After digging around some (see the posts above), Linus seems to feel that the patches are too intrusive, which I can certainly understand. Hard Real time promises are not good in the general case, which is why most OSen don't bother. For the cases that require them, traditionally there are specialized OSen (QNX for example) that have the functionality needed. I'm not sure about this, but I believe that there are some specific hardware requirements for true RT. The scheduler is also radically different.
It would not suppise me at all if this lives a long and fruitful life outside of the standard kernel, as a stand-alone patch set. That's not even a bad place to live, especially since the requirements are rather esoteric.
I agree about the old news bit. I also think the author is being quite harsh on Nintendo. Every one has been scoffing at their GBA->GameCube linking as just a profit scheme. It is a profit scheme, but there are some huge advantages to it for the gamer as well... just take a look at FF:Chrystal Chronicals.
The point of this is that Nintendo had the guts to do something different, and allowed people (like Square) to be creative. The DS with it's dual screen and stylus will be the same. It's a change of paradigm... it allows new controls, and new interfaces.
If you want something cool, take a look at the Metroid game for the DS. It's a true FPS for a hand held. And since the DS does wireless, you just have to walk up to someone else with a DS, and you can play head to head (up to 4 player IIRC). No wires, no funky cables, just play.
If you actually RTFA, you'll see the real reason burried a little more than half way down:
"I think what you're seeing is an odd little linguistic artifact," said Zuckerman, former vice president of Tripod.com and now a fellow at Harvard's Berkman Center for Internet and Society who studies search engines. The chief culprit, he theorized, is that mainstream news publications refer to the senator on second reference as Kerry, while alternative news sites often use the phrase "John Kerry" multiple times, for effect or derision. To Google News' eye, that's a more exact search result.
Basically, google is doing exactly what we told it too: looking for the most links with 'john kerry' in it.
"Computers are out to destroy us. This can be proven by the fact that they do exactly what we tell them."
Well, I have 1 really good reason to not go Cisco: $$$$$$$
When we moved our building, we got to rearchitect our whole network. Great experience, if you can get the company to foot the bill. There was a LOT of political pressure to go Cisco, but it turns out that their lowest end enterprise level switching gear was still twice the cost of Extreme Networks highest end gear. In the end, the CIO/CFO couldn't get past the price tag difference, despite the cisco brand recognition.
That, and the lowest end extreme gear outperformed the highest end cisco gear on a 'backplane packets per second'. Certainly important for clusters.[1]
Other advantages for Extreme are 1) very easy CLI, 2) full layer 3 capabilities, 3) can participate in almost any routing protocol you can name.
Besides, when has/. been about 'defacto standards'? If we were into those, we'd be Microsoft bigots...
[1] granted, there are other things that add value for cisco... for one biggie, cisco's port mirroring capabilities (for IDS and whatnot) are a long way ahead of Extreme's
What level of interconnect do you want? (gig copper? gig fiber? 10/100?)
Or are you looking for something more specialized (HIPPI compliant or something similarly obscure?)
That said, if you're looking for in the ethernet space, we've been really happy with our recent Extreme Networks chassie's. Their black diamond 10k line is the newest release, and it looks awesome. It's really dense, they've got crazy levels of backplane bandwidth, and ours have been really reliable (granted, we have the previous generation of the gear). The chassies have blades (just like everyone else) that can speak 10/100, 10/100/1000 copper, gig fiber, 10 gig fiber, etc.
SETI works really well because a measurement from one quadrant of the sky doesn't affect the measurement taken in another.
A one degree change in one quadrants prediction affects all the quadrants immediately surrounding it. This data has to be communicated to the surrounding areas, which in turn affect them, and ripple through the entire model. This communication burden flattens even beowulf levels of connectivity, let alone a desktop on a broadband connection. This is why IBM still makes a mint on large, SSI (single system image) servers, $1-30 million per server.
Well, I'm not 100% sure that's fair. AIX and HP still have their old school 'format -> mkfs' path, and that is what Sun is comparing their 'new world order' to. Now, if you want to do cool things like Raid, then you need to either do the hardware based stuff, or you play with Disksuite or Veritas Volume Manager[1].
Both have more interesting and pretty ways of playing with volumes. Disksuite is a free, add on package, and Veritas charges an arm and a leg for their Volume Manager.
In addition to the other cool features, ZFS is just a way to deepen the abstraction away from physical volumes.
As to it's inherent coolness, or lack there of, I'll let y'all know when I've actually been able to play with it.
[1]Had Sun been wise years ago, they would have just bought Veritas, and the world would be very different. Now however, Veritas is one of the largest software companies in the world.
I would completely agree. These settings are optimized for a 'best fit' situation. Solaris for example is tuned mostly for a pure lan environment. We have an application that is distributed to various wan sites. I don't recall which setting we had to twiddle, but increasing a timeout saved a LOT of user headaches.
These things are adjustable for a reason. Now they are not made easy to adjust (have to have some relativly arcane knowleduge to do so), but that's what a good sysadmin is for.
Re:Limited set of IP's?
on
Spam's U.S. Roots
·
· Score: 2, Informative
Ciphertrust is an anti-spam company. They'll sell less of their product if they give away that info.
That said, we use their Ironmail product at work, and it is AWESOME. We're blocking 200k spams a week for under 2000 mailboxes. It also wraps anti-virus (from sophos), and OWA proxy, imap, pop3, content filtering, etc. It's a wonderful appliance, that's unix based, and it's even got a really nice web front end.
If you do anti-spam for part of your paycheck, it's a product worth considering.
There are lots of really valid reasons that don't involve big brother for companies to keep an eye on IM communications. First off, I know people in my company who commit financial transactions for the company over IM. It's completely stupid that they do this, but they do it none the less. An audit trail for the company's money is required.
The second thing I can think of is corperate espionage. Companies spend lots of money on products that audit email leaving the company, looking for sensitive documents, key phrases, etc. We really need the same thing for IM, if it's going to be used in a business context for business data.
I'd also love to see a promise that the chanel between me and the person I'm talking to is encrypted. I can do that with email: force TLS encryption from my email gateway directly to theirs.
These are all good things, and don't get to the 'big brother' complaints. Those will be there, and I believe that there will always be a free IM without these auditing requirements for people who don't need them.
It wouldn't supprise me if they do use VMWare, and the like.
The next level will be detecting if you're running in a vmware instance. Probably not too hard... just look at the nic type if I had to guess.
There are some things that won't work without a full blown, isolated lab environment. I'm kinda supprised that the virus companies aren't using THAT setup already. Have everything install from images, and have 5 or so computers, and call it a day.
This is what off site storage is for. There are 2 companies currently begging for our business offering us just these services.
Remember, there are several main things that backups cover. It's important to remember which you're doing, and which are importante:
1) Disaster recovery. Full system restoration at a remote site (if the building collapses, will you be back up and functionional in $NUMBER hours?) This usually involves full system backups, using the most tapes. You can get away with weekly incrimentals, but beyond that you're doing too much tape shuffling at the restoration facility. This means a nightly backup, this means a LOT of tapes, and some largish libraries doing some serious throughput. Thankfully, your retention window is really short. 2 runs through that 'week' interval is usually all you'd need.
2) File recovery. This is long term storage, of mostly user data. "I deleted this file by accident, can I get it back?" "We dropped this table because it wasn't useful anymore, but we just discovered that this important monthly process actually does use it... can we get the data back?", etc. This doesn't take as much throughput or tapes per night as DR does (since you don't need the full OS image anymore), but the killer is the retention window. 6 months? A year? This is usually a policy decision for the people wearing suits.
3) Archival. This the data that 3 letter government agencies require you to keep for $BIGNUM years (usually 7 or so). Financial data, some customer data, etc. Thankfully, it's usually a thin subset of your normal data lode, and doesn't require much throughput to deal with. However, the storage requirements suck, and the media requirements are evil too. Just how do you restore a tape from a manufacturer who went out of business 3 years ago? CD's work well for this, as do some mainstream tape venders. Stay close to standards, since interoperability will save your bacon.
This is a huge problem. Backup to Disk is nifty, and makes lots of money for companies like EMC, but it isn't a good solution for anything other than DR. If you need long term file recovery, or worse data archiving, it's not going to work, and TAPE (or sometimes CD/DVDs) are the only game in town.
And many people forget the biggest thing of all: TEST YOUR BACKUP STRATAGY. Go offsite and try to restore some servers. How long does it take? How long can your enterprise survive? I work at a gas company, and parts of our enterprise are government mandatated to be back up and running in 12 hours. This is not easy.
Well, with Sun's 'sunray' stuff. YOu carry a smart card, pop it in, do your work. Mid work, pull the card, and the screen goes blank. Pop the card in another computer, and your work is still there.
The future is 10 years ago.
Well, with Xterminals... dummy boxes with small system image, loading a desktop off the central server.
The future is 20 years ago.
Well, with mainframe technology, and 3270 terminals.
"Several hours to roll-back a patch, as opposed to a day or better of complete down time because the system was ravaged by a virus or worm, then spread to other computers on the network. Choose your battles; it's the lesser of two evils."
I completely disagree. With proper measures, it can be done.
MS will never have a true 'forced patch upgrade' in 'thou shalt' terms. Enterprises will run away screaming. There are reasons you have development, and test environments for serious pieces of enterprise infrastructure (and exchange would qualify). Roll the patches to dev, then test. Pound on them for a while. See what happens, then apply it to production.
We all know that exchange bare on the internet is a bad idea. It can be done, and it can be done moderatly securly, but a border gateway is almost a requirement. [1]
If you have a reasonable antivirus product infront of exchange, you'll be able to run it unpatched for a the few hours you need to test a true, critical patch.
[1] For a great product, hit www.ciphertrust.com. Their 'ironmail' product is awesome. Great anti-spam, wonderful anti-virus, good content filtering, OWA proxy for webmail. Email appliance. We use it at work, and are blocking 180,000 spam messages/week for 1700 mailboxes.
Ok then, I want a somewhat short, reasonably clear document that describes how a general user should install cups (and sundry) discover their printer, print a test page, and share it via samba.
Preferably with a complete, end to end example of 2 or 3 major printer types from major manufacturers (say 1 HP, and 1 Epson printer).
I don't want a developers guide. I don't want to read code. I don't want to futz with foomatic vs. gimp-print (though I recognize that is required and not going to change soon). I don't care about IPP vs paraport.
If we had clear, user focused documentation for cups, I think the linux printing world would be much better. As it stands, the cups howto says (first) read the documentation, and (second) read the man pages. The first link on that page should be this document I'm describing.
In windows, I don't have to understand the entire printing architecture in order to install a printer. Usually, I just have to plug it in. Cups should make it simple as well.
Personally, if I needed to do such a thing, I'd run with either Gentoo or Debian (depending on how much memory you could get for it).
With Debian, you should go for the base install, then use apt-get to retrieve what you want. Keep it minimal: play with X and blackbox, fluxbox, XFCE, etc. You probably won't be able to get away with gnome/kde.
With gentoo, first set up a large swapfile, second do the install, third 'emerge ccache', fourth emerge x, and leave for a bit. I was able to get gentoo on a very similar laptop a year ago or so. Ran pretty well.
But the best suggestion I have is to google for some memory. I found 128 meg sodimms for $40... That would get you up to 192mb, which will help you a lot. The box tops out at 288mb (2x128mb, and onboard 32mb).
I certainly haven't looked at all the contenders in the DNS space... However, most of them are missing some requirements of the RFC.
The most glaring example is djbdns not implementing zone transfers. I am well aware of his answer of 'use rsync over ssh', but that's not acceptable. The RFC dictates that zone transfers be possible, so they should be possible. If there's a problem with the RFC, then it should be updated... They're called 'REQUEST FOR COMMENTS' for a reason.
That said, it's perfectly possible to set up a secure DNS environment with BIND. It's part of my job.
If you like, there's a good template for a named.conf file at:
http://cyberbuzz.gatech.edu/jprice/named/named.c on f
The install kernel would not boot. I tried the beta installer for test, the default installer for test, and the default installer for stable. None of them would boot. I use debian on i386, so I know how the install works.
The gentoo install kernel just worked, so I worked with it.
I'm mostly distribution agnostic. I've played with all the big players. Some are better than others, but the best way is to be able to work with any of them.
Gentoo is a wonderful distribution... It's the only thing recent that I could get to install on my sparc64 box.
That said, I would never run it in a production environment. It's tendancy to encourage bleeding edge packages WILL come back to bite you at some point.
RedHat is an excelent choice for production systems, if for no other reason than easily available and proven support contracts. I know that it's 'leet' to be able to look up things in google, but if you get hit by a bus, it will let the company survive while they find your replacement.
Having a support contract is also wonderful for getting to REAL support. If you're dealing with something really esoteric, you will often be much better off with a support contract. Let them fight to find the answer out of some kernel developer in New Zealand. You have the rest of your job to do too.
For your desktop box, I would urge you to do at least a gentoo stage 1 build, if not a Linux From Scratch install. These will take you forever to finish, but your knowledge of the linux as an OS will skyrocket. And while you're learning, you won't be affecting the company's bottom line, which ultimately provides you with the paycheck.
As for books, the armadillo book from ORA is wonderful, as is the 'purple book' (the successor to the highly acclaimed 'red book'. King of unix system admin books). The purple book will run you about $60-70, but reading through it will help you learn a lot.
Let's see: General notes:
1) Run postfix rather than sendmail. More secure, and easier to deal with. Less hair loss is to be encouraged.
2) Ban telnet, and use ssh.
3) Learn firewalling. Become hyper anal.
3a) Learn DMZ's. Limit exposure. There are some people who have 1 firewall interface per application (my company is moving that way). It's great for fine grained access control.
4) You don't and can't know everything. Admit this often. It's part of the key to learning.
This hit over the weekend, so I imagine that Cisco is still in damage control mode. A stratagy for dealing with this is shutdown ALL lines of communication and get the house in order before you talk to anyone.
Besides, the story yesterday on/. had a link to an IRC brag. The guy got access to their network, and to their sourcesafe repository, hacked together his own faux sourcesafe client, and sucked the code out that way.
It now being Monday (and 6:00 AM on Monday in California), it wouldn't supprise me if they have a press conference or press release (late) today or tomorrow.
Reading the description, it sets the nic into promiscuous mode, and listens for traffic, and filters it. That shouldn't take more than a percentage or 2.
To follow up on the other child post, the INSTALL file is pretty cool. Just read through it a couple of times to make sure you know where you're going before you start (MTA's being moderatly important)
As for the 'sendmail directives' bit, there's not a good doc for that because it's mostly not needed. The main.cf file comes with about 10 lines of comments per 'command'. You need to uncomment about 3 of them to get a working MTA. If you're doing something funky with sendmail (UUCP gateway type stuff) then it will take a bit more doing, but postfix should work.
To be fair, there are some real corner cases where sendmail works and nothing else will (like playing the Towers of Hanoi on port 25).
The specification is intended for WUSB to operate as a wire replacement with targeted usage models for cluster connectivity to the host and device-to-device connectivity at less than 10 meters.
As another respondant said, CA is in the business of buying cool products, killing R&D, flogging the product to death for a few years, and tossing the dried out husk to their intelectual property banks.
Open source probably scares them. Widespread adoption of Open Source would destroy their business model.
Slashdot Mirror
After digging around some (see the posts above), Linus seems to feel that the patches are too intrusive, which I can certainly understand. Hard Real time promises are not good in the general case, which is why most OSen don't bother. For the cases that require them, traditionally there are specialized OSen (QNX for example) that have the functionality needed. I'm not sure about this, but I believe that there are some specific hardware requirements for true RT. The scheduler is also radically different.
It would not suppise me at all if this lives a long and fruitful life outside of the standard kernel, as a stand-alone patch set. That's not even a bad place to live, especially since the requirements are rather esoteric.
I agree about the old news bit. I also think the author is being quite harsh on Nintendo. Every one has been scoffing at their GBA->GameCube linking as just a profit scheme. It is a profit scheme, but there are some huge advantages to it for the gamer as well... just take a look at FF:Chrystal Chronicals.
The point of this is that Nintendo had the guts to do something different, and allowed people (like Square) to be creative. The DS with it's dual screen and stylus will be the same. It's a change of paradigm... it allows new controls, and new interfaces.
If you want something cool, take a look at the Metroid game for the DS. It's a true FPS for a hand held. And since the DS does wireless, you just have to walk up to someone else with a DS, and you can play head to head (up to 4 player IIRC). No wires, no funky cables, just play.
Who knows what new ideas will come out of it?
If you actually RTFA, you'll see the real reason burried a little more than half way down:
"I think what you're seeing is an odd little linguistic artifact," said Zuckerman, former vice president of Tripod.com and now a fellow at Harvard's Berkman Center for Internet and Society who studies search engines. The chief culprit, he theorized, is that mainstream news publications refer to the senator on second reference as Kerry, while alternative news sites often use the phrase "John Kerry" multiple times, for effect or derision. To Google News' eye, that's a more exact search result.
Basically, google is doing exactly what we told it too: looking for the most links with 'john kerry' in it.
"Computers are out to destroy us. This can be proven by the fact that they do exactly what we tell them."
Well, I have 1 really good reason to not go Cisco: $$$$$$$
/. been about 'defacto standards'? If we were into those, we'd be Microsoft bigots...
When we moved our building, we got to rearchitect our whole network. Great experience, if you can get the company to foot the bill. There was a LOT of political pressure to go Cisco, but it turns out that their lowest end enterprise level switching gear was still twice the cost of Extreme Networks highest end gear. In the end, the CIO/CFO couldn't get past the price tag difference, despite the cisco brand recognition.
That, and the lowest end extreme gear outperformed the highest end cisco gear on a 'backplane packets per second'. Certainly important for clusters.[1]
Other advantages for Extreme are 1) very easy CLI, 2) full layer 3 capabilities, 3) can participate in almost any routing protocol you can name.
Besides, when has
[1] granted, there are other things that add value for cisco... for one biggie, cisco's port mirroring capabilities (for IDS and whatnot) are a long way ahead of Extreme's
What level of interconnect do you want? (gig copper? gig fiber? 10/100?)
Or are you looking for something more specialized (HIPPI compliant or something similarly obscure?)
That said, if you're looking for in the ethernet space, we've been really happy with our recent Extreme Networks chassie's. Their black diamond 10k line is the newest release, and it looks awesome. It's really dense, they've got crazy levels of backplane bandwidth, and ours have been really reliable (granted, we have the previous generation of the gear). The chassies have blades (just like everyone else) that can speak 10/100, 10/100/1000 copper, gig fiber, 10 gig fiber, etc.
Parallelization.
SETI works really well because a measurement from one quadrant of the sky doesn't affect the measurement taken in another.
A one degree change in one quadrants prediction affects all the quadrants immediately surrounding it. This data has to be communicated to the surrounding areas, which in turn affect them, and ripple through the entire model. This communication burden flattens even beowulf levels of connectivity, let alone a desktop on a broadband connection. This is why IBM still makes a mint on large, SSI (single system image) servers, $1-30 million per server.
Well, I'm not 100% sure that's fair. AIX and HP still have their old school 'format -> mkfs' path, and that is what Sun is comparing their 'new world order' to. Now, if you want to do cool things like Raid, then you need to either do the hardware based stuff, or you play with Disksuite or Veritas Volume Manager[1].
Both have more interesting and pretty ways of playing with volumes. Disksuite is a free, add on package, and Veritas charges an arm and a leg for their Volume Manager.
In addition to the other cool features, ZFS is just a way to deepen the abstraction away from physical volumes.
As to it's inherent coolness, or lack there of, I'll let y'all know when I've actually been able to play with it.
[1]Had Sun been wise years ago, they would have just bought Veritas, and the world would be very different. Now however, Veritas is one of the largest software companies in the world.
I would completely agree. These settings are optimized for a 'best fit' situation. Solaris for example is tuned mostly for a pure lan environment. We have an application that is distributed to various wan sites. I don't recall which setting we had to twiddle, but increasing a timeout saved a LOT of user headaches.
These things are adjustable for a reason. Now they are not made easy to adjust (have to have some relativly arcane knowleduge to do so), but that's what a good sysadmin is for.
Ciphertrust is an anti-spam company. They'll sell less of their product if they give away that info.
That said, we use their Ironmail product at work, and it is AWESOME. We're blocking 200k spams a week for under 2000 mailboxes. It also wraps anti-virus (from sophos), and OWA proxy, imap, pop3, content filtering, etc. It's a wonderful appliance, that's unix based, and it's even got a really nice web front end.
If you do anti-spam for part of your paycheck, it's a product worth considering.
There are lots of really valid reasons that don't involve big brother for companies to keep an eye on IM communications. First off, I know people in my company who commit financial transactions for the company over IM. It's completely stupid that they do this, but they do it none the less. An audit trail for the company's money is required.
The second thing I can think of is corperate espionage. Companies spend lots of money on products that audit email leaving the company, looking for sensitive documents, key phrases, etc. We really need the same thing for IM, if it's going to be used in a business context for business data.
I'd also love to see a promise that the chanel between me and the person I'm talking to is encrypted. I can do that with email: force TLS encryption from my email gateway directly to theirs.
These are all good things, and don't get to the 'big brother' complaints. Those will be there, and I believe that there will always be a free IM without these auditing requirements for people who don't need them.
It wouldn't supprise me if they do use VMWare, and the like.
The next level will be detecting if you're running in a vmware instance. Probably not too hard... just look at the nic type if I had to guess.
There are some things that won't work without a full blown, isolated lab environment. I'm kinda supprised that the virus companies aren't using THAT setup already. Have everything install from images, and have 5 or so computers, and call it a day.
This is what off site storage is for. There are 2 companies currently begging for our business offering us just these services.
Remember, there are several main things that backups cover. It's important to remember which you're doing, and which are importante:
1) Disaster recovery. Full system restoration at a remote site (if the building collapses, will you be back up and functionional in $NUMBER hours?) This usually involves full system backups, using the most tapes. You can get away with weekly incrimentals, but beyond that you're doing too much tape shuffling at the restoration facility. This means a nightly backup, this means a LOT of tapes, and some largish libraries doing some serious throughput. Thankfully, your retention window is really short. 2 runs through that 'week' interval is usually all you'd need.
2) File recovery. This is long term storage, of mostly user data. "I deleted this file by accident, can I get it back?" "We dropped this table because it wasn't useful anymore, but we just discovered that this important monthly process actually does use it... can we get the data back?", etc. This doesn't take as much throughput or tapes per night as DR does (since you don't need the full OS image anymore), but the killer is the retention window. 6 months? A year? This is usually a policy decision for the people wearing suits.
3) Archival. This the data that 3 letter government agencies require you to keep for $BIGNUM years (usually 7 or so). Financial data, some customer data, etc. Thankfully, it's usually a thin subset of your normal data lode, and doesn't require much throughput to deal with. However, the storage requirements suck, and the media requirements are evil too. Just how do you restore a tape from a manufacturer who went out of business 3 years ago? CD's work well for this, as do some mainstream tape venders. Stay close to standards, since interoperability will save your bacon.
This is a huge problem. Backup to Disk is nifty, and makes lots of money for companies like EMC, but it isn't a good solution for anything other than DR. If you need long term file recovery, or worse data archiving, it's not going to work, and TAPE (or sometimes CD/DVDs) are the only game in town.
And many people forget the biggest thing of all: TEST YOUR BACKUP STRATAGY. Go offsite and try to restore some servers. How long does it take? How long can your enterprise survive? I work at a gas company, and parts of our enterprise are government mandatated to be back up and running in 12 hours. This is not easy.
Well, with Sun's 'sunray' stuff. YOu carry a smart card, pop it in, do your work. Mid work, pull the card, and the screen goes blank. Pop the card in another computer, and your work is still there.
The future is 10 years ago.
Well, with Xterminals... dummy boxes with small system image, loading a desktop off the central server.
The future is 20 years ago.
Well, with mainframe technology, and 3270 terminals.
"Several hours to roll-back a patch, as opposed to a day or better of complete down time because the system was ravaged by a virus or worm, then spread to other computers on the network. Choose your battles; it's the lesser of two evils."
I completely disagree. With proper measures, it can be done.
MS will never have a true 'forced patch upgrade' in 'thou shalt' terms. Enterprises will run away screaming. There are reasons you have development, and test environments for serious pieces of enterprise infrastructure (and exchange would qualify). Roll the patches to dev, then test. Pound on them for a while. See what happens, then apply it to production.
We all know that exchange bare on the internet is a bad idea. It can be done, and it can be done moderatly securly, but a border gateway is almost a requirement. [1]
If you have a reasonable antivirus product infront of exchange, you'll be able to run it unpatched for a the few hours you need to test a true, critical patch.
[1] For a great product, hit www.ciphertrust.com. Their 'ironmail' product is awesome. Great anti-spam, wonderful anti-virus, good content filtering, OWA proxy for webmail. Email appliance. We use it at work, and are blocking 180,000 spam messages/week for 1700 mailboxes.
Ok then, I want a somewhat short, reasonably clear document that describes how a general user should install cups (and sundry) discover their printer, print a test page, and share it via samba.
Preferably with a complete, end to end example of 2 or 3 major printer types from major manufacturers (say 1 HP, and 1 Epson printer).
I don't want a developers guide. I don't want to read code. I don't want to futz with foomatic vs. gimp-print (though I recognize that is required and not going to change soon). I don't care about IPP vs paraport.
If we had clear, user focused documentation for cups, I think the linux printing world would be much better. As it stands, the cups howto says (first) read the documentation, and (second) read the man pages. The first link on that page should be this document I'm describing.
In windows, I don't have to understand the entire printing architecture in order to install a printer. Usually, I just have to plug it in. Cups should make it simple as well.
First question: What do you want to do with it?
Personally, if I needed to do such a thing, I'd run with either Gentoo or Debian (depending on how much memory you could get for it).
With Debian, you should go for the base install, then use apt-get to retrieve what you want. Keep it minimal: play with X and blackbox, fluxbox, XFCE, etc. You probably won't be able to get away with gnome/kde.
With gentoo, first set up a large swapfile, second do the install, third 'emerge ccache', fourth emerge x, and leave for a bit. I was able to get gentoo on a very similar laptop a year ago or so. Ran pretty well.
But the best suggestion I have is to google for some memory. I found 128 meg sodimms for $40... That would get you up to 192mb, which will help you a lot. The box tops out at 288mb (2x128mb, and onboard 32mb).
I certainly haven't looked at all the contenders in the DNS space... However, most of them are missing some requirements of the RFC.
c on f
The most glaring example is djbdns not implementing zone transfers. I am well aware of his answer of 'use rsync over ssh', but that's not acceptable. The RFC dictates that zone transfers be possible, so they should be possible. If there's a problem with the RFC, then it should be updated... They're called 'REQUEST FOR COMMENTS' for a reason.
That said, it's perfectly possible to set up a secure DNS environment with BIND. It's part of my job.
If you like, there's a good template for a named.conf file at:
http://cyberbuzz.gatech.edu/jprice/named/named.
The install kernel would not boot. I tried the beta installer for test, the default installer for test, and the default installer for stable. None of them would boot. I use debian on i386, so I know how the install works.
The gentoo install kernel just worked, so I worked with it.
I'm mostly distribution agnostic. I've played with all the big players. Some are better than others, but the best way is to be able to work with any of them.
Gentoo is a wonderful distribution... It's the only thing recent that I could get to install on my sparc64 box.
That said, I would never run it in a production environment. It's tendancy to encourage bleeding edge packages WILL come back to bite you at some point.
RedHat is an excelent choice for production systems, if for no other reason than easily available and proven support contracts. I know that it's 'leet' to be able to look up things in google, but if you get hit by a bus, it will let the company survive while they find your replacement.
Having a support contract is also wonderful for getting to REAL support. If you're dealing with something really esoteric, you will often be much better off with a support contract. Let them fight to find the answer out of some kernel developer in New Zealand. You have the rest of your job to do too.
For your desktop box, I would urge you to do at least a gentoo stage 1 build, if not a Linux From Scratch install. These will take you forever to finish, but your knowledge of the linux as an OS will skyrocket. And while you're learning, you won't be affecting the company's bottom line, which ultimately provides you with the paycheck.
As for books, the armadillo book from ORA is wonderful, as is the 'purple book' (the successor to the highly acclaimed 'red book'. King of unix system admin books). The purple book will run you about $60-70, but reading through it will help you learn a lot.
Let's see: General notes:
1) Run postfix rather than sendmail. More secure, and easier to deal with. Less hair loss is to be encouraged.
2) Ban telnet, and use ssh.
3) Learn firewalling. Become hyper anal.
3a) Learn DMZ's. Limit exposure. There are some people who have 1 firewall interface per application (my company is moving that way). It's great for fine grained access control.
4) You don't and can't know everything. Admit this often. It's part of the key to learning.
This hit over the weekend, so I imagine that Cisco is still in damage control mode. A stratagy for dealing with this is shutdown ALL lines of communication and get the house in order before you talk to anyone.
/. had a link to an IRC brag. The guy got access to their network, and to their sourcesafe repository, hacked together his own faux sourcesafe client, and sucked the code out that way.
Besides, the story yesterday on
It now being Monday (and 6:00 AM on Monday in California), it wouldn't supprise me if they have a press conference or press release (late) today or tomorrow.
Reading the description, it sets the nic into promiscuous mode, and listens for traffic, and filters it. That shouldn't take more than a percentage or 2.
Every single one of these has been in postfix for at least 2-3 years. They have been UPDATED in postfix 2.1, not new features.
To follow up on the other child post, the INSTALL file is pretty cool. Just read through it a couple of times to make sure you know where you're going before you start (MTA's being moderatly important)
As for the 'sendmail directives' bit, there's not a good doc for that because it's mostly not needed. The main.cf file comes with about 10 lines of comments per 'command'. You need to uncomment about 3 of them to get a working MTA. If you're doing something funky with sendmail (UUCP gateway type stuff) then it will take a bit more doing, but postfix should work.
To be fair, there are some real corner cases where sendmail works and nothing else will (like playing the Towers of Hanoi on port 25).
The specification is intended for WUSB to operate as a wire replacement with targeted usage models for cluster connectivity to the host and device-to-device connectivity at less than 10 meters.
As another respondant said, CA is in the business of buying cool products, killing R&D, flogging the product to death for a few years, and tossing the dried out husk to their intelectual property banks.
Open source probably scares them. Widespread adoption of Open Source would destroy their business model.