The other problem of course is that the vast majority of web apps are primarily developed for MySQL, Pg support is almost always beta and usually has bugs that need working out, it's almost always easier to just use MySQL in these circumstances.
The MySQL fans would continue using MySQL, particularly if all the remaining clients and tools continued to work in a similar way.
If that were true people would be switching to postgresql in droves. Its purely due to the lack of Postgresql hosting as a standard part of web hosting packages that are stiffling adoption.
Please elaborate, a BSD licensed software is the most "free" of any license, your free to do whatever you want with it including supplying it without the source. Under a BSD license EVERYONE has those same freedoms, whereas with GPLed software that option only exists for the original author.
This all highlights an interesting flaw in the GPL, this practice of contributions not being accepted back under the GPL seems to seriously restrict the freedoms of contributors.
Although the contributions may appear small, they are usually bug fixes that represent a lot of work. A one line bug fix can take many hours to track down. Without those bug fixes the project isn't anywhere near complete and is a buggy alpha.
The BSD license at least protects against this a little, if a BSD project is closed then others who are financially motivated could afford to throw developers at a fork, this is not possible with GPLed software. Of course the fact that this possiblity exists tends to stop it happening in the first place, analagous two to countries having nuclear warheads pointed at each other.
I can totally understand that people reach a point where they want to make some money out of their work, but getting mindshare and free developer support by using the GPL seems the wrong way to go about it.
I used SPAM Assassin quite happily for many years but found the effectiveness started dropping, there are some messages that just can't be caught, usually these are the worst kinds of messages (ie. a face full of spunk) almost always received by the people most likely to be offended (ie. 55 year old female administrative staff).
False positives seem to be more of a problem written in languages other than English. Pretty much all of our e-mail in Welsh language we receive through AOL has been tagged by AOL as SPAM, you might say AOL losers etc. But SpamAssassin & Messagelabs also incorrectly tag e-mails, training these systems doesn't really help and that pretty much ruled those options out, then on top of that if we don't respond to Freedom of Information requests within 20 days we can be fined, so another good reason to not rely on any SPAM system that can be manipulated by the user, better to not receive than to misfile and forget.
I have measured our greylisting performance, I manually filtered over 8000 messages and found only 4 items (Nigerian / lottery frauds) that were undetected SPAM, that gives us 99.95% and our users have had to take no action whatsoever to achieve this. Asside from the usually very short (usually less than 5 minutes) initial delay and the very occasional non-delivery (3 instances in 18 months) due to a broken downstream mailserver (easily rectified with a phone number & guaranteed to work contact e-mail in the bounce) it's very low maintenance.
Another great feature of greylisting is that it's a highly effective first line of defense against viruses. Prior to enabling greylisting I was getting around 10-20 messages a minute intercepted by our virus scanners, with greylisting the number is more like 8 a DAY and all of those are thanks to either transparant SMTP proxying from some brain dead ISPs or messages passed on through forwarding.
SPAM is not really a security risk as such, but the fact that greylisting has such strong anti-virus capabilities should when balanced against it's few potential shortcomings make it very easy to justify switching on as a good e-mail security measure.
Oh and I really get a laugh when people using SpamAssassin helpfully mark their own non-SPAM e-mail as SPAM, thats always a good one and a sure sign that there is something seriously wrong with the SpamAssassin approach.
The problem with SPAMD, SpamAssassin etc. is they rely too much on training and user interaction. If a user has to go into the SPAM box and double check that no mistakes have been made then the system is worse than not having any SPAM checking at all as most users will not check the SPAM box, this is especially true for larger deployments where it is much harder to train users and these environments usually cannot afford for these sorts of mistakes to be made.
I've found greylisting to be the best solution so far, primarily because the user doesn't have to do anything, there is no quarantine or training and it's 99.93% effective out of the box. The only real problem is that occasionally some mail servers are not compatible with greylisting, in this case the sender would get a bounce which IMO is better than filing false positives in a SPAM quarantine folder that may never be checked.
Greylisting is almost completely maintenance free, I've been using the same greylisting daemon (postgrey) for 18 months and asside from whilelisting a handful of servers there has been no other work to keep the system running effectively and my users don't even know it's there.
Nonsense. Although there are very few good measures of distribution usage netcraft shows that there are more web servers running FreeBSD than the other top 3 linux distributions put together. Compare Linux to FreeBSD and theres alot more, but compare FreeBSD against any other single linux distribution and there will not be a lot in it.
I know netcraft only measures public web servers and in all likelyhood FreeBSDs popularity in this area is likely to be from hosting alot of domains on a few huge web farms although this in itself says something about FreeBSD.
As a previous thread said one of Linuxes biggest problems is distribution fragmentation, this rears it's ugly head most often with closed source binaries, most seem only to support Redhat 8, 9 or RHEL. Anything else and you are on your own, in some cases FreeBSD can actually be helpful here, install the required linux compatibility distribution for your binary only app and you are set.
The biggest problem FreeBSD has at the moment is it's appaling Java support, if that problem was fixed properly it would be doing alot better.
When you grew out of access the database could easily be ported to either SQL Server or Postgres, there are not a great deal of differences particularly if you move up.
Trying to move from a database written in any of those three back to MySQL was almost impossible though, due to lack of views and subselects, while those were not essential for an app written from scratch, they are essential if you want to port back from a database that has been using them.
It'll be interesting to see how the new version of MySQL shapes up, it's always been a good performer but without some of those features it was always a choice with most business apps of Postgres or SQL Server for us, of course mysql has been used for simpler apps (When you've got more than 30 tables views tend to become essential). and we've never had any problems with it.
Indeed, No Perl, No PHP, No Bind, No Sendmail. All in all a pretty useless server with non GPLed software.
Linux was in the right place at the right time and made some good decisions, half the success of Linux could be down to the fact it supported IDE CDROM and Hard Disks really early on which was a real barrier to entry with most commercial x86 unixes at the time. Price was not the never really the barrier to entry. Sun / SCO have always had fairly cheap deals on X86 unix.
The license had very little to do with it, there are plenty of successful BSD or BSD-a-like licensed projects which are the backbone of any linux server. Much the same way the BSDs wouldn't be in a very good position without GCC.
I've made very few contributions to open source projects, a few documentation fixes, feedback and fielding a few questions on some mailling lists. I expect I'm the same as pretty much every other user of open source software. The choice of license wether GPL OR BSD does not make the slightest bit of functional difference to me and I doubt that in real-terms it makes any difference to the other 98% of open source users out there.
It really depends what your doing with it though. If you are using flash and only write to it once every so often for a firmware upgrade or to change the odd setting then it will last a very long time.
If on the other hand you are using it as a data store and writing data every second or so then you will eventually tire the thing out.
If I buy a washing machine and it's faulty, I'm entitled to take the machine back to the store that I bought it from and get a full refund or get them to arrange a replacement.
The warranty is something extra on top of my consumer rights.
It was no magic cable... When the original DVD drives came out processors were not capable of decoding the content, so a hardware decoding card was included to perform the hard work. The magic cable simply allowed the card to overlay the DVD content onto your monitor much like a genlock or early 3DFC cards.
Those same DVD drives used in newer computers work just fine without the decoder card.
Having trialled openexchange I wouldn't recommend it, particularly as an exchange replacement for use with outlook. The Outlook integration is poor quality and doesn't correctly support alot of groupware functionality. Shared calendars for instance are not handled very well at all.
Openexchange seems to treat the outlook connector as a stepping stone to getting everyone using the web interface which although usable is not the ideal platform for everyday use. Web clients should be supplemental tools for use away from the desk and not as a primary means of working with a system.
Openexchange also does not play nicely with PocketPCs or other tools that sync to Outlook folders.
One product that is very promising and perhaps even has better groupware functionality than exchange and is linux based is Scalix.
This has a very high quality outlook connector and a very nice webclient. Amongst other things it allows users to delegate their own mailboxes to other users, configure their own shared calendars. Allows users to access group mailboxes and has nice offline working.
Scalix is Linux based and runs on top of Redhat Enterprise Linux or CentOS.
It's not cheap, but if you are looking for a Linux based quality alternative to exchange then it's a good bet.
Across town fiber connections while having high initial setup costs, don't really cost all that much in rental (£600 a month for a 100Mbit connection, see LES circuits in BT price list).
The real cost to the ISP is giving you 100Mbit of usable internet bandwidth and that is where the costs really kick in. The 256kbit upload limit on DSL nicely slows down P2P traffic which would otherwise crucify any ISP.
Of course in some countries faster broadband speeds are possible, this is not however a function of the technology as such, this is due to local properties, take Japan for instance, often touted as broadband heaven. Considering that the vast majority of the large population lives in a relatively small geographical area, language considerations limiting the need to hit international bandwidth, its no surprise that compared to us they've got superfast broadband speeds.
The opposite to Japan is Australia, about a dozen cities, low population size (20 Million) and english speaking so hitting a lot of international (mostly american) bandwidth. It is no wonder that broadband service is expensive and slow.
Before the advent of cheap broadband the limiting factor was the local loop, but for now and the forseeable future its the bandwidth between your ISP and the rest of the internet that is the bottleneck.
You're barking up the wrong tree. Yes Linux (the kernel) is GPLed and Yes the BSD operating systems are BSD licensed. BUT if you look at the applications typically installed on both systems you'll find a mix of GPL and BSD licensed applications and it will surprise you how many core applications are BSD licensed.
If you took away the BSD licensed applications away from Linux it wouldn't be of much use as a server operating system.
Jason.
Re:favorite program for network security testing
on
Anatomy of a Hack
·
· Score: 1
Well in that case you've missed most of the points in that article.
They did not use any vulnerabilities, certainly not anything that an outside scan by nessus would have picked up.
Microsoft are stanardising on SIP. So that won't be a problem as such. Messenger is already a SIP client, although not currently well suited to VOIP.
I've seen a few screen shots of the new business messenger, it does have a few interesting features such as outlook integration, so that you can see a VOIP users phone status from within outlook, you can also embed phone numbers into office documents and do a few other things.
The Mitel sales guy who showed off this version of messenger wasn't expecting the microsoft client to replace their own client, but will include suppport for completeness.
Linux IS GPL, the GCC toolchain IS GPL, the GNU file utilities ARE GPL, BUT the vast majority of the server applications and remaining development tools are in fact BSD licensed (or roughly similar terms).
I'm getting there, I've achieved alot since I've been in the post. Pretty much single sign on now for all systems, plus alot of the legacy unix systems are being phased out for Windows or Linux.
On the desktops we're pretty much going over to terminal services and a thin client operating system.
Don't be completely fooled by what I said, we DO have plenty of IT staff all skilled in those individual areas, but for getting things consistent and running smoothly, being able to work on the full suite of technologies available does mean your in a good position to advise and plan how to tidy the horrific mess up. In isolation we are fine, but as for finding out why Web App X running over terminal services from office Z isn't working properly they've no chance. This is completely apparant as well from the kit installed, its all usually complete overkill for the job (eg. 100Mbit redundant WAN connections for a 50 person office with no heavy data requirements), if theres some sort of problem then they through money at higher end kit until it goes away and it usually always reoccurs.
Your point about losing the staff is spot on, so is your point about departments managing their own systems if their unwilling to comply. The problem with this of course is when Mr Departmental Part-time IT Guy leaves and they hire the replacement they often forget that he was "Departmental Part-time IT Guy" and hire someone without those skills. At some point a month or so later when they hit a systems problem we often have little choice but to take on whatever legacy he has left behind.
The place has really suffered from no clear procurement procedures. Departments could go out and purchase whatever they wanted and we're expected to support it, trying to change that is a big problem as we're taking so many toys away. Plus we're chopping away at the mini-IT empires within departments, progress is being made, but IT are still unfortunately well out of the loop on many projects.
Ack, I could go on, but I know where we need to go and I'm slowly getting there. It just takes a great deal of time.
Tailor your resume to the job. If they exclusively mention UNIX then put all your unix projects and experience down and a "working knowledge" of Windows administration, and vice versa for Windows jobs.
From what you've said so far it sounds as though you are not that diverse, all your listed skills are essentially windows administration.
I work on a daily basis with firewalls and vpns, LAN switching and the WAN (we've around 150 branch offices, use mostly Cisco kit but we're rural so we have to be very creative), linux server management, web and application hosting (IIS/Apache/Tomcat/Some other weird stuff) on UNIX (Solaris, Linux, BSD, SCO OpenServer) databases (sql server, mysql and postgres) , e-mail, internet access (inc filtering and auditing), terminal services, load balancing, active directory, vmware, unix integration and pretty much anything else that is thrown at me - which are usually problems occuring from a mix of the above components. I'm not talking about casual use here either, I mean specing, installation, testing, faulting finding maintenance and ongoing administration.
That mix might sound ridiculous, but we have to support whatever systems are chosen by departments, one might choose a database app on ingres on Solaris, with a web front end provided by IIS on Windows. We just have to accept it and support it. From the job ads I've seen recently unix/windows/novell/cisco are often grouped together for a single post in addition to whatever applications and services they are running on those operating systems.
Slashdot Mirror
The other problem of course is that the vast majority of web apps are primarily developed for MySQL, Pg support is almost always beta and usually has bugs that need working out, it's almost always easier to just use MySQL in these circumstances.
The MySQL fans would continue using MySQL, particularly if all the remaining clients and tools continued to work in a similar way.
If that were true people would be switching to postgresql in droves. Its purely due to the lack of Postgresql hosting as a standard part of web hosting packages that are stiffling adoption.
J
MySQL could of course start using the postgres engine with the MySQL syntax and admin tools around it.
Might be a bit weird, but it's certainly possible.
Please elaborate, a BSD licensed software is the most "free" of any license, your free to do whatever you want with it including supplying it without the source. Under a BSD license EVERYONE has those same freedoms, whereas with GPLed software that option only exists for the original author.
This all highlights an interesting flaw in the GPL, this practice of contributions not being accepted back under the GPL seems to seriously restrict the freedoms of contributors.
Although the contributions may appear small, they are usually bug fixes that represent a lot of work. A one line bug fix can take many hours to track down. Without those bug fixes the project isn't anywhere near complete and is a buggy alpha.
The BSD license at least protects against this a little, if a BSD project is closed then others who are financially motivated could afford to throw developers at a fork, this is not possible with GPLed software. Of course the fact that this possiblity exists tends to stop it happening in the first place, analagous two to countries having nuclear warheads pointed at each other.
I can totally understand that people reach a point where they want to make some money out of their work, but getting mindshare and free developer support by using the GPL seems the wrong way to go about it.
I used SPAM Assassin quite happily for many years but found the effectiveness started dropping, there are some messages that just can't be caught, usually these are the worst kinds of messages (ie. a face full of spunk) almost always received by the people most likely to be offended (ie. 55 year old female administrative staff).
False positives seem to be more of a problem written in languages other than English. Pretty much all of our e-mail in Welsh language we receive through AOL has been tagged by AOL as SPAM, you might say AOL losers etc. But SpamAssassin & Messagelabs also incorrectly tag e-mails, training these systems doesn't really help and that pretty much ruled those options out, then on top of that if we don't respond to Freedom of Information requests within 20 days we can be fined, so another good reason to not rely on any SPAM system that can be manipulated by the user, better to not receive than to misfile and forget.
I have measured our greylisting performance, I manually filtered over 8000 messages and found only 4 items (Nigerian / lottery frauds) that were undetected SPAM, that gives us 99.95% and our users have had to take no action whatsoever to achieve this. Asside from the usually very short (usually less than 5 minutes) initial delay and the very occasional non-delivery (3 instances in 18 months) due to a broken downstream mailserver (easily rectified with a phone number & guaranteed to work contact e-mail in the bounce) it's very low maintenance.
Another great feature of greylisting is that it's a highly effective first line of defense against viruses. Prior to enabling greylisting I was getting around 10-20 messages a minute intercepted by our virus scanners, with greylisting the number is more like 8 a DAY and all of those are thanks to either transparant SMTP proxying from some brain dead ISPs or messages passed on through forwarding.
SPAM is not really a security risk as such, but the fact that greylisting has such strong anti-virus capabilities should when balanced against it's few potential shortcomings make it very easy to justify switching on as a good e-mail security measure.
Oh and I really get a laugh when people using SpamAssassin helpfully mark their own non-SPAM e-mail as SPAM, thats always a good one and a sure sign that there is something seriously wrong with the SpamAssassin approach.
Jason.
The problem with SPAMD, SpamAssassin etc. is they rely too much on training and user interaction. If a user has to go into the SPAM box and double check that no mistakes have been made then the system is worse than not having any SPAM checking at all as most users will not check the SPAM box, this is especially true for larger deployments where it is much harder to train users and these environments usually cannot afford for these sorts of mistakes to be made.
I've found greylisting to be the best solution so far, primarily because the user doesn't have to do anything, there is no quarantine or training and it's 99.93% effective out of the box. The only real problem is that occasionally some mail servers are not compatible with greylisting, in this case the sender would get a bounce which IMO is better than filing false positives in a SPAM quarantine folder that may never be checked.
Greylisting is almost completely maintenance free, I've been using the same greylisting daemon (postgrey) for 18 months and asside from whilelisting a handful of servers there has been no other work to keep the system running effectively and my users don't even know it's there.
Jason
Nonsense. Although there are very few good measures of distribution usage netcraft shows that there are more web servers running FreeBSD than the other top 3 linux distributions put together. Compare Linux to FreeBSD and theres alot more, but compare FreeBSD against any other single linux distribution and there will not be a lot in it.
I know netcraft only measures public web servers and in all likelyhood FreeBSDs popularity in this area is likely to be from hosting alot of domains on a few huge web farms although this in itself says something about FreeBSD.
As a previous thread said one of Linuxes biggest problems is distribution fragmentation, this rears it's ugly head most often with closed source binaries, most seem only to support Redhat 8, 9 or RHEL. Anything else and you are on your own, in some cases FreeBSD can actually be helpful here, install the required linux compatibility distribution for your binary only app and you are set.
The biggest problem FreeBSD has at the moment is it's appaling Java support, if that problem was fixed properly it would be doing alot better.
The SMP support is adequate and always has been.
Jason.
Nah, access was fine for what it was.
When you grew out of access the database could easily be ported to either SQL Server or Postgres, there are not a great deal of differences particularly if you move up.
Trying to move from a database written in any of those three back to MySQL was almost impossible though, due to lack of views and subselects, while those were not essential for an app written from scratch, they are essential if you want to port back from a database that has been using them.
It'll be interesting to see how the new version of MySQL shapes up, it's always been a good performer but without some of those features it was always a choice with most business apps of Postgres or SQL Server for us, of course mysql has been used for simpler apps (When you've got more than 30 tables views tend to become essential). and we've never had any problems with it.
Jason
I expect that the real problem is bandwidth. Just think what would happen their internet costs if this was available worldwide.
Jason.
Indeed, No Perl, No PHP, No Bind, No Sendmail. All in all a pretty useless server with non GPLed software.
Linux was in the right place at the right time and made some good decisions, half the success of Linux could be down to the fact it supported IDE CDROM and Hard Disks really early on which was a real barrier to entry with most commercial x86 unixes at the time. Price was not the never really the barrier to entry. Sun / SCO have always had fairly cheap deals on X86 unix.
The license had very little to do with it, there are plenty of successful BSD or BSD-a-like licensed projects which are the backbone of any linux server. Much the same way the BSDs wouldn't be in a very good position without GCC.
I've made very few contributions to open source projects, a few documentation fixes, feedback and fielding a few questions on some mailling lists. I expect I'm the same as pretty much every other user of open source software. The choice of license wether GPL OR BSD does not make the slightest bit of functional difference to me and I doubt that in real-terms it makes any difference to the other 98% of open source users out there.
It really depends what your doing with it though. If you are using flash and only write to it once every so often for a firmware upgrade or to change the odd setting then it will last a very long time.
If on the other hand you are using it as a data store and writing data every second or so then you will eventually tire the thing out.
Jason.
If I buy a washing machine and it's faulty, I'm entitled to take the machine back to the store that I bought it from and get a full refund or get them to arrange a replacement.
The warranty is something extra on top of my consumer rights.
Jason.
It was no magic cable... When the original DVD drives came out processors were not capable of decoding the content, so a hardware decoding card was included to perform the hard work. The magic cable simply allowed the card to overlay the DVD content onto your monitor much like a genlock or early 3DFC cards.
Those same DVD drives used in newer computers work just fine without the decoder card.
Jason.
Take a look at apg.. Find it on freshmeat/google..
apg -m 12 -x 14 -t
IgcusbavZeb7 (Ig-cus-bav-Zeb-SEVEN)
koatDokwepht (koat-Dok-wepht)
AwUkTeduldAc (Aw-Uk-Ted-uld-Ac)
gizJogcypnot} (giz-Jog-cyp-not-RIGHT_BRACE)
NodwacIbVawl (Nod-wac-Ib-Vawl)
vekOypevpast5 (vek-Oyp-ev-past-FIVE)
It pronunces nicely random passwords that can be pronounced so that you can remember then.
Pronounciation is in brackets.
Jason
Having trialled openexchange I wouldn't recommend it, particularly as an exchange replacement for use with outlook. The Outlook integration is poor quality and doesn't correctly support alot of groupware functionality. Shared calendars for instance are not handled very well at all.
Openexchange seems to treat the outlook connector as a stepping stone to getting everyone using the web interface which although usable is not the ideal platform for everyday use. Web clients should be supplemental tools for use away from the desk and not as a primary means of working with a system.
Openexchange also does not play nicely with PocketPCs or other tools that sync to Outlook folders.
One product that is very promising and perhaps even has better groupware functionality than exchange and is linux based is Scalix.
This has a very high quality outlook connector and a very nice webclient. Amongst other things it allows users to delegate their own mailboxes to other users, configure their own shared calendars. Allows users to access group mailboxes and has nice offline working.
Scalix is Linux based and runs on top of Redhat Enterprise Linux or CentOS.
It's not cheap, but if you are looking for a Linux based quality alternative to exchange then it's a good bet.
Jason.
How... ?
I've always got access denied.
Jason
The local loop technology isn't really the issue.
Across town fiber connections while having high initial setup costs, don't really cost all that much in rental (£600 a month for a 100Mbit connection, see LES circuits in BT price list).
The real cost to the ISP is giving you 100Mbit of usable internet bandwidth and that is where the costs really kick in. The 256kbit upload limit on DSL nicely slows down P2P traffic which would otherwise crucify any ISP.
Of course in some countries faster broadband speeds are possible, this is not however a function of the technology as such, this is due to local properties, take Japan for instance, often touted as broadband heaven. Considering that the vast majority of the large population lives in a relatively small geographical area, language considerations limiting the need to hit international bandwidth, its no surprise that compared to us they've got superfast broadband speeds.
The opposite to Japan is Australia, about a dozen cities, low population size (20 Million) and english speaking so hitting a lot of international (mostly american) bandwidth. It is no wonder that broadband service is expensive and slow.
Before the advent of cheap broadband the limiting factor was the local loop, but for now and the forseeable future its the bandwidth between your ISP and the rest of the internet that is the bottleneck.
Winbind, part of Samba.
OR for apache use: auth_kerb_module
OR for authentication only (manually add dummy users) use pam_krb5.conf
Its all fairly easy and you don't need to touch the unix services toolkit.
Jason.
You're barking up the wrong tree. Yes Linux (the kernel) is GPLed and Yes the BSD operating systems are BSD licensed. BUT if you look at the applications typically installed on both systems you'll find a mix of GPL and BSD licensed applications and it will surprise you how many core applications are BSD licensed.
If you took away the BSD licensed applications away from Linux it wouldn't be of much use as a server operating system.
Jason.
Well in that case you've missed most of the points in that article.
They did not use any vulnerabilities, certainly not anything that an outside scan by nessus would have picked up.
Jason
Microsoft are stanardising on SIP. So that won't be a problem as such. Messenger is already a SIP client, although not currently well suited to VOIP.
I've seen a few screen shots of the new business messenger, it does have a few interesting features such as outlook integration, so that you can see a VOIP users phone status from within outlook, you can also embed phone numbers into office documents and do a few other things.
The Mitel sales guy who showed off this version of messenger wasn't expecting the microsoft client to replace their own client, but will include suppport for completeness.
Jason.
Linux IS GPL, the GCC toolchain IS GPL, the GNU file utilities ARE GPL, BUT the vast majority of the server applications and remaining development tools are in fact BSD licensed (or roughly similar terms).
I'm getting there, I've achieved alot since I've been in the post. Pretty much single sign on now for all systems, plus alot of the legacy unix systems are being phased out for Windows or Linux.
On the desktops we're pretty much going over to terminal services and a thin client operating system.
Don't be completely fooled by what I said, we DO have plenty of IT staff all skilled in those individual areas, but for getting things consistent and running smoothly, being able to work on the full suite of technologies available does mean your in a good position to advise and plan how to tidy the horrific mess up. In isolation we are fine, but as for finding out why Web App X running over terminal services from office Z isn't working properly they've no chance. This is completely apparant as well from the kit installed, its all usually complete overkill for the job (eg. 100Mbit redundant WAN connections for a 50 person office with no heavy data requirements), if theres some sort of problem then they through money at higher end kit until it goes away and it usually always reoccurs.
Your point about losing the staff is spot on, so is your point about departments managing their own systems if their unwilling to comply. The problem with this of course is when Mr Departmental Part-time IT Guy leaves and they hire the replacement they often forget that he was "Departmental Part-time IT Guy" and hire someone without those skills. At some point a month or so later when they hit a systems problem we often have little choice but to take on whatever legacy he has left behind.
The place has really suffered from no clear procurement procedures. Departments could go out and purchase whatever they wanted and we're expected to support it, trying to change that is a big problem as we're taking so many toys away. Plus we're chopping away at the mini-IT empires within departments, progress is being made, but IT are still unfortunately well out of the loop on many projects.
Ack, I could go on, but I know where we need to go and I'm slowly getting there. It just takes a great deal of time.
Jason
Tailor your resume to the job. If they exclusively mention UNIX then put all your unix projects and experience down and a "working knowledge" of Windows administration, and vice versa for Windows jobs.
From what you've said so far it sounds as though you are not that diverse, all your listed skills are essentially windows administration.
I work on a daily basis with firewalls and vpns, LAN switching and the WAN (we've around 150 branch offices, use mostly Cisco kit but we're rural so we have to be very creative), linux server management, web and application hosting (IIS/Apache/Tomcat/Some other weird stuff) on UNIX (Solaris, Linux, BSD, SCO OpenServer) databases (sql server, mysql and postgres) , e-mail, internet access (inc filtering and auditing), terminal services, load balancing, active directory, vmware, unix integration and pretty much anything else that is thrown at me - which are usually problems occuring from a mix of the above components. I'm not talking about casual use here either, I mean specing, installation, testing, faulting finding maintenance and ongoing administration.
That mix might sound ridiculous, but we have to support whatever systems are chosen by departments, one might choose a database app on ingres on Solaris, with a web front end provided by IIS on Windows. We just have to accept it and support it. From the job ads I've seen recently unix/windows/novell/cisco are often grouped together for a single post in addition to whatever applications and services they are running on those operating systems.
A good sysadmin does wear many hats.
Jason.