A network computer appears to be nothing more than a glorified X terminal.
Although the technological idea behind this is sound, there is a problem with network bandwidth if the number of users becomes high.
I myself always thought that hard-wired dumb terminals were the best idea. Little maintenance, less power consumption, and no distracting things to play with. I also felt that monochrome screens were easier to read and did not affect the eyes as much. Modern GUI applications cause a tremendous loss of time, and generally produce dreadful output, particularly if the user has too much control over font placing. I also find that having to use a mouse slows the user down quite considerably.
When at home, I do all my web browsing with Lynx - albiet sometimes under X as I can run two large screens simultaneously. I don't need any more. Unfortunatly a lot of web sites require something better.
Graphical prettyness hides content, wastes CPU power and network bandwidth, and attracts people to sites for the wrong reasons.
What I would really like to do is to find a working ASR-33, and wire that up to my Linux box. I did find an old teleprinter at a boot-sale last year, but the only interface was an accoustic coupler.
There was an interesting item on BBC Breakfast News earlier this week on two men (Canadians I believe) who were putting on a concert in London, using nothing more than a host of dot-matrix printers to make the sound.
It sounded appalling - but it could have been worse, they could have used my old Amstrad DMP. This printer lacked a rubber roller, and the paper was pulled across the plastic base, over which the head traversed. It was necessary to leave the room (or the house) when printing anything over a few lines, due to the awful racket.
It appears that this pair are on some sort of world tour. They were to move on to somewhere in the North-East of England, and then into Europe.
It all stems back to RedHat 4.2. One UK magazine had a copy on a cover disk, and I installed it.
They had decided to make the sound drivers in the 2.0.x kernel modular, and had managed to get soundblaster drivers working, but had prevented a number of other drivers from even compiling. My soundcard was one of them. Grrr!!!
I also was shocked that there was no real documentation as to what each package contained, and I ended up installing a lot of junk I was never going to install. This included a lot of utterly useless daemons. Why doesn't the install mechansim tell you what you are installing in some detail.
Did a quick dd if=/dev/zero of=/dev/hdb and went back to Slackware!:-)
When I looked at RedHat 5.1, they hadn't improved the install method, although the sound drivers now worked. The commercial X server with this release didn't work with my card, exhibiting the same screen corruption as the server with a previous release of XFree86 - spooky!
There appears to be a gradual moronization of society.
I've noticed this in the UK over the past few years. Our television is getting dumber, even the BBC are bowing down to the lowest common denominator. Commercial television is just unwatchable, especially channel 5.
The chain stores are also taking over. It is getting more difficult, unless you visit a large city centre, to buy challenging media, whether these are CDs, books or magazines. This was not the case a few years ago. I live in a small market town (although at the moment only at weekends), and most of the town centre shops either belong to one of 5 companies, or are going out of business, driven by pricing. In a few years, only the big companies will remain.
Also, I'm having great difficulty at the moment finding anywhere that sells real beer!
It appears that the large companies are attempting to make everyone the same, with the same tastes, purely to maximise profits.
I've always strived to be different, striving to like what I believe in, and not what some mega-corporation dictates. I do not like things because every-one else does.
I've felt about doing the same here, when (and if) the box does eventually go live. Due to the purpose of this machine, it will probably get attacked pretty damn quickly.
The NT security in this organisation is a joke. One domain for the entire building, and until the obvious password was changed last week, everyone knew it. Now that the password is secure, no-one can get on with their work as a lot of tasks require domain admin privaledges.
I've worked in other simillar organisations before, and never has security been such a mess as this one. And NT is so insecure - anyone with a sniffer (Ethereal!) can grab the SID of the adminstrator, and bombard the account until they crack it.
I just hope that this UNIX based system here is looked after a bit better, but judging by the knowledge of some members of the UNIX support team, this fills me with dread.
This system has nothing to do with me, except that our team is tasked with monitoring it.
Unfortunatly due to a complete lack of knowledge throughout the departments, we still do not know exactly WHAT we have to monitor. For example, all we have been told about the intrusion detector is that it supports SNMP. They expect us to be able to instantaneously alert someone if anything goes wrong.
This job is down south, and I hate it. I'm living in lodgings all week, and desparatly need to get back up north.
Many organisations are very lax on security, mostly due to the fact that management are clueless.
The site I currently contracting for will soon be rolling out an internet based financial system, which is planned to go live next month. (I won't give too many details).
The specifications for both the OS of the web server and the intrusion detection systems have changed this week. The whole system has been badly planned from the outset.
The intrusion detection systems are of the hardware only system - how the hell are they going to keep them up-to-date with the latest attacks?
I hope that they get stung badly when it goes live, and I hope that leads to dimissals of many of the complacent management here.
The applications, development tools and OS divisions of MS have always colluded with each other. Here are two examples I have noticed over the years.
When Word 2.0 shipped, prior to the release of Win 3.1, it shipped with components that used Windows 3.1 technology, such as true-type fonts and OLE. These components only really worked with Windows 3.1.
A few years later, some Microsoft applications and development tools started to use UNC names instead of drive letters for references to files, and would connect to these files using UNC names instead. This meant that some products would not work on networks that were rivals to MS, notably Banyan and Lantastic, as these either did not support UNC naming convention for network drive connections, or supported them in a different way.
I've always thought that Microsoft are a bunch of utterly evil bastards.
Psion have been around for a long time. Orignially they produced 8-bit micro software - most of Sinclair's own software was written by Psion, and it was of the very highest quality. They produced both serious and game software, which was rare at the time. They went on to produce the office suite for the ill-fated QL.
Since then they have been producing handhelds of increasing complexity. The first model looked like a pregnant pocket calculator, with a single line text display and an alphanumeric keypad. It was succesful, and I recall insurance salemen used them for calculating premiums.
Psion (together with ARM) are all that really remains of the British small computer industry, and industry that was at its peak around 16 years ago. Everyone else has either died, been absorbed by a multi-national, or is simply shipping PC clones built from out-sourced components.
The current crop of machines are excellent, and there is a Linux port being worked on. And more importantly, they don't run anything written by Microshaft!
When I get enough money, I will probably buy a Psion. This assumes someone can give me a job where I am used to my full potential.
I had to install some SQL server drivers on one PC, to allow it to act as a Unicenter management console. The NT machine I had never used before, and had no idea what software was installed.
The driver install kept hanging after copying the drivers in place. Eventually after stopping almost every service the install proceded. I eventually discovered that the ODBC subsystem was being updated, yet there was one service that was currently running on the machine that used ODBC.
Once all the software was installed, a CISCO management server on this box was no longer available. Hours of investigation revealed that my updates had allowed another web server process to start (it had previously been disable), and the presence of this server was preventing the CISCO server from running.
The major problem with NT is that it uses an antiquated shared library management system, one that hasn't changed since at least Windows 2.x. Only one library with any given name can be open at any one time, and the library can only be updated if no process has it open, otherwise a reboot is necessary. Executables are treated in exactly the same way. Compare other REAL operating systems, where running libraries and executables can be replaced - the old code is not open to new executable invocations, and is deleted when the last process mapped into it is closed. (Just don't try to update the running C library - big contention problems - this is why LDCONFIG is static)
You definitly must have been using a later edition. The section of the first edition on X configuration was very poor, and related to a release prior to the one on the supplied CD.
I hope the books improved from the first edition - it was crap (see my other post).
I did install a lot from the CD, but at the time my PC was both underesourced, and hampered by poorly supported hardware.
Later I purchased a Walnut Creek CD set, containing Slakware and some source code. It was at this stage I began to learn things, and even got to the stage of upgrading to the 1.3.x kernel series, but only had a 14.4 internet connection via a bizzare plug and play modem, which was a pain to get working. I also got round to getting a new PC, but XFree86 would not support my new card properly, until I downloaded a beta XServer with a time-limit (remember when XFree86 did those?).
Later still I obtained an Infomagic 6CD set, and a couple of RedHats, even buying the commercial release. I upgraded almost everything when something new appeared.
Now I run my own custom setup. Almost everything works, but a few packages fail to compile properly, probably due to my library and compiler versions. I've come a long way - but none of it was gained by reading Linux Unleashed.
Working in a medium sized town in the UK, it was difficult 4 years ago to buy a decent Linux book, and none of the local booksellers sold anything by O'Reilly at the time. My first book was unfortunatly SAMS Linux Unleashed, mainly because it was the only one available at the time, complete with an almost current Slackware CD. I already had a copy of Slakware from a magazine cover disk, and had prior to that downloaded bits of slakware from Compuserve, so I wasn't completly green. I had also supported various SCO systems for a number of years.
That book taught me some things, but most was lacking, innaccurate or simply out of date. Some chapters had obviously been ported from other books, and at least one chapter still had multiple references to AIX. It was difficult to see who this was aimed at - the programming chapters were either very basic, or assumed a lot of prior knowledge, and would have been confusing to a novice.
I have since thrown the book away in disgust, and since have only bought O'Reilly books.
This happened all the time to me in real life, in my Banyan days.
I supported a number of networks for various customers. Most would not bother to apply patches, even when multiple packages were bundled together in one big fix, changing the version number at the same time.
This applied to all forms of patches - security, performance, stability etc.
Change control procedures had a lot to do with this, but the main reason was that sys-admins were lazy. In fact I was often sent out to apply upgrades/patches myself, even though the process was no more than sticking a floppy in a drive and running a single command, and possibly a system restart.
Another issue was that a number of sites feared change, and wanted everything running the same version. This caused numerous problems supporting modern client architectures.
There were even cases of patches not being applied when they were supplied in the box with new installations. There were at least two versions of the OS that customers were supposed to apply a critical patch to, and I saw both versions up and running in the field.
Another problem is that some users insisted on running obsolete versions of the OS, even wanting to run this on new systems. It took a lot of effort to persuade management that there was no active maintenance on the code, and that finding current hardware that the software supported. Once site even fitted ISA SCSI adapters to their PCI systems, instead of installing the latest version which supported the PCI card directly - the performance was dreadful!
I seem simillar things now with other software. Everyone seems to think that as soon as something is running that it is installed correctly. No one bothers with either additional maintenance, or system tuning. (Witness DMA on IDE drives under NT or Win95).
It all springs down to one thing - most enterprise sysadmins (and their management) are lacking in the clue departement.
I am thoroughly cheesed off with the whole industry. I've worked in support/servicing for around 10 years, and never have I had as many problems as now.
I first realised that the industry was in a mess around 5 years ago, and wanted out, but I was still getting paid well, and was reasonably happy.
Since then, things have gone downhill, but the icing on the cake was when I was supporting a Internet product, with a team of around 5 developers. The manager didn't have a clue - constantly changing specs, asking for new features at short intervals, and getting 'programmers' to modify each others code. I say 'programmers', as most of the code was actually Lotus Notes scripts.
The product was appalling. We had serious problems getting working support for all major browsers. Additionally the major customer reported odd bugs with on version of IE3 that we could not replicate.
The management then had some glossy brochures printed, listing features not implemented, or not tested, including non-Windows client support. The programming team had a few days to get the software to match the specs, and it still sucked.
Eventually I got so pissed off that I never showed up after payday. I was happier not working for the next 3 months.
Since then I have gone to support CA Unicenter - CA Unicenter seems to be the biggest heap of junk going, and they have the nerve to charge out on site visits to get it working, mainly due to the lack of accurate, in depth documentation. There is at least one, and sometimes three, CA engineers working on site to get the product working. There are also a number of 3rd party products that are equally as vile.
I felt so bad this morning that I didn't want to power up my PC, purely due to the mess here.
The big problem is that there is nothing else I am experienced in that will pay my mortgage.
Go into a British pub, and you'll find that beer, lager and cider are sold in pint/half pint measures, yet spirits are sold in shots of 25ml. Soft drinks are also sold in measures of ml.
The really odd one is if you buy a shandy (beer and lemonade). I believe this HAS to be sold in a metric measure.
I have read through this in depth, and there a 3 points of failure.
Firstly the CGI perl scripts had difficult to spot exploitable bugs in them, particularly not checking that the file move completed without error. Also the binary files were not thoroughly checked as being valid. Purely a perl programming issue, and only exploitable with the source.
Secondly the CGI directory was writable by the exploited CGI script, allowing scripts to be replaced by any sufficiently small binary. Purely a sysadmin education matter.
Lastly, there was the cron exploit. Having looked at the cron exploit carefully, it uses a buffer overflow to force pre-compiled code to be exploited.
However for any binary code to be executed, the hacker needs to know the precise processor being used, and also assumes that the C-library was standard.
AFAIK a working example the cron exploit has not been published for the Alpha, and our hero here had to use some others work to implement the exploit. Assuming he was able to compile Alpha versions of the binaries he uploaded, he still would have come to a halt when trying find a root exploit.
Therefore if this machine had been an Alpha (or other stable processor), the crack would have not occurred.
The moral - the less common the system, the more secure it becomes.
I have worked in a number of environments that have in place major mechanisms for change control. Sometimes this is made worse by management paranoia, other times ignorance has a role to play.
I have supplied sites in the past with critical OS patches, developed exclusivly for the site in question. Even then it has taken months for the patch to be applied, and NEVER has the patch had any other impact. Pleading with management makes no difference - although occasionally a site will get hit by the ramifications of not installing the patch, and suffer major problems.
Even so every site must set aside time at least once a month (preferably once a week) for unscheduled system maintenance, where the system is not guaranteed to be available. It is remarkable how many site don't, and have insecure/unstable production systems running, waiting to be hacked.
Another issue is that you should never run critical software that is not being maintained or supported by the manufacturer. I had nightmares attempting to persuade one customer that they needed to upgrade their server OS, as their revision was 2 versions out of step, and any critical problems could not be fixed. They only finally got around to upgrading once they realised that their current system would not run on new hardware. At least year 2000 work has caused the removal of a lot of old legacy systems.
How many managers know the true mechanism of replacing a running binary file under a UNIX OS? The binary can be replaced, and yet the exsting process still runs. In the case of cron, applying the RPM will not affect the actual running system in anyway, simply stoping and restarting cron will cause the new binary to be used. The same case with replacing libraries - existing procesess use the old libraries, new processes will use the new one - ldconfig will simply update the symlinks accordingly. The only time a reboot is needed for applying patches is if they affect the kernel or critical daemons (init, update etc).
A site with clued up management will not have such a severe change-control policy. These are very rare indeed.
One of the major problems with NT as an operating is that any type of maintenance to running code requires at least one full system reboot to make it affective, sometimes more than one. Yet the suits prefer it - they like the pretty pictures!
As you can see, I hate suits. Most are only alive because it is illegal to kill them!
Yet another article that gives no real details on the actual problem, and causing panic over what may be a rare problem if it only occurs on 8-way SMP systems, and possibly under NT.
There seem to be a lot of technical articles being published that are written by ingnorant morons, and the number is increasing exponentially.
I get a free UK magazine weekly that is 90% job adverts, with a few pages of other news just to make it interesting. Nearly every major article seems to be written by a muppet with 2 days experience, which makes the articles pointless since the reader base is IT professionals. A recent artivle on anti-virus policy was pretty hilarious, as the author just didn't have a clue.
I've seen a number of other projects (albeit not opensource) that have been re-written in C++. All have been a disaster. The memory footprint is always larger, and the speed of execution is noticably slower. Plus there is the learning curve involved with C++ for the developers involved in the previous project.
One application I had a lot of dealings with was re-written in such a way, and was so buggy that users reverted to the previous version, or went elsewhere. It even caused a number of NT migrations. Unfortunatly the C++ version was the only one that was Year 2000 compatable. I even spoke to the head of support at the UK end of the company - he did not admit there were any problems, probably to save his job. The product sucked more than a VAX (thats the UK vacuum cleaner, not a DEC machine!).
Another thing - have you seen how much memory gcc uses when compiling C++? With the sudden rise in memory prices I may not be able to compile perl6, as I won't be able to afford the extra gigabyte of RAM required!:-)
The problem I have at the moment is that I am employed in Systems Management/Support, and seem to spend half my time dealing with badly written system management tools.
What is so infuriating is most of the things I work with are badly documented, and interdepend on other bits of 3rd party code.
I used to be able to support systems by knowing how they work, and the processes behind them. This is not possible in my current position, yet no-one will offer me anything in another field, due to what they call a lack of experience. Yet my problem solving experience is probably greater then what they'll encounter in 10 lifetimes. (I was turned down for a post with IBM in Leeds last week for this very reason).
Maybe I'll have to get noticed by some other means. I own an obscure sound card with a Midi port that the current device driver fails to control. If I could discover how the Win95 driver works, by reverse engineering, I could discover why the Linux driver is failing. Unfortunatly I only have access to my Linux box for 2 days a week, and spend most of the time catching up with email.
Slashdot Mirror
Hmmm - that crashes IE 5.0 by the way!! (I'm at work at the moment, and I am forced to use it!)
:-)
A new headline - Linux kernel source code crashes Microsoft IE 5.0......
Information is conveyed with words. I have never been impressed by flashy graphics, or any other of the content-free means of tarting up web sites.
This is perhaps why advertising never works with me.
A network computer appears to be nothing more than a glorified X terminal.
Although the technological idea behind this is sound, there is a problem with network bandwidth if the number of users becomes high.
I myself always thought that hard-wired dumb terminals were the best idea. Little maintenance, less power consumption, and no distracting things to play with. I also felt that monochrome screens were easier to read and did not affect the eyes as much. Modern GUI applications cause a tremendous loss of time, and generally produce dreadful output, particularly if the user has too much control over font placing. I also find that having to use a mouse slows the user down quite considerably.
When at home, I do all my web browsing with Lynx - albiet sometimes under X as I can run two large screens simultaneously. I don't need any more. Unfortunatly a lot of web sites require something better.
Graphical prettyness hides content, wastes CPU power and network bandwidth, and attracts people to sites for the wrong reasons.
What I would really like to do is to find a working ASR-33, and wire that up to my Linux box. I did find an old teleprinter at a boot-sale last year, but the only interface was an accoustic coupler.
Oh look, a flock of pigs has just flown by!
There was an interesting item on BBC Breakfast News earlier this week on two men (Canadians I believe) who were putting on a concert in London, using nothing more than a host of dot-matrix printers to make the sound.
It sounded appalling - but it could have been worse, they could have used my old Amstrad DMP. This printer lacked a rubber roller, and the paper was pulled across the plastic base, over which the head traversed. It was necessary to leave the room (or the house) when printing anything over a few lines, due to the awful racket.
It appears that this pair are on some sort of world tour. They were to move on to somewhere in the North-East of England, and then into Europe.
It all stems back to RedHat 4.2. One UK magazine had a copy on a cover disk, and I installed it.
:-)
They had decided to make the sound drivers in the 2.0.x kernel modular, and had managed to get soundblaster drivers working, but had prevented a number of other drivers from even compiling. My soundcard was one of them. Grrr!!!
I also was shocked that there was no real documentation as to what each package contained, and I ended up installing a lot of junk I was never going to install. This included a lot of utterly useless daemons. Why doesn't the install mechansim tell you what you are installing in some detail.
Did a quick dd if=/dev/zero of=/dev/hdb and went back to Slackware!
When I looked at RedHat 5.1, they hadn't improved the install method, although the sound drivers now worked. The commercial X server with this release didn't work with my card, exhibiting the same screen corruption as the server with a previous release of XFree86 - spooky!
There appears to be a gradual moronization of society.
I've noticed this in the UK over the past few years. Our television is getting dumber, even the BBC are bowing down to the lowest common denominator. Commercial television is just unwatchable, especially channel 5.
The chain stores are also taking over. It is getting more difficult, unless you visit a large city centre, to buy challenging media, whether these are CDs, books or magazines. This was not the case a few years ago. I live in a small market town (although at the moment only at weekends), and most of the town centre shops either belong to one of 5 companies, or are going out of business, driven by pricing. In a few years, only the big companies will remain.
Also, I'm having great difficulty at the moment finding anywhere that sells real beer!
It appears that the large companies are attempting to make everyone the same, with the same tastes, purely to maximise profits.
I've always strived to be different, striving to like what I believe in, and not what some mega-corporation dictates. I do not like things because every-one else does.
Whatever happened to the individual?
I've felt about doing the same here, when (and if) the box does eventually go live. Due to the purpose of this machine, it will probably get attacked pretty damn quickly.
The NT security in this organisation is a joke. One domain for the entire building, and until the obvious password was changed last week, everyone knew it. Now that the password is secure, no-one can get on with their work as a lot of tasks require domain admin privaledges.
I've worked in other simillar organisations before, and never has security been such a mess as this one. And NT is so insecure - anyone with a sniffer (Ethereal!) can grab the SID of the adminstrator, and bombard the account until they crack it.
I just hope that this UNIX based system here is looked after a bit better, but judging by the knowledge of some members of the UNIX support team, this fills me with dread.
This system has nothing to do with me, except that our team is tasked with monitoring it.
Unfortunatly due to a complete lack of knowledge throughout the departments, we still do not know exactly WHAT we have to monitor. For example, all we have been told about the intrusion detector is that it supports SNMP. They expect us to be able to instantaneously alert someone if anything goes wrong.
This job is down south, and I hate it. I'm living in lodgings all week, and desparatly need to get back up north.
Many organisations are very lax on security, mostly due to the fact that management are clueless.
The site I currently contracting for will soon be rolling out an internet based financial system, which is planned to go live next month. (I won't give too many details).
The specifications for both the OS of the web server and the intrusion detection systems have changed this week. The whole system has been badly planned from the outset.
The intrusion detection systems are of the hardware only system - how the hell are they going to keep them up-to-date with the latest attacks?
I hope that they get stung badly when it goes live, and I hope that leads to dimissals of many of the complacent management here.
The applications, development tools and OS divisions of MS have always colluded with each other. Here are two examples I have noticed over the years.
When Word 2.0 shipped, prior to the release of Win 3.1, it shipped with components that used Windows 3.1 technology, such as true-type fonts and OLE. These components only really worked with Windows 3.1.
A few years later, some Microsoft applications and development tools started to use UNC names instead of drive letters for references to files, and would connect to these files using UNC names instead. This meant that some products would not work on networks that were rivals to MS, notably Banyan and Lantastic, as these either did not support UNC naming convention for network drive connections, or supported them in a different way.
I've always thought that Microsoft are a bunch of utterly evil bastards.
Psion have been around for a long time. Orignially they produced 8-bit micro software - most of Sinclair's own software was written by Psion, and it was of the very highest quality. They produced both serious and game software, which was rare at the time. They went on to produce the office suite for the ill-fated QL.
Since then they have been producing handhelds of increasing complexity. The first model looked like a pregnant pocket calculator, with a single line text display and an alphanumeric keypad. It was succesful, and I recall insurance salemen used them for calculating premiums.
Psion (together with ARM) are all that really remains of the British small computer industry, and industry that was at its peak around 16 years ago. Everyone else has either died, been absorbed by a multi-national, or is simply shipping PC clones built from out-sourced components.
The current crop of machines are excellent, and there is a Linux port being worked on. And more importantly, they don't run anything written by Microshaft!
When I get enough money, I will probably buy a Psion. This assumes someone can give me a job where I am used to my full potential.
I had a bad experience this week.
I had to install some SQL server drivers on one PC, to allow it to act as a Unicenter management console. The NT machine I had never used before, and had no idea what software was installed.
The driver install kept hanging after copying the drivers in place. Eventually after stopping almost every service the install proceded. I eventually discovered that the ODBC subsystem was being updated, yet there was one service that was currently running on the machine that used ODBC.
Once all the software was installed, a CISCO management server on this box was no longer available. Hours of investigation revealed that my updates had allowed another web server process to start (it had previously been disable), and the presence of this server was preventing the CISCO server from running.
The major problem with NT is that it uses an antiquated shared library management system, one that hasn't changed since at least Windows 2.x. Only one library with any given name can be open at any one time, and the library can only be updated if no process has it open, otherwise a reboot is necessary. Executables are treated in exactly the same way. Compare other REAL operating systems, where running libraries and executables can be replaced - the old code is not open to new executable invocations, and is deleted when the last process mapped into it is closed. (Just don't try to update the running C library - big contention problems - this is why LDCONFIG is static)
You definitly must have been using a later edition. The section of the first edition on X configuration was very poor, and related to a release prior to the one on the supplied CD.
This book must be about 4 years old.
I hope the books improved from the first edition - it was crap (see my other post).
I did install a lot from the CD, but at the time my PC was both underesourced, and hampered by poorly supported hardware.
Later I purchased a Walnut Creek CD set, containing Slakware and some source code. It was at this stage I began to learn things, and even got to the stage of upgrading to the 1.3.x kernel series, but only had a 14.4 internet connection via a bizzare plug and play modem, which was a pain to get working. I also got round to getting a new PC, but XFree86 would not support my new card properly, until I downloaded a beta XServer with a time-limit (remember when XFree86 did those?).
Later still I obtained an Infomagic 6CD set, and a couple of RedHats, even buying the commercial release. I upgraded almost everything when something new appeared.
Now I run my own custom setup. Almost everything works, but a few packages fail to compile properly, probably due to my library and compiler versions. I've come a long way - but none of it was gained by reading Linux Unleashed.
Working in a medium sized town in the UK, it was difficult 4 years ago to buy a decent Linux book, and none of the local booksellers sold anything by O'Reilly at the time. My first book was unfortunatly SAMS Linux Unleashed, mainly because it was the only one available at the time, complete with an almost current Slackware CD. I already had a copy of Slakware from a magazine cover disk, and had prior to that downloaded bits of slakware from Compuserve, so I wasn't completly green. I had also supported various SCO systems for a number of years.
That book taught me some things, but most was lacking, innaccurate or simply out of date. Some chapters had obviously been ported from other books, and at least one chapter still had multiple references to AIX. It was difficult to see who this was aimed at - the programming chapters were either very basic, or assumed a lot of prior knowledge, and would have been confusing to a novice.
I have since thrown the book away in disgust, and since have only bought O'Reilly books.
I saw the official debian package in a local bookshop this weekend - at around 20UKP.
The book looked nice - it had that 'Produced with LaTeX' feel, making it look like a real manual.
I may purchase it this week - Debian seems to be the only distro I can trust, and I lack the diskpace or Bandwidth to download it.
This happened all the time to me in real life, in my Banyan days.
I supported a number of networks for various customers. Most would not bother to apply patches, even when multiple packages were bundled together in one big fix, changing the version number at the same time.
This applied to all forms of patches - security, performance, stability etc.
Change control procedures had a lot to do with this, but the main reason was that sys-admins were lazy. In fact I was often sent out to apply upgrades/patches myself, even though the process was no more than sticking a floppy in a drive and running a single command, and possibly a system restart.
Another issue was that a number of sites feared change, and wanted everything running the same version. This caused numerous problems supporting modern client architectures.
There were even cases of patches not being applied when they were supplied in the box with new installations. There were at least two versions of the OS that customers were supposed to apply a critical patch to, and I saw both versions up and running in the field.
Another problem is that some users insisted on running obsolete versions of the OS, even wanting to run this on new systems. It took a lot of effort to persuade management that there was no active maintenance on the code, and that finding current hardware that the software supported. Once site even fitted ISA SCSI adapters to their PCI systems, instead of installing the latest version which supported the PCI card directly - the performance was dreadful!
I seem simillar things now with other software. Everyone seems to think that as soon as something is running that it is installed correctly. No one bothers with either additional maintenance, or system tuning. (Witness DMA on IDE drives under NT or Win95).
It all springs down to one thing - most enterprise sysadmins (and their management) are lacking in the clue departement.
I am thoroughly cheesed off with the whole industry. I've worked in support/servicing for around 10 years, and never have I had as many problems as now.
I first realised that the industry was in a mess around 5 years ago, and wanted out, but I was still getting paid well, and was reasonably happy.
Since then, things have gone downhill, but the icing on the cake was when I was supporting a Internet product, with a team of around 5 developers. The manager didn't have a clue - constantly changing specs, asking for new features at short intervals, and getting 'programmers' to modify each others code. I say 'programmers', as most of the code was actually Lotus Notes scripts.
The product was appalling. We had serious problems getting working support for all major browsers. Additionally the major customer reported odd bugs with on version of IE3 that we could not replicate.
The management then had some glossy brochures printed, listing features not implemented, or not tested, including non-Windows client support. The programming team had a few days to get the software to match the specs, and it still sucked.
Eventually I got so pissed off that I never showed up after payday. I was happier not working for the next 3 months.
Since then I have gone to support CA Unicenter - CA Unicenter seems to be the biggest heap of junk going, and they have the nerve to charge out on site visits to get it working, mainly due to the lack of accurate, in depth documentation. There is at least one, and sometimes three, CA engineers working on site to get the product working. There are also a number of 3rd party products that are equally as vile.
I felt so bad this morning that I didn't want to power up my PC, purely due to the mess here.
The big problem is that there is nothing else I am experienced in that will pay my mortgage.
Go into a British pub, and you'll find that beer, lager and cider are sold in pint/half pint measures, yet spirits are sold in shots of 25ml. Soft drinks are also sold in measures of ml.
The really odd one is if you buy a shandy (beer and lemonade). I believe this HAS to be sold in a metric measure.
I have read through this in depth, and there a 3 points of failure.
Firstly the CGI perl scripts had difficult to spot exploitable bugs in them, particularly not checking that the file move completed without error. Also the binary files were not thoroughly checked as being valid. Purely a perl programming issue, and only exploitable with the source.
Secondly the CGI directory was writable by the exploited CGI script, allowing scripts to be replaced by any sufficiently small binary. Purely a sysadmin education matter.
Lastly, there was the cron exploit. Having looked at the cron exploit carefully, it uses a buffer overflow to force pre-compiled code to be exploited.
However for any binary code to be executed, the hacker needs to know the precise processor being used, and also assumes that the C-library was standard.
AFAIK a working example the cron exploit has not been published for the Alpha, and our hero here had to use some others work to implement the exploit. Assuming he was able to compile Alpha versions of the binaries he uploaded, he still would have come to a halt when trying find a root exploit.
Therefore if this machine had been an Alpha (or other stable processor), the crack would have not occurred.
The moral - the less common the system, the more secure it becomes.
I have worked in a number of environments that have in place major mechanisms for change control. Sometimes this is made worse by management paranoia, other times ignorance has a role to play.
I have supplied sites in the past with critical OS patches, developed exclusivly for the site in question. Even then it has taken months for the patch to be applied, and NEVER has the patch had any other impact. Pleading with management makes no difference - although occasionally a site will get hit by the ramifications of not installing the patch, and suffer major problems.
Even so every site must set aside time at least once a month (preferably once a week) for unscheduled system maintenance, where the system is not guaranteed to be available. It is remarkable how many site don't, and have insecure/unstable production systems running, waiting to be hacked.
Another issue is that you should never run critical software that is not being maintained or supported by the manufacturer. I had nightmares attempting to persuade one customer that they needed to upgrade their server OS, as their revision was 2 versions out of step, and any critical problems could not be fixed. They only finally got around to upgrading once they realised that their current system would not run on new hardware. At least year 2000 work has caused the removal of a lot of old legacy systems.
How many managers know the true mechanism of replacing a running binary file under a UNIX OS? The binary can be replaced, and yet the exsting process still runs. In the case of cron, applying the RPM will not affect the actual running system in anyway, simply stoping and restarting cron will cause the new binary to be used. The same case with replacing libraries - existing procesess use the old libraries, new processes will use the new one - ldconfig will simply update the symlinks accordingly. The only time a reboot is needed for applying patches is if they affect the kernel or critical daemons (init, update etc).
A site with clued up management will not have such a severe change-control policy. These are very rare indeed.
One of the major problems with NT as an operating is that any type of maintenance to running code requires at least one full system reboot to make it affective, sometimes more than one. Yet the suits prefer it - they like the pretty pictures!
As you can see, I hate suits. Most are only alive because it is illegal to kill them!
Yet another article that gives no real details on the actual problem, and causing panic over what may be a rare problem if it only occurs on 8-way SMP systems, and possibly under NT.
There seem to be a lot of technical articles being published that are written by ingnorant morons, and the number is increasing exponentially.
I get a free UK magazine weekly that is 90% job adverts, with a few pages of other news just to make it interesting. Nearly every major article seems to be written by a muppet with 2 days experience, which makes the articles pointless since the reader base is IT professionals. A recent artivle on anti-virus policy was pretty hilarious, as the author just didn't have a clue.
Facts,facts,facts please!
I've seen a number of other projects (albeit not opensource) that have been re-written in C++. All have been a disaster. The memory footprint is always larger, and the speed of execution is noticably slower. Plus there is the learning curve involved with C++ for the developers involved in the previous project.
:-)
One application I had a lot of dealings with was re-written in such a way, and was so buggy that users reverted to the previous version, or went elsewhere. It even caused a number of NT migrations. Unfortunatly the C++ version was the only one that was Year 2000 compatable. I even spoke to the head of support at the UK end of the company - he did not admit there were any problems, probably to save his job. The product sucked more than a VAX (thats the UK vacuum cleaner, not a DEC machine!).
Another thing - have you seen how much memory gcc uses when compiling C++? With the sudden rise in memory prices I may not be able to compile perl6, as I won't be able to afford the extra gigabyte of RAM required!
Please, please, please don't do it.
The problem I have at the moment is that I am employed in Systems Management/Support, and seem to spend half my time dealing with badly written system management tools.
What is so infuriating is most of the things I work with are badly documented, and interdepend on other bits of 3rd party code.
I used to be able to support systems by knowing how they work, and the processes behind them. This is not possible in my current position, yet no-one will offer me anything in another field, due to what they call a lack of experience. Yet my problem solving experience is probably greater then what they'll encounter in 10 lifetimes. (I was turned down for a post with IBM in Leeds last week for this very reason).
Maybe I'll have to get noticed by some other means. I own an obscure sound card with a Midi port that the current device driver fails to control. If I could discover how the Win95 driver works, by reverse engineering, I could discover why the Linux driver is failing. Unfortunatly I only have access to my Linux box for 2 days a week, and spend most of the time catching up with email.