first off, I'm not talking about his consumer hardware, although having conformity in that would be good as well... I was mostly referring to his servers, which should be good, stable, quality boxes. If you read the article you would have noticed he suggested slapping together a crappy old desktop to use as an X server for the environment- it wouldn't hurt him to use an older server (if he's cost constrained) to build a slightly slower (than the bleeding edge) but totally rock solid and decent performing box. There's more to putting things together than just using parts- you need to think about what happens if those parts break, etc. I find that using old compaq equipment is good since I can source those parts almost anywhere. (I do a lot of volunteer work building systems and environments for non-profits and schools, and nothing works better for a cheap server than a 3 yr old compaq 1600. cheap and fast, with great subsystems.)
anyway, nobody doing infrastructure work gives much of a damn about the desktops anyway. they're just end devices:P
I'm not perpetuating any myth; I'm saying that a 5mbit shared coax pipe across N users is going to have an increasing amount of contention for network space. The more you try to cram onto that large, SINGLE collision domain, the worse it will get. I remember those days and I'd personally rather avoid them again, considering the cost is pretty negligible.
I'd also submit that having a 100-mbit duplex connection to a switch with that X server will definitely help X performance, especially as the number of users grows. but again, that's just my opinion. feel free to use archaic technologies and sell them as viable solutions all you want:)
I agree with you completely... I read that and went "my god". why would anyone in their right mind consider using that technology again? I still cringe thinking about trying to maintain that stuff.
For that matter, the disgustingly low cost of decent quality 10/100 pci nics (netgear comes to mind- I prefer intel or 3com, but cheap is cheap, right?) and the low cost of cat5 or at worst cat3 really makes thinnet an insane concept. For that matter, having all those collisions is not really my idea of fun- investing in a few decently priced switches would improve his network performance by quite a bit. (there's such a thing as LATENCY, besides pure bandwidth:P)
It seems to me that the guy writing this article is some kind of nutjob just out of school or something, who sees a piece of crap PC and says "Hey! that'd make a great (DNS/DHCP/SMTP/whatever) server." and then he proceeds to build it, and go from there.
Now here's my take on it- if that guy worked for me, or I was hired to manage him, I'd fire his ass faster than you can say "GET OUT." people like that are dangerous, because they don't think about some of those important things... like stability, downtime costs, etc. I don't care of the bargain basement box was super cheap, I'd prefer to spend a few more hundred and be sure the damn thing will always run and be something I can get parts for if it breaks.
If I built my array of DHCP servers, or DNS servers, or something like that out of generic desktop 200-300mhz boxes (like he suggests) I would be gone. and I would deserve to get canned. to do that when you need to guarantee that things work is just blatantly retarded.
Well, while having some speed enhancements isn't bad, I like the fact that it's "stable" out of the box. Considering that I use it on large, beefy boxen, I'd prefer stability over mindboggling speed, only because I like things to always work, vs. having spectacular crashes or the like:)
I think it's better off left for individuals to tweak, since the average joe blow doesn't necessarily know how to and thusly won't hurt themselves with a stock system. FreeBSD is mostly a server class OS, and I like it that way; sometimes you sacrifice some speed for stability.
it varies. sometimes you don't really have a choice (I mean, of course you HAVE a choice, but losing your job isn't always the choice you want to make.)
with the economy going the way it is, and especially (at least for me) working for a stock brokerage, there's a certain amount of fear involved on my part to demand to work only 8 hrs a day. If I was to just leave at 5 pm (like some of my european friends do) and leave things undone until the next day, there would be some serious hell to pay.
although I don't make those kinds of demands of the guys who work for me... I try to get them to work only 8 a day, and leave early if there's nothing really pressing that requires them to be there. I don't mind picking up some slack so the guys with families can spend more time with them, since our management is totally dicking them in the pay dept. (no wage increases, no bonuses, hiring freeze, layoffs... etc.)
There's kind a grinding capitalistic thing going on here too, at least in my industry. you get ahead by busting your butt, and that's the perception that many of the higher up sorts (IT and otherwise) have. I've personally made the decision to work hard while I'm still young so I get to a more comfortable place by the time I'm thirty. If that means I have to put in some 12 hr days to singlehandedly pull off huge projects, so be it. my resume was pretty good before the last 2 years but now it's like a book, and at least for me it's been worth it...
I totally know what you mean- I have numerous servers and PCs under and around my desk, running and/or in various states of disrepair. some of them are running semi-important tasks (at least to me) so everyone knows NOT TO TOUCH ANYTHING. this works out really well, as things like my mp3 server and the UT server don't get touched either:)
and the piles of cards- that works out awesome. make sure you get neurotic with people about ESD problems and the dangers of it, and then pile tons of expensive looking cards around. this works out really well if you have lots of old EISA cards or things that you KNOW will never be used again (this can backfire if you've got other technically competent people who realize that EISA is dead.)
another really good thing to try is to leave stacks of unlabeled burnt CD-Rs around. it's a good way to keep people from digging through your software collection(s) if you say there are IMPORTANT files in there that can't be put out of order... you get the picture.
it's not really much of a BOFH thing as much as it is a keeping your space kind of thing. nobody likes it when the desktop guys decide they need to browse through your stuff, and relieve you of that triple channel ultra-3 raid controller (even though they don't even know what it is.)
so cheers to you, my fellow comrade in messiness:)
torx = proper screwdriver for the job instead of a bent up t shaped hex wrench:P (as a geek i know these things. as a compaq tech i really know them... lol)
and for that matter, it took me a long time to open them because people who shelled out 4000 bucks for one of them got pissed off if you scratched it or did ANYTHING that made their mac look different...
I swear that I must be the only one that remembers the days of impenatrable Mac cases. the whole point of the apple case design way back when was to make it so the end user wouldn't be able to easily get into it. they wanted you to go to a certified apple repair tech (like I was at the time.) the really, really old macs required torx with 12" shafts to get open without breaking or forcing anything. anyone else remember those days? of slowly removing the power supplies just so you could add memory? what a pain.
Sometimes I think everyone forgets that apple's "easy access" case design is a complete about face from their previous efforts. I don't always think pulling a 180 is good, since that means you were going half-assed to start with.
that, and from an old crusty apple tech... pretty cases do not a powerful impressive machine make (apple OR x86.)
I'm on the RoadRunner network, and my little freebsd desktop has received 644 hits since august 1. 566 of those TODAY, on august 4th, almost completely consisting of the coderedII version.
of course this makes me regret linking/default.ida to a 500mb random text file:)
oh hell yeah. I hate that. those kinds of marketroid losers suck. especially when they have no clue what they're really asking you, and can't give you a clear picture of what you're doing. blah.
DO NOT HIRE FSCKING JOB HUNTERS (i will not repeat this one)
do you mean that one should not hire people who are unemployed and actively searching for jobs? or do you mean that one should not hire people who are always looking for the next step beyond you, showing that they consider you to be a temporary position?
I dislike people who bounce around all the time, but there's nothing wrong with unemployed folks. during this time there are a lot of great people out on their luck, none of which is their fault or a reflection of their competence level.
I'm guessing I probably misread what you meant there:)
those of us in the midwest are living with near 100 degree heat and 98 percent humidity. maybe you're just getting all the AC from all those buildings leaking out:)
those of us in the real world with that green growing stuff around us are dying from the heat. even those of us 500 miles north of you.
TEMPEST is a classification, not a system. you don't tap people's system with "TEMPEST". read the orange book if you want to know more about what it is, or some of the FOIA docs on cryptome.org. thanks.
I heard that Telstra in AU and MCI here in the US are providing some IPv6 services. maybe you could get that, and not only would you have a static IP, but you'd have one that was specific to your machine for life:) just don't change your NIC or it'll change on you. hehe:)
well, one thing with IPv6 (kind of like IPX in this respect) is that the last 48 bits of your address are your MAC address. while this is ethernet (and compatible) addressing specific, that's most everything these days. so it's not even a matter of static or dynamic anymore, as everything just *IS* what it is, and that's about it. I don't know if you remember the IPX days, or even experienced them, but there wasn't much of an issue with addressing with it (at least in the same respect as we have with IP now.) I look forward to IP addressing being less of an issue.
That being said, routing protocols will need to be furthered, and some of the new routing protocols as well as the IPv6 versions of old standbys (like BGP, OSPF, etc) are pretty slick. think about the amount of route summarization you'd need to do for BGP so you don't kill yourself! we're talking massive exponentional expansions in potential routes. ouch. I think that's why most of the IPv6 space is going to be kept close together to save us all the hassle of watching our older equipment die under the load. thinking of all those little ISP's loading up IPv6 BGP on a cisco 3640 or something equivalent just makes me want to cry:)
This product is called SecurID, and it works pretty well. it's typically sold by RSA security or resellers for them. works really nifty with SSH connections, IPSec VPN stuff, etc.
although it's only really useful if you set a hard company policy that not following the usage rules for it will get you spanked. otherwise you have to run around after users trying to fix their stupidity, which is always hopeless:)
at least in minnesota, RR has been very good to me. no port blocking, no bandwidth locking, seemingly unlimited amounts of IP space to use, fast news servers, etc etc. I guess I like them, and I hope the one in my area doesn't become like @home!
I see that some other posters have touched on some of these questions; namely, what sort of licensing this product will be released under. I understand that the majority of their code is probably internally developed applications and libraries but I would think you'd still have some hint of derivative works and some of those might be linked to GPL or LGPL libraries/code... it just seems a little odd, to me. I hope to hear back from them with regards to the licensing questions I've asked (via fax, phone, and email) but we'll have to see on that one.
The biggest concern here for me is that they are positioning their firm to license out their code to embedded product designers/manufacturers- I'd personally hate to blindly license some product for a firm that is later found out to be violating IP laws, as that would most likely have some negative impact upon my company and my products. To me these people seem to smell kind of like MOSIX, at least at first blush. I hope that my first suspicions are incorrect!
The thing of it is, even OpenBSD does not really have MAC support. You must have fine grained mandatory access control abilities for all parts of an OS if you want it to be secure, and to work well in a security-centric environment. even NT does this (to what level is debatable, of course.:)
I've been watching the various projects looking to develop MAC support for *BSD and I'm glad to see the TrustedBSD project actually going somewhere. I received the announce from them just a few minutes ago, oddly enough- slashdot beat me to seeing it even from them. wow.
Robert Watson knows his stuff, though, so this looks promising. I know I'm looking forward to seeing what they come up with; this seems like a much more sensible development strategy for the DoD, as opposed to funding GPL technologies that leave them hamstrung with distribution and reselling issues. I hope to see more projects like this, and hope that they roll that code back into FreeBSD for all of us civvies to use.
I got modded down... heh. but it's true- anyone who isn't currently collecting stats off their equipment at all, much less in a secure fashion, is smoking crack. I do that for 100+ locations and I'm on a secured private network! I can't possibly IMAGINE the kind of shit you'd get if you had that running on the wild'n'woolly scary public internet. *cringe*.
I guess I was just surprised that with how "geeky" this site is, etc etc, that there seem to be truly few geeks running it. I guess being able to write lots of perl and stuff like that is useful somehow but let's face it... infrastructure skills count for something, eh?
Us pathetic hardware geeks have a saying about never trusting people who operate above OSI layer 3...
1.) TEMPEST = DoD standard for shielding AGAINST electromagnetic signal interception. It's just a huge bunch of annoying specs for creating giant heavy computers with lots of screws; faraday cages, fibre optic cabling, protected power circuits, blah blah blah.
2.) To intercept your computer monitor signals (and to a lesser degree, your NIC, keyboard, whatever) you'd tune into Van Eck radiation (like the interference generated by your computer monitor.) This really isn't that difficult to do yourself, and in the hands of professionals is very impressive. this would be one of those things you would TEMPEST shield yourself AGAINST.
3.) For that matter, for US Citizens intentionally shielding your house/building/office/equipment to TEMPEST specs is considered a federal crime. That one always made me wonder- why would my desire to shield my house be a major concern and need to be against the law, if it required a warrant to be served to me to search my home? Who's up to what, here?
Slashdot Mirror
first off, I'm not talking about his consumer hardware, although having conformity in that would be good as well... I was mostly referring to his servers, which should be good, stable, quality boxes. If you read the article you would have noticed he suggested slapping together a crappy old desktop to use as an X server for the environment- it wouldn't hurt him to use an older server (if he's cost constrained) to build a slightly slower (than the bleeding edge) but totally rock solid and decent performing box. There's more to putting things together than just using parts- you need to think about what happens if those parts break, etc. I find that using old compaq equipment is good since I can source those parts almost anywhere. (I do a lot of volunteer work building systems and environments for non-profits and schools, and nothing works better for a cheap server than a 3 yr old compaq 1600. cheap and fast, with great subsystems.)
:P
anyway, nobody doing infrastructure work gives much of a damn about the desktops anyway. they're just end devices
I'm not perpetuating any myth; I'm saying that a 5mbit shared coax pipe across N users is going to have an increasing amount of contention for network space. The more you try to cram onto that large, SINGLE collision domain, the worse it will get. I remember those days and I'd personally rather avoid them again, considering the cost is pretty negligible.
:)
I'd also submit that having a 100-mbit duplex connection to a switch with that X server will definitely help X performance, especially as the number of users grows. but again, that's just my opinion. feel free to use archaic technologies and sell them as viable solutions all you want
I agree with you completely... I read that and went "my god". why would anyone in their right mind consider using that technology again? I still cringe thinking about trying to maintain that stuff.
:P)
For that matter, the disgustingly low cost of decent quality 10/100 pci nics (netgear comes to mind- I prefer intel or 3com, but cheap is cheap, right?) and the low cost of cat5 or at worst cat3 really makes thinnet an insane concept. For that matter, having all those collisions is not really my idea of fun- investing in a few decently priced switches would improve his network performance by quite a bit. (there's such a thing as LATENCY, besides pure bandwidth
It seems to me that the guy writing this article is some kind of nutjob just out of school or something, who sees a piece of crap PC and says "Hey! that'd make a great (DNS/DHCP/SMTP/whatever) server." and then he proceeds to build it, and go from there.
Now here's my take on it- if that guy worked for me, or I was hired to manage him, I'd fire his ass faster than you can say "GET OUT." people like that are dangerous, because they don't think about some of those important things... like stability, downtime costs, etc. I don't care of the bargain basement box was super cheap, I'd prefer to spend a few more hundred and be sure the damn thing will always run and be something I can get parts for if it breaks.
If I built my array of DHCP servers, or DNS servers, or something like that out of generic desktop 200-300mhz boxes (like he suggests) I would be gone. and I would deserve to get canned. to do that when you need to guarantee that things work is just blatantly retarded.
Well, while having some speed enhancements isn't bad, I like the fact that it's "stable" out of the box. Considering that I use it on large, beefy boxen, I'd prefer stability over mindboggling speed, only because I like things to always work, vs. having spectacular crashes or the like :)
I think it's better off left for individuals to tweak, since the average joe blow doesn't necessarily know how to and thusly won't hurt themselves with a stock system. FreeBSD is mostly a server class OS, and I like it that way; sometimes you sacrifice some speed for stability.
of course if you can get both, then it's best!
My god that's totally hilarious. someone please mod this guy up :)
my god you weren't kidding about the dubbing. that's unbelievably awful! I know this is off topic but he's seriously right about it, it's gawd awful. anyone in doubt should watch http://www.tekniikka.turkuamk.fi/~jfinnber/agapio/ putous.avi
unreal.
it varies. sometimes you don't really have a choice (I mean, of course you HAVE a choice, but losing your job isn't always the choice you want to make.)
with the economy going the way it is, and especially (at least for me) working for a stock brokerage, there's a certain amount of fear involved on my part to demand to work only 8 hrs a day. If I was to just leave at 5 pm (like some of my european friends do) and leave things undone until the next day, there would be some serious hell to pay.
although I don't make those kinds of demands of the guys who work for me... I try to get them to work only 8 a day, and leave early if there's nothing really pressing that requires them to be there. I don't mind picking up some slack so the guys with families can spend more time with them, since our management is totally dicking them in the pay dept. (no wage increases, no bonuses, hiring freeze, layoffs... etc.)
There's kind a grinding capitalistic thing going on here too, at least in my industry. you get ahead by busting your butt, and that's the perception that many of the higher up sorts (IT and otherwise) have. I've personally made the decision to work hard while I'm still young so I get to a more comfortable place by the time I'm thirty. If that means I have to put in some 12 hr days to singlehandedly pull off huge projects, so be it. my resume was pretty good before the last 2 years but now it's like a book, and at least for me it's been worth it...
YMMV I suppose.
I totally know what you mean- I have numerous servers and PCs under and around my desk, running and/or in various states of disrepair. some of them are running semi-important tasks (at least to me) so everyone knows NOT TO TOUCH ANYTHING. this works out really well, as things like my mp3 server and the UT server don't get touched either :)
:)
and the piles of cards- that works out awesome. make sure you get neurotic with people about ESD problems and the dangers of it, and then pile tons of expensive looking cards around. this works out really well if you have lots of old EISA cards or things that you KNOW will never be used again (this can backfire if you've got other technically competent people who realize that EISA is dead.)
another really good thing to try is to leave stacks of unlabeled burnt CD-Rs around. it's a good way to keep people from digging through your software collection(s) if you say there are IMPORTANT files in there that can't be put out of order... you get the picture.
it's not really much of a BOFH thing as much as it is a keeping your space kind of thing. nobody likes it when the desktop guys decide they need to browse through your stuff, and relieve you of that triple channel ultra-3 raid controller (even though they don't even know what it is.)
so cheers to you, my fellow comrade in messiness
torx = proper screwdriver for the job instead of a bent up t shaped hex wrench :P (as a geek i know these things. as a compaq tech i really know them... lol)
and for that matter, it took me a long time to open them because people who shelled out 4000 bucks for one of them got pissed off if you scratched it or did ANYTHING that made their mac look different...
I swear that I must be the only one that remembers the days of impenatrable Mac cases. the whole point of the apple case design way back when was to make it so the end user wouldn't be able to easily get into it. they wanted you to go to a certified apple repair tech (like I was at the time.) the really, really old macs required torx with 12" shafts to get open without breaking or forcing anything. anyone else remember those days? of slowly removing the power supplies just so you could add memory? what a pain.
Sometimes I think everyone forgets that apple's "easy access" case design is a complete about face from their previous efforts. I don't always think pulling a 180 is good, since that means you were going half-assed to start with.
that, and from an old crusty apple tech... pretty cases do not a powerful impressive machine make (apple OR x86.)
I'm on the RoadRunner network, and my little freebsd desktop has received 644 hits since august 1. 566 of those TODAY, on august 4th, almost completely consisting of the coderedII version.
/default.ida to a 500mb random text file :)
of course this makes me regret linking
oh hell yeah. I hate that. those kinds of marketroid losers suck. especially when they have no clue what they're really asking you, and can't give you a clear picture of what you're doing. blah.
DO NOT HIRE FSCKING JOB HUNTERS (i will not repeat this one)
:)
do you mean that one should not hire people who are unemployed and actively searching for jobs? or do you mean that one should not hire people who are always looking for the next step beyond you, showing that they consider you to be a temporary position?
I dislike people who bounce around all the time, but there's nothing wrong with unemployed folks. during this time there are a lot of great people out on their luck, none of which is their fault or a reflection of their competence level.
I'm guessing I probably misread what you meant there
in Minnesota it's just trees :P
those of us in the midwest are living with near 100 degree heat and 98 percent humidity. maybe you're just getting all the AC from all those buildings leaking out :)
those of us in the real world with that green growing stuff around us are dying from the heat. even those of us 500 miles north of you.
TEMPEST is a classification, not a system. you don't tap people's system with "TEMPEST". read the orange book if you want to know more about what it is, or some of the FOIA docs on cryptome.org. thanks.
I heard that Telstra in AU and MCI here in the US are providing some IPv6 services. maybe you could get that, and not only would you have a static IP, but you'd have one that was specific to your machine for life :) just don't change your NIC or it'll change on you. hehe :)
I'm retarded. I meant to mention IDRP as a replacement for BGP under IPv6, and I didn't. *smack forehead*
well, one thing with IPv6 (kind of like IPX in this respect) is that the last 48 bits of your address are your MAC address. while this is ethernet (and compatible) addressing specific, that's most everything these days. so it's not even a matter of static or dynamic anymore, as everything just *IS* what it is, and that's about it. I don't know if you remember the IPX days, or even experienced them, but there wasn't much of an issue with addressing with it (at least in the same respect as we have with IP now.) I look forward to IP addressing being less of an issue.
:)
e ntation/ip6routing.html
That being said, routing protocols will need to be furthered, and some of the new routing protocols as well as the IPv6 versions of old standbys (like BGP, OSPF, etc) are pretty slick. think about the amount of route summarization you'd need to do for BGP so you don't kill yourself! we're talking massive exponentional expansions in potential routes. ouch. I think that's why most of the IPv6 space is going to be kept close together to save us all the hassle of watching our older equipment die under the load. thinking of all those little ISP's loading up IPv6 BGP on a cisco 3640 or something equivalent just makes me want to cry
Here's a good link on the routing issues moving to IPv6: http://www.t17.ds.pwr.wroc.pl/~misiek/ipv6/!Docum
This product is called SecurID, and it works pretty well. it's typically sold by RSA security or resellers for them. works really nifty with SSH connections, IPSec VPN stuff, etc.
:)
although it's only really useful if you set a hard company policy that not following the usage rules for it will get you spanked. otherwise you have to run around after users trying to fix their stupidity, which is always hopeless
at least in minnesota, RR has been very good to me. no port blocking, no bandwidth locking, seemingly unlimited amounts of IP space to use, fast news servers, etc etc. I guess I like them, and I hope the one in my area doesn't become like @home!
I see that some other posters have touched on some of these questions; namely, what sort of licensing this product will be released under. I understand that the majority of their code is probably internally developed applications and libraries but I would think you'd still have some hint of derivative works and some of those might be linked to GPL or LGPL libraries/code... it just seems a little odd, to me. I hope to hear back from them with regards to the licensing questions I've asked (via fax, phone, and email) but we'll have to see on that one.
The biggest concern here for me is that they are positioning their firm to license out their code to embedded product designers/manufacturers- I'd personally hate to blindly license some product for a firm that is later found out to be violating IP laws, as that would most likely have some negative impact upon my company and my products. To me these people seem to smell kind of like MOSIX, at least at first blush. I hope that my first suspicions are incorrect!
The thing of it is, even OpenBSD does not really have MAC support. You must have fine grained mandatory access control abilities for all parts of an OS if you want it to be secure, and to work well in a security-centric environment. even NT does this (to what level is debatable, of course. :)
I've been watching the various projects looking to develop MAC support for *BSD and I'm glad to see the TrustedBSD project actually going somewhere. I received the announce from them just a few minutes ago, oddly enough- slashdot beat me to seeing it even from them. wow.
Robert Watson knows his stuff, though, so this looks promising. I know I'm looking forward to seeing what they come up with; this seems like a much more sensible development strategy for the DoD, as opposed to funding GPL technologies that leave them hamstrung with distribution and reselling issues. I hope to see more projects like this, and hope that they roll that code back into FreeBSD for all of us civvies to use.
I got modded down... heh. but it's true- anyone who isn't currently collecting stats off their equipment at all, much less in a secure fashion, is smoking crack. I do that for 100+ locations and I'm on a secured private network! I can't possibly IMAGINE the kind of shit you'd get if you had that running on the wild'n'woolly scary public internet. *cringe*.
I guess I was just surprised that with how "geeky" this site is, etc etc, that there seem to be truly few geeks running it. I guess being able to write lots of perl and stuff like that is useful somehow but let's face it... infrastructure skills count for something, eh?
Us pathetic hardware geeks have a saying about never trusting people who operate above OSI layer 3...
Ok, I need to say this...
1.) TEMPEST = DoD standard for shielding AGAINST electromagnetic signal interception. It's just a huge bunch of annoying specs for creating giant heavy computers with lots of screws; faraday cages, fibre optic cabling, protected power circuits, blah blah blah.
2.) To intercept your computer monitor signals (and to a lesser degree, your NIC, keyboard, whatever) you'd tune into Van Eck radiation (like the interference generated by your computer monitor.) This really isn't that difficult to do yourself, and in the hands of professionals is very impressive. this would be one of those things you would TEMPEST shield yourself AGAINST.
3.) For that matter, for US Citizens intentionally shielding your house/building/office/equipment to TEMPEST specs is considered a federal crime. That one always made me wonder- why would my desire to shield my house be a major concern and need to be against the law, if it required a warrant to be served to me to search my home? Who's up to what, here?