At the University where I administer a Linux mail server, I have noticed that my graphs for Incoming mail, Outgoing mail, and Incoming spam always make nice little bell curves every week. For Saturday and Sunday, each graph drops to very low levels (almost flatline when scaled with the rest of the weeks mail). It all shoots up Monday morning starting around 7:30 when everyone gets into work. Tuesday is always a little higher than Monday, and Wednesday is the highest for all Incoming,Outgoing and Spam. Thursday is almost always very close to Tuesday and Friday is almost always very close to Monday.
This seems to be attributed to human nature. There is more correspondence going on Wednesday's because people just don't feel like doing as much work on Monday's and Friday's.
Well on top of flat-out blocking.pif and.exe's, we also run all of our email through McAfee's virus scan for UNIX, which examines the contents of.zip files. I suppose if viruses started using zip files we could just have the mail server discard these messages instead of just cleaning the.zip file.
If these companies are dumb enough to not have something on the front-end keeping these viruses from reaching their employees' inboxes then they deserve to lose money. We've made it a policy in our department to not allow messages with.pif or.exe attachments through (they can zip the attachment up if they really need to send any executables around).
Well for one it gives people a chance to upgrade before the "bad guys" know the specifics of what the problem is. That way people can get their servers updated before a DoS attack program is written.
Ok, so RedHat makes the default charset UTF-8. Just change the default to ISO8859-1. Its like a 2 line change in/etc/sysconfig/i18n. I had to do a similar change when we switched our mailserver to RH8 because early versions of spamassassin (more specifically perl though I think) didn't like playing with UTF-8.
Arkeia has a nice backup suite that while not open source does have a free (as in beer) edition. When I was evaluating it, it seemed to work great with my ADIC library.
I would be using that now except for that our company already had a license for the Veritas backupexec software for windows so I was able to just download the linux client software for free.
Whats wrong with a tape drive? It is a medium that was designed for backups. If you are going to be backing up large amounts of data you need a tape-library and remote backup software. If you want the convienence of harddrives then attach the tape-library to a machine with a whole lot of disk. You can backup to the disks first and then archive whats on the backup-server to tape. Most backup software programs allow you to do this.
This is how we do it in my server room. All of our RAID controllers (Dell Poweredge RAID controllers - A derivitive of the Adaptec controllers) let you get two different temperature readings off of the controller. We just poll these vaules from a few of the servers and average.
I can't wait until PostgreSQL has these features. Once that happens Oracle will have to run and hide. Yeah I know a ton of people will reply to this saying that Postgres doesn't have nearly the feature set of Oracle and the like, but I think for 90% of people that need a fault-tolerant database the featureset of Postgres is more than enough.
And what is funny is that as soon as people finish downloading and installing RH9 they are going to have to hit RHN again to download the patched RPM's for sendmail. I think redhat should have delayed the iso just a few more days so that people wouldn't have to patch their software "out of the box".
You can get a restricted demo license key for the full version of Arkeia if you email their sales people.
I evaluated this product and really liked it. I would be using it now except that I found out our Windows guy was using Veritas and had already had it paid for, so I installed the free Veritas Linux clients and pawned the backup job off on him;)
We have a bigger problem with faculty here at my school, especially with the ones that think they know what they are doing and have either installed Microsoft Server Applications (MSSQL, etc.) or Linux (Usually RedHat 6.2 or something equally outdated).
We can't usually turn their ports off because they pitch a huge fit (and when faculty bitch it is felt more than the students) and we have a hard time fixing it because they are all very paranoid and will only let a tech come look at it when they are in their office (a rare occasion for alot of faculty).
Yeah I can access out OWA server here at work using Mozilla on Linux. It has access to mail, calendar, contacts, and the "public folder" system. It doesn't have some of the more "sophisticated" features of the Outlook client though. Import/export support, mail filters, etc.
While this seems a feasable idea for people who use VPNs just for outlook, sometimes you need a VPN connection because you need a "workplace" IP. Many organizations have websites, fileshares, etc. which are only available if you are trying to access them from an IP address that is on the local network.
Also AFAIK OWA doesn't let you do things like set up filtering rules, personal folders, and other things that the Outlook client allows you to do.
From the article it seems that Newton simply decided to interpret one day as one year and then added 1260 (from the Book of Daniel) to the year the Church was given political power (800AD) to derive his date. This doesn't seem like a very scientific way of doing things. Why did he choose to interpret a day as a year. What was his reasoning behind that? I think someone as scientific as Newton would have had a little more of an explanation as to why he chose those numbers. Unless the article is leaving out some VERY important details this just seems like a fake to me.
Squirrelmail has a plugin for a calendar. It's not the "group" calendar that OWA/Exchange uses, but for most users it works fine. Note though that it is internal to squirrelmail so if they use Outlook on their desktops and webmail for when they are travelling, they will end up with 2 calendars.
Improve communication between techs and helpdesk
on
Improving Your Help Desk?
·
· Score: 3, Informative
The biggest problem we have where I work is that there is a huge communication gap between the helpdesk people and the techs/developers. The sysadmins will change something that impacts users and the helpdesk people won't know a thing about it. The reverse is also true, i.e. the helpdesk people will get calls about something that only someone with higher privileges can fix and they won't forward the problem along.
To fix this I think you would have to either have an intermediary, someone who works as a tech but also does some work with the helpdesk people on a regular basis, or set up frequent meetings between helpdesk people and sysadmins/coders.
Another big difference between distros is how their runlevels and their/etc structure is laid out in general.
Redhat, Debian, Mandrake, et. al. use a more SYSTEM V init structure whereas Slackware uses a more BSD style init. Gentoo's init is pretty much unique to gentoo (I'm still figuring that one out).
We use samhain. It's very nice because it can log to a remote host and store the filesystem database on a remote host as well. It also runs as a deamon and scans at a set interval. You can even make it change its name and hide its code in image files so as to trick hax0rs into thinking that its not installed.
The only thing I don't like about it is that I have it scheduled to check the machines every 10 mins, so if one of the junior admins changes something and forgets to reset the database I get an email every 10 mins until I reset it.
I will conclude by noting that the ixxnet.net autonomous system was created on 25 july 2002, so it is now in its third month of life; and that the ixxnet.net DNS seems to have been put together by the same incompetent that configured dialnil.com DNS (hint: MX).
What excatly is so incompetent about the DNS configuration? I did a host -t MX ixxnet.net and didn't see anything out of the ordinary?
http://www.isc.org/products/BIND does NOT have the updated versions (4.9.11, 8.2.7, 8.3.4) that addresses these security issues posted yet (as of 1:16 CST). Perhaps slashdot should update the story once the tarballs become available.
Slashdot Mirror
I will approve of ubiquitous surveillance cameras only when there is universal access to watching them.
That's how this was discovered. They are braodcasted on a cable channel here in town, and you can watch them online here
At the University where I administer a Linux mail server, I have noticed that my graphs for Incoming mail, Outgoing mail, and Incoming spam always make nice little bell curves every week. For Saturday and Sunday, each graph drops to very low levels (almost flatline when scaled with the rest of the weeks mail). It all shoots up Monday morning starting around 7:30 when everyone gets into work. Tuesday is always a little higher than Monday, and Wednesday is the highest for all Incoming,Outgoing and Spam. Thursday is almost always very close to Tuesday and Friday is almost always very close to Monday.
This seems to be attributed to human nature. There is more correspondence going on Wednesday's because people just don't feel like doing as much work on Monday's and Friday's.
With Slammer and Blaster making their way into the news it seemed like a good time to brush up on security.
You don't need a 1000 page book on security to patch your systems against worms; you need a 1 page book on common sense.
Well on top of flat-out blocking .pif and .exe's, we also run all of our email through McAfee's virus scan for UNIX, which examines the contents of .zip files. I suppose if viruses started using zip files we could just have the mail server discard these messages instead of just cleaning the .zip file.
If these companies are dumb enough to not have something on the front-end keeping these viruses from reaching their employees' inboxes then they deserve to lose money. We've made it a policy in our department to not allow messages with .pif or .exe attachments through (they can zip the attachment up if they really need to send any executables around).
Well for one it gives people a chance to upgrade before the "bad guys" know the specifics of what the problem is. That way people can get their servers updated before a DoS attack program is written.
Ok, so RedHat makes the default charset UTF-8. Just change the default to ISO8859-1. Its like a 2 line change in /etc/sysconfig/i18n. I had to do a similar change when we switched our mailserver to RH8 because early versions of spamassassin (more specifically perl though I think) didn't like playing with UTF-8.
-Lee
Arkeia has a nice backup suite that while not open source does have a free (as in beer) edition. When I was evaluating it, it seemed to work great with my ADIC library.
I would be using that now except for that our company already had a license for the Veritas backupexec software for windows so I was able to just download the linux client software for free.
"...or am I stuck buying a tape drive?"
Whats wrong with a tape drive? It is a medium that was designed for backups. If you are going to be backing up large amounts of data you need a tape-library and remote backup software. If you want the convienence of harddrives then attach the tape-library to a machine with a whole lot of disk. You can backup to the disks first and then archive whats on the backup-server to tape. Most backup software programs allow you to do this.
This is how we do it in my server room. All of our RAID controllers (Dell Poweredge RAID controllers - A derivitive of the Adaptec controllers) let you get two different temperature readings off of the controller. We just poll these vaules from a few of the servers and average.
I can't wait until PostgreSQL has these features. Once that happens Oracle will have to run and hide. Yeah I know a ton of people will reply to this saying that Postgres doesn't have nearly the feature set of Oracle and the like, but I think for 90% of people that need a fault-tolerant database the featureset of Postgres is more than enough.
And what is funny is that as soon as people finish downloading and installing RH9 they are going to have to hit RHN again to download the patched RPM's for sendmail. I think redhat should have delayed the iso just a few more days so that people wouldn't have to patch their software "out of the box".
You can get a restricted demo license key for the full version of Arkeia if you email their sales people.
;)
I evaluated this product and really liked it. I would be using it now except that I found out our Windows guy was using Veritas and had already had it paid for, so I installed the free Veritas Linux clients and pawned the backup job off on him
We have a bigger problem with faculty here at my school, especially with the ones that think they know what they are doing and have either installed Microsoft Server Applications (MSSQL, etc.) or Linux (Usually RedHat 6.2 or something equally outdated).
We can't usually turn their ports off because they pitch a huge fit (and when faculty bitch it is felt more than the students) and we have a hard time fixing it because they are all very paranoid and will only let a tech come look at it when they are in their office (a rare occasion for alot of faculty).
Yeah I can access out OWA server here at work using Mozilla on Linux. It has access to mail, calendar, contacts, and the "public folder" system. It doesn't have some of the more "sophisticated" features of the Outlook client though. Import/export support, mail filters, etc.
While this seems a feasable idea for people who use VPNs just for outlook, sometimes you need a VPN connection because you need a "workplace" IP. Many organizations have websites, fileshares, etc. which are only available if you are trying to access them from an IP address that is on the local network.
Also AFAIK OWA doesn't let you do things like set up filtering rules, personal folders, and other things that the Outlook client allows you to do.
Well we mine it from Jupiter of course...
Duh.
From the article it seems that Newton simply decided to interpret one day as one year and then added 1260 (from the Book of Daniel) to the year the Church was given political power (800AD) to derive his date. This doesn't seem like a very scientific way of doing things. Why did he choose to interpret a day as a year. What was his reasoning behind that? I think someone as scientific as Newton would have had a little more of an explanation as to why he chose those numbers. Unless the article is leaving out some VERY important details this just seems like a fake to me.
Squirrelmail has a plugin for a calendar. It's not the "group" calendar that OWA/Exchange uses, but for most users it works fine. Note though that it is internal to squirrelmail so if they use Outlook on their desktops and webmail for when they are travelling, they will end up with 2 calendars.
The biggest problem we have where I work is that there is a huge communication gap between the helpdesk people and the techs/developers. The sysadmins will change something that impacts users and the helpdesk people won't know a thing about it. The reverse is also true, i.e. the helpdesk people will get calls about something that only someone with higher privileges can fix and they won't forward the problem along.
To fix this I think you would have to either have an intermediary, someone who works as a tech but also does some work with the helpdesk people on a regular basis, or set up frequent meetings between helpdesk people and sysadmins/coders.
Another big difference between distros is how their runlevels and their
Redhat, Debian, Mandrake, et. al. use a more SYSTEM V init structure whereas Slackware uses a more BSD style init. Gentoo's init is pretty much unique to gentoo (I'm still figuring that one out).
-Lee
We use samhain. It's very nice because it can log to a remote host and store the filesystem database on a remote host as well. It also runs as a deamon and scans at a set interval. You can even make it change its name and hide its code in image files so as to trick hax0rs into thinking that its not installed.
The only thing I don't like about it is that I have it scheduled to check the machines every 10 mins, so if one of the junior admins changes something and forgets to reset the database I get an email every 10 mins until I reset it.
The homepage for samhain is http://la-samhna.de/samhain/
From the google groups posting about this:
I will conclude by noting that the ixxnet.net autonomous
system was created on 25 july 2002, so it is now in its
third month of life; and that the ixxnet.net DNS seems to
have been put together by the same incompetent that
configured dialnil.com DNS (hint: MX).
What excatly is so incompetent about the DNS configuration? I did a host -t MX ixxnet.net and didn't see anything out of the ordinary?
-Lee
It's funny that they recommend this, yet F.root-servers.net (which is run by the ISC) runs bind 8.3.3.
F is a virtual server made up of multiple systems and runs ISC BIND 8.3.3 as its DNS server.
http://www.isc.org/products/BIND does NOT have the updated versions (4.9.11, 8.2.7, 8.3.4) that addresses these security issues posted yet (as of 1:16 CST). Perhaps slashdot should update the story once the tarballs become available.