Slashdot Mirror


User: Bert64

Bert64's activity in the archive.

Stories
0
Comments
12,200
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,200

  1. Re:No SSH!? on A Run Through Windows Server 2008 · · Score: 1

    What do you mean by the newest RDC? I have used the one shipping with windows 2003, it behaves as i describe and every deployment where i've seen it being used. If the version in 2008 behaves more securely you can't really consider that until it comes out of beta.

    Proof? Open up a remote desktop client and connect to a server, it displays a windows login prompt that gives away the OS version and if the machine is part of a domain, gives you a list of accessible domains or the name of the local system.

    A few years ago i often used servers to encode mp3, because they were much faster... Nowadays you could use it for video, or any other situation where you have a dataset you need to upload and do a lot of processing on. I can have a 4 socket quad core server running away nicely in a server room, i wouldn't want such a big noisy machine on my desk.
    Any program that produces textual output could be executed on the server and piped over ssh, for the results to be parsed locally, or on to another server for instance.

    I can also download files with SSH, and if the file isn't already compressed i will typically make the server compress the file on the fly (eg bzip2 -9), pipe over ssh and then have my client decompress locally, works great over slow links.
    I can also pipe files over and decompress/unarchive them on the fly, instead of downloading and then decompressing (wasting local storage and taking longer as the disk heads thrash back and forth).
    I can do audio conferencing over SSH without having to install extra apps (between workstations obviously) with cat /dev/audio etc
    I can do disk copies by piping contents of /dev/sda over ssh, i can save to an image file (optionally compressing on the fly) and restore in the same way - every livecd has ssh
    I can pipe video files off my server and direct into a video player on my laptop (my laptop has very little spare hd space)
    I can have ssh login to servers automatically and tar up directories, and pipe the output to a backup device. I can have a central server retrieve backups from any number of other servers and store them. I dont need to backup the whole machine, i can selectively do partitions or directories without needing any third party apps.

    Sure most of this could be done using third party apps, but you wouldn't have the flexibility, and you'd be running lots of extra services increasing the attack surface of your machine, and if you had a sudden ad-hoc requirement you'd waste a lot of time installing a server/client, and it wouldn't be much use to access from arbitrary machines/livecds (all of which have ssh except windows)

    The beauty of SSH is that it offers you the flexibility, once you get used to it you'll find that you use it regularly for all kinds of things, and if you use something less flexible you'll often get frustrated. Conversely, if you're not used to the flexibility offered by SSH you won't miss it.
    My grandfather drove cars without air conditioning for the past 50+ years and was perfectly happy. His latest car had aircon, and now that he's used to having it he would never consider buying another car without it.

    The mp3 encoding was just an example btw.

  2. Re:No SSH!? on A Run Through Windows Server 2008 · · Score: 1

    It's crippled because every other server os or networking device will have SSH by default nowadays...
    Unless your network consists SOLELY of windows boxes (ie you dont have any unix servers, switches, routers or misc networking kit) you'l need SSH sooner or later. Sure for most of the routers you *can* use telnet but that's hardly appropriate for this modern age is it.

  3. Re:No SSH!? on A Run Through Windows Server 2008 · · Score: 1

    Remote desktop is a flawed protocol...
    Although it's encrypted, it does nothing to authenticate that the host your connected to is the one it's supposed to be, by contrast SSL uses certificates and SSH uses host keys.
    It also discloses information about the OS running and all the usable authentication domains *BEFORE* you have authenticated! It's been years since unix machines displayed the OS version in their remote banners (telnet did, SSH never has by default).

    Also remote desktop takes over your local workspace, you end up with multiple isolated gui instances running instead of your single local gui with multiple administrative tools running inside it.

    You also can't pipe data over a remote desktop session the same way you can with ssh, eg:
    ssh user@host tail -f /var/log/messages | grep ALERT
    cat file | ssh user@host processingcommand >newfile (takes file, feeds it to stdin of processingcommand on host and saves the output to the local file newfile, example on next line)
    cat file.wav | ssh user@fastserver mp3encode >file.mp3

  4. Re:server w/out ssh? How much obtuse can you get? on A Run Through Windows Server 2008 · · Score: 1

    Your missing out..
    On unix machines, SSH is absolutely invaluable...
    RCP/Rlogin could do the same job, but it's horrendously insecure.

    I quite often pipe data over ssh connections, or remotely mount systems using sshfs.. I have a lot of logfiles tailed over ssh, I script things up to log on via ssh, i even stream video/audio off my servers using ssh and play them on my workstations...

  5. Re:Not surprised on A Run Through Windows Server 2008 · · Score: 2, Informative

    A server shouldnt even have a video card...
    Physically entering the datacenter to do work on a server is stupid, and using a graphical remote management card is bandwidth intensive and slow and a quite unnecessary and ridiculous idea.
    All my servers use serial consoles and have for years... Each server is connected via serial to a central terminal server, to which i can connect using SSH and choose a serial line to connect to. From the console, i can interact with the OS and even interact with the firmware if the OS is not running, so i can install an OS from scratch by doing a network boot...
    I have successfully repurposed some old servers (by completely reinstalling the OS) remotely recently, without setting foot in the datacenter. I have only entered the datacenter to physically install remove or repair hardware.
    The datacenter is a few hours drive away, if i had to do lots of physical work on the servers we'd have to use a closer more expensive datacenter.

    And because of this, the idea that any server would be powering unnecessary video hardware or running unnecessary video hardware is utterly ridiculous.

  6. Re:Wall building? on A Run Through Windows Server 2008 · · Score: 2, Interesting

    That's not the fault of remote desktop, but rather of microsoft's licensing model for it...
    If you actually license it for more users, you can easily have a lot more than 2 sessions. The limit of 2 sessions is totally artificial and designed to make you pay more.

    I often have lots of SSH sessions open, often to lots of different machines... I also have plenty of non interactive ssh sessions open, a number of non interactive scripts i have use ssh to tail -f logfiles or such, i believe gltail which was posted on slashdot a few days ago does the same.

  7. Re:Understandable. on A Run Through Windows Server 2008 · · Score: 1

    It does have the "core install" option, which claims to install without GUI...
    What it really does is set your default shell to cmd.exe instead of explorer.exe, so you get a graphical command prompt window instead of the explorer start bar. The GUI is still running and can you can still run graphical programs, but you dont get the windowbar or the file manager.
    Infact, with the core install these aren't installed by default.
    You still get some of the irritating animations and graphical shit.

    I want a pure text based login, which uses a full screen text-only console and doesn't waste resources having video drivers running, and ofcourse the option to run this default console over a serial port. After all, a server will spend 99% of its time with no screen/keyboard attached sitting in a room with the lights turned off.

  8. Re:How about Java web start? on Mozilla Tests Integrated Desktop Browser · · Score: 1

    Mozilla at least, also lets you write applications in XUL... If everyone was going to be using Prism, this would be more than feasible.
    As a (rather small) example, try:
    http://www.google.com/mozilla/google.xul

  9. Re:Wow, people are sick on Mozilla Tests Integrated Desktop Browser · · Score: 1

    firefox -ProfileManager...
    You can use multiple firefox profiles, and run several of them at once under the same user account.
    It works better if you use different themes in each profile, so you can tell them apart.

  10. Re:I can see the ads now on NEC SX-9 to be World's Fastest Vector Computer · · Score: 1

    Exactly, you could save a lot of money by keeping this machine turned off!

  11. Re:I agree on Vista Vs. Gutsy Gibbon · · Score: 1

    Unfortunately, a lot of companies are still tied to legacy apps running on NT3/4 and such... And these apps being proprietary, cannot be ported to newer platforms.
    Why is LM still turned on by default anyway, considering how weak it is and how rarely it's required...
    Also, NTLM encryption is pretty crap too, can't they come up with something better? Or better yet, use something established like openbsd's blowfish.

  12. Re:I agree on Vista Vs. Gutsy Gibbon · · Score: 1

    Companies don't usually ship linux drivers, linux drivers tend to come with the kernel and distributions...
    All of the higher end adaptec hardware i've used has been perfectly well supported by linux. Any vendor who produces gear for servers would be stupid not to support linux, as linux is a very big player in the server market.

  13. Re:I agree on Vista Vs. Gutsy Gibbon · · Score: 1

    Backwards compatibility often needs to be broken to improve security in the case of windows...
    There are just so many fundamental design flaws, and often you have multiple ways of doing things, the original flawed method and a new not so flawed method with the old one maintained for backwards compatibility. As an example, consider lanman password encryption.

    Even windows 2003 encrypts your passwords twice by default, once with the newer NTLM hash, which isn't great (no salts etc)... and once with the older lanman hash which is utterly laughable (case insensitive, limit of 7 chars longer passwords are encrypted in 2 halves, no salts, low key length)..
    You can disable it, but then you lose compatibility with some older programs and you lose the ability to communicate with older windows based systems using the microsoft networking protocols.

    Compare this with unix systems, which traditionally used DES, which while being massively stronger than lanman and better in some respects than ntlm, is getting a bit long in the tooth. Modern unixes now support MD5 or Blowfish based password encryption which is much stronger, linux typically has it by default and solaris has an easily enabled config file. I have yet to encounter programs which fail to work due to the use of newer stronger encryption, and i can still communicate with ancient unix systems just fine.

  14. Re:I agree on Vista Vs. Gutsy Gibbon · · Score: 1

    The same people who say "creating a slipstream disc is not hard" are also saying "using the linux command line is too hard"...
    Most end users won't want or be able to do either, so how the default disc is DOES matter.
    Users don't want to buy an updated version of an OS they already have, but would quite happily download an updated install disc.

  15. Re:Old fashioned way to get IMAP on Free IMAP On Gmail · · Score: 1

    Spamassassin supports bayesian filters too....

  16. Re:The more suckers the better !! on Free IMAP On Gmail · · Score: 3, Insightful

    Yes, they can build a program to process the mails you are sending through their service and target you with ads...
    If you have an issue with an automated process accessing your mail and taking actions based on the content of it, you'd better not use a spam filter either... Infact, you probably shouldnt use email at all unless you can find a mail server which isnt a program.

  17. Re:OSS? Anyone? on US-Made Censorware Used To Oppress Burma · · Score: 1

    They used to use dansguardian a few years ago...

  18. Re:Pirated version? on Driver Update Can Cause Vista Deactivation · · Score: 1

    Like it's also possible for an OEM install to be pre-installed with a rootkit...

    There are lots of malicious rumours posted around about how inferior pirate copies are, but the vast majority of this is bullshit designed to discourage people from downloading pirate copies.
    If you download from popular torrent sites, there will usually be negative comments if a release has something like a rootkit or is fake etc.

    The movie industry is the same, when you see a film in the cinema they show a trailer decrying the low quality of bootleg copies. Now while it's true that copies will never provide you the same experience as a cinema, the quality varies but the different versions are often clearly marked.
    You can get a cam or telesync if you want to watch a movie early without going to the cinema (and for many people this is the *only* way to watch a movie for several months while in this global world people talk about the movie and spoil it for you.
    You can also get DVD quality or HD-DVD/Bluray rips which are better than DVD quality, and in many markets high definition stuff is not widely available legitimately.

  19. Re:Pirated version? on Driver Update Can Cause Vista Deactivation · · Score: 1

    Did you swap out the motherboard for another identical one?
    I've seen activation being forced after swapping the motherboard/cpu for a newer (faster) one but using the same peripherals... It all depends on just how much hardware is changed. Sometimes updating the bios on a motherboard changes it enough to force a reactivation.
    Once you get to the position that you can no longer activate online, and have to call them up it becomes a lot more hassle.

  20. Re:Zero risk committee thinking on Games All Downhill Since Pong? · · Score: 1

    The problem is the expense of creating the graphics and sound effects people expect...
    This wasn't a problem years ago, because graphics capabilities were very limited anyway. Nowadays people expect a 3d game with fancy graphics and top quality surround sound. People can still come up with innovative ideas, but they often can't bring enough of the right people together to make a successful game.

  21. Re:not good enough on Microsoft Finally Bows to EU Antitrust Measures · · Score: 1

    Chances are your developers tasked with implementing a given protocol will already be proficient coders, and the chance of them being able to read the provided example code is quite high.

    Reverse engineering on the other hand, adds a second requirement that your developers are less likely to have already, and which is a lot more expensive if you have to hire people.

  22. Re:Code is not interface documentation on Microsoft Finally Bows to EU Antitrust Measures · · Score: 1

    There's a few differences in your two examples...

    Protocols are typically implemented by coders, and coders will usually be able to understand the source code of the open source implementations. Conversely, you would need reverse engineers to work out a microsoft protocol, which is a different and often more expensive skill.

    Also open source developers are often very helpful to people wanting to interoperate with their products, microsoft are much less so because it goes against their business model, and it's often much harder if not impossible to find let alone contact individual developers.

    Microsoft make money selling their products, and part of their business model relies on being proprietary and not easy to find a drop in replacement. Open source developers on the other hand have no reason to discourage interoperability with their products.

    And also, who says the original developers need to write the documentation? The developers will often miss parts because, to them, it's obvious but not to a third party. It often makes sense for third parties to write documentation.

    Although it does bring up a big failing of both open and proprietary code. It makes sense to write the specification first, then implement according to the specs. If you find the specs are unrealistic, then change them and always ensure the implementation exactly matches the published specs.

  23. Re:Code is not interface documentation on Microsoft Finally Bows to EU Antitrust Measures · · Score: 1

    It depends how clean the source is too...
    Open code tends to be cleaner for a number of reasons. The fact that many people are expected to build it on multiple systems (instead of a single static internal build environment), people don't want to be known for writing messy code, and they want other people to help improve their code so it's in their interest for it to be cleanly written.

    Also a lot of coders write a lot of inline documentation, like a comment saying "this is function X, it takes Y as a pointer to char and Z as an integer for it's arguments and returns an integer" above each function...

    And as you stated, documentation can often be incorrect so studying the implementation is often required for interoperability. But this brings up an interesting point...
    We need reference implementations, which *do* comply exactly with the standards. Otherwise, whoever is the first/biggest implementor will become the defacto implementation and other implementations will try to clone their bugs to ensure interoperability, and conversely the first implementation has nothing to easily compare against.

  24. Re:Took long enough... on Microsoft Finally Bows to EU Antitrust Measures · · Score: 1

    On the contrary, Microsoft could revoke the licenses held by existing customers in Europe if they so desired.
    But your right on the second point, it would show people just how dangerous it is to rely on a single vendor for anything.

  25. Re:Took long enough... on Microsoft Finally Bows to EU Antitrust Measures · · Score: 2, Insightful

    And relying on a single company is a ridiculously dangerous situation for any organization to be in. Whoever runs such organizations and allows this situation to arise should be fired for incompetence. The need for a second source and backup plan should be a basic requirement of any business purchasing decision.
    Contrast this to say, Dell... If you buy all your computers from Dell, and suddenly they pull out of your market... You can start buying new computers from HP instead with very little disruption to your operations.