Then we should go on to do REAL tests that show how Linux smokes NT's butt when you throw in CGI support and a mix of other net services.
CGI's are slower than ASP or ISAPI simply because of the overhead of creating a process rather than just a thread. Apache needs a similar threaded equivalent to ISAPI to really get the speed differential down.
Other net services, such as? On the web servers I've deployed, for security reasons they only do http servicing. You don't even want them to look up DNS - just log the IP address and get out of there.
for those of you claiming that NT doesn't support multiple users, you are wrong. NT has supported (but not supplied) multiple users since the first version of NT in 1993. NT was designed to be a multi-user operating system, it just never got the code to do it until Citrix et al came along. The underlying structure to support multiple desktops existed even in Win NT 3.1, using what are known as "stations".
In NT 4.0, only one station is be visible, WinSta0. This has zero or more desktops associated with it. With WTS and Citrix, the number of stations is allowed to be more than one.
When you log on there are three active desktops on the default station, the winlogin desktop (where you log in and the SAS dialog is presented), the screen saver desktop (even if not configured), the user desktop.
NT doesn't really care where or how the stations are displayed, but NT is optimized for local display (unlike X), and the ICA or RDP shim is nearly all that was necessary to make it truly multi-user.
In W2K Server, the multi-user stuff adds less than two or three megabytes to the base install.
As W2K is current vapourware, other alternatives that exist today are "rconnect.exe" from the resource kit (ie nearly free, just as RH 6.0 is nearly free), which allows you to get a command prompt (equivalent to telnet, except that many programs are GUI) in your security context on a remote machine. There are a lot of remote control products, including VNC, pcAnywhere, Timbuktu, Remotely Possible, NetFinity Manager (comes free with IBM NetFinity servers), etc.
The vast majority of NT 4.0 GUI tools and BackOffice tools can allow you to remotely administrate a box by connecting to remote machines via an RPC connection. So the lack of a direct desktop connection is moot. It's the old single tier vs client/server thing again. In NT 4.0, the only things you need the console for are adjusting disks (WinDisk.exe is not remotable) and adjusting the network (the Control panel is not remotable). In W2K both these "problems" are fixed, with the replacement MMC snapin for WinDisk.exe being remotable and the network stuff is scriptable by WSH and there are command line tools for _everything_. Also W2K Server and above come standard with WTS, so if you have the licenses, you can remotely control W2K from your desktop.
In NT 3.1 - 3.51, the video drivers ran in user space, not ring 0, which is where the kernel ran. Thus for every call to the video subsystem by GDI, there were two ring transitions on the Intel architecture. Realistically, the security concerns about moving the video driver from ring 3 to ring 0 are moot as user processes have less chance of directly talking to the hardware now.
From a stability point of view, you have to worry about vendors rushing out new benchmark video drivers without adequate testing, but if you stick to the NT 4.0 supplied drivers or drivers that you know work fine, then stability from the video subsystem is not an issue.
You need to find out which processes are leaking. You can do this via Perf mon and logging the Memory and process counters to disk. Once done, figure out what processes are in use the most and when they leak doing macro operations, like, it leaks when I create a new document.
After identifying which processes leak, you can generally fix the leak by quitting and restarting the process. I notice that Outlook sometimes creeps up to 11 MB when I've used Word as my e-mail editor. By quitting OL98, winword.exe and OL, RAM usage goes down immensely.
NT, like VMS (but without the easily settable quotas), uses the concept of working sets to control RAM usage. Sometimes your process is leaking like a seive using the page file, but it's not actually paging. Again, quit the app, and you reclaim the space.
Tips for reducing RAM usage: set to manual any services or devices you aren't using. This can save upwards of 8 Mb of RAM. Don't use Active Desktop unless you need it (another 8 MB saved), and don't use Word as your e-mail editor (about 11 MB saved).
no-one seriously suggests that you can run NT for high-volume OLTP
We use SQL 7.0 here for high volume distributed transactions, and we're coming up to the rough edges of the performance envelope now on medium level hardware (IBM NetFinity 5500 PII/400's). The system is coping with high transaction loads now, and will cope with processing more than three million transactions in one single evening soon. Closer to the day, I'll let you all know the URL where you can see the public front end at work.
I seriously suggest that if you don't believe that SQL 7.0 and NT 4.0 can sustain high transaction load, you're wrong, and I have 57 servers that prove you wrong. Individually, these servers are not as high powered as a 14 processor Enterprise 6000 running Oracle, but then again, they're about 1/15th the cost in hardware alone. You pay for what you get.
In the production environment that I manage, I have some NT 4.0 boxes that I have not rebooted since I installed SP4, which means more than three month up time. If I was at work, I'd be able to tell you the exact days. These servers are hammered; in one case I have a bridgehead server which processes at least 100 disk I/O's every second sustained from 7.30 am until after 9 pm every day. It's still going strong after several weeks of continuous service (when it was first let loose on the production network).
As a production environment we also patch our Solaris servers as well. If you have Solaris servers that haven't been rebooted in a year, you have non-y2k compliant servers, and if I were you, I'd fix that. Uptime is meaningless come Jan 1 2000. Get used to it.
Right now I am running a great deal of free software on my computer, and apparently the coders who wrote that software are able to eat.
That really sucks dude. As a person involved in the XFree86 project for some time (look through the code, you'll find me), like most hobbies, it ended up costing me money. I paid for my PC and living expenses through working at a job that really ate into my social life. If I could have made money writing and testing "free" software (certainly to the same level of pay I'm at now), I would still be at it. I still have that "itch", and occasionally I feel the need to scratch. But I can't devote much more than a few hours a week because I have a real job.
I think these sort of licenses will have to come around sooner or later because Red Hat should not be the only entity to make money from my and all the other coders' work. Sure they pay a few people like Alan Cox, David Miller, and my countryman Rasterman (giants all), but realistically all the coders deserve to make money from their efforts.
rant off
As a person who was around when GNUStep wanted the Display Ghostscript stuff written, I can assure you that Ghostscript is a bigger project than you seem to realise. None of us had any chance of making that happen. We needed Aladdin's skills at that time to make it happen. And it was going to cost $$$.
If you're stashing unclassified files on a file server, but do not need to encrypt them, why buy a FIPS level 1 or 2 compliant system?
If you're setting up a print server to print social security checks, I fail to see how FIPS is useful there, especially as none of the known print server protocols (lpd, etc) have in built encryption.
There are so many different, non encrypting services that I can't see the point unless you have a specific requirement to do it. Don't get me wrong, I think that some form of achievable and modern practice security is necessary (coupled with high level crypto), but it's going to be so long before people realise that just because a software package has a FIPS-140.1-Level 1 or 2 sticker that their environment is not necessarily secure. It's not a panacea.
To give an example, you have a Digital 8200 loaded with DU 4.0D and TCB extensions turned on. You have your program written to use 128 bit encryption when it stores data. But you let your users use X-terms and telnet sessions to access the data, which travels in clear text. Few people take the time to learn the proper strategies, and treat security seriously as a wholistic exercise.
There's no point if you have a water tight server if you're clients are telnetting in using PPP over a POTS line to that secure box. You may as well use Windows 95 for the server and saved the money.
Don't get me wrong, I use PGP and ssh, but as a security consultant, I try not to waste my client's money if they're not prepared to spend time securing their entire system.
I would have thought that the FIPS thing would have made a separate story from the entirely different bugnet story.
The fact is that unless you have a specific need for a trusted computer base (TCB) OS, you don't need to comply with the FIPS standard. The vendors who will sell you these emasculated products do so because they will only guarantee them as FIPS compliant on:
a particular hardware combo
only one type of OS install (if you don't need feature X, tough. If you require feature Y, but that's not in the standard install, tough. You add Y by yourself, and it's no longer FIPS compliant).
It's not surprising that NT (or any PC based OS) has failed the initial testing round of this tough standard. But unlike the way it's been mentioned in the original post or the many many replies so far, NT can still be purchased by the US/Can government, just not for FIPS/TCB certified work.
Part of the problem is the US government and the No Such Agency are busy foisting crippled crypto on consumers. Microsoft always target 95% of the market when making new products. They do this to make money. They're not truly interested in directly marketing towards that last 5%, such as supercomputers, TCB, or PGP users. The crippled crypto brought about by the same agencies that require TCB platforms for their work have directly influenced MS in making comprimised choices about CryptoAPI that satisfy their paranoid world view. I'm glad that they've managed to screw themselves in this way.
TCB installations are big dollar items, and good for the ole rod length check (yep, mine's just as big^Wsecure), but the reality is that it will probably make MS less than 1% of their total net revenues for NT Server sales if they make FIPS certification. That is terrible ROI for the shareholders. And expensive every time new hardware is released. I doubt that Digital, Sun or HP make much from their TCB products, but they do target that last 5% of the market.
So, Linux (and all PC based general purpose OS's) will have a tough time being certified without completely specifying the hardware and installation combo. Redhat might be able to make a combo that works and passes on certain specified hardware, but you'd be surprised at the sheer lack of anything usuable left on the installation and the pain of actually using and modifying that setup.
Digital's TCB support, which I looked at implementing, to get shadow password support, made Digital Unix 4.0D so paranoid that it made life very difficult to actually do anything once it was implemented. It made su practically useless (well, okay, so it has some benefits;-) Just remember these things when you say you want Linux certified. You'd have to be certifiably insane to actually use it.
Slashdot Mirror
CGI's are slower than ASP or ISAPI simply because of the overhead of creating a process rather than just a thread. Apache needs a similar threaded equivalent to ISAPI to really get the speed differential down.
Other net services, such as? On the web servers I've deployed, for security reasons they only do http servicing. You don't even want them to look up DNS - just log the IP address and get out of there.
for those of you claiming that NT doesn't support multiple users, you are wrong. NT has supported (but not supplied) multiple users since the first version of NT in 1993. NT was designed to be a multi-user operating system, it just never got the code to do it until Citrix et al came along. The underlying structure to support multiple desktops existed even in Win NT 3.1, using what are known as "stations".
In NT 4.0, only one station is be visible, WinSta0. This has zero or more desktops associated with it. With WTS and Citrix, the number of stations is allowed to be more than one.
When you log on there are three active desktops on the default station, the winlogin desktop (where you log in and the SAS dialog is presented), the screen saver desktop (even if not configured), the user desktop.
NT doesn't really care where or how the stations are displayed, but NT is optimized for local display (unlike X), and the ICA or RDP shim is nearly all that was necessary to make it truly multi-user.
In W2K Server, the multi-user stuff adds less than two or three megabytes to the base install.
As W2K is current vapourware, other alternatives that exist today are "rconnect.exe" from the resource kit (ie nearly free, just as RH 6.0 is nearly free), which allows you to get a command prompt (equivalent to telnet, except that many programs are GUI) in your security context on a remote machine. There are a lot of remote control products, including VNC, pcAnywhere, Timbuktu, Remotely Possible, NetFinity Manager (comes free with IBM NetFinity servers), etc.
The vast majority of NT 4.0 GUI tools and BackOffice tools can allow you to remotely administrate a box by connecting to remote machines via an RPC connection. So the lack of a direct desktop connection is moot. It's the old single tier vs client/server thing again. In NT 4.0, the only things you need the console for are adjusting disks (WinDisk.exe is not remotable) and adjusting the network (the Control panel is not remotable). In W2K both these "problems" are fixed, with the replacement MMC snapin for WinDisk.exe being remotable and the network stuff is scriptable by WSH and there are command line tools for _everything_. Also W2K Server and above come standard with WTS, so if you have the licenses, you can remotely control W2K from your desktop.
In NT 3.1 - 3.51, the video drivers ran in user space, not ring 0, which is where the kernel ran. Thus for every call to the video subsystem by GDI, there were two ring transitions on the Intel architecture. Realistically, the security concerns about moving the video driver from ring 3 to ring 0 are moot as user processes have less chance of directly talking to the hardware now.
From a stability point of view, you have to worry about vendors rushing out new benchmark video drivers without adequate testing, but if you stick to the NT 4.0 supplied drivers or drivers that you know work fine, then stability from the video subsystem is not an issue.
You need to find out which processes are leaking. You can do this via Perf mon and logging the Memory and process counters to disk. Once done, figure out what processes are in use the most and when they leak doing macro operations, like, it leaks when I create a new document.
After identifying which processes leak, you can generally fix the leak by quitting and restarting the process. I notice that Outlook sometimes creeps up to 11 MB when I've used Word as my e-mail editor. By quitting OL98, winword.exe and OL, RAM usage goes down immensely.
NT, like VMS (but without the easily settable quotas), uses the concept of working sets to control RAM usage. Sometimes your process is leaking like a seive using the page file, but it's not actually paging. Again, quit the app, and you reclaim the space.
Tips for reducing RAM usage: set to manual any services or devices you aren't using. This can save upwards of 8 Mb of RAM. Don't use Active Desktop unless you need it (another 8 MB saved), and don't use Word as your e-mail editor (about 11 MB saved).
Good luck
We use SQL 7.0 here for high volume distributed transactions, and we're coming up to the rough edges of the performance envelope now on medium level hardware (IBM NetFinity 5500 PII/400's). The system is coping with high transaction loads now, and will cope with processing more than three million transactions in one single evening soon. Closer to the day, I'll let you all know the URL where you can see the public front end at work.
I seriously suggest that if you don't believe that SQL 7.0 and NT 4.0 can sustain high transaction load, you're wrong, and I have 57 servers that prove you wrong. Individually, these servers are not as high powered as a 14 processor Enterprise 6000 running Oracle, but then again, they're about 1/15th the cost in hardware alone. You pay for what you get.
In the production environment that I manage, I have some NT 4.0 boxes that I have not rebooted since I installed SP4, which means more than three month up time. If I was at work, I'd be able to tell you the exact days. These servers are hammered; in one case I have a bridgehead server which processes at least 100 disk I/O's every second sustained from 7.30 am until after 9 pm every day. It's still going strong after several weeks of continuous service (when it was first let loose on the production network).
As a production environment we also patch our Solaris servers as well. If you have Solaris servers that haven't been rebooted in a year, you have non-y2k compliant servers, and if I were you, I'd fix that. Uptime is meaningless come Jan 1 2000. Get used to it.
That really sucks dude. As a person involved in the XFree86 project for some time (look through the code, you'll find me), like most hobbies, it ended up costing me money. I paid for my PC and living expenses through working at a job that really ate into my social life. If I could have made money writing and testing "free" software (certainly to the same level of pay I'm at now), I would still be at it. I still have that "itch", and occasionally I feel the need to scratch. But I can't devote much more than a few hours a week because I have a real job.
I think these sort of licenses will have to come around sooner or later because Red Hat should not be the only entity to make money from my and all the other coders' work. Sure they pay a few people like Alan Cox, David Miller, and my countryman Rasterman (giants all), but realistically all the coders deserve to make money from their efforts.
rant off
As a person who was around when GNUStep wanted the Display Ghostscript stuff written, I can assure you that Ghostscript is a bigger project than you seem to realise. None of us had any chance of making that happen. We needed Aladdin's skills at that time to make it happen. And it was going to cost $$$.
If you're stashing unclassified files on a file server, but do not need to encrypt them, why buy a FIPS level 1 or 2 compliant system?
If you're setting up a print server to print social security checks, I fail to see how FIPS is useful there, especially as none of the known print server protocols (lpd, etc) have in built encryption.
There are so many different, non encrypting services that I can't see the point unless you have a specific requirement to do it. Don't get me wrong, I think that some form of achievable and modern practice security is necessary (coupled with high level crypto), but it's going to be so long before people realise that just because a software package has a FIPS-140.1-Level 1 or 2 sticker that their environment is not necessarily secure. It's not a panacea.
To give an example, you have a Digital 8200 loaded with DU 4.0D and TCB extensions turned on. You have your program written to use 128 bit encryption when it stores data. But you let your users use X-terms and telnet sessions to access the data, which travels in clear text. Few people take the time to learn the proper strategies, and treat security seriously as a wholistic exercise.
There's no point if you have a water tight server if you're clients are telnetting in using PPP over a POTS line to that secure box. You may as well use Windows 95 for the server and saved the money.
Don't get me wrong, I use PGP and ssh, but as a security consultant, I try not to waste my client's money if they're not prepared to spend time securing their entire system.
I would have thought that the FIPS thing would have made a separate story from the entirely different bugnet story.
The fact is that unless you have a specific need for a trusted computer base (TCB) OS, you don't need to comply with the FIPS standard. The vendors who will sell you these emasculated products do so because they will only guarantee them as FIPS compliant on:
It's not surprising that NT (or any PC based OS) has failed the initial testing round of this tough standard. But unlike the way it's been mentioned in the original post or the many many replies so far, NT can still be purchased by the US/Can government, just not for FIPS/TCB certified work.
Part of the problem is the US government and the No Such Agency are busy foisting crippled crypto on consumers. Microsoft always target 95% of the market when making new products. They do this to make money. They're not truly interested in directly marketing towards that last 5%, such as supercomputers, TCB, or PGP users. The crippled crypto brought about by the same agencies that require TCB platforms for their work have directly influenced MS in making comprimised choices about CryptoAPI that satisfy their paranoid world view. I'm glad that they've managed to screw themselves in this way.
TCB installations are big dollar items, and good for the ole rod length check (yep, mine's just as big^Wsecure), but the reality is that it will probably make MS less than 1% of their total net revenues for NT Server sales if they make FIPS certification. That is terrible ROI for the shareholders. And expensive every time new hardware is released. I doubt that Digital, Sun or HP make much from their TCB products, but they do target that last 5% of the market.
So, Linux (and all PC based general purpose OS's) will have a tough time being certified without completely specifying the hardware and installation combo. Redhat might be able to make a combo that works and passes on certain specified hardware, but you'd be surprised at the sheer lack of anything usuable left on the installation and the pain of actually using and modifying that setup.
Digital's TCB support, which I looked at implementing, to get shadow password support, made Digital Unix 4.0D so paranoid that it made life very difficult to actually do anything once it was implemented. It made su practically useless (well, okay, so it has some benefits ;-) Just remember these things when you say you want Linux certified. You'd have to be certifiably insane to actually use it.