH is doing it's best to compete with the various commercial *NIXes and trying to prove that it belongs in the datacenter with respect to robustness and scalability. They are hoping that if they have additional features and greater ease-of-use that they can point out to the middle management that makes the purchasing and strategic direction decisions, they may displace the use of a *NIX or *NIX-like OS. And the sad fact is that in most any middle to large sized company security is very low on the list of priorities (usually until it's too late and they've had a serious compromise), so these vulnerabilities don't mean as much to them. They pay people such as myself (lowly sysadmins) to clean up the f'ing mess.
So in short, your definition of a good product is secure and as bug-free as possible but still functional, while MS' is one that has tons of new features which they hope will further increase their market share - bugs and security be damned. My apologies to individual employees within MS many of whom probably are very concerned with bugs/security but the corporation as a whole doesn't seem to care much based on it's track record.
Back in the early 60's my father and his friends pulled this same prank on one of his high school teachers but they reassembled the car in the teacher's office. As chance would have it the high school in question is in Vancouver. Of course then they had to take it apart again and redo the whole thing or face suspension... probably didn't quite seem as funny then.
The news account I heard on television indicated that they used bungees to hold the shell of the beetle, which they estimated to be 500 lbs. Considering that the UBC guys used two cords and I've seen a 300 lb guy bungee jump on one cord (really not a pretty sight) I'd say they were within tolerances for the bungees.
FWIW, the author is wrong in stating that the Golden Gate is the creme de la creme of suspension bridges. There's one in Japan that's significantly longer. I saw the Discovery program on it and it's a pretty wicked piece of tech. The main span of the Akashi-Kaikyo bridge is 6532 feet compared to the Golden Gate's 4200 foot span. And it survived the earthquake that hit Kobe with no problems whatsoever - it connects Kobe to Awaji Island so it took a pretty massive hit from the quake.
Actually that's where we stick the doglicking slave print operators! BOFH's rule the world - don't forget this or tommorrow I will be sending the company president an email from you with those naughty pictures of his daughter.
Agreed - a company that has a million dollar machine that can be taken down by a guy tripping on the power cord could stand to have better management. All of our systems have power routed under the raised floor, even the stinkin' NT servers. Also all of the DASD cabling, the FiberChannel, the ESCON for the S/390 systems, the Ethernet and Token-Ring, the COAX for our 3270 consoles... it's a helluva mess under there. In fact, the S/390 power cables are explicitly labelled as such over their full length and carry a warning to the effect of "Fuck with these and kiss your job goodbye" and are bolted to the floor under the server and at the PDU. That's in addition to the fact that I believe they are screwed right into the power supply on the bottom of the server itself (standard IBM large-system thing - our S80 has a threaded nut right over the end of the whole cable where it goes into the power supply).
Somebody in this thread mentioned about the raised floors being a foot or so deep -- a guy I work with indicated that at his last place the raised floor was about 6 feet deep. If you've ever had to pull cables for 220 volt 3 phase (I'm actually surprised that the larger Sun systems don't use 220 volt) and old mainframe bus and tag cables for a large datacenter you'll know why.
Excellent point: All things are built on top of other things. Einstein said: "If I have seen farther than others, it is because I have stood on the shoulders of giants". Every advance in any endeavor that humans undertake is built on the previous work and advances that other people made, no matter how insignificant seeming.
It's really too early to tell what the impact of some of the recent innovations will be, IMHO. To me, the last line of the article is one of the most telling. Researchers are very close to building nanotech that supposedly will be able to perform any range of duties, including the ability to be injected into a living being to perform various functions. Others in the biotech field feel they are close to making a breakthrough with regards to the aging process, and let's not forget the amazing progress that has been made in fighting cancer etc.
Let's suppose that 10 years from now we look back at this article, when we have definitely discovered a method to extend life to 150+ years, have wiped out almost all known diseases, and have built the first fusion reactors. These advances wouldn't have been possible without the assistance of computers for process modelling and analysis. Then this article will look like a bunch of horseshit. For another example, we are on the verge of widespread use of fuel cell technology (if the megacorps allow it). This is a tech that has been around since at least the 1970's (from the space program and probably much earlier than that), but we've just recently made advances that make it efficient enough for mass use. Plus, the large corporations made precious little if any progress in furthering the energy efficiency of appliances (especially automobiles) until the governments of the world, especially the US, started to enact laws requiring it.
Let's also consider the advances such as splitting the atom that the article neglects to mention. Sure atomics research allowed us to make horrific bombs that can kill millions of people in a single enormous explosion (which ironically can also be considered progress), but it also brought an unprecedented era of world peace with only minor localized skirmishes - the large powers were held in check by the frighteningly horrible capabilities of these bombs. It also brought nuclear power, a somewhat dubious benefit in many respects, but it also has brought power to areas of the world where there were very few if any real alternatives to power generation, and it is relatively clean technology.
Another thing the author likes to overlook are the problems that existed in the first half of the century. Early in the 20th century the air in many major urban centers was so bad that trees wouldn't even grow! People died of exposure to the smoke and toxins belching from factories. I'm not trying to say that it hasn't gotten worse in some areas, but those areas are more densely populated than they were at the turn of the century. Furthermore, a great deal of that pollution can be attributed to automobiles which are continuously becoming less polluting. In general, environmental pollution is declining and the trend seems to be towards further improvements in this area.
One of the funniest lines had to be this one -- Notes economist Alan Blinder: "No modern IT innovation has, or I dare say will, come close to such a gain!" What an ass. First of all, the Internet has effectively accomplished something on the same scale. The telegraph was a simple point-to-point device that allowed communication between two people simultaneously. This was the situation until about the 1970's, when telephone tech advanced to party lines allowing several parties (say up to 10) to converse simultaneously. The Internet allows fscking spammers to send a message to millions of people simultaneously, also instantly, or thousands of people to chat in real-time, in text or voice. I hope this knob lives long enough to see the day when we break the speed of light and messages (dare I hope for matter also?) can be transported instantly across infinite distances. Am I dreaming? Maybe, but there are very bright minds working on this very problem (some believe they already have solved it), and yet what benefit does it confer to the average person? At the moment, none really. I can already send a message in seconds to the other side of the world, and that's the furthest that I could conceivably need to send it at the moment. But if we ever get off this big stinkin rock and start to colonize other planets, it would be an important advance indeed.
Finally, sometimes advances come in clumps rather than at a regular pace. Einstein's theories were all developed over a short period of time, and we haven't seen any similar advances in scientific theories since that time that could have such a direct and immediate impact on day-to-day existence. Quite the opposite of the author, I see new innovations and invention as very likely being just around the corner that could change my life and the lives of people around the globe just as dramatically as some of the inventions in the first half of the century.
Cool, thanks much for getting the ref for me... I just use OBSD for a home firewall with no ports except http avail, but it's good (but unnerving) to know about this potential flaw in the event that I ever started using it for anything more. Thanks for going that extra mile for me.
You're right of course... they can't open up the entire code base for AIX right off the bat, but I think that within 3-5 years AIX and Linux will be basically one and the same animal, and quite possibly with a lot of code-sharing. Plus right now most of the AIX code is optimized for the RISC 6000 processors, so it's not like you could download it and run it on a PC - you'd be buying IBM hardware to run it anyways. Background: I'm a sysadmin who works with OS/390 and AIX, and I think IBM is looking forward to community involvement to improve some of their drivers etc. The AIX ones have been known to have some problems in the past *cough understatement cough*.
This strategy would allow Big Blue to concentrate on hardware - I'm no IBM bean-counter but my experience leads me to believe that they make more bucks on hardware and services than anything else, plus the licencing fees for other software (especially middleware) such as Websphere, MQSeries, DB2, and even VM to run virtualized Linux on S/390 (aka Z900).
The OS is something they're pretty much obliged to provide for customers - they have enterprise-scale hardware and have to have an enterprise-capable OS with enterprise-level OS utilities to sell that hardware. It's not an option to sell the customer the dandy hardware and then tell them "Piss off and find an OS to run on it", they wouldn't be in business long (makes me wonder how MS got so big - they essentially did the reverse. Here's a * passable server OS *, now piss off and find some enterprise-level hardware to run it on). So if Linux slowly took that responsibility off of their hands for the most part, or helped them to maintain a 'feature edge' over other commercial *nixes it's worth the ROI for them. Plus I'm sure that they figure they can compete pricewise on hardware with Sun, EMC etc., so if the OS is commoditized and can run on anybody's hardware maybe it puts them into a more competitive position.
IMHO this is probably one of the smartest moves that IBM has made recently. Here's a link to a very interesting interview that indicates IBM is basically willing to open-source ANY code that the community feels is useful (it's with Irving Wladawsky-Berger, who is a heavy at IBM, I think this inteview was mentioned in a Slashdot article previously). I haven't lost my mind, I don't expect them to open up the entire source code to DB2 or similar profitable products, but I don't see AIX or many of AIX's utilities as being such.
IBM is not shorting the community on their commitment from what I can see. Just my $0.02
Uhh... was there a crack of OpenBSD that I didn't catch? The only vulnerability that I know of was the recently found problem with FTPD that ships with OpenBSD and NetBSD. I did not hear of any actual real-life compromises, root or otherwise, related to the vulnerability. If you know of one, please email me, submit the crack to Slashdot, or one of the other main OpenSource OS portals (DaemonNews, Rootprompt, UnixReview etc.) Thanks.
Depends on what you consider an older machine - my P200 can boot from CD (IIRC it was after a BIOS upgrade that the option became available). It's got an Asus mobo (P55????something something something) and prolly wouldn't cost more than 40 bucks US for the barebones mobo, p/s and a puny 200 meg h/d. And for those concerned with heat generation by those old drives rest easy, they'll almost never spin up after booting in a router / fw config plus they run very cool anyways. Floppies are also not to be trusted in very dusty or high-temp enviros, way back in the bad old days we had a critical remote server that had to reboot off of a floppy in a warehouse, we ended up enclosing the damned thing in a garbage bag after getting tired of replacing the floppy drive. Please if someone knows if you can make them RO by cutting the correct pin connect reply to the poster who asked the question!
I agree with both sides on this unfortunately... I too would love to know that OBSD was able to scale to multi-processors, but I realize that compared to other Open-Source projects it's dev team is miniscule at best.
Linux has been pushing hard to be the best that it can be on a wide range of fronts including SMP, so to the external world the Linux kernel team is competing with NT/Slowlaris/AIX/..., even though internally they (Linux kernel team) may have just thought that it was a task worth tackling or something that interested them. The OBSD team doesn't find SMP that interesting and because of their size maybe that's not too surprising. The more people on the team the greater the likelihood of somebody wanting to get feature X done.
But while the Linux team has been pushing the edge of the envelope on several fronts, security is not necessarily one of them. Please no flame responses, I'm not trying to knock Linux or any of the Open Source projects lumped under that banner but my assertion holds water. This is where the OpenBSD team pushes the envelope, because this is what interests them.
Also, if some company wanted it badly enough, they could ask the OBSD team to develop it for a fee (several posters have indicated they use it on production machines - hint, hint). As a casual user of OBSD with no need for SMP support (also a mediocre at best programmer - I wish I could be of help), I'm satisfied with what I get from OpenBSD currently, even though I'd love to know it could do more.
Bottom line I'd say use OpenBSD for a secure workstation and firewall, and Linux or a commercial *NIX if your installation really requires an SMP server OS.
I'd have to agree with your assessment on both points. Pity I don't have any mod points to mod your comment up, the stuff you mentioned wasn't covered by anybody further up the thread (at least not at the time I began reading it). Cheers.
Great question! If my vote counts, I personally prefer the minimalist, KISS approach that I get when I'm using OpenBSD. It's very easy to install (and damned fast too!) especially with all of the documentation available on the website, or on the CD liner if you buy the CD's. Which BTW you should - support what you believe in!
Graphical supposedly easy tools ain't always the solution: When I tried to install RH6.2 over OpenBSD 2.7, some of the OpenBSD partitions didn't get removed by Disk Druid (Yeah, OK I probably shoulda foreseen that this might happen) so my kernel panicked when I tried to boot the first time. Course the problem was discovered using the more comprehensive (but probably less newbie friendly) fdisk and corrected, but not until after I had fscked around for awhile chasing other bogeymen. Admittedly this is not a situation most users will run into, but demonstrates that sometimes the more precise tool is not as "user friendly" but much more thorough and actually ends up being easier to use in the end.
I like the idea of a steeper learning curve for a secured OS - computers are complex systems and I think it's worth learning things in greater depth for users that want that extra measure of security. If you want fair security but don't want to learn the intricacies of your computer, stick with Win2000, fairly secure for the average user. Businesses are a whole different discussion.
Kudos & mucho thanks to the website maintainers for the OpenBSD site as well as the rest of the OpenBSD dev & maint team, it rocks. I too am looking forward to ordering & enjoying 2.8!
I had my SO order me a couple o' shirts from the OpenBSD folks for my b/d last year (by phone to the Calgary store you mention)... they got to me just fine (in Canada). I purchased my copy of OpenBSD 2.7 from the University bookstore so didn't run into any snags there.
Since I completely support the OpenBSD philosophy (proactive auditing and full disclosure) and am very satisfied with the OS I certainly will be placing an order for the 2.8 CD's next week, even tho I could just download the updates (support what you believe in).
I guess I might have exactly the same attitude if I had the same kind of experience you had, but I have nothing but good to say about the OpenBSD ordering, it's a shame you got such a rough ride. I've never met/corresponded with Theo but from what I've been able to gather he can be kinda ascerbic from time to time. Maybe bury the hatchet & give them another chance? Whatever your choice, remember there are many others working hard on the project that I'm sure regret hearing of incidents such as yours.
Many kudos and thanks to the entire OpenBSD team, keep up the great work.
I agree with all of the sentiments that you express in your post, but I'd like to emphasize that the question posed is should we place more emphasis on getting young people to use open source systems in school. My response is a resounding yes, and here is my reasoning. I use Windows, Linux and OpenBSD at home, they all have their purposes and strengths and weaknesses. I have Windows for my USB card reader for my digital still camera and games plus Corel Photo-Paint until I become more proficient with the Gimp, Linux and OpenBSD for learning / practicing C/C++, Perl and shell programming and secure firewall services.
But here's my tale of learning C++ at a local college in a continuing education class. The entire college is Microsoft, all the latest versions of the various pieces of MS software. First of all, they got cooked good by an email virus one time so the entire school network was unavailable at least one day (could have been more, our class was only Mondays and Wednesdays, and I didn't bother to inquire) while they were determining the extent of the damage and selected workstations unavailable other days because they were being disinfected. Now this is mostly a matter of poor administration & setup, but as an IT professional I see it as being susceptible because of their complete dependence on MS products, and I object to having to my educational time disrupted bad decision-making on the college's part.
Our C++ class only involved learning the basics of OOP design and implementation, so we were creating a very straightforward Win32 console app (no chance to teach fancy widgets, which I think disappointed him - see next para). It's perfectly fine to use MS Visual Studio for this, it's actually a decent program to use (in my experience anyways) to code and debug your code. But our instructor was very pro-MS and one of the things that made me laugh was that MS' implementation of C++ breaks the ANSI/ISO published standards for inheritance!
Furthermore, he insisted on telling the class that "You'll never do this stuff in real life." He felt that we would all be doing Windows programs where we would have to learn to hook a GUI up to the backend logic pieces. Since I work with OS/390 and AIX at work, I made a point of bringing up to him that you could be coding C/C++ programs for OS/390 or any flavor of UNIX and may never even come close to dealing with a GUI implementation. Especially if you work at a large software company you might ONLY be responsible for the backend logic and another team might design a user friendly front-end. Or maybe it's a web app being designed and you're only responsible for the D/B interfaces etc. This is the kind of narrow viewpoint that you mentioned some people have, and it's rather silly and dangerous for a college to be so severely limited in it's outlook. Unfortunately it seems most other vendors have left the educational market to MS so the colleges take the path of least resistance and go MS through and through.
Here in Canada colleges teach more practical skills, universities typically get into the more in-depth technical and theoretical aspects of things. For instance a few people I know that went in for COMPSCI at University wrote compilers from scratch as a class project, this is a much deeper level than you would get into at college. Which is not a problem as long as the college grad is the grunt-level programmer and not the high-level application architect or senior developer armed only with what is taught at college level here.
As an aside, the college could have saved themselves thousands of dollars in software and upgrade costs by going with a free software implementation. Perhaps then they could have actually given this guy a raise which would have meant not having to listen to him complain about being underpaid every damned class.
The funny thing was that I was pushing Linux and open-source software and he was bashing it. That is until he actually had to install Corel Linux on a machine (can't remember the reason) and he (not too happily) had to admit that it was extremely easy to install and configure when he did it. He was also blown away by it's ease of use and all the applications available for it (thanks GIMP, KDE and Gnome, XFree teams among others!) I just had to laugh because I'd like to think that as a programming instructor (especially a C++ instructor, which most of the KDE & Gnome apps are written in) he wouldn't dismiss this stuff without even looking at it, but that's exactly what he did. I mean, this allows you to actually see how the GUI is built not only the API's to it that the vendor bothers to make public! Every last stinkin line of code is there from end to end, the OS, the OS API's, the GUI code & API's, and the app coding itself as well as whatever API's it might make available to extend the functionality of the app. Hell, you can even get the code to the debugger!
It might be information overload for the beginner, but there's a lot of examples of good programming and knowledge to reap, for the price of free beer. I honestly don't know how you could ask for more. To not even be looking at open source software is a wasted opportunity on the college's part if you ask me.
I don't know about well-made PC keyboards, but old mainframe keyboards were expensive at the time they were manufactured because of the logic circuitry in them so they can be completely disassembled to be cleaned. In our console room when we cleaned the keyboards I didn't look at what was in there, I just popped the keys off and vacuumed, then washed the (mega-grungy) keys with soap and water.
Slashdot Mirror
Plus with Yahoo you can define up to 10 of your own filters, I use this feature to redirect mail to a folder called likely_junk and I haven't had a time yet where I couldn't just check all of those mails and delete them with 2 clicks. Yahoo servers also run FreeBSD (the power to serve). I've never had any issues with Yahoo, the only time their service was down was during the DDOS by Mafiaboy. The one annoying thing is that when they determine your browser to be IE, every friggin page refresh nags you to download Flash, which I can't install on this locked-down NT workstation at work, so I have to put up with the nags when Nutscrape's java engine goes south and I can't load any pages with it (happens about once a day).
OK, the person who posted this nonsense 15 times in a row is officially a knob. WRT the question posed, I agree completely, having specific ports that perform functional requests are far superior. Just look at the problems that MS had recently with providing print services over HTTP. Knowing precisely what functionality is provided via a specific port is the only way to effectively filter and block potentially malicious traffic. Nowadays it seems people want to be able to start and stop their dishwasher via HTTP/XML, it's lunacy IMHO, but then I'm very old-school. Still, I've never been cracked or infected so maybe I'm doing something right.
When I was a kid I used to be able to tell my parents when they had the television on from outside the house (as in through the windows) because I could hear the high-pitched noise. They thought it was a great party trick, they would turn the contrast right down so there was no image I could see and then ask everyone to be quiet and ask me if the television was on or off. It probably was pretty funny if you were half in the bag. Keep in mind this was the late 70's - early 80's, so the electronics weren't as advanced as nowadays, but I can still hear the high-pitched noise of the TV, but not as clearly as when I was younger. I guesst it's partly because your ears lose their sensitivity to high-frequency sound as you get older. But I hate how GDMF loud that PC's are - I'm not an Apple guy but I love the idea of a PC that doesn't need a fan, those cubes were a wicked piece of kit in my opinion. Too steep pricewise now that I have a mortgage and all or I'd have gotten one to run a PPC distro like Yellowdog.
I can't comment on MS' support, I imagine it would be pretty good for a thing like DataCenter (DC). I'd wouldn't be too surprised to find out that they will bend over backwards to give a DC customer every resource needed even at the expense of other customers with less fattened accounts. Here's a story of IBM's support. I work for a large outfit in Canada. We do A LOT of business with Big Blue, software and hardware. When we ran into troubles with IMS (an ancient d/b product that runs on OS/390 that predates DB2) they actually flew in a crit-sit team assembled from England, the US, Australia and Canadian offices that were IBM's best and brightest in this software and also really knowledgeable about the OS. Similar situation last week with me and a problem I ended up having to take care of. They didn't need to fly in a team in this situation but I had an IBM hand-holder sitting in my office calling the various software support teams directly, and I was getting so many calls and emails from IBM support teams that if I hadn't ignored some of them it would have been impeding getting the problem resolved. The problem was actually sent up to their DB2 development team at one point. You pay big bucks for the gold-plated support contract, but IBM pulls out all the stops when you get into a jam. Just thought I'd add a different perspective.
Ditto - my coworker uses an Olicom card on RH 7.1 I think. The Olicom driver is no longer in the newer kernels but he managed to build the support in and get it working on the 2.4 kernels (he's a Unix / Linux guru) and hasn't had a single problem on the network. We still have token ring and old dumb terminals in the warehouse as they are very reliable, though obsolete. Some companies (like ours) are just having trouble getting the budget to convert the old T-R stuff to eth., don't forget that some companies spent millions of $$ maybe 10 yrs ago to make their very extensive network T-R from old SNA architectures with IBM 3174 (or compatible type) controllers - you don't really want to know what a mess those things were. Sure we'd all like to be on gig-E but the bean counters always get in the way. I've found that most companies change over when the cost of support / maintenance for the T-R networks becomes higher than the cost to replace it all with ethernet. Maybe the poster (mjh) should approach it in this manner to try and get the T-R replaced.
Just my $0.02 (CDN) which is about 0.012 (US)
Well, they can have fun tracking me 'cuz I'm a die-hard Lynxer... I don't often find the need to fall back Konqueror. Sometimes I'll browse using Mozilla too just to see how it's coming along, but I haven't used Netscrape or Internet Exploder in months now.
The responsible people who form the majority (but of course not all) of people who post legitimate bugs to Bugtraq do so after informing the vendor and after patches have been released by the vendor (in fact it's just happened while I'm writing this long-winded post). I also recall at least one posting submitted mid-day on a Monday rather than on a Friday when the poster had discovered it, the poster specifically said that he had not wanted to post it late in the day on a Friday as admins might not have the chance to patch their systems over the weekend.
. gif. Not a single vendor found this bug, even though the original source code is widely available. Do you think that scut was the first to find the bug in those 15+ years (especially when the exploit author himself said it was very easy to spot)? How many people would have scoffed at the suggestion that there was a root-level compromise related to telnetd that affected every flavour of Unix available? The exploit code made it very difficult to dismiss however, didn't it? Unfortunately from the vague information in the original post the exploit release was forced by other events out of the poster's control. Apparently "script kiddies" got hold of some (presumably working) exploit code and thus the full-disclosure post was made to Bugtraq since_exploit_code_was_already_out_in_the_wild.
Additionally, many of the actual exploits posted to the list by responsible people are not working code that a "script-kiddie" could cut and paste, there are deliberate mistakes in the code that other knowledgeable programmers would catch, incorrect offset values etc.
There are other posters who've made numerous attempts to contact the vendor over several months timespan only to receive no response, and finally have posted to the list. At the very least this makes others aware of the potential risk if they are using the product in question, and it might actually force the vendor to fix the problem as a bonus.
I do agree with you about MS however, many people may knock them but they seem to be pretty good with getting patches out quickly once they've been notified of a bug, and some of the posters to Bugtraq may give MS somewhat less time to come up with a patch than they might for other organizations.
I do really wish MS would concentrate on improving the security of their products however, rather than adding some new bell or whistle at the expense of security (MY security I might add). For instance, I have Win2K on one of my machines at home, I now have to download many megs of patches over a dialup account to feel my system is secure. Further, the default install of Win2K adds in many of these "features" that I surely neither wanted nor needed, such as a little webserver (started and listening by default of course).
I hate to say it, but the OpenBSD mentality of disabled by default would have really benefitted MS in the Code Red debacle. The OpenBSD documentation plainly states that there are very few services turned on by default (Sendmail and SSH daemon) and if the end-user feels they need one of the other services then they'll have to RTFM to turn it on, because at least that way THEY have made the conscious decision that it's necessary.
As a parting thought, let's consider the "recently discovered" telnetd exploit. This is a bug in code that seems to have been in use for nearly 20 years. From what I've read, it's been around since some part of the life of 4.3 BSD, which goes back as far as the 1981-1984 timeframe according to this document: http://www.UNIX-systems.org/images/chronology_big
Just my two farthing's worth - peace.
As much as I love OpenBSD (I myself am a 2.7 user), you've got to remember that it's a much smaller (in terms of lines of code) operating system than Windows NT or Win2K. Microsoft constantly wants to incorporate new "features" into Windows thus adding to the code bloat which inevitably makes it harder to get all of the bugs out. Also, as I believe another poster pointed out, MS programmers have PHB's to report to who may think that this doodad (ie ISAPI) is the next coming of Bob
; - ) and don't want to hear about or overrule any security-related concerns that the programmers have regarding this new "feature". In fact, if I was the programmer, I might leave a beauty bug like this in my code if my boss had pissed me off big-time and it made him look bad.
Finally, the people in OS movements such as the BSD or Linux communities aren't under the same pressure to produce (not developers at Red Hat, SUSE etc, but the kernel developers and package maintainers) on a schedule. OpenBSD in particular has a zealous group of followers whom I believe almost to a person would agree that they'd rather have the code late but tight than sooner and buggy (this accurately reflects my feelings).
MS OTOH is doing it's best to compete with the various commercial *NIXes and trying to prove that it belongs in the datacenter with respect to robustness and scalability. They are hoping that if they have additional features and greater ease-of-use that they can point out to the middle management that makes the purchasing and strategic direction decisions, they may displace the use of a *NIX or *NIX-like OS. And the sad fact is that in most any middle to large sized company security is very low on the list of priorities (usually until it's too late and they've had a serious compromise), so these vulnerabilities don't mean as much to them. They pay people such as myself (lowly sysadmins) to clean up the f'ing mess.
So in short, your definition of a good product is secure and as bug-free as possible but still functional, while MS' is one that has tons of new features which they hope will further increase their market share - bugs and security be damned. My apologies to individual employees within MS many of whom probably are very concerned with bugs/security but the corporation as a whole doesn't seem to care much based on it's track record.
That explanation does make sense.
----
GO CANUCKS!
Back in the early 60's my father and his friends pulled this same prank on one of his high school teachers but they reassembled the car in the teacher's office. As chance would have it the high school in question is in Vancouver. Of course then they had to take it apart again and redo the whole thing or face suspension... probably didn't quite seem as funny then.
The news account I heard on television indicated that they used bungees to hold the shell of the beetle, which they estimated to be 500 lbs. Considering that the UBC guys used two cords and I've seen a 300 lb guy bungee jump on one cord (really not a pretty sight) I'd say they were within tolerances for the bungees.
FWIW, the author is wrong in stating that the Golden Gate is the creme de la creme of suspension bridges. There's one in Japan that's significantly longer. I saw the Discovery program on it and it's a pretty wicked piece of tech. The main span of the Akashi-Kaikyo bridge is 6532 feet compared to the Golden Gate's 4200 foot span. And it survived the earthquake that hit Kobe with no problems whatsoever - it connects Kobe to Awaji Island so it took a pretty massive hit from the quake.
----
Actually that's where we stick the doglicking slave print operators! BOFH's rule the world - don't forget this or tommorrow I will be sending the company president an email from you with those naughty pictures of his daughter.
----
Agreed - a company that has a million dollar machine that can be taken down by a guy tripping on the power cord could stand to have better management. All of our systems have power routed under the raised floor, even the stinkin' NT servers. Also all of the DASD cabling, the FiberChannel, the ESCON for the S/390 systems, the Ethernet and Token-Ring, the COAX for our 3270 consoles... it's a helluva mess under there. In fact, the S/390 power cables are explicitly labelled as such over their full length and carry a warning to the effect of "Fuck with these and kiss your job goodbye" and are bolted to the floor under the server and at the PDU. That's in addition to the fact that I believe they are screwed right into the power supply on the bottom of the server itself (standard IBM large-system thing - our S80 has a threaded nut right over the end of the whole cable where it goes into the power supply).
Somebody in this thread mentioned about the raised floors being a foot or so deep -- a guy I work with indicated that at his last place the raised floor was about 6 feet deep. If you've ever had to pull cables for 220 volt 3 phase (I'm actually surprised that the larger Sun systems don't use 220 volt) and old mainframe bus and tag cables for a large datacenter you'll know why.
----
Excellent point: All things are built on top of other things. Einstein said: "If I have seen farther than others, it is because I have stood on the shoulders of giants". Every advance in any endeavor that humans undertake is built on the previous work and advances that other people made, no matter how insignificant seeming.
----
It's really too early to tell what the impact of some of the recent innovations will be, IMHO. To me, the last line of the article is one of the most telling. Researchers are very close to building nanotech that supposedly will be able to perform any range of duties, including the ability to be injected into a living being to perform various functions. Others in the biotech field feel they are close to making a breakthrough with regards to the aging process, and let's not forget the amazing progress that has been made in fighting cancer etc.
Let's suppose that 10 years from now we look back at this article, when we have definitely discovered a method to extend life to 150+ years, have wiped out almost all known diseases, and have built the first fusion reactors. These advances wouldn't have been possible without the assistance of computers for process modelling and analysis. Then this article will look like a bunch of horseshit. For another example, we are on the verge of widespread use of fuel cell technology (if the megacorps allow it). This is a tech that has been around since at least the 1970's (from the space program and probably much earlier than that), but we've just recently made advances that make it efficient enough for mass use. Plus, the large corporations made precious little if any progress in furthering the energy efficiency of appliances (especially automobiles) until the governments of the world, especially the US, started to enact laws requiring it.
Let's also consider the advances such as splitting the atom that the article neglects to mention. Sure atomics research allowed us to make horrific bombs that can kill millions of people in a single enormous explosion (which ironically can also be considered progress), but it also brought an unprecedented era of world peace with only minor localized skirmishes - the large powers were held in check by the frighteningly horrible capabilities of these bombs. It also brought nuclear power, a somewhat dubious benefit in many respects, but it also has brought power to areas of the world where there were very few if any real alternatives to power generation, and it is relatively clean technology.
Another thing the author likes to overlook are the problems that existed in the first half of the century. Early in the 20th century the air in many major urban centers was so bad that trees wouldn't even grow! People died of exposure to the smoke and toxins belching from factories. I'm not trying to say that it hasn't gotten worse in some areas, but those areas are more densely populated than they were at the turn of the century. Furthermore, a great deal of that pollution can be attributed to automobiles which are continuously becoming less polluting. In general, environmental pollution is declining and the trend seems to be towards further improvements in this area.
One of the funniest lines had to be this one -- Notes economist Alan Blinder: "No modern IT innovation has, or I dare say will, come close to such a gain!" What an ass. First of all, the Internet has effectively accomplished something on the same scale. The telegraph was a simple point-to-point device that allowed communication between two people simultaneously. This was the situation until about the 1970's, when telephone tech advanced to party lines allowing several parties (say up to 10) to converse simultaneously. The Internet allows fscking spammers to send a message to millions of people simultaneously, also instantly, or thousands of people to chat in real-time, in text or voice. I hope this knob lives long enough to see the day when we break the speed of light and messages (dare I hope for matter also?) can be transported instantly across infinite distances. Am I dreaming? Maybe, but there are very bright minds working on this very problem (some believe they already have solved it), and yet what benefit does it confer to the average person? At the moment, none really. I can already send a message in seconds to the other side of the world, and that's the furthest that I could conceivably need to send it at the moment. But if we ever get off this big stinkin rock and start to colonize other planets, it would be an important advance indeed.
Finally, sometimes advances come in clumps rather than at a regular pace. Einstein's theories were all developed over a short period of time, and we haven't seen any similar advances in scientific theories since that time that could have such a direct and immediate impact on day-to-day existence. Quite the opposite of the author, I see new innovations and invention as very likely being just around the corner that could change my life and the lives of people around the globe just as dramatically as some of the inventions in the first half of the century.
----
Cool, thanks much for getting the ref for me... I just use OBSD for a home firewall with no ports except http avail, but it's good (but unnerving) to know about this potential flaw in the event that I ever started using it for anything more. Thanks for going that extra mile for me.
Cheers and best wishes for the season!
----
You're right of course... they can't open up the entire code base for AIX right off the bat, but I think that within 3-5 years AIX and Linux will be basically one and the same animal, and quite possibly with a lot of code-sharing. Plus right now most of the AIX code is optimized for the RISC 6000 processors, so it's not like you could download it and run it on a PC - you'd be buying IBM hardware to run it anyways. Background: I'm a sysadmin who works with OS/390 and AIX, and I think IBM is looking forward to community involvement to improve some of their drivers etc. The AIX ones have been known to have some problems in the past *cough understatement cough*.
This strategy would allow Big Blue to concentrate on hardware - I'm no IBM bean-counter but my experience leads me to believe that they make more bucks on hardware and services than anything else, plus the licencing fees for other software (especially middleware) such as Websphere, MQSeries, DB2, and even VM to run virtualized Linux on S/390 (aka Z900).
The OS is something they're pretty much obliged to provide for customers - they have enterprise-scale hardware and have to have an enterprise-capable OS with enterprise-level OS utilities to sell that hardware. It's not an option to sell the customer the dandy hardware and then tell them "Piss off and find an OS to run on it", they wouldn't be in business long (makes me wonder how MS got so big - they essentially did the reverse. Here's a * passable server OS *, now piss off and find some enterprise-level hardware to run it on). So if Linux slowly took that responsibility off of their hands for the most part, or helped them to maintain a 'feature edge' over other commercial *nixes it's worth the ROI for them. Plus I'm sure that they figure they can compete pricewise on hardware with Sun, EMC etc., so if the OS is commoditized and can run on anybody's hardware maybe it puts them into a more competitive position.
IMHO this is probably one of the smartest moves that IBM has made recently. Here's a link to a very interesting interview that indicates IBM is basically willing to open-source ANY code that the community feels is useful (it's with Irving Wladawsky-Berger, who is a heavy at IBM, I think this inteview was mentioned in a Slashdot article previously). I haven't lost my mind, I don't expect them to open up the entire source code to DB2 or similar profitable products, but I don't see AIX or many of AIX's utilities as being such.
IBM is not shorting the community on their commitment from what I can see. Just my $0.02
----
Uhh... was there a crack of OpenBSD that I didn't catch? The only vulnerability that I know of was the recently found problem with FTPD that ships with OpenBSD and NetBSD. I did not hear of any actual real-life compromises, root or otherwise, related to the vulnerability. If you know of one, please email me, submit the crack to Slashdot, or one of the other main OpenSource OS portals (DaemonNews, Rootprompt, UnixReview etc.) Thanks.
----
Depends on what you consider an older machine - my P200 can boot from CD (IIRC it was after a BIOS upgrade that the option became available). It's got an Asus mobo (P55????something something something) and prolly wouldn't cost more than 40 bucks US for the barebones mobo, p/s and a puny 200 meg h/d. And for those concerned with heat generation by those old drives rest easy, they'll almost never spin up after booting in a router / fw config plus they run very cool anyways. Floppies are also not to be trusted in very dusty or high-temp enviros, way back in the bad old days we had a critical remote server that had to reboot off of a floppy in a warehouse, we ended up enclosing the damned thing in a garbage bag after getting tired of replacing the floppy drive. Please if someone knows if you can make them RO by cutting the correct pin connect reply to the poster who asked the question!
----
I agree with both sides on this unfortunately... I too would love to know that OBSD was able to scale to multi-processors, but I realize that compared to other Open-Source projects it's dev team is miniscule at best.
Linux has been pushing hard to be the best that it can be on a wide range of fronts including SMP, so to the external world the Linux kernel team is competing with NT/Slowlaris/AIX/..., even though internally they (Linux kernel team) may have just thought that it was a task worth tackling or something that interested them. The OBSD team doesn't find SMP that interesting and because of their size maybe that's not too surprising. The more people on the team the greater the likelihood of somebody wanting to get feature X done.
But while the Linux team has been pushing the edge of the envelope on several fronts, security is not necessarily one of them. Please no flame responses, I'm not trying to knock Linux or any of the Open Source projects lumped under that banner but my assertion holds water. This is where the OpenBSD team pushes the envelope, because this is what interests them.
Also, if some company wanted it badly enough, they could ask the OBSD team to develop it for a fee (several posters have indicated they use it on production machines - hint, hint). As a casual user of OBSD with no need for SMP support (also a mediocre at best programmer - I wish I could be of help), I'm satisfied with what I get from OpenBSD currently, even though I'd love to know it could do more.
Bottom line I'd say use OpenBSD for a secure workstation and firewall, and Linux or a commercial *NIX if your installation really requires an SMP server OS.
----
I'd have to agree with your assessment on both points. Pity I don't have any mod points to mod your comment up, the stuff you mentioned wasn't covered by anybody further up the thread (at least not at the time I began reading it). Cheers.
----
You're wasting your considerable writing talents... I think this is precisely the reason many of us use *BSD... have an evil day.
: ^ )
----
Great question! If my vote counts, I personally prefer the minimalist, KISS approach that I get when I'm using OpenBSD. It's very easy to install (and damned fast too!) especially with all of the documentation available on the website, or on the CD liner if you buy the CD's. Which BTW you should - support what you believe in!
Graphical supposedly easy tools ain't always the solution: When I tried to install RH6.2 over OpenBSD 2.7, some of the OpenBSD partitions didn't get removed by Disk Druid (Yeah, OK I probably shoulda foreseen that this might happen) so my kernel panicked when I tried to boot the first time. Course the problem was discovered using the more comprehensive (but probably less newbie friendly) fdisk and corrected, but not until after I had fscked around for awhile chasing other bogeymen. Admittedly this is not a situation most users will run into, but demonstrates that sometimes the more precise tool is not as "user friendly" but much more thorough and actually ends up being easier to use in the end.
I like the idea of a steeper learning curve for a secured OS - computers are complex systems and I think it's worth learning things in greater depth for users that want that extra measure of security. If you want fair security but don't want to learn the intricacies of your computer, stick with Win2000, fairly secure for the average user. Businesses are a whole different discussion.
Kudos & mucho thanks to the website maintainers for the OpenBSD site as well as the rest of the OpenBSD dev & maint team, it rocks. I too am looking forward to ordering & enjoying 2.8!
----
I had my SO order me a couple o' shirts from the OpenBSD folks for my b/d last year (by phone to the Calgary store you mention)... they got to me just fine (in Canada). I purchased my copy of OpenBSD 2.7 from the University bookstore so didn't run into any snags there.
Since I completely support the OpenBSD philosophy (proactive auditing and full disclosure) and am very satisfied with the OS I certainly will be placing an order for the 2.8 CD's next week, even tho I could just download the updates (support what you believe in).
I guess I might have exactly the same attitude if I had the same kind of experience you had, but I have nothing but good to say about the OpenBSD ordering, it's a shame you got such a rough ride. I've never met/corresponded with Theo but from what I've been able to gather he can be kinda ascerbic from time to time. Maybe bury the hatchet & give them another chance? Whatever your choice, remember there are many others working hard on the project that I'm sure regret hearing of incidents such as yours.
Many kudos and thanks to the entire OpenBSD team, keep up the great work.
----
I agree with all of the sentiments that you express in your post, but I'd like to emphasize that the question posed is should we place more emphasis on getting young people to use open source systems in school. My response is a resounding yes, and here is my reasoning. I use Windows, Linux and OpenBSD at home, they all have their purposes and strengths and weaknesses. I have Windows for my USB card reader for my digital still camera and games plus Corel Photo-Paint until I become more proficient with the Gimp, Linux and OpenBSD for learning / practicing C/C++, Perl and shell programming and secure firewall services.
But here's my tale of learning C++ at a local college in a continuing education class. The entire college is Microsoft, all the latest versions of the various pieces of MS software. First of all, they got cooked good by an email virus one time so the entire school network was unavailable at least one day (could have been more, our class was only Mondays and Wednesdays, and I didn't bother to inquire) while they were determining the extent of the damage and selected workstations unavailable other days because they were being disinfected. Now this is mostly a matter of poor administration & setup, but as an IT professional I see it as being susceptible because of their complete dependence on MS products, and I object to having to my educational time disrupted bad decision-making on the college's part.
Our C++ class only involved learning the basics of OOP design and implementation, so we were creating a very straightforward Win32 console app (no chance to teach fancy widgets, which I think disappointed him - see next para). It's perfectly fine to use MS Visual Studio for this, it's actually a decent program to use (in my experience anyways) to code and debug your code. But our instructor was very pro-MS and one of the things that made me laugh was that MS' implementation of C++ breaks the ANSI/ISO published standards for inheritance!
Furthermore, he insisted on telling the class that "You'll never do this stuff in real life." He felt that we would all be doing Windows programs where we would have to learn to hook a GUI up to the backend logic pieces. Since I work with OS/390 and AIX at work, I made a point of bringing up to him that you could be coding C/C++ programs for OS/390 or any flavor of UNIX and may never even come close to dealing with a GUI implementation. Especially if you work at a large software company you might ONLY be responsible for the backend logic and another team might design a user friendly front-end. Or maybe it's a web app being designed and you're only responsible for the D/B interfaces etc. This is the kind of narrow viewpoint that you mentioned some people have, and it's rather silly and dangerous for a college to be so severely limited in it's outlook. Unfortunately it seems most other vendors have left the educational market to MS so the colleges take the path of least resistance and go MS through and through.
Here in Canada colleges teach more practical skills, universities typically get into the more in-depth technical and theoretical aspects of things. For instance a few people I know that went in for COMPSCI at University wrote compilers from scratch as a class project, this is a much deeper level than you would get into at college. Which is not a problem as long as the college grad is the grunt-level programmer and not the high-level application architect or senior developer armed only with what is taught at college level here.
As an aside, the college could have saved themselves thousands of dollars in software and upgrade costs by going with a free software implementation. Perhaps then they could have actually given this guy a raise which would have meant not having to listen to him complain about being underpaid every damned class.
The funny thing was that I was pushing Linux and open-source software and he was bashing it. That is until he actually had to install Corel Linux on a machine (can't remember the reason) and he (not too happily) had to admit that it was extremely easy to install and configure when he did it. He was also blown away by it's ease of use and all the applications available for it (thanks GIMP, KDE and Gnome, XFree teams among others!) I just had to laugh because I'd like to think that as a programming instructor (especially a C++ instructor, which most of the KDE & Gnome apps are written in) he wouldn't dismiss this stuff without even looking at it, but that's exactly what he did. I mean, this allows you to actually see how the GUI is built not only the API's to it that the vendor bothers to make public! Every last stinkin line of code is there from end to end, the OS, the OS API's, the GUI code & API's, and the app coding itself as well as whatever API's it might make available to extend the functionality of the app. Hell, you can even get the code to the debugger!
It might be information overload for the beginner, but there's a lot of examples of good programming and knowledge to reap, for the price of free beer. I honestly don't know how you could ask for more. To not even be looking at open source software is a wasted opportunity on the college's part if you ask me.
----
I don't know about well-made PC keyboards, but old mainframe keyboards were expensive at the time they were manufactured because of the logic circuitry in them so they can be completely disassembled to be cleaned. In our console room when we cleaned the keyboards I didn't look at what was in there, I just popped the keys off and vacuumed, then washed the (mega-grungy) keys with soap and water.
----