On both Digg and Slashdot feedbacks there is a vehement feedback on this issue. I thought the tongue in cheek attitude of the author was great. I thought his writing was satirical, but all the same it was accurate and not exaggerated. I am a professional sysadmin, and have dealt with both windows and linux desktops and servers on networks for many years. If I were a better writter I think I could have written this article! It was great.
"The days of 'I stay with windows because of outlook+exchange are over'"
I'm a UNIX SysAdmin, I've been using Linux on the Desktop (not exclusively) for many years. None of the solutions you mention works well... Believe me, I have tried them all. They aren't anywhere near as easy to use as a mail/calendar interface as OUTLOOK+Exchange on a native Windows system. Nor are they as good as using Outlook2000 with CodeWeavers CrossOver office on a Linux box.
Maybe you are right about "don't need", but I would say that if you spend a lot of time using Outlook for E-mail, calendar, tasks, forms, and shared-folders, it could very well still be a day of "I stay with windows because of Outlook+Exchange".
Of course I would love to replace Exchange with an open source, open standards server platform that joined SSL enabled SMTP/IMAP/NNTP/LDAP/ACAP with a cross platform client that was fast, stable+robust, easy to use.
Firefox+Thunderbird+Sunbird is getting there! Go MOZILLA.
Sure, they are GREAT! I have used Mandrake and Debian and Gentoo and Fedora and all... I think they are all nice and each has great things about it. I would also *LOVE* to see software vendors that were reasonable about supporting more of these distributions. But in the BUSINESSES I have worked in I am worried about us doing a job and getting done right for our customers. I leave the OS advocacy for my off-job hours.
That being said, I would say that if you are running in an average IS/IT environment (not some special corner case) you would be nuts to use Debian or Gentoo or LFS or Slackware in a business environment. Maybe SUSE would be a good choice? I dunno I haven't that much experience with SUSE other than on the desktop.
I STRONGLY recommend RedHat Enterprise Linux.
I am a Sr. Unix admin for a medium sized company. Have been a Unix admin for about 10 years now. Worked at Sprint/GlobalOne, a failed.com (that grew to ~400 employees before going bust) and now work at a financial transactions processing company. In that time I have usually been managing 100+ servers of Linux, Solaris, HP-UX, AIX, IRIX, SCO, Tandem-UX etc... machines from your average desktop system to 16 processor HP-V class servers... large storage arrays, 24x7 "5-nines" systems etc etc etc.
I strongly recommend RedHat Enterprise Linux. Long lifecycles. Large cadre of 3rd party HW/SW "certified" compatability partners. Great quality of software repository and patch management utilities. Support from all major hardware vendors. More support from 3rd party software vendors than any other Linux vendor.
Don't fret about the scary sticker prices. (they aren't mandatory, and the big numbers are just "list" they get smaller when you start negotiating) And don't listen to the "just wrong" wierdo's who say RedHat isn't a true-blue open-source advocate. They are great open-source citizens, and the prices are only what you want to pay for.
You don't pay RedHat for the privilege of using their RHEL-AS system, you just pay for the service of providing the binaries and for the support that you may get from them via various channels. All of the source RPM's of RHEL are available on RedHat's free/anonymous FTP servers, and there are a few different organizations that compile those up and bundle them into Install CD's.
\The result is systems that are made from identical source code and work *exactly* the same as teh RHEL-AS systems you may have an RHN license for. (RHN stands for RedHat Network which is a software/patch repository and system information database and support database) This means that anything that works on a system with an RHN license that was installed from RedHat distributed binaries will also work on the "whitebox" systems. The DIFFERENCE is that you won't get "official" support from Dell/HP/IBM/Compaq/EMC/NetApp/BEA/NetCool/Veritas etc. etc. etc. unless you have installed the system via the red cd's with the RedHat license.
So, for your devel/test and non-critical IS systems you use whitebox. And for your mission critical 24x7 systems, you buy a cheap RHN license, knowing that you can upgrade the support level later if you need to.
You don't want to put YOUR ass on the line (like the boxes where you are running the Oracle cluster) so go ahead and buy an "official" RHN support contract. Because when you are spending 10's of thousands of dollars on Oracle licenses and Veritas Netback or Legato licenses and Netcool or OpenView probe licenses and Tripwire licenses and RSA SecurID tokens and everything else, plus you are paying thousands of dollars for enterprise quality hardware and storage and networking equipment, what is the big deal about a few hundred dollars a year for the RHN subscription so that "OFFICIAL" "CERTIFIED" support from your hardware/storage/backup/SAN/FS/IDS/Auth/Net/OS/DB/ App vendor is just a phone call and a credit card number away.
I would love to see something like an IntraVeneous (IV) pole, you know a solid base with high quality casters and a strong steel vertical support. But instead of just being a vertical pole with hooks on top, the vertical pole would support a variety of things.
It would have a UPS with a retractable cord at the bottom (so that when not in use the UPS could be charged up in an out of the way location, but when using the thing it would be "wireless" as far as power was concerned.) The wieght of the UPS would also stabalize the thing.
It would be height adjustable (to a range of 8-12") Maybe with a foot petal to activate the height adjustment and the hydraulic mechanism from an office chair (strong and sturdy).
At about elbow height (remember it is adjustable) it would have a sturdy keyboard tray with a full size keyboard, a touchpad with *3* buttons under it and a scrollwheel on the side, plus in front of the keyboard would be a wrist platform (doesn't need to be soft or raised, just something to rest your hands on other than the keys, and not have sharp angles that would hurt.
It would have a nice large LCD panel of at least 1280x1024, a wireless phone headset, A 2 or 4 port KVM switch that could handle PS/2 and USB mouse and keyboards. and one of the KVM ports would be attached to an onboard laptop or Mini-ITX computer with a wireless lan card.
It would also have a clipboard with paper and a pen on a chain (so it wouldn't walk away) and a small (like a cocktail) table next to the keyboard for writing. Also, underneath the cocktail table it could have a shelf or two for placing your toolbag, and next to that it would have a removable plastic trash can.
Have fun with the RAID array, sounds like fun, but a little advice. RAID gives you much added protection against outages during critical hours. And it does save you from having to restore from backups *sometimes*
However most data loss occurs from HUMAN or SW errors, not HW. RAID won't protect you from either of those. If you want to have an online archive of music and movies and pic's etc... That is very nice, you don't want to loose all the time and effort you put into that.
I *assume* you have a broadband ISP connection. (cable, DSL?) You have a good friend who does too? If so, why not share the cost and the space with a friend, set up rsync between your houses for remote data backup on a regular basis. (There are howto's regarding this.)
Now you can lose a disk or a controller, or the whole server, and all you have to do to recover *everything* is set up a machine with at least as much disk space and setup the rsync to rebuild your copy from your friends house.
If you do this, you can save the worry over all the details and issues of RAID setup and failed disk replacement and such. (I mean do that stuff, but don't fret over it, because you will always have all the data backed up remotely anyway.)
...Redhat is a service company and their costs will increase with revenue...
Not linearly. Most of what RedHat sells as a "service" is just access to an online automatic updates site. It isn't like RedHat is billing by the hour.
RedHat Enterprise Linux is still released under the GPL, you just can't get the binary updates packages without paying to access the "RedHat Updates" internet server. You can still access the source code packages on public FTP sites. What people are paying for is the phone support and the access to the system software management system (and some other things that aren't that big of a deal yet).
So as the number of "subscribers" increases their bandwidth costs increase (not linearly either because many customers with multiple systems go through a caching proxy server), their customer support calls increase (but not linearly either because corporate customers don't call 10 times for one problem that affects 10 subscribed servers). Also, RedHat's central expense is the corporate sales, marketing, R&D and engineering/IT staff, and that is already paid for (at least until they get MUCH MUCH bigger). So they will be able to pile on the gravy (profit margin) as they grow. So far they have been reinvesting a large portion of their profits, I know that they have opened many branch offices (one right down the street from me) for their sales/consultants/training staff. So their operating margin is probably much larger than it looks at first glance.
OK, I have had this Idea for a long time. You set up RSA ACE SecurID servers (or something similar) in a few cities around the world with replication and fault tolerance. Then you issue tokens to people who send you money. You don't care who they are or what information they have. You provide the people who receive the tokens with a web page where they can create "org/alias" relationships. You provide organizations an authentication API over the internet.
Now, I go to my bank. I create an account for "John Smith" I tell them that I will authenticate via my token, and you can validate/verify my authenticity by checking my passcode with the online anonymous ID service using the alias jsmithbank.
Now I go to E-bay. I create an account called "sumn4nuthn" I tell them that I will a authenticate via my token, and you can validate/verify my authenticity by checking my passcode with the online anonymous ID service using the alias sumn4nuth.
The authentication check "sumn4nuth+passcode" would only be validated if the SecurID Token holder registered EBAY as an authorized agent in the holder's alias list. Likewise the bank.
The cool think about this scenario is that you could open accounts all over the place. Each one could be "ANONYMOUS" but at the same time UNIQUE and VERIFYABLE.
The types of transactions that could take place with this type of setup would be amazing. I can only imagine the possibilities for money laundering.
-Ben.
Actually on second thought some of the exam is multiple choice, but it didn't seem to me to be biased against any other OS. It did teach you how some things were done on a RedHat system, but then they had to pick some way to organize things?
BOGUS, I use Debian on my workstation and have tried Gentoo on my laptop. I have a half dozen HP systems and a score of solaris systems in the corporate data center. I even have a few XP boxes.
The only UNIX related Cert I have is RHCE.
I loved the RedHat certification test because the exams are not multiple choice or even excersise based. They are performance based. The exam didn't ask you "which redhat tool" to use to solve a particular problem, they just presented you with goals (like "set up a mail server with user accounts and firewalling") how you setup the firewalling and mail server is up to you... If you use the redhat config tools or even the redhat specified configuration practices was beside the point. They just examined your system to see that it worked as specified to see if you "passed".
There was no "lock in" related to it.
When I am setting up a Debian Linux or Fedora Linux desktop all updates and packages handled through APT (except JAVA/Moz/Plugins) , so keeping ALL packages up2date with bug fixes and security patches is easy. Also installing software is simple. I could install everything on this list in just a few moments:
fwbuilder (with iptables support in kernel)
vncserver
KDE 3.2 (with desktop sharing on top of XFree86)
Mozilla recent nightly
(all components with calendar, adblock & deep-sender)
Kterm + openssh + ssh-key-agent
Kopete
Korn
superkaramba w/ liquid weather, cynapses monitor
Rdesktop & tightvnc viewer
OpenOffice
K3B
xmms
adobe acrobat
flash-player (mozilla plugin)
SUN Java JRE (for mozilla plugin)
Community Supported REAL Player Client (and mozilla plugin)
VLC (Video Lan Client)
GIMP
NMAP
iftop
tcpdump
ethereal
nessus
ntop
bash & fileutils & findutils & perl
When I am setting up a windows box, (which could take all day!)
Remote Desktop Sharing
Norton Anti-Virus (with live update)
Norton Utilities (run once a week)
Zone Alarm (with auto-update)
Ad-Aware (with auto-update)
SpyBot (with auto-update)
OpenOffice ( I usually have MS Office too, I switch back and forth)
putty (suite, with pageant)
winscp3
recent nightly of Mozilla (with Calendar, adblock & deep-sender)
cygwin X-server & ssh server & cron daemon & bash w/ perl
trillian
MusicBrainz
winamp
Flash/Shockwave/Java/QuickTime
ethereal
nmap
nessus client
gimp
www.sysinternals.com free Windows Utilities
Unfortunately at my company we are forced to use MS Office from time to time, and we are also heavily invested in Remedy, Netcool & Exchange.
What are you to lazy to psychologically damage your own children?
You just give them a name that causes everyone else to do it for you?
Are you MAD!
Name your child with a beautiful non-descript conformative name.
If they want to be Z4pp4 |\/|()()|\|rov3r later then they can change their name theirself.
-Ben.
I've been a UNIX sys-admin for about a decade. My advice is that for a workstation that is managed by an individual you can let the admin do whatever they want, but for any server that has to be stable and maintainable you want to stick with a well maintained package repository and try to avoid 3rd party packages and tarballs if possible.
You have to understand that there is a software stack in most services. With the kernel and core libs (like glibc) and such at the bottom of the stack, and applications like Evolution at the top of the stack. In between you can have gdb and openssl and various perl modules (in AMAVIS for example) and you have sasl stuff which may be related to pam and openldap and cyrus or wu.... etc..
The thing is that even though all of those various pieces of the software stack may be linked against different libraries on the box, the maintainer of the library code may not have a QA group to co-ordinate regression testing and compatability testing before the latest CVS commit is enacted to fix a bug referenced in a CERT alert.
RedHat and Debian and SUSE and all the others have package repositories, the repository maintainers do an amazingly fantastic job of QA and testing to make sure that new patches don't break your software stack. As an individual you simply can't keep up with that.
For example the Development team that takes care of OpenSSL doesn't backport their bug fixes and security patches to old versions of the code. They just maintain the latest release version and the current CVS version. If you have an old server running IMAPs and HTTPs and SSH and SMTP/TLS and such, and CERT announces a bug in openssl vX.Y, then the OpenSSL development team will certainly release a patch for the latest version which may be version Z!
That might cause you to have to upgrade APACHE or wu-IMAP or OpenSSH or Postfix etc... Those things might then have divergent dependencies that would cause you to go and rebuild half a dozen other packages, and so on and so on. Also, do you remember all the magic flags you used for configure and make? Do you have the same environment variables set today that you did the last time you built PostFix? The possibilities for problems are endless. And if you do have a problem you are kind of on your own since your system will be a unique box. Whereas if there is a problem with a standard RedHat or Debian package, then you can always go to the general newsgroups and chances are there are a dozen other "me too" posts with answers already.
It is much easier to use apt or up2date.
So, unless you have a very good reason for using a tarball on a production server that requires reliability and security and high availability, then you should stick with packages.
If you want to build the packages from source, feel free! RedHat and Debian and SuSE make the SOURCE packages available so that you can dig in and read all about'em. I'm sure the Debian team could use a new package maintainer, if you are addicted to compiling and testing things, check them out.
I've had many employers ask me to sign these types of agreements. I've very nicely asked the HR assistant: "What happens if I don't sign this?"
They say they don't know, that they will have to ask the legal dep't.
"Oh, OK then when they get me an answer then I will consider signing it. THanks:-)"
Usually nothing happens until a year or so goes by and then some other HR team member calls me to discuss the "missing item" in my "file". Again I ask the simple question, again a year goes by....
-Ben.
This article sucked. There have always been wars between "OPS" and "ENGINEERING". Both sides have valid points and both sides have some areas where they are just too stubborn to listen. What this author really missed is that MANAGEMENT IS RESPONSIBLE FOR BALANCING THIS OUT. Both OPS and Engineering are necessary. Sometimes outsourcing makes perfect sense, sometimes it is really just managers being unwilling to do their job, and more willing to use the companies money to get someone else to do it for them.
I've worked in shops where the "GURU DEVELOPERS" were actually idiots who wrote the crappiest applications in the world, and it was the OPS and Admin groups who kept everything running. I've worked in other shops where the OPERATIONS POLICE were procedure idiots, they had change control meetings to make changes to the change control policies, and it was the devel/eng'g group that kept picking up the pieces and keepingn things running behind the scene.
Team building excercises have helped these situations in some companies I've worked at. Really, I know it is a buzzword, but I'm not talking about anything new-age, just getting everyone to go bowling once a month, or to play pool together. The company should spend the money to send people out of the office on PAID BUSINESS HOUR activities that are not work related. Let people get social and they will communicate better. When people realize that the folks on the other side of the fence are usually just as devoted to getting real work goals achieved, but that they are just seeing it all from a different perspective. It is really dificult because of ego's and stress and pride, and a lot of times people on the opposite sides of these fences have real disagreements, sometimes it takes a knowledgeable manager or director to listen to both sides, ask questions and make a decision.
The author really clued me in with his consistently disparaging remarks about management. If you really have no trust/respect in the leaders at your organization, you need to find a new job.
I can't stand Metacity. The only feature that makes it so distasteful to me is that it lacks the ability to move/resize windows without showing the contents. I don't do multimedia stuff on my computers. A little programming, e-mail, web browsing, OpenOffice stuff and lot's of system administration usage. Because of this I don't buy machines with screaming video cards, usually the onboard Intel i810 or SIS chip is good enough. I would love to be able to install the default desktop for my distribution (best integrated, easiest to maintain) but it uses GNOME and METACITY and doesn't offer a change. Using a low cost video card with a window manager that insists on resizing/moving windows while dynamically redrawing everything several times a second is PAINFULL TO WATCH, and slows everything down. It makes my workstation LOOK LIKE CRAP.
Please, Please, someone in charge of Metacity, add in the feature that allows me to turn off content showing while resizing/moving windows.
I have managed hundreds of servers over the last decade. RAID helps with UPTIME, and high availability, it sometimes (rarely) helps with reducing data loss. Most of the time data loss is NOT BECAUSE OF DISK FAILURE. It is because of an idiot who accidently deletes the files or whole directory structures, or the logical volume....
'nuf said.
What you need to do is create OFFLINE copies of your work periodically.
So, read up on rsync and write yourself a cron job. You can set up SSH/SCP on your windows box and you can then use rsync from the Linux boxes to backup your "Documents and Settings" dir on your Windows box. RSYNC even has command line options for creating snapshot backup directories.... There is a HOWTO at the samba site (where rsync comes from) that details scripts for how to create rotating backup scripts with RSYNC.
EXT3 is exactly the same thing as EXT2, except they added a "journal" file on the filesystem and the ext3 driver makes sure to do journalling. As a matter of fact, you can mount an ext3 filesystem with an old 2.0 Linux kernel in ext2 mode. (if the filesystem was unmounted cleanly)
FUD, Wrong Assumptions, Wrong asserted conclusions. Lot's of rude and incorrect accusations flying around. First, go read the section in the link below about "roll your own"
Then set up a mirror of the RedHat Advanced Server Source RPMS, and a mirror of the Source RPMS of the RedHat Advanced Server Errata. Now, go read
http://current.tigris.org
Now, take a redhat 7.2 server, with minimal install and kernel dev bundle, do "rpm -qa --last" and then build the AS packages in the order they were installed on a 7.2 server. Installing each one after you build it. Put the binaries into your own CURRENT server. Now, go read
http://www.linuxjournal.com/article.php?sid=6473 You can create your own Linux distribution with the same updates that RedHat Advanced Server has, and it will have the same lifecycle that RedHat Advanced Server has.
The only thing you don't get is RHN, Support from RedHat, and "certified" compatibility and support form RedHat Certified ISV's like Oracle, BEA, IBM, HP, Dell, Netcool, BMC etc.....
Also, your costs are out of whack. RedHat Edge Server Basic subsciption only costs about $350/year per dual proc server.
At my company we "rolled our own" distribution based on RHAS Source RPM's and we maintain our own CURRENT server with the errata. But we still buy RHAS licenses for servers where we are running 3rd party software that offers RedHat Certification.
Because the term "INSTALLED SYSTEM" is defined within the license agreement from which section 4 (that you quoted) came from. It is defined as:
"the number of servers on which Customer installs Redhat Linux Advanced Server"
If you download the SRPMS, build RPM's and then use anaconda to build your own CD's and then use the resulting CD's to install a functioning LINUX OS on a server, you are not installing "RedHat Linux Advanced Server" you are installing a Linux OS that has no name, but consists of publicly available software.
Then, if you wanted to download any subsequently released SRPM's (errata/updates) and build those into RPM's and install them you are free to do so.
When you "buy" advanced server, you are not buying a license to use the OS. You are buying the following: (AFAIK, IANAL)
A copy of documentation which is copyrighted.
A set of CD's which are copyrighted.
A subscription to an online service (RHN) and some support services.
What the EULA specifically restricts you from doing:
redistributing anything you get through the use of RHN.
using the CD's for the purpose of installing a system, unless you have purchased an RHN subscription for RHAS for the server on which you are using the CD's
The EULA that is on the CD's and on RedHat's Site specifically says that the individual packages on the CD's are covered by their own copyrights. The EULA also says that you have all the rights granted by those copyrights. RedHat also provides all the SRPM's for all the packages on their FTP site for free, and they provide all the SRPM's for all the errata/updates for free. Some of those RPM's are not OpenSource, and you have to be carefull how you use them.
On the Redhat website at: http://www.redhat.com/software/whichlinux.html
"Now there's an important point we need to cover.
Red Hat Enterprise Linux is sold through a one-year subscription and it does have a licensing agreement. But before you mention the "p"-word ("proprietary"), understand that the code is open and protected by the GPL license. It's not proprietary. We're licensing the services, not the software. The source code files can be downloaded by anyone, and you still have the right to use the software after the license and services expire.
You're simply paying for the value Red Hat adds: The enterprise enhancements, the ISV and IHV certification, the support services included with the product, and the security and software updates through Red Hat Enterprise Network."
The SRPM's for all the RPM's in the RedHat distro are available via anonymous FTP from the Redhat website. As are the SRPM's for all the updates they release.
I mirror all those SRPM's on my local network, and rebuild the binary RPMs and maintain my own RPM FTP site, and I have an APACHE server running CURRENT (the free up2date compatable server).
I used some anaconda tools to rebuild a few index files and hdlist files,
Then I use Redhat 7.2 BootNet floppy images and point them at my FTP server's RPM
directory and I install what is functionally identical to Redhat Advanced Server.
I then modify the RHN_GPG_KEY and the RHN_CERT and I modify the up2date and rhnsd configuration files to point them at my inhouse "CURRENT" server instead of the RedHat "RHN" server. Now I have basically the same thing as RedHat Advanced Server, but I call my distribution "DEADRAT" not "REDHAT"
-Ben.
I remember reading in some NRA slanted brochure that
One of the very first few US Congressional Sessions addressed this definition of "well regulated militia" in the 19th century. Even back then they defined it as (albeit a little sexist and materialist) as any able bodied land owning man between the ages of 18 and 60 (or something close to that).
In this brochure they even cited the chapter and paragraph of the congressional record where it was decided and quoted it.
-Ben.
I don't really think that the proper place for **EVERYDAY** encryption is in the e-mail message itself. I mean sure if you have a really sensitive message that is for your eyes only to the recipient then sure.
Sendmail supports oppourtunistic encryption between SMTP MTA's, POP/IMAP/LDAP/SMTP from the client can all be SSL'd or TLS'd. Even tween MTA's you can use ESMTP TLS. Notes and Exchange both support encrypted client server and serverserver communication. All of this exists now and I think even those aren't the way it should be handled.
Linux FreeS/WAN support will soon have oppourtunistic encryption via IPSEC. IPv6 requires IPSEC to be compliant. So I think that the answer is that encryption take place at a lower layer than the application. This solves the problem for ALL applications rather than just e-mail. Also this still allows virus scanners and content filters and mail filters and SPAM protection and banner rippers and such to work the way they are supposed too. It allows standard encryption acceleration hardware to be used for all your network traffic.
Slashdot Mirror
On both Digg and Slashdot feedbacks there is a vehement feedback on this issue. I thought the tongue in cheek attitude of the author was great. I thought his writing was satirical, but all the same it was accurate and not exaggerated. I am a professional sysadmin, and have dealt with both windows and linux desktops and servers on networks for many years. If I were a better writter I think I could have written this article! It was great.
"The days of 'I stay with windows because of outlook+exchange are over'"
I'm a UNIX SysAdmin, I've been using Linux on the Desktop (not exclusively)
for many years. None of the solutions you mention works well... Believe me,
I have tried them all. They aren't anywhere near as easy to use as a mail/calendar interface as OUTLOOK+Exchange on a native Windows system.
Nor are they as good as using Outlook2000 with CodeWeavers CrossOver office on a Linux box.
Maybe you are right about "don't need", but I would say that if you spend a lot of time using Outlook for E-mail, calendar, tasks, forms, and shared-folders, it could very well still be a day of "I stay with windows because of Outlook+Exchange".
Of course I would love to replace Exchange with an open source, open standards server platform that joined SSL enabled SMTP/IMAP/NNTP/LDAP/ACAP with a cross platform client that was fast, stable+robust, easy to use.
Firefox+Thunderbird+Sunbird is getting there! Go MOZILLA.
Sure, they are GREAT! I have used Mandrake and Debian and Gentoo and Fedora and all... I think they are all nice and each has great things about it. I would also *LOVE* to see software vendors that were reasonable about supporting more of these distributions. But in the BUSINESSES I have worked in I am worried about us doing a job and getting done right for our customers. I leave the OS advocacy for my off-job hours.
That being said, I would say that if you are running in an average IS/IT environment (not some special corner case) you would be nuts to use Debian or Gentoo or LFS or Slackware in a business environment. Maybe SUSE would be a good choice? I dunno I haven't that much experience with SUSE other than on the desktop.
I STRONGLY recommend RedHat Enterprise Linux.
I am a Sr. Unix admin for a medium sized company.
Have been a Unix admin for about 10 years now.
Worked at Sprint/GlobalOne, a failed
I strongly recommend RedHat Enterprise Linux.
Long lifecycles.
Large cadre of 3rd party HW/SW "certified" compatability partners.
Great quality of software repository and patch management utilities.
Support from all major hardware vendors.
More support from 3rd party software vendors than any other Linux vendor.
Don't fret about the scary sticker prices. (they aren't mandatory, and the big numbers are just "list" they get smaller when you start negotiating)
And don't listen to the "just wrong" wierdo's who say RedHat isn't a true-blue open-source advocate. They are great open-source citizens, and the prices are only what you want to pay for.
You don't pay RedHat for the privilege of using their RHEL-AS system, you just pay for the service of providing the binaries and for the support that you may get from them via various channels. All of the source RPM's of RHEL are available on RedHat's free/anonymous FTP servers, and there are a few different organizations that compile those up and bundle them into Install CD's.
\The result is systems that are made from identical source code and work *exactly* the same as teh RHEL-AS systems you may have an RHN license for. (RHN stands for RedHat Network which is a software/patch repository and system information database and support database) This means that anything that works on a system with an RHN license that was installed from RedHat distributed binaries will also work on the "whitebox" systems. The DIFFERENCE is that you won't get "official" support from Dell/HP/IBM/Compaq/EMC/NetApp/BEA/NetCool/Veritas etc. etc. etc. unless you have installed the system via the red cd's with the RedHat license.
So, for your devel/test and non-critical IS systems you use whitebox. And for your mission critical 24x7 systems, you buy a cheap RHN license, knowing that you can upgrade the support level later if you need to.
You don't want to put YOUR ass on the line (like the boxes where you are running the Oracle cluster) so go ahead and buy an "official" RHN support contract. Because when you are spending 10's of thousands of dollars on Oracle licenses and Veritas Netback or Legato licenses and Netcool or OpenView probe licenses and Tripwire licenses and RSA SecurID tokens and everything else, plus you are paying thousands of dollars for enterprise quality hardware and storage and networking equipment, what is the big deal about a few hundred dollars a year for the RHN subscription so that "OFFICIAL" "CERTIFIED" support from your hardware/storage/backup/SAN/FS/IDS/Auth/Net/OS/DB/ App vendor is just a phone call and a credit card number away.
Go ahead, try and get through real
I would love to see something like an IntraVeneous (IV) pole, you know a solid base with high quality casters and a strong steel vertical support. But instead of just being a vertical pole with hooks on top, the vertical pole would support a variety of things.
It would have a UPS with a retractable cord at the bottom (so that when not in use the UPS could be charged up in an out of the way location, but when using the thing it would be "wireless" as far as power was concerned.) The wieght of the UPS would also stabalize the thing.
It would be height adjustable (to a range of 8-12") Maybe with a foot petal to activate the height adjustment and the hydraulic mechanism from an office chair (strong and sturdy).
At about elbow height (remember it is adjustable) it would have a sturdy keyboard tray with a full size keyboard, a touchpad with *3* buttons under it and a scrollwheel on the side, plus in front of the keyboard would be a wrist platform (doesn't need to be soft or raised, just something to rest your hands on other than the keys, and not have sharp angles that would hurt.
It would have a nice large LCD panel of at least 1280x1024, a wireless phone headset, A 2 or 4 port KVM switch that could handle PS/2 and USB mouse and keyboards. and one of the KVM ports would be attached to an onboard laptop or Mini-ITX computer with a wireless lan card.
It would also have a clipboard with paper and a pen on a chain (so it wouldn't walk away) and a small (like a cocktail) table next to the keyboard for writing.
Also, underneath the cocktail table it could have a shelf or two for placing your toolbag, and next to that it would have a removable plastic trash can.
Have fun with the RAID array, sounds like fun, but a little advice. RAID gives you much added protection against outages during critical hours. And it does save you from having to restore from backups *sometimes*
However most data loss occurs from HUMAN or SW errors, not HW. RAID won't protect you from either of those. If you want to have an online archive of music and movies and pic's etc... That is very nice, you don't want to loose all the time and effort you put into that.
I *assume* you have a broadband ISP connection. (cable, DSL?) You have a good friend who does too? If so, why not share the cost and the space with a friend, set up rsync between your houses for remote data backup on a regular basis. (There are howto's regarding this.)
Now you can lose a disk or a controller, or the whole server, and all you have to do to recover *everything* is set up a machine with at least as much disk space and setup the rsync to rebuild your copy from your friends house.
If you do this, you can save the worry over all the details and issues of RAID setup and failed disk replacement and such. (I mean do that stuff, but don't fret over it, because you will always have all the data backed up remotely anyway.)
Not linearly. Most of what RedHat sells as a "service" is just access to an online automatic updates site. It isn't like RedHat is billing by the hour. RedHat Enterprise Linux is still released under the GPL, you just can't get the binary updates packages without paying to access the "RedHat Updates" internet server. You can still access the source code packages on public FTP sites. What people are paying for is the phone support and the access to the system software management system (and some other things that aren't that big of a deal yet).
So as the number of "subscribers" increases their bandwidth costs increase (not linearly either because many customers with multiple systems go through a caching proxy server), their customer support calls increase (but not linearly either because corporate customers don't call 10 times for one problem that affects 10 subscribed servers). Also, RedHat's central expense is the corporate sales, marketing, R&D and engineering/IT staff, and that is already paid for (at least until they get MUCH MUCH bigger). So they will be able to pile on the gravy (profit margin) as they grow. So far they have been reinvesting a large portion of their profits, I know that they have opened many branch offices (one right down the street from me) for their sales/consultants/training staff. So their operating margin is probably much larger than it looks at first glance.
OK, I have had this Idea for a long time. You set up RSA ACE SecurID servers (or something similar) in a few cities around the world with replication and fault tolerance. Then you issue tokens to people who send you money. You don't care who they are or what information they have. You provide the people who receive the tokens with a web page where they can create "org/alias" relationships. You provide organizations an authentication API over the internet. Now, I go to my bank. I create an account for "John Smith" I tell them that I will authenticate via my token, and you can validate/verify my authenticity by checking my passcode with the online anonymous ID service using the alias jsmithbank. Now I go to E-bay. I create an account called "sumn4nuthn" I tell them that I will a authenticate via my token, and you can validate/verify my authenticity by checking my passcode with the online anonymous ID service using the alias sumn4nuth. The authentication check "sumn4nuth+passcode" would only be validated if the SecurID Token holder registered EBAY as an authorized agent in the holder's alias list. Likewise the bank. The cool think about this scenario is that you could open accounts all over the place. Each one could be "ANONYMOUS" but at the same time UNIQUE and VERIFYABLE. The types of transactions that could take place with this type of setup would be amazing. I can only imagine the possibilities for money laundering. -Ben.
Actually on second thought some of the exam is multiple choice, but it didn't seem to me to be biased against any other OS. It did teach you how some things were done on a RedHat system, but then they had to pick some way to organize things?
BOGUS, I use Debian on my workstation and have tried Gentoo on my laptop. I have a half dozen HP systems and a score of solaris systems in the corporate data center. I even have a few XP boxes. The only UNIX related Cert I have is RHCE. I loved the RedHat certification test because the exams are not multiple choice or even excersise based. They are performance based. The exam didn't ask you "which redhat tool" to use to solve a particular problem, they just presented you with goals (like "set up a mail server with user accounts and firewalling") how you setup the firewalling and mail server is up to you... If you use the redhat config tools or even the redhat specified configuration practices was beside the point. They just examined your system to see that it worked as specified to see if you "passed". There was no "lock in" related to it.
When I am setting up a Debian Linux or Fedora Linux desktop all updates and packages handled through APT (except JAVA/Moz/Plugins) , so keeping ALL packages up2date with bug fixes and security patches is easy. Also installing software is simple. I could install everything on this list in just a few moments:
fwbuilder (with iptables support in kernel)
vncserver
KDE 3.2 (with desktop sharing on top of XFree86)
Mozilla recent nightly
(all components with calendar, adblock & deep-sender)
Kterm + openssh + ssh-key-agent
Kopete
Korn
superkaramba w/ liquid weather, cynapses monitor
Rdesktop & tightvnc viewer
OpenOffice
K3B
xmms
adobe acrobat
flash-player (mozilla plugin)
SUN Java JRE (for mozilla plugin)
Community Supported REAL Player Client (and mozilla plugin)
VLC (Video Lan Client)
GIMP
NMAP
iftop
tcpdump
ethereal
nessus
ntop
bash & fileutils & findutils & perl
When I am setting up a windows box, (which could take all day!)
Remote Desktop Sharing
Norton Anti-Virus (with live update)
Norton Utilities (run once a week)
Zone Alarm (with auto-update)
Ad-Aware (with auto-update)
SpyBot (with auto-update)
OpenOffice ( I usually have MS Office too, I switch back and forth)
putty (suite, with pageant)
winscp3
recent nightly of Mozilla (with Calendar, adblock & deep-sender)
cygwin X-server & ssh server & cron daemon & bash w/ perl
trillian
MusicBrainz
winamp
Flash/Shockwave/Java/QuickTime
ethereal
nmap
nessus client
gimp
www.sysinternals.com free Windows Utilities
Unfortunately at my company we are forced to use MS Office from time to time, and we are also heavily invested in Remedy, Netcool & Exchange.
What are you to lazy to psychologically damage your own children? You just give them a name that causes everyone else to do it for you? Are you MAD! Name your child with a beautiful non-descript conformative name. If they want to be Z4pp4 |\/|()()|\|rov3r later then they can change their name theirself. -Ben.
I've been a UNIX sys-admin for about a decade.
My advice is that for a workstation that is managed by an individual you can let the admin do whatever they want, but for any server that has to be stable and maintainable you want to stick with a well maintained package repository and try to avoid 3rd party packages and tarballs if possible.
You have to understand that there is a software stack in most services.
With the kernel and core libs (like glibc) and such at the bottom of the stack, and applications like Evolution at the top of the stack. In between you can have gdb and openssl and various perl modules (in AMAVIS for example) and you have sasl stuff which may be related to pam and openldap and cyrus or wu.... etc..
The thing is that even though all of those various pieces of the software stack may be linked against different libraries on the box, the maintainer of the library code may not have a QA group to co-ordinate regression testing and compatability testing before the latest CVS commit is enacted to fix a bug referenced in a CERT alert.
RedHat and Debian and SUSE and all the others have package repositories, the repository maintainers do an amazingly fantastic job of QA and testing to make sure that new patches don't break your software stack. As an individual you simply can't keep up with that.
For example the Development team that takes care of OpenSSL doesn't backport their bug fixes and security patches to old versions of the code. They just maintain the latest release version and the current CVS version. If you have an old server running IMAPs and HTTPs and SSH and SMTP/TLS and such, and CERT announces a bug in openssl vX.Y, then the OpenSSL development team will certainly release a patch for the latest version which may be version Z!
That might cause you to have to upgrade APACHE or wu-IMAP or OpenSSH or Postfix etc... Those things might then have divergent dependencies that would cause you to go and rebuild half a dozen other packages, and so on and so on. Also, do you remember all the magic flags you used for configure and make? Do you have the same environment variables set today that you did the last time you built PostFix? The possibilities for problems are endless. And if you do have a problem you are kind of on your own since your system will be a unique box. Whereas if there is a problem with a standard RedHat or Debian package, then you can always go to the general newsgroups and chances are there are a dozen other "me too" posts with answers already.
It is much easier to use apt or up2date.
So, unless you have a very good reason for using a tarball on a production server that requires reliability and security and high availability, then you should stick with packages.
If you want to build the packages from source, feel free! RedHat and Debian and SuSE make the SOURCE packages available so that you can dig in and read all about'em. I'm sure the Debian team could use a new package maintainer, if you are addicted to compiling and testing things, check them out.
I've had many employers ask me to sign these types of agreements. I've very nicely asked the HR assistant: "What happens if I don't sign this?" They say they don't know, that they will have to ask the legal dep't. "Oh, OK then when they get me an answer then I will consider signing it. THanks :-)"
Usually nothing happens until a year or so goes by and then some other HR team member calls me to discuss the "missing item" in my "file". Again I ask the simple question, again a year goes by....
-Ben.
This article sucked. There have always been wars between "OPS" and "ENGINEERING". Both sides have valid points and both sides have some areas where they are just too stubborn to listen. What this author really missed is that MANAGEMENT IS RESPONSIBLE FOR BALANCING THIS OUT. Both OPS and Engineering are necessary. Sometimes outsourcing makes perfect sense, sometimes it is really just managers being unwilling to do their job, and more willing to use the companies money to get someone else to do it for them.
I've worked in shops where the "GURU DEVELOPERS" were actually idiots who wrote the crappiest applications in the world, and it was the OPS and Admin groups who kept everything running. I've worked in other shops where the OPERATIONS POLICE were procedure idiots, they had change control meetings to make changes to the change control policies, and it was the devel/eng'g group that kept picking up the pieces and keepingn things running behind the scene.
Team building excercises have helped these situations in some companies I've worked at. Really, I know it is a buzzword, but I'm not talking about anything new-age, just getting everyone to go bowling once a month, or to play pool together. The company should spend the money to send people out of the office on PAID BUSINESS HOUR activities that are not work related. Let people get social and they will communicate better. When people realize that the folks on the other side of the fence are usually just as devoted to getting real work goals achieved, but that they are just seeing it all from a different perspective. It is really dificult because of ego's and stress and pride, and a lot of times people on the opposite sides of these fences have real disagreements, sometimes it takes a knowledgeable manager or director to listen to both sides, ask questions and make a decision.
The author really clued me in with his consistently disparaging remarks about management. If you really have no trust/respect in the leaders at your organization, you need to find a new job.
I can't stand Metacity. The only feature that makes it so distasteful to me is that it lacks the ability to move/resize windows without showing the contents. I don't do multimedia stuff on my computers. A little programming, e-mail, web browsing, OpenOffice stuff and lot's of system administration usage. Because of this I don't buy machines with screaming video cards, usually the onboard Intel i810 or SIS chip is good enough. I would love to be able to install the default desktop for my distribution (best integrated, easiest to maintain) but it uses GNOME and METACITY and doesn't offer a change. Using a low cost video card with a window manager that insists on resizing/moving windows while dynamically redrawing everything several times a second is PAINFULL TO WATCH, and slows everything down. It makes my workstation LOOK LIKE CRAP. Please, Please, someone in charge of Metacity, add in the feature that allows me to turn off content showing while resizing/moving windows.
I have managed hundreds of servers over the last decade. RAID helps with UPTIME, and high availability, it sometimes (rarely) helps with reducing data loss. Most of the time data loss is NOT BECAUSE OF DISK FAILURE. It is because of an idiot who accidently deletes the files or whole directory structures, or the logical volume.... 'nuf said. What you need to do is create OFFLINE copies of your work periodically. So, read up on rsync and write yourself a cron job. You can set up SSH/SCP on your windows box and you can then use rsync from the Linux boxes to backup your "Documents and Settings" dir on your Windows box. RSYNC even has command line options for creating snapshot backup directories.... There is a HOWTO at the samba site (where rsync comes from) that details scripts for how to create rotating backup scripts with RSYNC.
EXT3 is exactly the same thing as EXT2, except they added a "journal" file on the filesystem and the ext3 driver makes sure to do journalling. As a matter of fact, you can mount an ext3 filesystem with an old 2.0 Linux kernel in ext2 mode. (if the filesystem was unmounted cleanly)
FUD, Wrong Assumptions, Wrong asserted conclusions. Lot's of rude and incorrect accusations flying around. First, go read the section in the link below about "roll your own"
h tml
http://www.redhat.com/advice/ask_shadowman_may02.
Then set up a mirror of the RedHat Advanced Server Source RPMS, and a mirror of the Source RPMS of the RedHat Advanced Server Errata. Now, go read
http://current.tigris.org
Now, take a redhat 7.2 server, with minimal install and kernel dev bundle, do "rpm -qa --last" and then build the AS packages in the order they were installed on a 7.2 server. Installing each one after you build it. Put the binaries into your own CURRENT server. Now, go read
http://www.linuxjournal.com/article.php?sid=6473
You can create your own Linux distribution with the same updates that RedHat Advanced Server has, and it will have the same lifecycle that RedHat Advanced Server has.
The only thing you don't get is RHN, Support from RedHat, and "certified" compatibility and support form RedHat Certified ISV's like Oracle, BEA, IBM, HP, Dell, Netcool, BMC etc.....
Also, your costs are out of whack. RedHat Edge Server Basic subsciption
only costs about $350/year per dual proc server.
At my company we "rolled our own" distribution based on RHAS Source RPM's and we maintain our own CURRENT server with the errata. But we still buy RHAS licenses for servers where we are running 3rd party software that offers RedHat Certification.
-Ben.
"the number of servers on which Customer installs Redhat Linux Advanced Server"
If you download the SRPMS, build RPM's and then use anaconda to build your own CD's and then use the resulting CD's to install a functioning LINUX OS on a server, you are not installing "RedHat Linux Advanced Server" you are installing a Linux OS that has no name, but consists of publicly available software.
Then, if you wanted to download any subsequently released SRPM's (errata/updates) and build those into RPM's and install them you are free to do so.
When you "buy" advanced server, you are not buying a license to use the OS. You are buying the following: (AFAIK, IANAL)
- A copy of documentation which is copyrighted.
- A set of CD's which are copyrighted.
- A subscription to an online service (RHN) and some support services.
What the EULA specifically restricts you from doing:- redistributing anything you get through the use of RHN.
- using the CD's for the purpose of installing a system, unless you have purchased an RHN subscription for RHAS for the server on which you are using the CD's
The EULA that is on the CD's and on RedHat's Site specifically says that the individual packages on the CD's are covered by their own copyrights. The EULA also says that you have all the rights granted by those copyrights. RedHat also provides all the SRPM's for all the packages on their FTP site for free, and they provide all the SRPM's for all the errata/updates for free. Some of those RPM's are not OpenSource, and you have to be carefull how you use them.On the Redhat website at: http://www.redhat.com/software/whichlinux.html
"Now there's an important point we need to cover. Red Hat Enterprise Linux is sold through a one-year subscription and it does have a licensing agreement. But before you mention the "p"-word ("proprietary"), understand that the code is open and protected by the GPL license. It's not proprietary. We're licensing the services, not the software. The source code files can be downloaded by anyone, and you still have the right to use the software after the license and services expire. You're simply paying for the value Red Hat adds: The enterprise enhancements, the ISV and IHV certification, the support services included with the product, and the security and software updates through Red Hat Enterprise Network."
The SRPM's for all the RPM's in the RedHat distro are available via anonymous FTP from the Redhat website. As are the SRPM's for all the updates they release.
I mirror all those SRPM's on my local network, and rebuild the binary RPMs and maintain my own RPM FTP site, and I have an APACHE server running CURRENT (the free up2date compatable server).
I used some anaconda tools to rebuild a few index files and hdlist files, Then I use Redhat 7.2 BootNet floppy images and point them at my FTP server's RPM directory and I install what is functionally identical to Redhat Advanced Server.
I then modify the RHN_GPG_KEY and the RHN_CERT and I modify the up2date and rhnsd configuration files to point them at my inhouse "CURRENT" server instead of the RedHat "RHN" server. Now I have basically the same thing as RedHat Advanced Server, but I call my distribution "DEADRAT" not "REDHAT" -Ben.
I remember reading in some NRA slanted brochure that One of the very first few US Congressional Sessions addressed this definition of "well regulated militia" in the 19th century. Even back then they defined it as (albeit a little sexist and materialist) as any able bodied land owning man between the ages of 18 and 60 (or something close to that). In this brochure they even cited the chapter and paragraph of the congressional record where it was decided and quoted it. -Ben.
I don't really think that the proper place for **EVERYDAY** encryption is in the e-mail message itself. I mean sure if you have a really sensitive message that is for your eyes only to the recipient then sure.
Sendmail supports oppourtunistic encryption between SMTP MTA's, POP/IMAP/LDAP/SMTP from the client can all be SSL'd or TLS'd. Even tween MTA's you can use ESMTP TLS. Notes and Exchange both support encrypted client server and serverserver communication. All of this exists now and I think even those aren't the way it should be handled.
Linux FreeS/WAN support will soon have oppourtunistic encryption via IPSEC. IPv6 requires IPSEC to be compliant. So I think that the answer is that encryption take place at a lower layer than the application. This solves the problem for ALL applications rather than just e-mail. Also this still allows virus scanners and content filters and mail filters and SPAM protection and banner rippers and such to work the way they are supposed too. It allows standard encryption acceleration hardware to be used for all your network traffic.
-Ben.