I fail to see how the desktops would need upgrading in order to transition from a sun e10k at the back end to an e15k... The e15k is fully compatible with the e10k and is just a higher end more modern version of the same machine.. It can run the same software and shouldn't need any changes.
If you have multiple machines, you can just download it once and use one of the machines as an ftp server and then install over a lan.. You could also setup a proxy and do an ftp install via the proxy, this will achieve the same effect but you won't need to manually download the files and put them on an ftpserver.
SSH is unuseably slow on older sparcs (sun4, sun4c) but works just fine on a 50mhz sun4m (sparcstation 20) the trick is, to compile SSH with optimization for the sun4m chips... If you dont turn optimization on and tell the compiler to generate code for a sun4m, you will get sun4c code... The sun4c architecture lacks a number of divide/multiply instructions which are heavily used for ssl code such as ssh. And who said optimization provides no benefits? try if for yourself!
I'm sure opensource has a much lower TCO than windows, especially in this situation... Consider that it's in the best interest of the malaysian government to keep as much of the cost in-house as possible. If they have to pay some malaysian company to train more malaysians how to use the new systems, then the costs remain in the country and will eventually come back to them in taxes anyway.. Giving away free or subsidised training to their own people is only in the best interest of the country as a whole. However if they export the money to the US they dont benefit their own people atall, they may still need to train people. Not to mention the fact that with opensource they can in the future maintain the software locally, employing local programmers to develop code for them, and they're not dependant on anyone else.. Let alone a single company in a single country.
And many of those programs can also be built without the module support, i have a static build of apache for instance, and i'm sure it uses less ram than a modular version with the same features loaded as modules. Flexibility is good, being forced to use modules is bad..
But this is often not the case, many programs are not written this way and you still need the stubs for these features even if you dont use them, you also need the module loading code and this all makes each program far more complex.
Active directory cannot be secured, even microsoft have admitted this... The novell client wasn't bad atall, it was windows 3.x and dos that was the problem, and later versions of windows being designed to use their own networking components and hinder use of novell's.
Some apps benefit greatly from optimization, some don't, try john the ripper.. compiling with mmx support yields a 3x speed increase on any modern x86 cpu... It's also possible to optimize for a smaller binary size... But by far the best part of compiling has to be dependencies... Many programs have optional features which are only turned on if certain libraries are present, for instance kerberos support in pine and some other packages... If you use a precompiled distribution then all these packages will be compiled against all the optional components so they suit the widest possible audience of users... However, that means we have to waste diskspace and ram on these unnecessary libraries... I use pine and pico on a regular basis, but i have never needed or wanted kerberos support... And lots of apps come with optional X11/kde/gnome/gtk interfaces... its pretty irritating that some tool you want to run in commandline mode on a headless server requires you to install X11 and gnome etc..
This may be the case with mozilla/firefox, time will tell.... On the plus side the mozilla developers have already shown their ability to more quickly respond to any issues.. However, atleast one open source product has a much larger marketshare than the microsoft offering, and yet has far less security issues, this product is apache.. Also, while netscape was the dominant web browser there were far less security issues being found.
You really should make a point of complaining to the authors of such sites. If everyone just views their site using ie then they will only see that in their logs and just assume noone is using anything else.. Also, if the site gets compromised and infected with something like the recent ie worms then your screwed anyway.
But the fact is that, products marketted towards end users shouldn't need all this hardening and purchasing of additional third party products in order to make them safe to use online.. MacOS doesn't require such extreme procedures and is perfectly suited to end users, windows is unsafe to use online without higher levels of knowlege than joe public has and unix is too difficult to use without higher levels of knowlege than joe public has.. So, neither unix or windows are truly suitable for end users right now.
And what are safe practices, considering you can follow vendor supplied "safe" practices. visit a website and your os-integrated browser gets exploited via a vulnerability for which there is no patch available, and installs a new virus for which no antivirus definitions exist, and which disables whatever av you have so it won't update itself to detect the new virus.
So you did recieve viruses, and got lucky that the antivirus developers got those viruses first and worked out how to detect them... What if you got infected with something new that wasn't detected yet? Many viruses nowadays are designed to eliminate antivirus programs, and remember the antivirus programs will always be a step behind the virus authors.
Which is precisely why i have crontabs setup to backup my homedir to a root-owned directory every so often... A system which automated this in realtime, but delayed deletes/writes on the backup would be nice.. if you deleted something you would have say 24 hours to recover it from the backup.
Actually under X11 it is possible to log keystrokes as an unpriveleged user, but you can only log the keystrokes on an X session you have access to... You can even do it remotely if the Xserver is configured to allow you.
Most use of ms software is not a choice, none of the companies i've worked at chose to use ms, they were just stuck with it either because third party tools they required only ran on it, or because they had to maintain compatibility with other organizations and older files within their own.
Weren't ford sued over the pinto? Sure cars can kill people in accidents, but auto makers are required to make reasonable efforts to achieve a certain level of safety... the pinto fell below that level. Key safety features were left out in the name of cost
If one guy (Daniel Bernstein) can offer a security guarantee backed by his own cash (see http://cr.yp.to) on his software, why can't microsoft? Mr Bernstein makes NO MONEY from any of his software, and yet he is willing to offer $500 to anyone who finds a security hole, so this guarantee comes out of his own pocket if anyone finds anything. Microsoft themselves have used bernstein software, hotmail was running on qmail for many years, and you can bet they would have claimed the $500 if it ever got hacked. Microsoft on the other hand, are raking in billions on their software, and yet offer NO GUARANTEES WHATSOEVER. The software industry needs regulation like any other industry. You may claim a piece of software is more complex than say a car, but compare it to an aircraft.. If boeing sells an unsafe aircraft you can bet every airline will sue them, and many passengers will sue the airlines. Software faults may not directly endanger lives, but they can cost billions of dollars and can ruin peoples lives, those billions of dollars spent fixing software problems that should never have existed won't go into peoples pay packets... If people lose their jobs they could end up homeless or driven into crime etc.. As for the whole industry that has built up around microsoft bugs, antivirus, firewalls etc.. personally i find that disgusting.. making people pay extra to protect themselves from problems that shouldnt exist... "Heres your new car, the deathtrap 2000. Now for an extra $5000 you can have some seatbelts and we'l move the fuel tank away from the engine so it doesnt explode when it gets hot"
IE is not free, it is an integral component of windows according to microsoft themselves, therefore it is windows that is defective due to the flaws in ie. Perhaps if you found the same security issues in the macos version of IE you would have a point.
If you didnt lock your door, then its your fault. However, if you locked your door and the car was broken into because the lock was inadequate then who's fault is it ? especially if the lock was advertised as being more secure than it really is. If your machine gets compromised by a vulnerability which has been patched for 6 months, you could argue thats your fault... But if it gets compromised by a vulnerability that has remained UNPATCHED for 6 months (the recent ie holes spring to mind) and yet you took reasonable measures (locking your door, installing latest patches) to keep it secure.. As for disabling functionality, you shouldnt be required to do that.. if you have to disable functions then the software is no longer fulfilling the functions it was sold for. That's like removing the engine from a car, sure it wont get stolen but what use is a car without an engine?
Fact is, computer users shouldnt have to disable features to keep something secure, such features should work as advertised and not endanger the end user.. Also, users should not have to know about disabling services or installing patches etc, the average car owner doesnt change his own oil for instance, and if a car has a defect its recalled, the auto maker will repair the vehicle for you.. they dont send you a box of parts and expect you to install them yourself.
Actually linux, and unix in general, already has it's own ddos bots, which are usually far more powerfull than their windows counterparts. A network of ddos bots running on unix machines can typically attack with far more force than a windows based network, even with a much smaller number of nodes. Search for kaiten.c or knight.c on packetstorm, or stacheldraht, kaiten was ported to windows aswell but the windows version was lacking many of the features.
I fail to see how the desktops would need upgrading in order to transition from a sun e10k at the back end to an e15k... The e15k is fully compatible with the e10k and is just a higher end more modern version of the same machine.. It can run the same software and shouldn't need any changes.
If you have multiple machines, you can just download it once and use one of the machines as an ftp server and then install over a lan..
You could also setup a proxy and do an ftp install via the proxy, this will achieve the same effect but you won't need to manually download the files and put them on an ftpserver.
SSH is unuseably slow on older sparcs (sun4, sun4c) but works just fine on a 50mhz sun4m (sparcstation 20) the trick is, to compile SSH with optimization for the sun4m chips... If you dont turn optimization on and tell the compiler to generate code for a sun4m, you will get sun4c code... The sun4c architecture lacks a number of divide/multiply instructions which are heavily used for ssl code such as ssh.
And who said optimization provides no benefits? try if for yourself!
"Final solution" provider? who was this? hitler? i hate to imagine what his final solution was.
I'm sure opensource has a much lower TCO than windows, especially in this situation...
Consider that it's in the best interest of the malaysian government to keep as much of the cost in-house as possible. If they have to pay some malaysian company to train more malaysians how to use the new systems, then the costs remain in the country and will eventually come back to them in taxes anyway.. Giving away free or subsidised training to their own people is only in the best interest of the country as a whole. However if they export the money to the US they dont benefit their own people atall, they may still need to train people.
Not to mention the fact that with opensource they can in the future maintain the software locally, employing local programmers to develop code for them, and they're not dependant on anyone else.. Let alone a single company in a single country.
And many of those programs can also be built without the module support, i have a static build of apache for instance, and i'm sure it uses less ram than a modular version with the same features loaded as modules.
Flexibility is good, being forced to use modules is bad..
But this is often not the case, many programs are not written this way and you still need the stubs for these features even if you dont use them, you also need the module loading code and this all makes each program far more complex.
Active directory cannot be secured, even microsoft have admitted this...
The novell client wasn't bad atall, it was windows 3.x and dos that was the problem, and later versions of windows being designed to use their own networking components and hinder use of novell's.
Some apps benefit greatly from optimization, some don't, try john the ripper.. compiling with mmx support yields a 3x speed increase on any modern x86 cpu... It's also possible to optimize for a smaller binary size...
But by far the best part of compiling has to be dependencies...
Many programs have optional features which are only turned on if certain libraries are present, for instance kerberos support in pine and some other packages... If you use a precompiled distribution then all these packages will be compiled against all the optional components so they suit the widest possible audience of users...
However, that means we have to waste diskspace and ram on these unnecessary libraries... I use pine and pico on a regular basis, but i have never needed or wanted kerberos support...
And lots of apps come with optional X11/kde/gnome/gtk interfaces... its pretty irritating that some tool you want to run in commandline mode on a headless server requires you to install X11 and gnome etc..
This may be the case with mozilla/firefox, time will tell.... On the plus side the mozilla developers have already shown their ability to more quickly respond to any issues..
However, atleast one open source product has a much larger marketshare than the microsoft offering, and yet has far less security issues, this product is apache..
Also, while netscape was the dominant web browser there were far less security issues being found.
You really should make a point of complaining to the authors of such sites. If everyone just views their site using ie then they will only see that in their logs and just assume noone is using anything else..
Also, if the site gets compromised and infected with something like the recent ie worms then your screwed anyway.
But the fact is that, products marketted towards end users shouldn't need all this hardening and purchasing of additional third party products in order to make them safe to use online..
MacOS doesn't require such extreme procedures and is perfectly suited to end users, windows is unsafe to use online without higher levels of knowlege than joe public has and unix is too difficult to use without higher levels of knowlege than joe public has..
So, neither unix or windows are truly suitable for end users right now.
And what are safe practices, considering you can follow vendor supplied "safe" practices. visit a website and your os-integrated browser gets exploited via a vulnerability for which there is no patch available, and installs a new virus for which no antivirus definitions exist, and which disables whatever av you have so it won't update itself to detect the new virus.
But neither of these are *complete*...
So what about the bits they miss out?
So you did recieve viruses, and got lucky that the antivirus developers got those viruses first and worked out how to detect them...
What if you got infected with something new that wasn't detected yet? Many viruses nowadays are designed to eliminate antivirus programs, and remember the antivirus programs will always be a step behind the virus authors.
Which is precisely why i have crontabs setup to backup my homedir to a root-owned directory every so often...
A system which automated this in realtime, but delayed deletes/writes on the backup would be nice.. if you deleted something you would have say 24 hours to recover it from the backup.
Actually under X11 it is possible to log keystrokes as an unpriveleged user, but you can only log the keystrokes on an X session you have access to... You can even do it remotely if the Xserver is configured to allow you.
Most use of ms software is not a choice, none of the companies i've worked at chose to use ms, they were just stuck with it either because third party tools they required only ran on it, or because they had to maintain compatibility with other organizations and older files within their own.
Weren't ford sued over the pinto?
Sure cars can kill people in accidents, but auto makers are required to make reasonable efforts to achieve a certain level of safety... the pinto fell below that level. Key safety features were left out in the name of cost
But the aim of the game is to punish the offender and hope that they will behave better in future to prevent the same thing happening again.
If one guy (Daniel Bernstein) can offer a security guarantee backed by his own cash (see http://cr.yp.to) on his software, why can't microsoft?
Mr Bernstein makes NO MONEY from any of his software, and yet he is willing to offer $500 to anyone who finds a security hole, so this guarantee comes out of his own pocket if anyone finds anything. Microsoft themselves have used bernstein software, hotmail was running on qmail for many years, and you can bet they would have claimed the $500 if it ever got hacked.
Microsoft on the other hand, are raking in billions on their software, and yet offer NO GUARANTEES WHATSOEVER. The software industry needs regulation like any other industry. You may claim a piece of software is more complex than say a car, but compare it to an aircraft.. If boeing sells an unsafe aircraft you can bet every airline will sue them, and many passengers will sue the airlines.
Software faults may not directly endanger lives, but they can cost billions of dollars and can ruin peoples lives, those billions of dollars spent fixing software problems that should never have existed won't go into peoples pay packets... If people lose their jobs they could end up homeless or driven into crime etc..
As for the whole industry that has built up around microsoft bugs, antivirus, firewalls etc.. personally i find that disgusting.. making people pay extra to protect themselves from problems that shouldnt exist...
"Heres your new car, the deathtrap 2000. Now for an extra $5000 you can have some seatbelts and we'l move the fuel tank away from the engine so it doesnt explode when it gets hot"
IE is not free, it is an integral component of windows according to microsoft themselves, therefore it is windows that is defective due to the flaws in ie.
Perhaps if you found the same security issues in the macos version of IE you would have a point.
If you didnt lock your door, then its your fault.
However, if you locked your door and the car was broken into because the lock was inadequate then who's fault is it ? especially if the lock was advertised as being more secure than it really is.
If your machine gets compromised by a vulnerability which has been patched for 6 months, you could argue thats your fault... But if it gets compromised by a vulnerability that has remained UNPATCHED for 6 months (the recent ie holes spring to mind) and yet you took reasonable measures (locking your door, installing latest patches) to keep it secure..
As for disabling functionality, you shouldnt be required to do that.. if you have to disable functions then the software is no longer fulfilling the functions it was sold for. That's like removing the engine from a car, sure it wont get stolen but what use is a car without an engine?
Fact is, computer users shouldnt have to disable features to keep something secure, such features should work as advertised and not endanger the end user..
Also, users should not have to know about disabling services or installing patches etc, the average car owner doesnt change his own oil for instance, and if a car has a defect its recalled, the auto maker will repair the vehicle for you.. they dont send you a box of parts and expect you to install them yourself.
Try ettercap and do some arp spoofing, you can sniff switches very easily, i've done it on a switched network many times
Actually linux, and unix in general, already has it's own ddos bots, which are usually far more powerfull than their windows counterparts. A network of ddos bots running on unix machines can typically attack with far more force than a windows based network, even with a much smaller number of nodes.
Search for kaiten.c or knight.c on packetstorm, or stacheldraht, kaiten was ported to windows aswell but the windows version was lacking many of the features.