Not quite. How many blacks own football teams? How many blacks own teams in other major sports? How many blacks are there in the upper management of any of the major music production companies?
Clearly minorities play a large part as athletes and musicians, and they are paid well, but they are not the people getting the larger paychecks. Because minorities in those industries are primarily the products of those industries (the athlete, the artist) and very visible, it is easy to state that racism doesn't occur. But that is not the case if you look a little deeper.
I think y'all and the posters who've replied to your post are missing the point. Not only couldn't our NT staff keep the system stable (I was not a member of the NT staff for this project), but Microsoft consulting and several MS Exchange Engineers who were loaned to us because of our ELU could not keep the system stable.
For the record, all Exchange servers referenced were dedicated machines. Every piece of our Microsoft environment was scrutinized by not only our staff, but Microsoft's. There were no hardware errors, no driver errors, no configuration errors. Systems were installed, reinstalled, data moved from machine to machine, and the things still didn't have the stability that our users demand.
If those working on the systems were incompetent, then Microsoft itself could not provide competent professionals. I doubt it.
I am not saying that Exchange is crap for all environments. Exchange is a fine workgroup mailer. What it is not is a good enterprise solution for the University environment.
Me, I work at a non-profit organization as a senior software engineer (University in the Big 10). It doesn't really work that way.
It's a myth that you can throw two (or three or four) inexperienced programmers at a problem and expect them to build a good, supportable solution. What the inexperienced programmers need is an experienced programmer to help them to develop good practices so that they can grow.
That being said, it is worth it to hire someone with experience and patience. Letting younger programmers work in an environment where they are helped to become good programmers through things like peer review of code generally pays off. You'll lose most to higher wages, but some do stick around because they like college towns and get to take classes in whatever interests them.
The deal is paying for an experienced programmer is seed money to get those sorts of benifits. Without someone with experience, you'll end up with something that MIGHT work, and is completely unsupportable once the original coder leaves. In my experience with having had to clean up those sorts of situations, it's not worth it. You've spent the money, and you still don't have a good system.
This sort of discussion went down at the University I work at a couple of years ago. That time period is now called by everyone (even the upper level of University management) the Email Wars.
For nearly two solid years, there was a large push by some in upper management to migrate our entire user base (some 80K students, faculty, and staff) to Exchange, regardless of the number of technical staff and managers informing said upper management of the large downsides, not the least of which forcing a client (MS 9X/NT) platform on the faculty.
That being said, we settled down to have a modest Exchange environment with about 5000 users across two campuses, and about 80000 users across two campuses using the freely available and open-source Cyrus IMAP server from CMU.
In the past year, there have been more serious security incidents involving executable content with the Exchange servers, forcing the University to purchase a Sybari license to prevent being overrun with virii. The Sybari stuff is not inexpensive.
My current position with the University is as a senior software/systems engineer. For the most part, I design mail systems. In my professional opinion, unless the features that Exchange gives you (basically calendaring and integration with MSOffice -- everything else, including folder sharing and collaberation are available in more secure products) are worth the amount of time and money that will need to be spent to secure the environment, it would be a bad idea for folks to migrate from an IMAP environment to Exchange.
Exchange in all our tests proved to be less scalable than a UNIX based IMAP solution. More people are required to support fewer users on Exchange. On top of that, individual servers crash often enough that it is not really an event when it happens. Admittedly, an individual Exchange server crashing only affects a couple thousand individual mailboxes, but they crash enough that spreading out load in necessary to maintain the illusion of continuous service. This is not a knock against the people running th Exchange servers. The Exchange admins I work with are bright, talented people. The server software crashes all on their own. Microsoft's own consulting people have not found a flaw in the Exchange system design here. The software just crashes often.
That is the security and performance part of my analysis. Beyond that, Exchange generally does not like working with the outside world. Mail routing can be an issue unless you have a very simple network design. Features in Exchange can be fairly confusing to even experienced users. My personal favorite in that vein forwarding. If a user wants to forward their mail another system (say a personal workstation) Exchange will munge the headers so that the original recipients of the message are not entirely clear. This has led to some embarrassing incidents where people have replied to messages that they thought were to them personally, but were actually to a distribution list. The reply went to the reply-to, which ended up distributing to everyone on the original list.
Even beyond that was the arrogant attitude displayed by Microsoft when bugs were reported. At one point, we discovered a bug that would crash the storage server when accessed via IMAP. Once a check was signed, their interest in working on problems with our existing implementation was gone. I know this should not be unexpected (Reboot, Re-install, Upgrade being the MS Tech Support Mantra), but when Microsoft representatives are in a room with the University officials and actually say words to the effect of, "Who are you to tell us what is wrong with our software", it at least validates the anecdotal opinion of Microsoft.
Much of this may not apply to your situation, but this might. When we did our studies of cost per user of a UNIX based IMAP solution as opposed Exchange, it ended up being an order of magnitude cheaper to use UNIX for the bulk of our email serving.
The Cyrus server from CMU might have the features you are interested in.
In cyrus, there is no requirement for shell account for mailboxes to exist. There is both a POP server and an IMAP server associated with cyrus, but you don't have to run the pieces you don't want. There are patches that allow cyrus to authenticate via LDAP or SQL (a password file and kerberos are supported out of the box).
It scales well. I have it going for 60K users across four machines. The newer versions also have an aggregator that allows you to scale across multiple machines. It interfaces well with both sendmail and qmail (I have not tried postfix yet) and it is pretty easy to manage.
You can check it out at http://asg.web.cmu.edu/cyrus/
The original designers of the net and DNS weren't designing for the world. They were building a network between U.S. educational institutions and the U.S. military network. Since a lot of research for the U.S. military was done by research universities in the U.S., they chose names for the top level domains to simply represent what they were working with. For a good quick history on the net, check _The Cuckoo's Egg_ by Clifford Stoll. It doesn't explicitly deal with the top-level domain structure, but it does show that the original design of the net was not intended to be an international communications net.
It wasn't arrogance or U.S.-centricism. They just didn't think it would end up being a world wide phenomonon. Considering that the original design was more than twenty years ago, I think they can be excused for not seeing the information revolution.
I don't think so. I think this sort of story (as opposed to the "Spigot, Iowa library gets CyberNanny filters!") is important.
What we are seeing is one of the big dangers of monolithic control over access to information. Private companies aren't allowed to own too many traditional media outlets in the same area to prevent those companies from exerting too much influence. I believe the rules were originally put in place to stop media from controlling the outcome of elections by only providing single viewpoint coverage.
With the creation of the AOL/TimeWarner media megacorp, this will continue to be an issue. It's obvious from the article that filtering was done with a political slant. Regardless of government regulation of this sort of this, it will happen again. Systems that can be abused will be abused.
I agree in some regard to your comment Unfortunately, you seem to be taking an all or nothing approach to the difficulties in venturing into an untested area of both ethics and legalities, ie republishing publicly posted materials. Even if an error has been committed, it is clear from Rob's Addendum that he plans to address the issue by allowing people to decide in the future whether or not they can be republished. By claiming that they have slid down the road to hell rather than seeing that they are taking steps to address the issue in an intelligent and fair manner in the future is not giving Rob and crew the respect they deserve. Just because you trip over something once doesn't mean you can't avoid it in the future. As problems go, this one wasn't bad and does a service is warning of future problems that could be much worse.
As far as I know, neither Thawte or Verisign has ever come on site to make sure things are as they should be.
The place I work for has paid thousands of dollars all said to buy certificates, and the most they do is keep signed (paper) documents certifying that we are who we say we are.
The problem with a community based certificate signing service is getting Microsoft and Netscape to recognize certificates signed by such an entity as a default. Anyone with a little know how can already sign certificates themselves -- it's just that no one trusts an unknown signing authority.
If certificates are used mainly for stream encryption of the http stream, then self (or community) signing shouldn't be that big a problem. Just get the browsers to accept them.
But certificates are also used to authenticate that a site is who they say they are, and not a hijacked connection or some site that just say they are IBM. That requires some sort of paperwork and tracking. If we could find a way to get those sorts of resources donated, we'd be in business.
Indiana University runs the cyrus server on an Sun Enterprise 450 with a couple of Sun A1000 disk arrays, and it works beautifully. We get about 1000 concurrent IMAP connections, and the machine is not breathing hard yet. It worked so well, we are buying another server and more A1000 to continue moving the bulk of the campus to it.
The total number of users is about 14000 on the one box. I imagine we can pretty easily hit 20000, and I don't think that 25000 is out of range. The machine and the software is really outperforming our expectations.
We use Exchange for some faculty and staff that require calandering. There was a movement to use Exchange for the entire campus, and the projected plans were to use 50 (!) Exchange servers to deal with the problems of recovering and repairing corrupted databases.
Exchange is full of features that you expect as standard on an internet mailer that just don't quite work. Forwarding is done either with the "Out of Office" assistant which rewrites headers poorly, rendering the To: line of forwarded mail useless for identifiying all the recipients of a message. The same feature is used for vacation mail, and responds to EVERY message regardless of the To: line.
Beyond that, Exchange does not properly masquerade or resolve top level mail domains. It is not a good mail system in an environment where everything down to the client software is not strictly controlled.
There are a multitude of other things that don't work as you want them to. Microsoft is generally not a company that is responsive to requests and needs of consumers. Their reaction tends to be, "You don't know what your needs are" or "You shouldn't do that. That is misusing our software".
Frankly, Exchange did not have the robustness or flexibility of sendmail as an MTA and cyrus as an IMAP/POP3 server. For a small workgroup solution, I seems to work fine. Any larger, and the support issues become a nightmare.
1) You didn't have to be there. You were just helping out. That's cool, and I do it too, but I don't fool myself into thinking that my management expects it of me, or will reward me for doing it.
2) If your management comes down on you for doing work that is outside the terms of your employment, vote with your feet. If you have the skills, there are plenty of chances to have fun at work, make large sums of money and keep your sanity.
Long hellish weeks once in a while are part of what sys admins/analysts/engineers signed up for and why we are paid. But if you are doing this regularly, you are either doing something wrong, or you are expected to do more than you have resources to deal with. If the latter is the case, bug out and go somewhere else.
No one cares how much of a geek badge it is to pull all nighters except other geeks, and they don't control your paycheck.
Slashdot Mirror
Not quite. How many blacks own football teams? How many blacks own teams in other major sports? How many blacks are there in the upper management of any of the major music production companies?
Clearly minorities play a large part as athletes and musicians, and they are paid well, but they are not the people getting the larger paychecks. Because minorities in those industries are primarily the products of those industries (the athlete, the artist) and very visible, it is easy to state that racism doesn't occur. But that is not the case if you look a little deeper.
I think y'all and the posters who've replied to your post are missing the point. Not only couldn't our NT staff keep the system stable (I was not a member of the NT staff for this project), but Microsoft consulting and several MS Exchange Engineers who were loaned to us because of our ELU could not keep the system stable.
For the record, all Exchange servers referenced were dedicated machines. Every piece of our Microsoft environment was scrutinized by not only our staff, but Microsoft's. There were no hardware errors, no driver errors, no configuration errors. Systems were installed, reinstalled, data moved from machine to machine, and the things still didn't have the stability that our users demand.
If those working on the systems were incompetent, then Microsoft itself could not provide competent professionals. I doubt it.
I am not saying that Exchange is crap for all environments. Exchange is a fine workgroup mailer. What it is not is a good enterprise solution for the University environment.
Me, I work at a non-profit organization as a senior software engineer (University in the Big 10). It doesn't really work that way.
It's a myth that you can throw two (or three or four) inexperienced programmers at a problem and expect them to build a good, supportable solution. What the inexperienced programmers need is an experienced programmer to help them to develop good practices so that they can grow.
That being said, it is worth it to hire someone with experience and patience. Letting younger programmers work in an environment where they are helped to become good programmers through things like peer review of code generally pays off. You'll lose most to higher wages, but some do stick around because they like college towns and get to take classes in whatever interests them.
The deal is paying for an experienced programmer is seed money to get those sorts of benifits. Without someone with experience, you'll end up with something that MIGHT work, and is completely unsupportable once the original coder leaves. In my experience with having had to clean up those sorts of situations, it's not worth it. You've spent the money, and you still don't have a good system.
As always YMMV.
This sort of discussion went down at the University I work at a couple of years ago. That time period is now called by everyone (even the upper level of University management) the Email Wars.
For nearly two solid years, there was a large push by some in upper management to migrate our entire user base (some 80K students, faculty, and staff) to Exchange, regardless of the number of technical staff and managers informing said upper management of the large downsides, not the least of which forcing a client (MS 9X/NT) platform on the faculty.
That being said, we settled down to have a modest Exchange environment with about 5000 users across two campuses, and about 80000 users across two campuses using the freely available and open-source Cyrus IMAP server from CMU.
In the past year, there have been more serious security incidents involving executable content with the Exchange servers, forcing the University to purchase a Sybari license to prevent being overrun with virii. The Sybari stuff is not inexpensive.
My current position with the University is as a senior software/systems engineer. For the most part, I design mail systems. In my professional opinion, unless the features that Exchange gives you (basically calendaring and integration with MSOffice -- everything else, including folder sharing and collaberation are available in more secure products) are worth the amount of time and money that will need to be spent to secure the environment, it would be a bad idea for folks to migrate from an IMAP environment to Exchange.
Exchange in all our tests proved to be less scalable than a UNIX based IMAP solution. More people are required to support fewer users on Exchange. On top of that, individual servers crash often enough that it is not really an event when it happens. Admittedly, an individual Exchange server crashing only affects a couple thousand individual mailboxes, but they crash enough that spreading out load in necessary to maintain the illusion of continuous service. This is not a knock against the people running th Exchange servers. The Exchange admins I work with are bright, talented people. The server software crashes all on their own. Microsoft's own consulting people have not found a flaw in the Exchange system design here. The software just crashes often.
That is the security and performance part of my analysis. Beyond that, Exchange generally does not like working with the outside world. Mail routing can be an issue unless you have a very simple network design. Features in Exchange can be fairly confusing to even experienced users. My personal favorite in that vein forwarding. If a user wants to forward their mail another system (say a personal workstation) Exchange will munge the headers so that the original recipients of the message are not entirely clear. This has led to some embarrassing incidents where people have replied to messages that they thought were to them personally, but were actually to a distribution list. The reply went to the reply-to, which ended up distributing to everyone on the original list.
Even beyond that was the arrogant attitude displayed by Microsoft when bugs were reported. At one point, we discovered a bug that would crash the storage server when accessed via IMAP. Once a check was signed, their interest in working on problems with our existing implementation was gone. I know this should not be unexpected (Reboot, Re-install, Upgrade being the MS Tech Support Mantra), but when Microsoft representatives are in a room with the University officials and actually say words to the effect of, "Who are you to tell us what is wrong with our software", it at least validates the anecdotal opinion of Microsoft.
Much of this may not apply to your situation, but this might. When we did our studies of cost per user of a UNIX based IMAP solution as opposed Exchange, it ended up being an order of magnitude cheaper to use UNIX for the bulk of our email serving.
The Cyrus server from CMU might have the features you are interested in.
In cyrus, there is no requirement for shell account for mailboxes to exist. There is both a POP server and an IMAP server associated with cyrus, but you don't have to run the pieces you don't want. There are patches that allow cyrus to authenticate via LDAP or SQL (a password file and kerberos are supported out of the box).
It scales well. I have it going for 60K users across four machines. The newer versions also have an aggregator that allows you to scale across multiple machines. It interfaces well with both sendmail and qmail (I have not tried postfix yet) and it is pretty easy to manage.
You can check it out at http://asg.web.cmu.edu/cyrus/
The answer isn't nearly as ominous or arrogant.
The original designers of the net and DNS weren't designing for the world. They were building a network between U.S. educational institutions and the U.S. military network. Since a lot of research for the U.S. military was done by research universities in the U.S., they chose names for the top level domains to simply represent what they were working with. For a good quick history on the net, check _The Cuckoo's Egg_ by Clifford Stoll. It doesn't explicitly deal with the top-level domain structure, but it does show that the original design of the net was not intended to be an international communications net.
It wasn't arrogance or U.S.-centricism. They just didn't think it would end up being a world wide phenomonon. Considering that the original design was more than twenty years ago, I think they can be excused for not seeing the information revolution.
I don't think so. I think this sort of story (as opposed to the "Spigot, Iowa library gets CyberNanny filters!") is important.
What we are seeing is one of the big dangers of monolithic control over access to information. Private companies aren't allowed to own too many traditional media outlets in the same area to prevent those companies from exerting too much influence. I believe the rules were originally put in place to stop media from controlling the outcome of elections by only providing single viewpoint coverage.
With the creation of the AOL/TimeWarner media megacorp, this will continue to be an issue. It's obvious from the article that filtering was done with a political slant. Regardless of government regulation of this sort of this, it will happen again. Systems that can be abused will be abused.
I agree in some regard to your comment
Unfortunately, you seem to be taking an all or nothing approach to the difficulties in venturing into an untested area of both ethics and legalities, ie republishing publicly posted materials. Even if an error has been committed, it is clear from Rob's Addendum that he plans to address the issue by allowing people to decide in the future whether or not they can be republished.
By claiming that they have slid down the road to hell rather than seeing that they are taking steps to address the issue in an intelligent and fair manner in the future is not giving Rob and crew the respect they deserve.
Just because you trip over something once doesn't mean you can't avoid it in the future. As problems go, this one wasn't bad and does a service is warning of future problems that could be much worse.
The place I work for has paid thousands of dollars all said to buy certificates, and the most they do is keep signed (paper) documents certifying that we are who we say we are.
The problem with a community based certificate signing service is getting Microsoft and Netscape to recognize certificates signed by such an entity as a default. Anyone with a little know how can already sign certificates themselves -- it's just that no one trusts an unknown signing authority.
If certificates are used mainly for stream encryption of the http stream, then self (or community) signing shouldn't be that big a problem. Just get the browsers to accept them.
But certificates are also used to authenticate that a site is who they say they are, and not a hijacked connection or some site that just say they are IBM. That requires some sort of paperwork and tracking. If we could find a way to get those sorts of resources donated, we'd be in business.
Indiana University runs the cyrus server on an Sun Enterprise 450 with a couple of Sun A1000 disk arrays, and it works beautifully. We get about 1000 concurrent IMAP connections, and the machine is not breathing hard yet. It worked so well, we are buying another server and more A1000 to continue moving the bulk of the campus to it.
The total number of users is about 14000 on the one box. I imagine we can pretty easily hit 20000, and I don't think that 25000 is out of range. The machine and the software is really outperforming our expectations.
We use Exchange for some faculty and staff that require calandering. There was a movement to use Exchange for the entire campus, and the projected plans were to use 50 (!) Exchange servers to deal with the problems of recovering and repairing corrupted databases.
Exchange is full of features that you expect as standard on an internet mailer that just don't quite work. Forwarding is done either with the "Out of Office" assistant which rewrites headers poorly, rendering the To: line of forwarded mail useless for identifiying all the recipients of a message. The same feature is used for vacation mail, and responds to EVERY message regardless of the To: line.
Beyond that, Exchange does not properly masquerade or resolve top level mail domains. It is not a good mail system in an environment where everything down to the client software is not strictly controlled.
There are a multitude of other things that don't work as you want them to. Microsoft is generally not a company that is responsive to requests and needs of consumers. Their reaction tends to be, "You don't know what your needs are" or "You shouldn't do that. That is misusing our software".
Frankly, Exchange did not have the robustness or flexibility of sendmail as an MTA and cyrus as an IMAP/POP3 server. For a small workgroup solution, I seems to work fine. Any larger, and the support issues become a nightmare.
1) You didn't have to be there. You were just helping out. That's cool, and I do it too, but I don't fool myself into thinking that my management expects it of me, or will reward me for doing it.
2) If your management comes down on you for doing work that is outside the terms of your employment, vote with your feet. If you have the skills, there are plenty of chances to have fun at work, make large sums of money and keep your sanity.
Long hellish weeks once in a while are part of what sys admins/analysts/engineers signed up for and why we are paid. But if you are doing this regularly, you are either doing something wrong, or you are expected to do more than you have resources to deal with. If the latter is the case, bug out and go somewhere else.
No one cares how much of a geek badge it is to pull all nighters except other geeks, and they don't control your paycheck.