I have to wonder at the quality of your local school system if you have 2nd graders that can 'barely read'. Based on the testing standards I'm seeing for my kindergartener, the AVERAGE child should be reading by 1st grade, and even the children who are somehow disadvantaged should be reading by 2nd grade.
I have little doubt that my child would be capable of point-and-clicking her way to being an RIAA-target, IF I were a parent so lax in my duties that I permitted her that kind of un-supervised computer access.
> But if energy was cheap enough, I'm sure we could come up with a way to increase the rate at which heat is radiated back into space, and/or decrease the rate at which heat is absorbed from the sun.:P >=Smidge=
I've actually thought about this - and I believe that the answer lies in a discovery that was awarded the 1997 Nobel Prize in Physics - Laser Cooling. Now the technique as described is for cooling atoms to near-absolute zero so as to be able to observe them better, but with Unlimited Free Energy(TM), it should be possible to generate a huge super-cooled mass in space and drop it down to Earth for cooling.
Of course, you don't need free energy to do this. Just go to the asteroid belt, capture a huge block of ice, and crash it into an ocean. For extra points, do this near the harbors of your enemies:) Just remember to check whether you have any allies within range of that tsunami you're about to generate...
Slashdot is a bit late to this story, actually. Messman pretty much just stuck his foot in his mouth, if he was even quoted correctly. Check out Bruce Peren's comment, and a response from Kristopher Magnusson (chair of Novell's Open Source Review Board) at http://lwn.net/Articles/28988/. Novell does seem to understand that Linux already has value, they just want to bring their value to the table.
I've almost got to believe that Jack Messman was trying to make some kind of joke about the SCO/IBM lawsuit in this comment, and has just been horribly mis-understood.
"Am I reading their prices [novell.com] right? $2 per user?? I might just reinstall Redhat on a spare box to test this out. Too bad they don't have a FreeBSD version."
It's better than that: 1) The first 250,000 licenses are free http://www.novell.com/products/edirectory/promo.ht ml 2) Many current Novell products (like iChain, & some products from other vendors) come with eDirectory licenses 3) Any significant purchase over the 250K mark is going to qualify for some type of volume purchase and thus cost less than $2/user.
> It sounds like (at the press conference today)they are getting a lot of military involved in the investigation panels. Why military?
That is not too suprising since NASA is a quasi-military outfit. All the early astronauts were test pilots, all the shuttle commanders and pilots are military officers.
The shuttles are built by military contractors and much of the design is classified as military secrets. Basically if you understand how to build those booster rockets you understand a good deal that would help you build an ICBM.
Basically the military is the main place outside of NASA you would find the expertise to examine the issues. The other place would be the elite engineering universities like MIT.
However expertise is not everything. Feynman did not find out about the rubber O rings himself, he just knew how to ask the right questions to get to the bottom of things. He was actually tipped off about the O rings. However the panel could dissmis the peons who were suggesting an O ring failure but there was no way they could dismiss Dick Feynman.
That was my second (or third) thought on Saturday morning (after "I can't believe we lost another one" and "Did they have time/warning enough to get out?") - that it's a damn shame we won't be able to call on Feynman to help us figure this one out.
The main point was that saying that there was nothing to do seems a bit foolish. NASA has pulled some pretty significant rabbits out of the hat in cases of having to deal with unexpected but non-catastrophic failures before. This one was not definitively catastrophic until reentry.
THANK you. This has been my biggest issue with the way things are sorting out. Yes, the orbital mechanics were all wrong for approaching the ISS. Yes, the lab module was blocking the airlock. Yes, there was no robot arm. Yes, there is no procedure to repair tiles in space.
But why in the name of all that is holy did they decide to not even look for damage? I saw a comment from last week that the damage was judged by the analysts to be minor, and thus no changes in re-entry were planned. This says to me that if damage was judged to be major, an alternative re-entry could have been planned to reduce heat and stress. No magic tile repair necessary, no emergency launch of supplies or rescue craft, just an alternative landing approach - and the astronauts could have been saved.
>> I am a professor at a large technical college....
Hello, mr. anonymous coward. I certainly hope that you are actually John Carnell, as your comment is cut&pasted from his Oct 31 review of this book on Amazon.com. If not, this message is a copyright violation.
Even if your enterprise feels that it must migrate away from Netware (a separate, debatable topic) - why not stay with Zenworks? Zen for Desktops 4 can run with NO Client32 (new feature, requiring a new workstation agent) and NO Netware - since 3.x, you can run ALL ZfD components, including eDirectory, from a NT or W2K server.
AND the price isn't too bad (list for Zen for Desktops 4 alone is on the order of $59/user, and it's hard to NOT qualify for a quantity discount).
AND it now includes the DirXML pieces necessary to synchronize the eDirectory IDs with your NT domain or Active Directory.
AND it will manage your W2K workstations, including MSIs, better than SMS.
velkro said: > Works good here. Novell's eDirectory has a pwdsyunc module available to sync info/passwords with Active Directory too.
Novell has got more than just one product that can fit this bill - DirXML can synchronize passwords (along with IDs, groups, etc) between eDirectory and NT domains or Active Directory with the Password Sync module (all three pieces now come free with Zen for Desktops 4, BTW), Novell Account Management can synchronize to Mainframe and Unix platforms as well as Windows, not to mention the whole single-signon/Secure Login family of products.
The difference between the various products is partially focus (identity management versus password synch), and partially the choice of authoritative sources (DirXML is VERY flexible).
Your info is out-of-date. The latest Zenworks for Servers, version 3.0, has full policy and distribution services support on Linux - you can distribute and install RPMs, for instance. Read the latest docs - Novell posts them for download at http://www.novell.com/documentation/lg/zfsi/index. html. The supported platforms are Solaris 8 and Linux kernel 2.4.x (tested on RedHat 7.1/7.2, but others should work).
Policy and Distribution services provides: (from the docs
* Control the versions of software installed on servers throughout the network
* Define and enforce a standard configuration on any given set of servers
* Control the behavior of servers in given situations, such as downing a server, backing up volumes, managing thresholds exceeded, and so on
It is still true, as far as I can see, that the Zen for Servers Management & Monitoring services, along with Inventory & Remote Control, do not extend natively to the Solaris or Linux platforms. Maybe there will be full support in the next version. In the meanwhile, SNMP management should still be available from a ZfS management console, and Remote Control can be handled through Telnet/SSH, VNC, etc.
Utilities like Snapshot exist for Linux in many forms already - think Tripwire & its relatives.
>cimetmc said: >Actually, I read this as client software development being allowed using this documentation. What is not allowed is using to documentation to write some kind of gateway that would allow multiple users to connect to the server over a single connection, thus bypassing the server licensing, plus the implementation of an NCP server.
Yes, that is the strict interpretation... but remember, lawyers interpret licenses, not people. The license does permit client development given the above two restrictions - but those are enough to (IMO, IANAL, etc) prohibit this documentation's use to create GPL'd software.
I just checked, and 1) ncpfs IS GPL'd, and 2) the author does not seem to have used Novell's documentation in the development of ncpfs. Why? Because ncpfs will permit you to mount a Netware volume at an arbitrary Linux mount point, and permit any Linux user to use files on that volume. This explicitly violates the NCP Documentation license at 2a.
And this is what I had in mind when I suggested that Novell would be better off making client documentation freely available - but as I said in my last message, the fact that ncpfs exists, is GPL'd, and contains IP support satisfies my needs. But this was only possible through the use of third party documentation (including some of Caldera's work), reverse engineering, and (in the USA) the expiration of the RSA patents...
As for the relevance of this all to this story, ncpfs can't be used on older Mac's, although it could conceivably be ported to OSX. Hence the importance of Prosoft finally updating their client to support modern (IP-only) Netware servers. The rub of course is that the new client is OSX only, so older Macs are stuck with IPX (old Prosoft client), Appletalk (NW4Mac on NW4 or Prosoft NLMs on NW5), or NFAP on NW5.1 or NW6.
I stand corrected, on both counts. The latest versions of ncpfs do indeed have support for NCP over IP.
I actually did know about the NCP documentation available through Novell's Developer Net - it's not what I originally had in mind though. Yes, it does document each NCP call - but (IMO) it hardly gives enough information to be used to generate a new client. Perhaps I'm just not enough of a developer to appreciate what's in the document.
The information is also provided under a restrictive license agreement that could inhibit its use for creating 3rd party Netware clients:
2. You may use the NCP Documentation only for providing technical
support services to end users of Novell products and to support Your development of Derivative Software that does not: a) enable more than one end user per copy of the Derivative Software to access a NetWare server; or, b) provide NetWare server functions.
I can see where they are coming from... and given that ncpfs does now have the necessary IP support, and Novell has even gone so far as to donate some time from one of their engineers to improving Ethereal's NCP decoder, I don't really have any objections.
This is true, if you use the Native File Access Pack, is included free with NW6. However, as I noted in a previous message, the NFAP is an additional protocol layer, similar in function to Samba. It re-exports native Netware volumes over alternate protocols - CIFS (Windows), NFS (*ix), and AFP (Mac) - all over IP.
The biggest difference for me is security & passwords, but then I'm a directory services geek. NFAP authentication by design uses a separate password hash than NCP authentication. A native NCP client uses RSA-licenses public/private key encryption to protect passwords - CIFS, AFP, and NFS do not. Therefore NFAP is designed to have a separate password for these protocols to protect the native password. The NFAP password is usually still protected by some kind of hash algorithm, but this is not as secure as the NCP methods.
But one of Novell's latest mantras is anywhere anytime access to your data, so they include NFAP as a least-common-denominator.
The news is that this is (reportedly) a native NCP client. LDAP/NIS/AD are all directory services - NCP is a file access protocol. Totally different animals.
This client is intended to permit a Mac user to map directly to a Netware volume without the old Netware (or Prosoft) for MAC NLMs, and without the new Native File Access pack NLMs - both of which, in different ways, forced the Netware server to look like a Mac server. A native NCP client goes the other way - it permits the Mac to use the Netware resources natively.
The advantage to the native Mac client is one less layer of indirection when accessing Netware-served files. The benefits should include improved security (relative to the Nw4Mac/NFAP methods), theoretically improved performance, better support for features such as clustering, etc.
In my opinion, Novell would be better off releasing sufficient information about NCP for third parties to create their own clients if they do not intend to write their own. I'm still waiting for the Linux equivalent to this client to appear, for instance. (as far as I can tell, ncpfs only supports IPX not native IP)
My god, I was going to start with a pitch for a non-GPL solution (I'll end with it instead)... but did you not follow your own link? There are THREE IPX tunnel packages on that page, not one. Sure, the other two are not much more recent, but the situation is hardly as dire as you make out.
LSM links: ipxtunnel by Andreas Godzina, from May 2000 (free for non-commercial purposes) ipxtund by Hinrich Eilts, from August 1998 (GPL) - the one you referenced & ipxbridge by Kir Kostuchenko, from January 2000 (GPL)
And, to be sure, any IPX-compatible VPN will also solve your problem, permitting IPX traffic to traverse an IP-only link.
But if it were me, I'd go to the source. If you are using IPX, you are most likely using Novell's Netware. Any recent version (5.x, 6.0) will support IPX tunneling using CMD (Compatibility-mode) drivers. This solution has the advantage of being commercially supported (an important consideration for an ISP), relatively easy to configure, and, if you are running the appropriate version of Netware already, won't cost you anything additional.
Out of curiosity, what is the application? Doom? Not many applications (aside from old IPX-only Netware clients and compatibles such as ncpfs) require IPX exclusively.
FreeLinux said: ... >You don't say what the manual ways are. I suspect that you are doing it with the Dell keyboard utility that Dell places on the desktop. This utility is more than likely making a registry change or has an ini file where it keeps the settings. You need to find out which and locate the change. >Once you have located the change it is a simple matter to push it out to the other machines. First, there are management applications that you should look at. With 4000 machines to manage you should definitely be running a management application. Microsoft sells SMS which is somewhere between OK and weak. Novell sells ZenWorks for Desktops(yes it runs on NT/2000 too), which is outstanding for this kind of thing. Both of these products will allow you to easily scan the system to find the changes that the Dell utility is making. Both management systems will allow you to image these changes and then automatically push them out to the clients. ... and then kenp2002 said: > Correct on al counts but distribution is no problem I have access to Tivoli for managment. But I was seeking help on how to remap the sleep key (or a good mailing list) as I could not get it to work through the registry or most keyboard tools. I wasn't looking for how to distribute it. I should have made it clearer. You hve plenty of good ideas. Also these machines are Kisok machines, no workstation apps at all, just in house stuff.
(both below 2 so I'm quoting to make them seen)
I'll repeat FreeLinux's comment - do you have a manual way to remap it? I have personal experience with Novell's ZENWorks - it includes a utility called SnapShot that can, as FreeLinux said, find the changes made by another app quite easily. You can view the changes thus discovered and push them out through the management tool of your choice. I would hope that Tivoli has a tool like SnapShot. If it doesn't, then how are you packaging apps for distribution?
And again as FreeLinux said - ZENWorks will run just fine on NT/2K without any Netware in sight. The latest version (4, now in beta) will even run without Client32.
I almost hate to bite on such an obvious troll... but I'd hate to be running anything BUT Netware on anything larger than an 30-pc network. Netware does a fine job of running enterprise-class file and print services. NDS/eDirectory is still THE choice for enterprise directory services, plus it can be hosted off of NT/2K/Linux/Solaris in addition to its native Netware.
I see the point of PHP on Netware as just another option - you can already run Apache & Tomcat on Netware, they are even running the new management pieces of Netware 6. You also already have Perl and Java... and with the licensing model of Netware 6 (user-based, not server- or connection- based as in the past) you can run as many servers as you need. Not really a huge consideration if you have the skills to run Linux, but much cheaper than purchasing 2K or XP + CALs just to run a simple website.
I don't see why you are mentioning BorderManager & port forwarding, though. Yes, perhaps a rabid Novell advocate would refuse to run anything else for the firewall (I am a strong believer in best-of-breed - NT/2K etc do have their place in application hosting) - but why would you need to 'forward port 80' for your linux+apache+php? Unless you think a site can have only one hostname or some such nonsense. I'd use iChain over BorderManager, anyways. I see BorderManager as more of an outbound (forward prox) solution, whereas iChain is targeted more at inbound traffic (reverse proxy).
Their latest products are rather neat - we're just scratching the surface here. If you haven't taken a look *recently*, you really have no idea.
See old discussions, and tread carefully
on
Company Paid Training?
·
· Score: 4, Insightful
Questions on the topic of employer paid training have been asked before: quiteafewtimes.
Some of the details covered in the previous discussions apply here in spades due to the amount and duration in question: The reimbursement MUST be only required in cases of voluntary separation, and MUST be pro-rated down over time (i.e. quit after 1 year and owe 2/3, after 2 years and owe 1/3).
They really want to give you $50K? Does that INCLUDE the cost of paying your salary while you are in class? Otherwise I can't see what they expect you to take... even if a class costs $5K/week, is your employer really going to give you 10 weeks of training? Or is the amount a 3-year total, or intended for grad school, or...?
In short, this sounds like a GREAT opportunity, but what will be expected of you as a result? What are the company-wide changes that make you question staying on? Is your employer specifying the classes? Be careful with this... and most especially be very careful with the conditions requiring reimbursement. You'd really hate to be stuck paying the company back a huge chunk of cash if they did a RIF, or re-assigned you as a janitor to force you to quit, etc.
VNC absolutely DOES provide this. You just have to set up multiple VNC sessions, one for each user. They each attach to their own instance of VNC, and each have their own desktop. IIRC this is fairly well documented, including ways for this to happen semi-automatically from inetd.
Wait, let me spend 5 seconds on Google... Ah yes, there's the disconnect. VNC on *Windows* is not multi-user. And as the source question clearly refers to thin-clients replacing an environment that is currently exclusively Windows, the criticism of VNC is valid. I do have to wonder just what it would take to add this capability to the Windows VNC... Terminal Server proves that the capabilities are there.
The bigger question for me is, can the existing Windows desktop environment be replaced with something that CAN run on VNC? Too bad Corel appears to be killing Word Perfect Office for Linux. I offer as proof, the total non-existence of WordPerfect Office 2002 for Linux, although they appear only too happy to still sell you training on the old Linux versions.
I'm practically speechless here... Microsoft has actually relinquished a proprietary lock.
I am neither expert enough at Kerberos nor Samba to know if the above-referenced web page (Here in case you missed it) is truly sufficient for interoperability, but it sure looks like it.
And the critical language is at the bottom:
Microsoft grants you a perpetual, nonexclusive, royalty-free, world-wide right and license under any Microsoft copyrights in this specification to copy, publish and distribute this specification, and to implement this specification in your products.
and
Microsoft is not currently aware of the existence of patent(s) and/or pending application(s) that are essential to the implementation of this specification. However, if Microsoft becomes aware or has any patent(s) and/or pending applications that are essential to implement this specification, Microsoft will grant you a royalty-free license under applicable Microsoft intellectual property rights essential to implement this specification for the sole purpose of implementing this specification. Microsoft expressly reserves all other rights it may have in the material and subject matter of this specification. The licensing commitments made hereunder do not include any license for implementation of other published specifications developed elsewhere but referred to in this specification.
Translation: You can use this spec in your products. It's not covered by any of our current or pending patents, and even if it is, you can still use it royalty-free.
Other related specs are not rendered licensed or royalty-free, so they MAY have kept a loophole - but this looks sincere so far.
I think Novell's eDirectory is a possible solution. You can run eDirectory on NetWare® 5.x or above, Windows 2000, Windows NT, Solaris, Linux, or Tru64. There are other Novell products (NDS-AS, DirXML, Zen for Desktops, Novell Account Management, SecureLogin) that extend eDirectory's reach even further.
There is a PAM module available for Linux that lets you log in using NDS (eDirectory) credentials. Other *nix clients should be handled the same. For an NT client you would either need to use Zen for Desktop's Dynamic Local User or you would need to use Novell Account Management. Account Management on NT will redirect the domain into NDS. On 2000, it will synchronize with Active Directory.
The other products I mentioned can take you in other directions. DirXML is a meta-directory synchronization tool. Available conduits include Active Directory, Exchange, LDAP, GroupWise, Lotus Notes, NT Domain, JDBC, Peoplesoft, SAP HR, and Delimited Text.
NDS Authentication Services (NDS-AS) extends NDS (eDirectory) authentication redirection to other platforms, including AIX, FreeBSD, HP-UX, Linux, OS/390, Solaris, and Windows. Note that some of NDS-AS duplicates functionality found in eDirectory or Account Management.
SecureLogin is a single sign-on technology, which may be another way to solve your problem.
To give you a bottom line answer, even if you want to ignore alternate solutions and go with a straight LDAP directory, use eDirectory. It doesn't matter which platform you run it from, Novell has demonstrated billion-user trees on several host OSes.
I'll start with the obvious - did you search Google or Freshmeat for Time Reporting solutions?
You don't say how many users you are supporting, but if it's less than ten I have an answer for you. Journyx has a timesheet program that is free for less than ten users. It is commercial software that runs on Windows NT, Windows 2000, AIX, Solaris, Linux and FreeBSD. Annual maintenance (giving you priority tech support)runs $435, within your limit. Pricing beyond 10 users is above your price limit, starting at $1375 for the next 10 users.
They also offer a hosted version of their app, with the following pricing: a minimum purchase bundle of 25 users, a monthly cost of $7 per user, and an initial setup fee of the higher of $250 or $10 per user. I can't tell from your problem description if this will fit your needs or not, as, for example, if you had 25 users this would have an inital cost of $250 and then an ongoing monthly expense of $175, costing $2350 for the first year. There are also online partners running 5- or 10-user hosted sites free, if you have this few users and don't want to run the application in-house.
This is a web-based solution - users would log in to the web page and clock in or out themselves. Reporting capabilities are built-in. The fact that the app is web-based permits you to secure the host and fulfills your requirement that time reporting be secured from end-user tampering.
Re:NDS and the 3 day rule
on
Disaster Recovery?
·
· Score: 2, Interesting
Bull. Utter crap. There is ABSOLUTELY NO reason that you would be forced to restore your NDS within three calendar days or rebuild your tree. Where did you get your information? The only three day limit I know of is a recommendation that if a server was going to be offline for more than this time, it might be better to remove it from the tree. This does keep NDS updating cleanly, as a partition can't advance its timestamps to the current time until the changes have been seen by all replicas.
That said, of course you should have had offsite replicas of each partition. With offsite replicas (or at least replicas on servers that didn't get destroyed) you can remove the crashed servers, still have access to your NDS resources (IDs, passwords, etc), and then re-install the crashed servers to the tree later.
But with or without offsite replicas - three days makes no sense. If the whole tree is involved in the disaster (all servers containing replicas of the tree are gone), it doesn't matter how long it takes you to begin NDS recovery. If the whole tree is not involved, but ALL replicas of a partition are, you may have isses with external references and subordinate reference partitions until you've completed recovery - but nothing that would require 'rebuilding your tree'. If all replicas are not gone, you do NOT have a problem, just a challenge:) Follow the TIDs and you will be fine.
Netware crashed server recovery has been interesting over the years. Netware 5.x & NDS8 removed the old DSMaint NLM that could preserve server references, so until the recent release of the XBROWSE program, the only clean way to quickly recover from a crashed server while preserving server references was to hang on to an old NW4x box to run the DSMaint process.
Recovering NDS from real disasters can be... challenging. If you don't know what you are doing, you *can* really mess things up. Be careful and you'll be fine.
Did you actually read the description of what he's going to be running? iFolder... that means Netware 6. This is not 5.0, or (god forbid!) 4.0 - this is a new OS, fully multiprocessor aware, running Apache & Tomcat!
I have Netware boxes (NW5.1 with support packs) in production, with thousands of active users, that regularly achieve uptimes measured in months. My lab tests to date predict even better results for NW6. We typically are only forced to bounce servers for three reasons: power outages, support packs, or faulty apps (server-side virus scanners & backup programs are big culprits here).
"His name.."'s comments do not match my experience at all. Netware is admittedly vulnerable to poorly-written NLMs, due to Ring 0 access, but that's how they get such great raw speed out of the OS. And you can EASILY develop server apps to run in Protected memory spaces nowadays. I believe that Apache and Tomcat are even configured to run in Protected memory spaces by default on NW6.
Please stop spreading FUD about Netware - Novell's marketing department trips up enough as it is. And I did not miss your comment that you developed for Netware - NLMs, I presume? Yes, Netware will easily let you shoot your own foot off, along with the feet of everyone else running on the same box - but so will Windows etc.
I can't speak to *BSD, having never used it in production.
Slashdot Mirror
Hehe.. Me Too!
I have to wonder at the quality of your local school system if you have 2nd graders that can 'barely read'. Based on the testing standards I'm seeing for my kindergartener, the AVERAGE child should be reading by 1st grade, and even the children who are somehow disadvantaged should be reading by 2nd grade.
I have little doubt that my child would be capable of point-and-clicking her way to being an RIAA-target, IF I were a parent so lax in my duties that I permitted her that kind of un-supervised computer access.
> But if energy was cheap enough, I'm sure we could come up with a way to increase the rate at which heat is radiated back into space, and/or decrease the rate at which heat is absorbed from the sun. :P
:) Just remember to check whether you have any allies within range of that tsunami you're about to generate...
>=Smidge=
I've actually thought about this - and I believe that the answer lies in a discovery that was awarded the 1997 Nobel Prize in Physics - Laser Cooling. Now the technique as described is for cooling atoms to near-absolute zero so as to be able to observe them better, but with Unlimited Free Energy(TM), it should be possible to generate a huge super-cooled mass in space and drop it down to Earth for cooling.
Of course, you don't need free energy to do this. Just go to the asteroid belt, capture a huge block of ice, and crash it into an ocean. For extra points, do this near the harbors of your enemies
Slashdot is a bit late to this story, actually. Messman pretty much just stuck his foot in his mouth, if he was even quoted correctly. Check out Bruce Peren's comment, and a response from Kristopher Magnusson (chair of Novell's Open Source Review Board) at http://lwn.net/Articles/28988/. Novell does seem to understand that Linux already has value, they just want to bring their value to the table.
I've almost got to believe that Jack Messman was trying to make some kind of joke about the SCO/IBM lawsuit in this comment, and has just been horribly mis-understood.
"Am I reading their prices [novell.com] right? $2 per user?? I might just reinstall Redhat on a spare box to test this out. Too bad they don't have a FreeBSD version."
t ml
It's better than that: 1) The first 250,000 licenses are free http://www.novell.com/products/edirectory/promo.h
2) Many current Novell products (like iChain, & some products from other vendors) come with eDirectory licenses
3) Any significant purchase over the 250K mark is going to qualify for some type of volume purchase and thus cost less than $2/user.
> It sounds like (at the press conference today)they are getting a lot of military involved in the investigation panels. Why military?
That is not too suprising since NASA is a quasi-military outfit. All the early astronauts were test pilots, all the shuttle commanders and pilots are military officers.
The shuttles are built by military contractors and much of the design is classified as military secrets. Basically if you understand how to build those booster rockets you understand a good deal that would help you build an ICBM.
Basically the military is the main place outside of NASA you would find the expertise to examine the issues. The other place would be the elite engineering universities like MIT.
However expertise is not everything. Feynman did not find out about the rubber O rings himself, he just knew how to ask the right questions to get to the bottom of things. He was actually tipped off about the O rings. However the panel could dissmis the peons who were suggesting an O ring failure but there was no way they could dismiss Dick Feynman.
That was my second (or third) thought on Saturday morning (after "I can't believe we lost another one" and "Did they have time/warning enough to get out?") - that it's a damn shame we won't be able to call on Feynman to help us figure this one out.
The main point was that saying that there was nothing to do seems a bit foolish. NASA has pulled some pretty significant rabbits out of the hat in cases of having to deal with unexpected but non-catastrophic failures before. This one was not definitively catastrophic until reentry.
THANK you. This has been my biggest issue with the way things are sorting out. Yes, the orbital mechanics were all wrong for approaching the ISS. Yes, the lab module was blocking the airlock. Yes, there was no robot arm. Yes, there is no procedure to repair tiles in space.
But why in the name of all that is holy did they decide to not even look for damage? I saw a comment from last week that the damage was judged by the analysts to be minor, and thus no changes in re-entry were planned. This says to me that if damage was judged to be major, an alternative re-entry could have been planned to reduce heat and stress. No magic tile repair necessary, no emergency launch of supplies or rescue craft, just an alternative landing approach - and the astronauts could have been saved.
Damn hindsight - let's have some foresight!
>> I am a professor at a large technical college....
Hello, mr. anonymous coward. I certainly hope that you are actually John Carnell, as your comment is cut&pasted from his Oct 31 review of this book on Amazon.com. If not, this message is a copyright violation.
Even if your enterprise feels that it must migrate away from Netware (a separate, debatable topic) - why not stay with Zenworks? Zen for Desktops 4 can run with NO Client32 (new feature, requiring a new workstation agent) and NO Netware - since 3.x, you can run ALL ZfD components, including eDirectory, from a NT or W2K server.
AND the price isn't too bad (list for Zen for Desktops 4 alone is on the order of $59/user, and it's hard to NOT qualify for a quantity discount).
AND it now includes the DirXML pieces necessary to synchronize the eDirectory IDs with your NT domain or Active Directory.
AND it will manage your W2K workstations, including MSIs, better than SMS.
velkro said:
> Works good here. Novell's eDirectory has a pwdsyunc module available to sync info/passwords with Active Directory too.
Novell has got more than just one product that can fit this bill - DirXML can synchronize passwords (along with IDs, groups, etc) between eDirectory and NT domains or Active Directory with the Password Sync module (all three pieces now come free with Zen for Desktops 4, BTW), Novell Account Management can synchronize to Mainframe and Unix platforms as well as Windows, not to mention the whole single-signon/Secure Login family of products.
The difference between the various products is partially focus (identity management versus password synch), and partially the choice of authoritative sources (DirXML is VERY flexible).
Your info is out-of-date. The latest Zenworks for Servers, version 3.0, has full policy and distribution services support on Linux - you can distribute and install RPMs, for instance. Read the latest docs - Novell posts them for download at http://www.novell.com/documentation/lg/zfsi/index. html.
The supported platforms are Solaris 8 and Linux kernel 2.4.x (tested on RedHat 7.1/7.2, but others should work).
Policy and Distribution services provides: (from the docs
* Control the versions of software installed on servers throughout the network
* Define and enforce a standard configuration on any given set of servers
* Control the behavior of servers in given situations, such as downing a server, backing up volumes, managing thresholds exceeded, and so on
It is still true, as far as I can see, that the Zen for Servers Management & Monitoring services, along with Inventory & Remote Control, do not extend natively to the Solaris or Linux platforms. Maybe there will be full support in the next version. In the meanwhile, SNMP management should still be available from a ZfS management console, and Remote Control can be handled through Telnet/SSH, VNC, etc.
Utilities like Snapshot exist for Linux in many forms already - think Tripwire & its relatives.
>cimetmc said:
>Actually, I read this as client software development being allowed using this documentation. What is not allowed is using to documentation to write some kind of gateway that would allow multiple users to connect to the server over a single connection, thus bypassing the server licensing, plus the implementation of an NCP server.
Yes, that is the strict interpretation... but remember, lawyers interpret licenses, not people. The license does permit client development given the above two restrictions - but those are enough to (IMO, IANAL, etc) prohibit this documentation's use to create GPL'd software.
I just checked, and 1) ncpfs IS GPL'd, and 2) the author does not seem to have used Novell's documentation in the development of ncpfs. Why? Because ncpfs will permit you to mount a Netware volume at an arbitrary Linux mount point, and permit any Linux user to use files on that volume. This explicitly violates the NCP Documentation license at 2a.
And this is what I had in mind when I suggested that Novell would be better off making client documentation freely available - but as I said in my last message, the fact that ncpfs exists, is GPL'd, and contains IP support satisfies my needs. But this was only possible through the use of third party documentation (including some of Caldera's work), reverse engineering, and (in the USA) the expiration of the RSA patents...
As for the relevance of this all to this story, ncpfs can't be used on older Mac's, although it could conceivably be ported to OSX. Hence the importance of Prosoft finally updating their client to support modern (IP-only) Netware servers. The rub of course is that the new client is OSX only, so older Macs are stuck with IPX (old Prosoft client), Appletalk (NW4Mac on NW4 or Prosoft NLMs on NW5), or NFAP on NW5.1 or NW6.
I actually did know about the NCP documentation available through Novell's Developer Net - it's not what I originally had in mind though. Yes, it does document each NCP call - but (IMO) it hardly gives enough information to be used to generate a new client. Perhaps I'm just not enough of a developer to appreciate what's in the document.
The information is also provided under a restrictive license agreement that could inhibit its use for creating 3rd party Netware clients:
I can see where they are coming from... and given that ncpfs does now have the necessary IP support, and Novell has even gone so far as to donate some time from one of their engineers to improving Ethereal's NCP decoder, I don't really have any objections.
This is true, if you use the Native File Access Pack, is included free with NW6. However, as I noted in a previous message, the NFAP is an additional protocol layer, similar in function to Samba. It re-exports native Netware volumes over alternate protocols - CIFS (Windows), NFS (*ix), and AFP (Mac) - all over IP.
The biggest difference for me is security & passwords, but then I'm a directory services geek. NFAP authentication by design uses a separate password hash than NCP authentication. A native NCP client uses RSA-licenses public/private key encryption to protect passwords - CIFS, AFP, and NFS do not. Therefore NFAP is designed to have a separate password for these protocols to protect the native password. The NFAP password is usually still protected by some kind of hash algorithm, but this is not as secure as the NCP methods.
But one of Novell's latest mantras is anywhere anytime access to your data, so they include NFAP as a least-common-denominator.
The news is that this is (reportedly) a native NCP client. LDAP/NIS/AD are all directory services - NCP is a file access protocol. Totally different animals.
This client is intended to permit a Mac user to map directly to a Netware volume without the old Netware (or Prosoft) for MAC NLMs, and without the new Native File Access pack NLMs - both of which, in different ways, forced the Netware server to look like a Mac server. A native NCP client goes the other way - it permits the Mac to use the Netware resources natively.
The advantage to the native Mac client is one less layer of indirection when accessing Netware-served files. The benefits should include improved security (relative to the Nw4Mac/NFAP methods), theoretically improved performance, better support for features such as clustering, etc.
In my opinion, Novell would be better off releasing sufficient information about NCP for third parties to create their own clients if they do not intend to write their own. I'm still waiting for the Linux equivalent to this client to appear, for instance. (as far as I can tell, ncpfs only supports IPX not native IP)
My god, I was going to start with a pitch for a non-GPL solution (I'll end with it instead) ... but did you not follow your own link? There are THREE IPX tunnel packages on that page, not one. Sure, the other two are not much more recent, but the situation is hardly as dire as you make out.
LSM links:
ipxtunnel by Andreas Godzina, from May 2000 (free for non-commercial purposes)
ipxtund by Hinrich Eilts, from August 1998 (GPL) - the one you referenced
& ipxbridge by Kir Kostuchenko, from January 2000 (GPL)
And, to be sure, any IPX-compatible VPN will also solve your problem, permitting IPX traffic to traverse an IP-only link.
But if it were me, I'd go to the source. If you are using IPX, you are most likely using Novell's Netware. Any recent version (5.x, 6.0) will support IPX tunneling using CMD (Compatibility-mode) drivers. This solution has the advantage of being commercially supported (an important consideration for an ISP), relatively easy to configure, and, if you are running the appropriate version of Netware already, won't cost you anything additional.
Out of curiosity, what is the application? Doom? Not many applications (aside from old IPX-only Netware clients and compatibles such as ncpfs) require IPX exclusively.
FreeLinux said:
...
>You don't say what the manual ways are. I suspect that you are doing it with the Dell keyboard utility that Dell places on the desktop. This utility is more than likely making a registry change or has an ini file where it keeps the settings. You need to find out which and locate the change.
>Once you have located the change it is a simple matter to push it out to the other machines. First, there are management applications that you should look at. With 4000 machines to manage you should definitely be running a management application. Microsoft sells SMS which is somewhere between OK and weak. Novell sells ZenWorks for Desktops(yes it runs on NT/2000 too), which is outstanding for this kind of thing. Both of these products will allow you to easily scan the system to find the changes that the Dell utility is making. Both management systems will allow you to image these changes and then automatically push them out to the clients.
...
and then kenp2002 said:
> Correct on al counts but distribution is no problem I have access to Tivoli for managment. But I was seeking help on how to remap the sleep key (or a good mailing list) as I could not get it to work through the registry or most keyboard tools. I wasn't looking for how to distribute it. I should have made it clearer. You hve plenty of good ideas. Also these machines are Kisok machines, no workstation apps at all, just in house stuff.
(both below 2 so I'm quoting to make them seen)
I'll repeat FreeLinux's comment - do you have a manual way to remap it? I have personal experience with Novell's ZENWorks - it includes a utility called SnapShot that can, as FreeLinux said, find the changes made by another app quite easily. You can view the changes thus discovered and push them out through the management tool of your choice. I would hope that Tivoli has a tool like SnapShot. If it doesn't, then how are you packaging apps for distribution?
And again as FreeLinux said - ZENWorks will run just fine on NT/2K without any Netware in sight. The latest version (4, now in beta) will even run without Client32.
I almost hate to bite on such an obvious troll... but I'd hate to be running anything BUT Netware on anything larger than an 30-pc network. Netware does a fine job of running enterprise-class file and print services. NDS/eDirectory is still THE choice for enterprise directory services, plus it can be hosted off of NT/2K/Linux/Solaris in addition to its native Netware.
I see the point of PHP on Netware as just another option - you can already run Apache & Tomcat on Netware, they are even running the new management pieces of Netware 6. You also already have Perl and Java... and with the licensing model of Netware 6 (user-based, not server- or connection- based as in the past) you can run as many servers as you need. Not really a huge consideration if you have the skills to run Linux, but much cheaper than purchasing 2K or XP + CALs just to run a simple website.
I don't see why you are mentioning BorderManager & port forwarding, though. Yes, perhaps a rabid Novell advocate would refuse to run anything else for the firewall (I am a strong believer in best-of-breed - NT/2K etc do have their place in application hosting) - but why would you need to 'forward port 80' for your linux+apache+php? Unless you think a site can have only one hostname or some such nonsense. I'd use iChain over BorderManager, anyways. I see BorderManager as more of an outbound (forward prox) solution, whereas iChain is targeted more at inbound traffic (reverse proxy).
Their latest products are rather neat - we're just scratching the surface here. If you haven't taken a look *recently*, you really have no idea.
Questions on the topic of employer paid training have been asked before: quite a few times.
Some of the details covered in the previous discussions apply here in spades due to the amount and duration in question: The reimbursement MUST be only required in cases of voluntary separation, and MUST be pro-rated down over time (i.e. quit after 1 year and owe 2/3, after 2 years and owe 1/3).
They really want to give you $50K? Does that INCLUDE the cost of paying your salary while you are in class? Otherwise I can't see what they expect you to take... even if a class costs $5K/week, is your employer really going to give you 10 weeks of training? Or is the amount a 3-year total, or intended for grad school, or...?
In short, this sounds like a GREAT opportunity, but what will be expected of you as a result? What are the company-wide changes that make you question staying on? Is your employer specifying the classes? Be careful with this... and most especially be very careful with the conditions requiring reimbursement. You'd really hate to be stuck paying the company back a huge chunk of cash if they did a RIF, or re-assigned you as a janitor to force you to quit, etc.
VNC absolutely DOES provide this. You just have to set up multiple VNC sessions, one for each user. They each attach to their own instance of VNC, and each have their own desktop. IIRC this is fairly well documented, including ways for this to happen semi-automatically from inetd.
Wait, let me spend 5 seconds on Google... Ah yes, there's the disconnect. VNC on *Windows* is not multi-user. And as the source question clearly refers to thin-clients replacing an environment that is currently exclusively Windows, the criticism of VNC is valid. I do have to wonder just what it would take to add this capability to the Windows VNC... Terminal Server proves that the capabilities are there.
The bigger question for me is, can the existing Windows desktop environment be replaced with something that CAN run on VNC? Too bad Corel appears to be killing Word Perfect Office for Linux. I offer as proof, the total non-existence of WordPerfect Office 2002 for Linux, although they appear only too happy to still sell you training on the old Linux versions.
I am neither expert enough at Kerberos nor Samba to know if the above-referenced web page (Here in case you missed it) is truly sufficient for interoperability, but it sure looks like it.
And the critical language is at the bottom:
and
Translation: You can use this spec in your products. It's not covered by any of our current or pending patents, and even if it is, you can still use it royalty-free.
Other related specs are not rendered licensed or royalty-free, so they MAY have kept a loophole - but this looks sincere so far.
Amazing news, really.
I think Novell's eDirectory is a possible solution. You can run eDirectory on NetWare® 5.x or above, Windows 2000, Windows NT, Solaris, Linux, or Tru64. There are other Novell products (NDS-AS, DirXML, Zen for Desktops, Novell Account Management, SecureLogin) that extend eDirectory's reach even further.
There is a PAM module available for Linux that lets you log in using NDS (eDirectory) credentials. Other *nix clients should be handled the same. For an NT client you would either need to use Zen for Desktop's Dynamic Local User or you would need to use Novell Account Management. Account Management on NT will redirect the domain into NDS. On 2000, it will synchronize with Active Directory.
The other products I mentioned can take you in other directions. DirXML is a meta-directory synchronization tool. Available conduits include Active Directory, Exchange, LDAP, GroupWise, Lotus Notes, NT Domain, JDBC, Peoplesoft, SAP HR, and Delimited Text.
NDS Authentication Services (NDS-AS) extends NDS (eDirectory) authentication redirection to other platforms, including AIX, FreeBSD, HP-UX, Linux, OS/390, Solaris, and Windows. Note that some of NDS-AS duplicates functionality found in eDirectory or Account Management.
SecureLogin is a single sign-on technology, which may be another way to solve your problem.
To give you a bottom line answer, even if you want to ignore alternate solutions and go with a straight LDAP directory, use eDirectory. It doesn't matter which platform you run it from, Novell has demonstrated billion-user trees on several host OSes.
I'll start with the obvious - did you search Google or Freshmeat for Time Reporting solutions?
You don't say how many users you are supporting, but if it's less than ten I have an answer for you. Journyx has a timesheet program that is free for less than ten users. It is commercial software that runs on Windows NT, Windows 2000, AIX, Solaris, Linux and FreeBSD. Annual maintenance (giving you priority tech support)runs $435, within your limit. Pricing beyond 10 users is above your price limit, starting at $1375 for the next 10 users.
They also offer a hosted version of their app, with the following pricing: a minimum purchase bundle of 25 users, a monthly cost of $7 per user, and an initial setup fee of the higher of $250 or $10 per user. I can't tell from your problem description if this will fit your needs or not, as, for example, if you had 25 users this would have an inital cost of $250 and then an ongoing monthly expense of $175, costing $2350 for the first year. There are also online partners running 5- or 10-user hosted sites free, if you have this few users and don't want to run the application in-house.
This is a web-based solution - users would log in to the web page and clock in or out themselves. Reporting capabilities are built-in. The fact that the app is web-based permits you to secure the host and fulfills your requirement that time reporting be secured from end-user tampering.
Bull. Utter crap. There is ABSOLUTELY NO reason that you would be forced to restore your NDS within three calendar days or rebuild your tree. Where did you get your information? The only three day limit I know of is a recommendation that if a server was going to be offline for more than this time, it might be better to remove it from the tree. This does keep NDS updating cleanly, as a partition can't advance its timestamps to the current time until the changes have been seen by all replicas.
:) Follow the TIDs and you will be fine.
That said, of course you should have had offsite replicas of each partition. With offsite replicas (or at least replicas on servers that didn't get destroyed) you can remove the crashed servers, still have access to your NDS resources (IDs, passwords, etc), and then re-install the crashed servers to the tree later.
But with or without offsite replicas - three days makes no sense. If the whole tree is involved in the disaster (all servers containing replicas of the tree are gone), it doesn't matter how long it takes you to begin NDS recovery. If the whole tree is not involved, but ALL replicas of a partition are, you may have isses with external references and subordinate reference partitions until you've completed recovery - but nothing that would require 'rebuilding your tree'. If all replicas are not gone, you do NOT have a problem, just a challenge
Netware crashed server recovery has been interesting over the years. Netware 5.x & NDS8 removed the old DSMaint NLM that could preserve server references, so until the recent release of the XBROWSE program, the only clean way to quickly recover from a crashed server while preserving server references was to hang on to an old NW4x box to run the DSMaint process.
Recovering NDS from real disasters can be... challenging. If you don't know what you are doing, you *can* really mess things up. Be careful and you'll be fine.
Did you actually read the description of what he's going to be running? iFolder... that means Netware 6. This is not 5.0, or (god forbid!) 4.0 - this is a new OS, fully multiprocessor aware, running Apache & Tomcat!
I have Netware boxes (NW5.1 with support packs) in production, with thousands of active users, that regularly achieve uptimes measured in months. My lab tests to date predict even better results for NW6. We typically are only forced to bounce servers for three reasons: power outages, support packs, or faulty apps (server-side virus scanners & backup programs are big culprits here).
"His name.."'s comments do not match my experience at all. Netware is admittedly vulnerable to poorly-written NLMs, due to Ring 0 access, but that's how they get such great raw speed out of the OS. And you can EASILY develop server apps to run in Protected memory spaces nowadays. I believe that Apache and Tomcat are even configured to run in Protected memory spaces by default on NW6.
Please stop spreading FUD about Netware - Novell's marketing department trips up enough as it is. And I did not miss your comment that you developed for Netware - NLMs, I presume? Yes, Netware will easily let you shoot your own foot off, along with the feet of everyone else running on the same box - but so will Windows etc.
I can't speak to *BSD, having never used it in production.