The bulletin MS02-020 was just released about a month ago. Only the admins that place a top priority on patches (such as myself) are safe.
I supported NT server for MS for over a year and can attest to the number of admins out there that rely too heavily on anti-virus software. When nimda spread and took over a buttload of systems, it was for this very reason. The thing spread before it could be researched and DAT files updated.
Here's some solid advice for NT/2000/XP/.NET admins:
Use the hfnetchk tool to monitor all NT based computers on your network for installed patches using the syntax hfnetchk -h host1,hotst2,host3 -v -z -s 1. It will also check for SQL, I.E., and IIS patches. Other products such as Office will have to be checked manually. At least Office has the officeupdate web site for easy installation that the users can do. Block email attachments with extensions that viruses use. Have anti-virus software installed that checks avery 2 or 3 hours for updates. Have a properly configured firewall (Blocks well known attacks) in place that only allows incoming session requests for what services are to be made available to the Internet. Lock down any services that are open to the Internet. Have strong passwords for all admin accounts (At least 10 random characters) and create a new one for each admin account once every few months. Same thing goes for any account that can authenticate in any way from the Internet (8 characters and changing every 6 months or so should be okay). If domain authentication is going to be provided to the Internet for some stupid reason, hack the registry so only NTLM v2 is used. Configure all windows computers to use the Peer-Peer node type 0x2. Use switches instead of hubs to prevent evesdropping and assign MAC addresses to ports for your servers to avoid MAC address spoofing. Most of these things are a one time setup. The ones that require maintenance are worth the trouble.
Dude, it took less time than that. Also, I think it should be a rule that those with the subject offtopic with something slashdot worthy to say should not get modded down.:)
Email is a communications system. Yes, there are company resources involved, but there are also company resources involved in snail mail making the two no different on the topic of resources. Every person he sent the email to was an Intel employee and he had a message to deliver to Intel employees. There was an in-life relationship between him and his ex-coworkers. Maybe he didn't know every employee personally, but they all worked for the same company which was the subject of his message. This is much more personal than SPAM and the two should not be related.
What if he sent a snail mail to each employee at the companies address? They would probably try to trash all his letters, but he probably would have been protected by government laws (Any lawyers out there to confirm this?). Until laws on electronic communication are comfortably in place (in another 50 years), it will be abused by spammers as well as big corporations.
I'm sure you all understand how spammers abuse the system, but let me clarify my opinion on how Intel is attempting to abuse the system in this case. When Intel realized they were powerless to silence an enemy, they tried to attach their qualms to early, irrational laws. These are laws that our not so technical government have derived in our technical youth. In effect, companies such as Intel, Microsoft, MPAA, RIAA, etc. (and spammers) are exploiting a hole in our government. Historically, the judicial system is way too slow because it has to be sure of its decisions.
In the meantime, we need God to take control of The Rock's body so he can visit all these greedy bastards and straighten it all out.:)
The Bill is specific to all software used in the public domain. This means libraries, government offices, etc.
The bills main purpose is to ensure that there's no possibility of data access being dependant on a private 3rd party. The citizens entrust the goverment with their data and the goverment is making sure that they will always be able to provide it free of charge.
To not have the source code makes you 100% dependant on the company that produces it. Lets say terrorists blow up all the MS buildings and MS somehow falls off the face of the earth. 2 days later a security hole is found and a worm compromises every system running Outlook (Not hard to believe). Who will create the patch? What would happen is the US government would do like they did during Melissa and other worms. They pull the plug on internet access and data is no longer available to the people.
The other rebuttals are simply a way of giving MS the finger for trying such lame FUD tactics on a guy that's obviously technically competent and intelligent. I love it.
The seek time on the SCSI drive is going to be quite a bit faster, which probably made a big differencec in this comparison. What controller was the ATA drive on? Was it the only drive on it's channel? Also, how old is the Maxtor? Older 7200 RPM drives run about the same speed as newer 5400 RPM drives. I just want to make sure there weren't any factors involved that would explain the difference.
I wonder how much faster it would be on a ATA stripe set (2x20GB) using a hardware RAID controller. The 2 drives and a 2 channel RAID controller would still be a whole lot cheaper than the SCSI setup.
Not too shabby. We still use tape backup for all important data. The purpose of having a nightly full backup of all the workstations is to minimize the downtime and frustration of re OSing, reinstalling, re customizing, etc. Besides, WinXP allows a full backup to a network share including open files. All built into the OS courtesy of Veritas & MS. I might as well take advantage of every feature since we're paying for them. I estimate 200GB of space will be used for the nightly backups. The remaining space will be used for home directories. Currently, there's a few dozen scattered shares that haven't been locked down. We're a small company and anything terribly private is locked down. Oncee I get everything organized into home directories, I'll install the backup exec remote agent on the server to get them on tape nightly. The tapes go home with one of our programmers in case of fire.
I'll boot up into red hat and see if I have hdparm. If not, I'll download. Either way, I'm curious what my crappy home systems can push.
I'd like to clarify on that question. I meant to say...
Do these controllers give the same effect of bogging down of the CPU like IDE desktops because of I/O? Or are they quite similar in performance to SCSI controllers because of the IDE RAID controller with all the chips on the card?
Just ordered the parts yesterday. It'll be hot swappable (Promise SuperSwap) running NT server with 6 of those 7200 RPM, 120GB special edition caviars (8MB buffer per drive). I'm going to be using a Promise SX6000 (6 channels, one drive per channel) with 128MB memory in a RAID 5 configuration. Sure it slows down to do the parity, but the real bottleneck will be the dual port 10/100 NIC. After overhead, I expect a transfer rate over the wire of roughly 16MB/sec (200Mb - ~72Mb for overhead / 8). It'll be running a Athlon XP 2100+ with 512MB of DDR memory on a Abit KR7A Mobo. All the desktops in the company running WinXP Pro (About 20) will be backing up the entire contents of their drive to it nightly at midnight. I can't wait to run SETI and see if the performance dips when the backups are running. For those curious, case is a Enlight 8950 with 400W PSU, CDROM will connect to the regular IDE1, VGA is ATI AGP XPert 2000 (Inexpensive). I ordered the rackmount kit also.
Grand total was ~$2,800. Ironically, it'll be in the same rackmount as the Compaq ML530 which was purchased before I was hired. Each 36GB drive in that thing cost us $1,200. Times that by 18 or so. You don't even want to know how much they spent on the whole setup with Fibre connection to the server.
I talked to the senior technician at Promise and asked if running the drives in a master/slave configuration on their 2 channel and 4 channel cards would run slower than running one drive per channel when striping. I had always heard that with IDE, only one drive can be accessed at a time. He said that their controllers have a timing for each device so in theory it shouldn't matter, but in tinkering, he noticed a slight improvement when running with one device per channel.
I'd be interested to hear what others have experienceed with IDE RAID controllers versus SCSI RAID contrtollers when it comes down to transfer rate and performance. Do these controllers give the same effect of bogging down of the CPU like IDE desktops because of I/O? Or are they quite similar because of the IDE RAID controller with all the chips on the card?
Very interesting. I did some searching around (Google) in hope of finding an article, but found nothing. Too many hits and I couldn't figure out the magic search term. This does sound like a reasonable situation and I'd be interested in finding out what exact builds it affected and if the "defrag fix MBR" feature was removed in a service pack or something. Thanks for the info.:)
Whoa, you freed up some space, then repartitioned it? Did you edit the LILO configuration to point to the new partition numbers? Did you edit the boot.ini file under windows to make sure it got the updated information as well? Or did you not even get to the point where you could select an OS?
I friggin hate partition magic (I assume that's what you used?).
I've triple booted between NT4, W2K, and Linux as well as dual booting between WinXP and Linux. I've used Lilo and Grub on the MBR as a boot loader and haven't had any issues with defrag. Even if there is an issue, you couldn't blame M$ directly. The defrag utility is made by those $cientologists at Executive Software (Makers of Diskeeper) in the same way that the backup program is made by Veritas. Microsoft pays money to these companies to have a lite version of their product included in the OS.
Before responding to this thread, think about what you're going to say. If you're blowing off steam, don't bother. If you are aware of a particular issue with LILO and a MS product, please fill us in on the details. I'm curious.
I hit some little punk kid the other day. Also, the last time I was at Disneyland, I knocked a shitload of them on their asses.
The March of Dimes is shite. Read about it here
Here's some Examples
Experimenters funded by the March of Dimes have:
sewn shut newborn kittens' eyes, then killed them after they had endured a year of blindness.
put newborn kittens in completely dark chambers, then killed them after three to five months.
removed fetal kittens from the uterus, implanted pumps into their backs to inject a drug that destroys nerves, then re-implanted the fetuses in the uterus. After the kittens were born, they were killed and studied.
implanted electric pumps into the backs of pregnant rats to inject nicotine, even though the dangers of cigarette smoking to human babies is already known.
injected pregnant rats with cocaine, though the dangers of cocaine to human babies is already known.
injected newborn opossums with alcohol, decapitated them an hour to 32 weeks later, then removed and studied the gonads (immature sexual organs), though the dangers of alcohol to human babies is well known.
transplanted organs from pigs to baboons, most of whom died within hours.
transplanted organs from guinea pigs to rats.
Trolling??? As a Mac user, I've always been quite impressed with how few virii there are. I was agreeing with the previous poster that macs rule and relating it to the topic of security. Argh.
That link should list all the security bulletins. If you browse through them and read the descriptions (I do as each one is released), it talks about the exploits patched and gives credit at the bottom to whoever reported the hole. Many of these are IE patches, XML patches, etc. As to Windows Update, I believe the critical updates include bug fixes that are considered high priority, even if they're not security concerns.
You are right in saying that there have been quite a few patches lately. Historically, we've seen waves of them just like this and nothing about this particular wave has indicated a tidal wave of "Trustworthy Computing" and long hours of redirected man hours towards finding holes and patching them. I think at this point, we are in agreement.
Yeah, that way they can emphasize how secure the NEW product is so all the drones go out and buy it. End users never stop to think that they're stuck in an endless money pit of upgrades as MS pulls their shite together.
Macs rule. The average punk virus/worm writer goes after the mainstream users (Windows in the present day). Macs have something like 30 virii to worry about.:)
There have been 13 security hotfixes (Some for multiple exploits) in the last 2 months. There were 7 the prior 2 months. Keep in mind that this is for every Microsoft product. This isn't saying a whole hell of a lot after the public cried for more security.
As to your windows updates, add the OS updates (Non security related patches) and driver updates and I can understand why you would think that they're flooding in.
Look through the last 13 bulletins. Most of the vulnerabilities were reported by an outside company or individual. This means that Microsoft did not find those holes and didn't have to review any code to find them. They did have to fix them, but that's not a big deal. searching for the holes is the most time consuming part of the process when reviewing code. Outside companies and individuals are doing more work than Microsoft when it comes to securing the products.
Who's your daddy?
Slashdot Mirror
The bulletin MS02-020 was just released about a month ago. Only the admins that place a top priority on patches (such as myself) are safe.
I supported NT server for MS for over a year and can attest to the number of admins out there that rely too heavily on anti-virus software. When nimda spread and took over a buttload of systems, it was for this very reason. The thing spread before it could be researched and DAT files updated.
Here's some solid advice for NT/2000/XP/.NET admins:
Use the hfnetchk tool to monitor all NT based computers on your network for installed patches using the syntax hfnetchk -h host1,hotst2,host3 -v -z -s 1. It will also check for SQL, I.E., and IIS patches. Other products such as Office will have to be checked manually. At least Office has the officeupdate web site for easy installation that the users can do. Block email attachments with extensions that viruses use. Have anti-virus software installed that checks avery 2 or 3 hours for updates. Have a properly configured firewall (Blocks well known attacks) in place that only allows incoming session requests for what services are to be made available to the Internet. Lock down any services that are open to the Internet. Have strong passwords for all admin accounts (At least 10 random characters) and create a new one for each admin account once every few months. Same thing goes for any account that can authenticate in any way from the Internet (8 characters and changing every 6 months or so should be okay). If domain authentication is going to be provided to the Internet for some stupid reason, hack the registry so only NTLM v2 is used. Configure all windows computers to use the Peer-Peer node type 0x2. Use switches instead of hubs to prevent evesdropping and assign MAC addresses to ports for your servers to avoid MAC address spoofing. Most of these things are a one time setup. The ones that require maintenance are worth the trouble.
Dude, it took less time than that. Also, I think it should be a rule that those with the subject offtopic with something slashdot worthy to say should not get modded down. :)
Email is a communications system. Yes, there are company resources involved, but there are also company resources involved in snail mail making the two no different on the topic of resources. Every person he sent the email to was an Intel employee and he had a message to deliver to Intel employees. There was an in-life relationship between him and his ex-coworkers. Maybe he didn't know every employee personally, but they all worked for the same company which was the subject of his message. This is much more personal than SPAM and the two should not be related.
What if he sent a snail mail to each employee at the companies address? They would probably try to trash all his letters, but he probably would have been protected by government laws (Any lawyers out there to confirm this?). Until laws on electronic communication are comfortably in place (in another 50 years), it will be abused by spammers as well as big corporations.
I'm sure you all understand how spammers abuse the system, but let me clarify my opinion on how Intel is attempting to abuse the system in this case. When Intel realized they were powerless to silence an enemy, they tried to attach their qualms to early, irrational laws. These are laws that our not so technical government have derived in our technical youth. In effect, companies such as Intel, Microsoft, MPAA, RIAA, etc. (and spammers) are exploiting a hole in our government. Historically, the judicial system is way too slow because it has to be sure of its decisions.
In the meantime, we need God to take control of The Rock's body so he can visit all these greedy bastards and straighten it all out.
The Bill is specific to all software used in the public domain. This means libraries, government offices, etc.
The bills main purpose is to ensure that there's no possibility of data access being dependant on a private 3rd party. The citizens entrust the goverment with their data and the goverment is making sure that they will always be able to provide it free of charge.
To not have the source code makes you 100% dependant on the company that produces it. Lets say terrorists blow up all the MS buildings and MS somehow falls off the face of the earth. 2 days later a security hole is found and a worm compromises every system running Outlook (Not hard to believe). Who will create the patch? What would happen is the US government would do like they did during Melissa and other worms. They pull the plug on internet access and data is no longer available to the people.
The other rebuttals are simply a way of giving MS the finger for trying such lame FUD tactics on a guy that's obviously technically competent and intelligent. I love it.
If you use a IDE controller with a I2O processor, this issue is eliminated. Most modern IDE RAID controllers have this feature.
The seek time on the SCSI drive is going to be quite a bit faster, which probably made a big differencec in this comparison. What controller was the ATA drive on? Was it the only drive on it's channel? Also, how old is the Maxtor? Older 7200 RPM drives run about the same speed as newer 5400 RPM drives. I just want to make sure there weren't any factors involved that would explain the difference.
I wonder how much faster it would be on a ATA stripe set (2x20GB) using a hardware RAID controller. The 2 drives and a 2 channel RAID controller would still be a whole lot cheaper than the SCSI setup.
See my posting about the 600GB file server. $2,800, RAID 5, 6 drives. Overall, a well designed server for a small to mid sized business.
-Lucas
Not too shabby. We still use tape backup for all important data. The purpose of having a nightly full backup of all the workstations is to minimize the downtime and frustration of re OSing, reinstalling, re customizing, etc. Besides, WinXP allows a full backup to a network share including open files. All built into the OS courtesy of Veritas & MS. I might as well take advantage of every feature since we're paying for them. I estimate 200GB of space will be used for the nightly backups. The remaining space will be used for home directories. Currently, there's a few dozen scattered shares that haven't been locked down. We're a small company and anything terribly private is locked down. Oncee I get everything organized into home directories, I'll install the backup exec remote agent on the server to get them on tape nightly. The tapes go home with one of our programmers in case of fire.
I'll boot up into red hat and see if I have hdparm. If not, I'll download. Either way, I'm curious what my crappy home systems can push.
Remove the space from 2002 on the URL
I'd like to clarify on that question. I meant to say...
Do these controllers give the same effect of bogging down of the CPU like IDE desktops because of I/O? Or are they quite similar in performance to SCSI controllers because of the IDE RAID controller with all the chips on the card?
Just ordered the parts yesterday. It'll be hot swappable (Promise SuperSwap) running NT server with 6 of those 7200 RPM, 120GB special edition caviars (8MB buffer per drive). I'm going to be using a Promise SX6000 (6 channels, one drive per channel) with 128MB memory in a RAID 5 configuration. Sure it slows down to do the parity, but the real bottleneck will be the dual port 10/100 NIC. After overhead, I expect a transfer rate over the wire of roughly 16MB/sec (200Mb - ~72Mb for overhead / 8). It'll be running a Athlon XP 2100+ with 512MB of DDR memory on a Abit KR7A Mobo. All the desktops in the company running WinXP Pro (About 20) will be backing up the entire contents of their drive to it nightly at midnight. I can't wait to run SETI and see if the performance dips when the backups are running. For those curious, case is a Enlight 8950 with 400W PSU, CDROM will connect to the regular IDE1, VGA is ATI AGP XPert 2000 (Inexpensive). I ordered the rackmount kit also.
Grand total was ~$2,800. Ironically, it'll be in the same rackmount as the Compaq ML530 which was purchased before I was hired. Each 36GB drive in that thing cost us $1,200. Times that by 18 or so. You don't even want to know how much they spent on the whole setup with Fibre connection to the server.
I talked to the senior technician at Promise and asked if running the drives in a master/slave configuration on their 2 channel and 4 channel cards would run slower than running one drive per channel when striping. I had always heard that with IDE, only one drive can be accessed at a time. He said that their controllers have a timing for each device so in theory it shouldn't matter, but in tinkering, he noticed a slight improvement when running with one device per channel.
I'd be interested to hear what others have experienceed with IDE RAID controllers versus SCSI RAID contrtollers when it comes down to transfer rate and performance. Do these controllers give the same effect of bogging down of the CPU like IDE desktops because of I/O? Or are they quite similar because of the IDE RAID controller with all the chips on the card?
Very interesting. I did some searching around (Google) in hope of finding an article, but found nothing. Too many hits and I couldn't figure out the magic search term. This does sound like a reasonable situation and I'd be interested in finding out what exact builds it affected and if the "defrag fix MBR" feature was removed in a service pack or something. Thanks for the info. :)
I friggin hate partition magic (I assume that's what you used?).
Too funny
Actually, I provided NT Server support for M$ which is what makes me a bit of an expert (Who's your daddy!?!).
Personally, I despise 9x and ME because of how poorly written and unstable they are.
This confirms the hidden meaning in my message. A boot virus is independant of the OS, so it shouldn't be used to indicate the quality of an OS. :)
I've triple booted between NT4, W2K, and Linux as well as dual booting between WinXP and Linux. I've used Lilo and Grub on the MBR as a boot loader and haven't had any issues with defrag. Even if there is an issue, you couldn't blame M$ directly. The defrag utility is made by those $cientologists at Executive Software (Makers of Diskeeper) in the same way that the backup program is made by Veritas. Microsoft pays money to these companies to have a lite version of their product included in the OS.
Before responding to this thread, think about what you're going to say. If you're blowing off steam, don't bother. If you are aware of a particular issue with LILO and a MS product, please fill us in on the details. I'm curious.
Strange, NT doesn't run on DOS. What imaginary version of NT are you running that can be brought down by a DOS boot virus?
Please go back to school and study English.
I hit some little punk kid the other day. Also, the last time I was at Disneyland, I knocked a shitload of them on their asses. The March of Dimes is shite. Read about it here Here's some Examples Experimenters funded by the March of Dimes have:
sewn shut newborn kittens' eyes, then killed them after they had endured a year of blindness.
put newborn kittens in completely dark chambers, then killed them after three to five months.
removed fetal kittens from the uterus, implanted pumps into their backs to inject a drug that destroys nerves, then re-implanted the fetuses in the uterus. After the kittens were born, they were killed and studied.
implanted electric pumps into the backs of pregnant rats to inject nicotine, even though the dangers of cigarette smoking to human babies is already known.
injected pregnant rats with cocaine, though the dangers of cocaine to human babies is already known.
injected newborn opossums with alcohol, decapitated them an hour to 32 weeks later, then removed and studied the gonads (immature sexual organs), though the dangers of alcohol to human babies is well known.
transplanted organs from pigs to baboons, most of whom died within hours.
transplanted organs from guinea pigs to rats.
Trolling??? As a Mac user, I've always been quite impressed with how few virii there are. I was agreeing with the previous poster that macs rule and relating it to the topic of security. Argh.
That link should list all the security bulletins. If you browse through them and read the descriptions (I do as each one is released), it talks about the exploits patched and gives credit at the bottom to whoever reported the hole. Many of these are IE patches, XML patches, etc. As to Windows Update, I believe the critical updates include bug fixes that are considered high priority, even if they're not security concerns.
You are right in saying that there have been quite a few patches lately. Historically, we've seen waves of them just like this and nothing about this particular wave has indicated a tidal wave of "Trustworthy Computing" and long hours of redirected man hours towards finding holes and patching them. I think at this point, we are in agreement.
Yeah, that way they can emphasize how secure the NEW product is so all the drones go out and buy it. End users never stop to think that they're stuck in an endless money pit of upgrades as MS pulls their shite together.
Macs rule. The average punk virus/worm writer goes after the mainstream users (Windows in the present day). Macs have something like 30 virii to worry about. :)
There have been 13 security hotfixes (Some for multiple exploits) in the last 2 months. There were 7 the prior 2 months. Keep in mind that this is for every Microsoft product. This isn't saying a whole hell of a lot after the public cried for more security. As to your windows updates, add the OS updates (Non security related patches) and driver updates and I can understand why you would think that they're flooding in. Look through the last 13 bulletins. Most of the vulnerabilities were reported by an outside company or individual. This means that Microsoft did not find those holes and didn't have to review any code to find them. They did have to fix them, but that's not a big deal. searching for the holes is the most time consuming part of the process when reviewing code. Outside companies and individuals are doing more work than Microsoft when it comes to securing the products. Who's your daddy?