It's just me, but I would keep the z/OS guy around for stuff like *true* enterprise database stuff (10 year uptime kind of stuff), and lump the end-user file services in with other client/server activities, like web application services. I just don't like having z guys interfacing with the unwashed masses. The time wasted with low-level support issues is much better spent on a kid 5 years outta college than a graybeard who gets a daily email counting down the days until his retirement. That's why for every z guy, big enterprises have about 5 unix guys and 10 windows guys. Its a different beast with different "actors" interfacing with his equipment -- systems instead of people.
True, but look at the primary list of benefits of Linux in our mantra:
1. It's open source so we can sell, totally support, and patch the hell out of something we didn't have to develop or buy in the first place.
2. It runs on, what, over 20 different platforms and environments. If Linux helped Intel starve the midrange market, Dell might've closed in on us and HP in server sales in units moved. Instead, Linux helps us and HP move more systems in all of our product lines and continue to crush Dell. And HP doesn't have anything to compete with z/Linux. And (to repeat) once you get an app running on any one Linux platform, its usually a recompile away from running on any other. More apps go GA for Linux on Z as more vendors realize they can recompile their apps on any other platform and see how easy it is to support said apps in the new environment.
3. (And some would say most important) It standardizes support skills. Every Linux box looks just about the same to a Sys Admin. From Intel to midrange, to iSeries (AS/400) and Z, you can put a Linux admin down in front of a Linux box and he'll know most of what's going on. Each hardware line we sell can now be classified by "how many virtual (or real) Linux servers can it run?" Intel - 1 to 64 (with VMWare ESX), pSeries - 1 to 16 (p690 Regatta), iSeries - 1 to 31 (thanks to LPARs), zSeries - 1 to 20,000+ (using either VM guest accounts or IFL).
DFS on z/OS may be closer to native (whatever that is on z), but it breaks this last rule and major selling point. Would you want a z/OS guy managing disk for a couple of Linux admins running file servers or supporting every enterprise user mapping his/her home directory against the z box? Former for me, please. My customer balked because they wanted Samba 2 beta to integrate perfectly with Active Directory last August, and it just wasn't ready at the time.
I didn't learn about LVM until I took my z/Linux training a couple years ago, and now I have two VMWare ESX servers with SAN on fibre and a third with 768GB of internal disk. By presenting big RAID-1 and RAID-5 disks to VMWare, I have various options. I filled the RAID-1 space (120GB) with 4GB virtual LUNs and filled the RAID-5 space (280GB) with 8.4GB virtual LUNs (the same size presented by the SAN to our traditional UNIX hosts).
By stapling vLUNs onto virtual machines and using LVM to manage and incorporate that space, I have unparalleled flexibility. And those skills are directly transferable to zLinux, except of course the LUNs are 2.4GB each over there.
So please understand, I'm not yelling or attacking, just saying.. there are many solutions to each problem, but sometimes there are deeper reasons for going with a particular solution. (See "functional requirements" vs "non-functional requirements" if you're more of an SA than an IT Architect.)
I'm an IBM'er currently on assignment at the world's largest insurance company. I was brought in because they wanted to consolidate servers to a mostly-Linux solution. After piloting Samba 2 beta on zLinux last summer, they balked at the heavy reliance on Z.
The key is for people to realize that the type of workload is critical when deciding to try zLinux, and any barking about Athlon vs. G6 is useless. Also, vendors need to realize that once you compile an app on Linux on any one platform, you're usually a recompile away from running it under Linux on any other platform. Hence my reasoning that any complaints about software availability from a year ago is also useless. More apps are being ported to zLinux everyday.
Linux on Z has a role, it just needs to be explored by more brave souls. Besides, I've always said that if I leave the company, I'd like to create an "ISP in a box" using a z800 and some ESS disk to host a few thousand virtual web servers. I implore people to please visit Linux@IBM for more information.
Mod AC down. He's working with **very** old data, and is generalizing about the industry from one customer experience. And yes, one year is a heluva long time in Linux on Z. Just every IBM app for Linux on Intel has been ported to Linux on Z by now. It is by no means limited to open source apps anymore (yes, a year ago, it was).
to sit close to our computer and listen through tinny PC speakers
Wow dude, when you graduate college, you'll see there are some really nice toys out there to help with your listening habits. Save up about $250 and go shopping here. You hook it up to your LAN and your stereo, and it lets you browse and play your MP3 collection right from the included remote control. It also streams shoutcast-style streams.
What you describe above really are back in the old days, my friend.
I even signed up my cellphone just in case someone decides to repeal the law protecting our cellphones from unwanted solicitation calls. If you register prior to the deadline, your numbers are blocked as of October 1. If you register after the deadline, your phone will be blocked 3 months later.
Thank you for that. Now that I understand dopamine a little better, perhaps you can explain the purpose of L Dopa? Its only taken me 16 years to understand this song from Big Black.:)
I had Robie Sr and he kicked ass!:) You could play music with the cassette player in his torso, and you could also record movement sequences on said tape deck. You could talk through the remote control and have your voice come out through his head. In fact (wow, serious flashback!) I hacked my telephone and wired the audio into the mic in jack on Robie, so everyone I talked to on the phone had a robotic avatar of sorts.
I programmed a sequence for him to wake me up each morning (using his built-in alarm clock) to roll over to my bed side and start yelling at me (in my own voice) to get out of bed. I used to have him hold my police scanner, too, and jacked the audio to the line in. I don't know, I guess everything seemed funnier when the sound was routed through a robot whose mouth lit up as a VU meter. That, and being able to turn his eyes on as headlights was pretty cool, too. I really tinkered with that thing, too. I figured out how to route my voice to his command channel, what pitch to shriek at to emulate commands from the remote, and how to cut the power to the remote with the voice channel open and use him to listen to neighbors' cordless phones. Man, I have been a geek for a long, long time.
[/me slams phone down on the beach and exits frame right]
Re:I think you missed the point
on
P2P Spam?
·
· Score: 2, Funny
It's 2003...
SpamGrid
Re:I've said this before and I'll repeat myself...
on
P2P Spam?
·
· Score: 1
They don't need access to either end or the mail server. They just need to be on the same side of one of the routers as one of the hosts. How many times a day do you check your ARP tables? How many colo facilities setup their server images to hardcode their ARP tables for routing or run arpwatch? Hell, how many colo customers would even KNOW what an arpwatch report is supposed to look like? Does your colo host VLAN off every single host? I doubt it.
If you (not YOU, with such a low uid, but the generic you) think that you only need to care about your mail while its sitting on the sender or recipient's box is missing 99 44/100ths % of the trip.
Re:Truly P2P if SOBIG.G contains the spam message
on
P2P Spam?
·
· Score: 2, Interesting
How about a multi-layer checking system?
1. Do a reverse DNS lookup on the connecting IP and verify in PARANOIA_MODE (a la TCP Wrappers).
2. Attempt to relay through any new servers that haven't already been registered.
3. Require TLS/SSL (this is for everyone's benefit of privacy).
If the connecting server fails those tests, firewall them off. If they pass, register the connecting server IP as an approved sender for, oh, 30 days. That should provide increased security and protection without getting into some kind of registration system. Let the system manage itself.
Being a good IBMer, here are a couple.:) But seriously, many people tend to miss IBM's publishing arm, and never even realize that all of their books are published as freely downloadable PDF's. Granted, there's an IBM slant to most of it, but there are some really good, get-to-the-good-stuff, hands-on tasty morsels in there. In fact, this book on AIX is currently $117 at Amazon. Take the PDF to OfficeMax and get a book bound with comb binding (so it opens flat) for 1/3rd the price, and you can put the CD you burned the PDF onto inside the back cover:)
If you [have|want] to manage large quantities of Linux servers, pay closer attention to the Linux on zSeries materials since its customary to run hundreds of virtual Linux servers at a time, and they still need to be managed. Same goes for HPC clusters. Since these books are written by different people, its neat to hear the tack they've each taken to managing large-scale communities. One book even touches on configuring a Linux virtual server on a zbox with LEAF to serve as a software firewall for the remaining machines.
Yes, an older edition of this book did help me back when I was a beginner. But, its also one of the books that taught me that by the time something is in print, it's already out of date.
I learned all the great stuff about TCP Wrappers and how it was revolutionizing inetd. When I went to my Slackware box to try to implement, it was already done! Same for shadow passwords. Its funny in that, even being a 7 year user and an RHCE, it still seems like commercial UNIX was in the dark ages until the early 90's just based on those two features alone. Not to say MS was any better (my god no), but to require applications to have root privs to bind to a low port and have world-readable password hashes just seems like something from a million years ago. Different times, those were.
I *still* have to instruct local UNIX pros on the virtues of ssh over telnet. If the X forwarding over ssh doesn't sell them on it, password collectors like ettercap will, every time;)
but it seems to me that there are additional costs with that processor upgrade, such as having to buy a new mainboard if your new processor isn't compatible with your old motherboard (and new RAM to boot).
I would venture that no one participating in this conversation has worked in a large corporate datacenter (not talking about ISP's here), because CPU upgrades are never considered in those environments. Is your application CPU bound? Buy the newest server model. And yes, 2GB is a minimum configuration for the OS install until IBM can get more sticks of RAM out to you. You guys should see the 8-way 64GB or 16-way 2.4GHz, 128GB RAM IBM x445's we're playing with. You'd wet your pants. Paired up with VMWare ESX 2 and you have 64 virtual 2-way SMP servers with multiple gigabit ethernet and SAN paths in 7U per 8 CPUs.
You've obviously never had an exec standing over you during an outage saying, "one million dollars" every 60 seconds. Hmmm.. 14 thousand? Maybe you have:)
they're only billed for the time during which there was actual transmission
Its actually rare to be on a plan that doesn't have unlimited direct connect minutes, either local-only or nationwide. Then it gets REALLY cheap as your usage skyrockets.
Use the Call Filter feature of Styles to do things like filter out 2-way calls or alerts, and even limit *who* can call your phone! Yes, when you put the call filter into "Some Phonebook" mode, you can actually choose who in your phonebook (up to 5 people) are allowed to call you. Pair that up with the Datebook feature, and when you have a recurring meeting each day or week, you can force the phone to go into that "restricted incoming" mode automatically for the length of your meeting and never have to remember to switch your phone to vibrate.
How many people here see the rush of people to put their phones in vibrate when that one idiot forgot to switch his before the meeting? I never have to do that, nor do I ever have to run out of the room to answer calls. I automatically shunt my friends to voicemail during the meeting, week after week:) Of course, I have an i95cl, so ymmv.
You are somehow "coded" to each other, so you can only talk/listen to the people you care about (family/boss/whatever)
Not true. I've always been able to DirectConnect with any other Nextel users (co-workers, my limo driver) regardless of the area I'm in, even when not my home area. Plus, now that Philadelphia "came online" a month ago and I work near NYC, I've started to get some "wrong number" DirectConnects coming out of Philly. Its important to note that the cross-market DirectConnects are only paid for by the originators, not both parties, as cell minutes are usually charged. I have special pricing and features available to me as an IBM employee, and one feature is "Cross Fleet", so that may explain why I've always been able to connect with literally any Nextel user. You "dial" a DirectConnect session as a regular phone number but as xxx*yy*zzzz and then hit the PTT button (hitting "alert" first is kinder) instead of "Send"
Also, will only work if your on the same network, and probably have the same plan.
Also not true. Each plan participant must pay for DirectConnect minutes in some way shape or form. I am on the Free Incoming 400 with 400 peak outbound mins, free incoming cell calls 24x7, free nights & weekends, with unlimited local (included) and cross-market ($10) DirectConnect. My wife is on a zero minute plan with unlimited local DirectConnect included. The IBM contract gives her 100 bonus cellular minutes, which she never exhausts. If she needs to talk to me, she alerts me for free, and I DC back to her cross-market.
And all of the comments about public use of the 2-way are absolutely correct. They are annoying as hell. I want to walk up to people DC'ing in a restaurant and show them how to turn off their speakerphone. I have approached cell nirvana, that is, having a consistent bill for basically unlimited use (and minimizing it), but my main gripes about the carrier are the coverage. Living in Philly and working in New York leaves few dead spots, however. Unless of course someone hacks the power grid, then all bets are off:)
Slashdot Mirror
It's just me, but I would keep the z/OS guy around for stuff like *true* enterprise database stuff (10 year uptime kind of stuff), and lump the end-user file services in with other client/server activities, like web application services. I just don't like having z guys interfacing with the unwashed masses. The time wasted with low-level support issues is much better spent on a kid 5 years outta college than a graybeard who gets a daily email counting down the days until his retirement. That's why for every z guy, big enterprises have about 5 unix guys and 10 windows guys. Its a different beast with different "actors" interfacing with his equipment -- systems instead of people.
True, but look at the primary list of benefits of Linux in our mantra:
1. It's open source so we can sell, totally support, and patch the hell out of something we didn't have to develop or buy in the first place.
2. It runs on, what, over 20 different platforms and environments. If Linux helped Intel starve the midrange market, Dell might've closed in on us and HP in server sales in units moved. Instead, Linux helps us and HP move more systems in all of our product lines and continue to crush Dell. And HP doesn't have anything to compete with z/Linux. And (to repeat) once you get an app running on any one Linux platform, its usually a recompile away from running on any other. More apps go GA for Linux on Z as more vendors realize they can recompile their apps on any other platform and see how easy it is to support said apps in the new environment.
3. (And some would say most important) It standardizes support skills. Every Linux box looks just about the same to a Sys Admin. From Intel to midrange, to iSeries (AS/400) and Z, you can put a Linux admin down in front of a Linux box and he'll know most of what's going on. Each hardware line we sell can now be classified by "how many virtual (or real) Linux servers can it run?" Intel - 1 to 64 (with VMWare ESX), pSeries - 1 to 16 (p690 Regatta), iSeries - 1 to 31 (thanks to LPARs), zSeries - 1 to 20,000+ (using either VM guest accounts or IFL).
DFS on z/OS may be closer to native (whatever that is on z), but it breaks this last rule and major selling point. Would you want a z/OS guy managing disk for a couple of Linux admins running file servers or supporting every enterprise user mapping his/her home directory against the z box? Former for me, please. My customer balked because they wanted Samba 2 beta to integrate perfectly with Active Directory last August, and it just wasn't ready at the time.
I didn't learn about LVM until I took my z/Linux training a couple years ago, and now I have two VMWare ESX servers with SAN on fibre and a third with 768GB of internal disk. By presenting big RAID-1 and RAID-5 disks to VMWare, I have various options. I filled the RAID-1 space (120GB) with 4GB virtual LUNs and filled the RAID-5 space (280GB) with 8.4GB virtual LUNs (the same size presented by the SAN to our traditional UNIX hosts).
By stapling vLUNs onto virtual machines and using LVM to manage and incorporate that space, I have unparalleled flexibility. And those skills are directly transferable to zLinux, except of course the LUNs are 2.4GB each over there.
So please understand, I'm not yelling or attacking, just saying.. there are many solutions to each problem, but sometimes there are deeper reasons for going with a particular solution. (See "functional requirements" vs "non-functional requirements" if you're more of an SA than an IT Architect.)
I'm an IBM'er currently on assignment at the world's largest insurance company. I was brought in because they wanted to consolidate servers to a mostly-Linux solution. After piloting Samba 2 beta on zLinux last summer, they balked at the heavy reliance on Z.
The key is for people to realize that the type of workload is critical when deciding to try zLinux, and any barking about Athlon vs. G6 is useless. Also, vendors need to realize that once you compile an app on Linux on any one platform, you're usually a recompile away from running it under Linux on any other platform. Hence my reasoning that any complaints about software availability from a year ago is also useless. More apps are being ported to zLinux everyday.
Linux on Z has a role, it just needs to be explored by more brave souls. Besides, I've always said that if I leave the company, I'd like to create an "ISP in a box" using a z800 and some ESS disk to host a few thousand virtual web servers. I implore people to please visit Linux@IBM for more information.
Mod AC down. He's working with **very** old data, and is generalizing about the industry from one customer experience. And yes, one year is a heluva long time in Linux on Z. Just every IBM app for Linux on Intel has been ported to Linux on Z by now. It is by no means limited to open source apps anymore (yes, a year ago, it was).
to sit close to our computer and listen through tinny PC speakers
Wow dude, when you graduate college, you'll see there are some really nice toys out there to help with your listening habits. Save up about $250 and go shopping here. You hook it up to your LAN and your stereo, and it lets you browse and play your MP3 collection right from the included remote control. It also streams shoutcast-style streams.
What you describe above really are back in the old days, my friend.
It is illegal right now, but my Mom gets telemarketing calls on hers almost daily. Yay AT&T.
I even signed up my cellphone just in case someone decides to repeal the law protecting our cellphones from unwanted solicitation calls. If you register prior to the deadline, your numbers are blocked as of October 1. If you register after the deadline, your phone will be blocked 3 months later.
CNN ran a reminder today that the sign-up was expiring so I jumped right on it.
+1, Interesting
:)
Thank you for that. Now that I understand dopamine a little better, perhaps you can explain the purpose of L Dopa? Its only taken me 16 years to understand this song from Big Black.
exactly.. I CALL FAKER, TOO!
no one with a 600,000+ uid is ALLOWED to say thicknet here!!
now beat it, kid, before **I** hit you over the head with my PK-88!
I had Robie Sr and he kicked ass! :) You could play music with the cassette player in his torso, and you could also record movement sequences on said tape deck. You could talk through the remote control and have your voice come out through his head. In fact (wow, serious flashback!) I hacked my telephone and wired the audio into the mic in jack on Robie, so everyone I talked to on the phone had a robotic avatar of sorts.
I programmed a sequence for him to wake me up each morning (using his built-in alarm clock) to roll over to my bed side and start yelling at me (in my own voice) to get out of bed. I used to have him hold my police scanner, too, and jacked the audio to the line in. I don't know, I guess everything seemed funnier when the sound was routed through a robot whose mouth lit up as a VU meter. That, and being able to turn his eyes on as headlights was pretty cool, too. I really tinkered with that thing, too. I figured out how to route my voice to his command channel, what pitch to shriek at to emulate commands from the remote, and how to cut the power to the remote with the voice channel open and use him to listen to neighbors' cordless phones. Man, I have been a geek for a long, long time.
[/me slams phone down on the beach and exits frame right]
It's 2003...
SpamGrid
They don't need access to either end or the mail server. They just need to be on the same side of one of the routers as one of the hosts. How many times a day do you check your ARP tables? How many colo facilities setup their server images to hardcode their ARP tables for routing or run arpwatch? Hell, how many colo customers would even KNOW what an arpwatch report is supposed to look like? Does your colo host VLAN off every single host? I doubt it.
If you (not YOU, with such a low uid, but the generic you) think that you only need to care about your mail while its sitting on the sender or recipient's box is missing 99 44/100ths % of the trip.
How about a multi-layer checking system?
1. Do a reverse DNS lookup on the connecting IP and verify in PARANOIA_MODE (a la TCP Wrappers).
2. Attempt to relay through any new servers that haven't already been registered.
3. Require TLS/SSL (this is for everyone's benefit of privacy).
If the connecting server fails those tests, firewall them off. If they pass, register the connecting server IP as an approved sender for, oh, 30 days. That should provide increased security and protection without getting into some kind of registration system. Let the system manage itself.
Being a good IBMer, here are a couple. :) But seriously, many people tend to miss IBM's publishing arm, and never even realize that all of their books are published as freely downloadable PDF's. Granted, there's an IBM slant to most of it, but there are some really good, get-to-the-good-stuff, hands-on tasty morsels in there. In fact, this book on AIX is currently $117 at Amazon. Take the PDF to OfficeMax and get a book bound with comb binding (so it opens flat) for 1/3rd the price, and you can put the CD you burned the PDF onto inside the back cover :)
If you [have|want] to manage large quantities of Linux servers, pay closer attention to the Linux on zSeries materials since its customary to run hundreds of virtual Linux servers at a time, and they still need to be managed. Same goes for HPC clusters. Since these books are written by different people, its neat to hear the tack they've each taken to managing large-scale communities. One book even touches on configuring a Linux virtual server on a zbox with LEAF to serve as a software firewall for the remaining machines.
You laugh!
Yes, an older edition of this book did help me back when I was a beginner. But, its also one of the books that taught me that by the time something is in print, it's already out of date.
;)
I learned all the great stuff about TCP Wrappers and how it was revolutionizing inetd. When I went to my Slackware box to try to implement, it was already done! Same for shadow passwords. Its funny in that, even being a 7 year user and an RHCE, it still seems like commercial UNIX was in the dark ages until the early 90's just based on those two features alone. Not to say MS was any better (my god no), but to require applications to have root privs to bind to a low port and have world-readable password hashes just seems like something from a million years ago. Different times, those were.
I *still* have to instruct local UNIX pros on the virtues of ssh over telnet. If the X forwarding over ssh doesn't sell them on it, password collectors like ettercap will, every time
Well, let me introduce you to about 650,000 people who do.
but it seems to me that there are additional costs with that processor upgrade, such as having to buy a new mainboard if your new processor isn't compatible with your old motherboard (and new RAM to boot).
I would venture that no one participating in this conversation has worked in a large corporate datacenter (not talking about ISP's here), because CPU upgrades are never considered in those environments. Is your application CPU bound? Buy the newest server model. And yes, 2GB is a minimum configuration for the OS install until IBM can get more sticks of RAM out to you. You guys should see the 8-way 64GB or 16-way 2.4GHz, 128GB RAM IBM x445's we're playing with. You'd wet your pants. Paired up with VMWare ESX 2 and you have 64 virtual 2-way SMP servers with multiple gigabit ethernet and SAN paths in 7U per 8 CPUs.
Hey, have you ever tried System Installation Suite? IBM really pushes it for clusters and large installations.
You've obviously never had an exec standing over you during an outage saying, "one million dollars" every 60 seconds. Hmmm.. 14 thousand? Maybe you have :)
specifically, the voicemail notification system is totally bad
Where do you have problems? In PA/NJ/NY (and even Paris & Montpellier, France and Greenock, Scotland) I get really good notifications.
they're only billed for the time during which there was actual transmission
Its actually rare to be on a plan that doesn't have unlimited direct connect minutes, either local-only or nationwide. Then it gets REALLY cheap as your usage skyrockets.
** Attention Nextel Users **
:) Of course, I have an i95cl, so ymmv.
Use the Call Filter feature of Styles to do things like filter out 2-way calls or alerts, and even limit *who* can call your phone! Yes, when you put the call filter into "Some Phonebook" mode, you can actually choose who in your phonebook (up to 5 people) are allowed to call you. Pair that up with the Datebook feature, and when you have a recurring meeting each day or week, you can force the phone to go into that "restricted incoming" mode automatically for the length of your meeting and never have to remember to switch your phone to vibrate.
How many people here see the rush of people to put their phones in vibrate when that one idiot forgot to switch his before the meeting? I never have to do that, nor do I ever have to run out of the room to answer calls. I automatically shunt my friends to voicemail during the meeting, week after week
By and large, you are correct, but...
:)
You are somehow "coded" to each other, so you can only talk/listen to the people you care about (family/boss/whatever)
Not true. I've always been able to DirectConnect with any other Nextel users (co-workers, my limo driver) regardless of the area I'm in, even when not my home area. Plus, now that Philadelphia "came online" a month ago and I work near NYC, I've started to get some "wrong number" DirectConnects coming out of Philly. Its important to note that the cross-market DirectConnects are only paid for by the originators, not both parties, as cell minutes are usually charged. I have special pricing and features available to me as an IBM employee, and one feature is "Cross Fleet", so that may explain why I've always been able to connect with literally any Nextel user. You "dial" a DirectConnect session as a regular phone number but as xxx*yy*zzzz and then hit the PTT button (hitting "alert" first is kinder) instead of "Send"
Also, will only work if your on the same network, and probably have the same plan.
Also not true. Each plan participant must pay for DirectConnect minutes in some way shape or form. I am on the Free Incoming 400 with 400 peak outbound mins, free incoming cell calls 24x7, free nights & weekends, with unlimited local (included) and cross-market ($10) DirectConnect. My wife is on a zero minute plan with unlimited local DirectConnect included. The IBM contract gives her 100 bonus cellular minutes, which she never exhausts. If she needs to talk to me, she alerts me for free, and I DC back to her cross-market.
And all of the comments about public use of the 2-way are absolutely correct. They are annoying as hell. I want to walk up to people DC'ing in a restaurant and show them how to turn off their speakerphone. I have approached cell nirvana, that is, having a consistent bill for basically unlimited use (and minimizing it), but my main gripes about the carrier are the coverage. Living in Philly and working in New York leaves few dead spots, however. Unless of course someone hacks the power grid, then all bets are off
The california problems were cronic problems
cronic? Yeah, I guess the power failures did happen at regular intervals.