> Why purchase a $200 thin client and then a CAL license[1]when you can purchase a $400 full fledge desktop with XP?
We have about 100 thin clients here (linux-based ones:)
Apart from what you mention in administration costs, there also the following fact: thin clients have no moving parts (or they're not designed properly). This results in: 1) _much_ lower maintenance costs 2) silent operation 3) longer lifetime (twice as long, probably)
I can honestly say that where we used to struggle with about 2 FTE syadmins/helpdesk (for 100 linux desktops and assorted servers and services), since we introduced thin clients we're easily coping with the workload.
My wife's colleague owns over 3000 cds (three thousand, yes). That should roughly translate to about 180 GB (assuming a 1:10 compression ratio). I personally own about 300-500 cd's, I encode at more than 128kbit, so that's ~ 40 GB right there (it really adds up when just 1 album can get to about 130 MB, you know).
Just because _you_ didn't succeed in amassing '40 legit gigs' don't (ever) assume no one else can either. I know of at least 2 other people that I'm sure have more than enough cd's to easily top 40 GB of 128kbit mp3's.
Of course it's impossible to replace those with decent headphones, as we all know:)
You start running into space problems when just one of your favorite artists' music occupies 3 full DVD's of 192kbit oggs though. Being an audiophile or not has nothing to do with that at least. (This artist often has 'songs' of about 75 minutes...)
And while I for one am definately not an audiophile, even I can hear the difference between 128kbit oggss and 192kbit ones - even on poor speakers like the ones on my computer.
Do you know how to stop Windows from using ports 137-139? I think many people don't know. I myself have no idea (as I don't use Windows) if it's even possible. If it's not, it's something you need a (personal) firewall for to block access to these ports (which I _do_ know to be exploitable).
Having a firewall block these ports by default can only be a good thing, since many people just _won't_ take the time to learn how to configure and harden an OS by themselves. Given the lack of knowledge concerning security for most people, a personal firewall that's on and blocking by default can't be useless.
And 'false sense of security'? Many people don't care about security, but need to be protected (sometimes even from themselves) anyway.
Besides, if this 'personal' firewall is all you have protecting your network, even if it's only by being on by default, you're still better off security-wise.
Right, because how many Windows personal firewall users are going to be doing that? I haven't seen Microsoft's offering but I'd be quite supprised if it could be configured any mroe specifically than "block this port" and "open that port".
So now we're suddenly talking about Microsoft's firewall only? Well, I haven't seen it either, but I'm pretty sure there's a personal firewall available somewhere that can do at least some of these things. Configuring your OS/services well still doesn't protect you from a DoS on your computer though.
IMHO blocking outbound traffic from personal firewalls is of dubious use at best - once the machine has been compromised the malware can quite happilly disable your firewall (a number of viruses are known to disable ZoneAlarm automagically) or look at the firewall rules to see which port it can make connections on.
And some compromises will not achieve sufficient access to disable the firewall or view its config. How about home-dialing malware that would in this situation be prevented from running, or spyware?
IMHO having a firewall running is useful even if only to provide an extra stumbling block for malware.
Running a firewall to block outbound traffic only seems sane if it's a completely separate device since once the device running the firewall is in a position to send malicious data the security of the firewall should already be considered void. As far as I can tell, all it does it provides a false sense of security, which is a very bad thing.
Ok, how about a home network then? Many people use one Windows computer using "internet access sharing" to enable other computers to connect to the internet. In this case the internet-connected computer running a personal firewall would be a seperate device and could defend itself (and the internet) much better against the internal compromised machine.
firewalls can also be used to get some sort of acl functionality out of them (you might want to enable ssh access to only a few known ip's on the internet), can do packet inspection, perform rate limiting tasks, prevent DoS attacks and perhaps most importantly: protect the internet from _your_ machine should some malware be running.
There are a few step in security you should never skip: use as few services as possible, configure them securely and protect yourself with a firewall. Remember: defense in depth is needed. Multiple levels of security are a necessity; relying on only the OS is folly.
we recently converted 75 of our ~100 workplaces to linux-based thin clients (we use linux almost exclusively, so linux-based was a must for us). I would never consider going back to pc's, although I cannot see doing without pc's altogether either.
The ones we chose are commercial thin clients, no homebrew anything. They're based on VIA's Eden platform and are totally silent (which I imagine is a plus in a library). And no moving parts mean almost nothing can go wrong with the hardware. Security is managed very well in our chosen thin client and management can be done from both Windows and Linux. Perhaps they're also less attractive for thieves, I'm not sure.
They can connect to any X Window server and can use RDP, ICA and Tarantella out of the box, which gives you freedom of choice with regards to the server side of the equation.
We chose Igel (http://www.igel.de), but we also looked at Thintune (http://www.thintune.com) and VXL (http://www.vxl.co.uk/).
As for floppy drives: none of these thin clients were equipped with a floppy drive out-of-the-box. Perhaps you could use usb floppy drives, but memory sticks are probably a better bet.
Remember, this benchmark makes full use of SMP if available and this is (for now) a single cpu system. Also, the 246 Opteron runs at 2.0 GHz, not 2.2 as the amd64 3500+ does.
I'm fairly positive that a dual Opteron will score closer to the new Xeon. It already outperforms the old one (first hand experience here).
Oh, P.S.: I *heart* this machine! So far it cost me about 1450 euros, so before I'm done I'll have a dual rig for less than 2000 euros.
Well, I could have contacted someone probably. Apparently VIA ignores what's being said on their own forums and emails to them. By the way: the problem WAS adressed (there was a beta BIOS that has worked just fine here), but the solution was never released!
And the mainboards in question (and similar ones) are used very often in thin clients. We have (at present) 76 thin clients based on VIA EPIA. They're also ideal as PVR's or similar machines, as they can run fanless. So the market, though definately not comparable to mainstream, is probably not small either (similar to Linux' own situation perhaps?).
I think there are sufficient examples about how quick OSS programs get fixed/patched that my belief in a relatively quick fix is justified. Did you ever notice there's any number of obscure special-interest OSS projects for which there is a viable closed-source commercial alternative?
This story alone may be sufficient to convince some of you of the need for openness in BIOSes:
A while back I bought a VIA EPIA-M system to function as a firewall at home. Nice and quiet, low power consumption, onboard LAN and one extra PCI slot. Nice, I thought, I can install a second NIC and use it as a firewall effectively.
Only problem is: when inserting a second NIC the throughput for both drops to the 100kbit/s range! A known issue with VIA for more than a year now, but they still haven't released a new BIOS. For about half a year I ran with just the onboard LAN and used IP aliasing to get the job done, but that resulted in a less reliable firewall.
I finally went ahead after some encouraging reports and flashed an unreleased beta BIOS that can be found somewhere on the VIA site if you look really hard (or happen to stumble across it). This totally solved the problem. That was late last year.
My point? An open BIOS would have been fixed and released so much faster (not that I could have done so myself as I'm not a programmer) than VIA's "efforts" have been so far.
See here for VIA's last BIOS release; the problem has been known for longer than that.
200000 feet of climbing? That's like 40 miles or so, right? Or, just about the same as one of the heavier mountain stages in the Tour...
By the way, the Tour was like that in the beginning, only it was about twice as long then. There's a famous story about one cyclist having to forge himself a replacement part for his broken bike. I'm too lazy to google, though.
I heard his collarbone wasn't broken, only had a hairline fracture or something. Having had a broken collarbone myself, I think I can safely say that you can't ride a bike that way (not unless you're drugged into insensibility, anyway).
My DLT jukebox set me back about 5000 euro; 10 tapes are about 700 euro (storing 400 GB natively; I see about a factor of 1.3-1.4 using compression).
$40000 will get you something much bigger than this.
Oh, and RAID 5? Sure it's nice, but it's not a backup system, silly. Backups are for both hardware and human failures, RAID just covers hardware. (Never accidentally erased something?)
So you're saying that governments should spend money I was forced to give to them on software that performs the same function as free software, so that this money can't be spent on, say, education and health care? And then have me give them more money to make up for the deficit?
But having to buy fast hardware for all the users running that programmer-friendly program in order to have these users even slightly productive is the most expensive option.
Face it, programmer time spent optimizing apps is time well spent. That includes language selection.
> I think it's actually possible with addon-software
It seems to be (or to have been) possible. Some time ago I looked at something called xmove (IIRC) that was supposed to be able to do just that. It was quite old software as I recall and I never got around to actually trying it. I'd google for it, but I'm lazy today;-)
> And you can pry my network transparency from my cold dead hands.
I agree with you totally. Administering a network of about 100 linux thin clients running off a couple of linux servers without that transparency would be painful in the extreme. (Not that we have that many yet over here - only 26 so far - but we'll get there:)
Let's hope your other comments turn out to be true...
Don't worry, I've been using 'free' since 1998 and I couldn't agree more (including your sig). I've seen uptimes on my boxes of over 380 days... (only to have them ruined by some kernel exploit:( )
Being a sysadmin gives me a different perspective to that as well:)
I guess some of the truth lies in perception of the problem itself. In your story, I wouldn't think of it as a computer problem either, but that would probably change if I had been using the computer at the time the cable was cut... At least some time would have elapsed with me trying to diagnose the problem on the computer and network itself.
If the hair dryer, blender and space heater are driven by his computers, then yes, I would say it's a computer problem:-)
Otherwise, no. He's fixing a problem that only indirectly involves computers (after all, if he blew out a different circuit he'd have no computer downtime but would still have to fix the breakers). If you notice you don't have any more power in a widespread area in your house, do you think your computer is at fault? Probably not. But if you can't connect to the internet, what else but your computer or your IP can it be? And most people think that the IP is better at 'computers stuff' than they are and so assume it's their fault they can't connect.
Slashdot Mirror
> Why purchase a $200 thin client and then a CAL license[1]when you can purchase a $400 full fledge desktop with XP?
:)
:)
We have about 100 thin clients here (linux-based ones
Apart from what you mention in administration costs, there also the following fact: thin clients have no moving parts (or they're not designed properly). This results in:
1) _much_ lower maintenance costs
2) silent operation
3) longer lifetime (twice as long, probably)
I can honestly say that where we used to struggle with about 2 FTE syadmins/helpdesk (for 100 linux desktops and assorted servers and services), since we introduced thin clients we're easily coping with the workload.
Of course, with windows YMMV
My wife's colleague owns over 3000 cds (three thousand, yes). That should roughly translate to about 180 GB (assuming a 1:10 compression ratio). I personally own about 300-500 cd's, I encode at more than 128kbit, so that's ~ 40 GB right there (it really adds up when just 1 album can get to about 130 MB, you know).
Just because _you_ didn't succeed in amassing '40 legit gigs' don't (ever) assume no one else can either. I know of at least 2 other people that I'm sure have more than enough cd's to easily top 40 GB of 128kbit mp3's.
Of course it's impossible to replace those with decent headphones, as we all know :)
You start running into space problems when just one of your favorite artists' music occupies 3 full DVD's of 192kbit oggs though. Being an audiophile or not has nothing to do with that at least. (This artist often has 'songs' of about 75 minutes...)
And while I for one am definately not an audiophile, even I can hear the difference between 128kbit oggss and 192kbit ones - even on poor speakers like the ones on my computer.
like IBM's legal team is preparing to launch an assault reminiscent of the company's own name....but with a C somewhere in between the I and the B.
That reminds me of Tad Williams' Otherworld series...
Do you know how to stop Windows from using ports 137-139? I think many people don't know. I myself have no idea (as I don't use Windows) if it's even possible. If it's not, it's something you need a (personal) firewall for to block access to these ports (which I _do_ know to be exploitable).
Having a firewall block these ports by default can only be a good thing, since many people just _won't_ take the time to learn how to configure and harden an OS by themselves. Given the lack of knowledge concerning security for most people, a personal firewall that's on and blocking by default can't be useless.
And 'false sense of security'? Many people don't care about security, but need to be protected (sometimes even from themselves) anyway.
Besides, if this 'personal' firewall is all you have protecting your network, even if it's only by being on by default, you're still better off security-wise.
Right, because how many Windows personal firewall users are going to be doing that? I haven't seen Microsoft's offering but I'd be quite supprised if it could be configured any mroe specifically than "block this port" and "open that port".
So now we're suddenly talking about Microsoft's firewall only? Well, I haven't seen it either, but I'm pretty sure there's a personal firewall available somewhere that can do at least some of these things. Configuring your OS/services well still doesn't protect you from a DoS on your computer though.
IMHO blocking outbound traffic from personal firewalls is of dubious use at best - once the machine has been compromised the malware can quite happilly disable your firewall (a number of viruses are known to disable ZoneAlarm automagically) or look at the firewall rules to see which port it can make connections on.
And some compromises will not achieve sufficient access to disable the firewall or view its config. How about home-dialing malware that would in this situation be prevented from running, or spyware?
IMHO having a firewall running is useful even if only to provide an extra stumbling block for malware.
Running a firewall to block outbound traffic only seems sane if it's a completely separate device since once the device running the firewall is in a position to send malicious data the security of the firewall should already be considered void. As far as I can tell, all it does it provides a false sense of security, which is a very bad thing.
Ok, how about a home network then? Many people use one Windows computer using "internet access sharing" to enable other computers to connect to the internet. In this case the internet-connected computer running a personal firewall would be a seperate device and could defend itself (and the internet) much better against the internal compromised machine.
Err on the side of safety, I say.
you're clueless, right?
firewalls can also be used to get some sort of acl functionality out of them (you might want to enable ssh access to only a few known ip's on the internet), can do packet inspection, perform rate limiting tasks, prevent DoS attacks and perhaps most importantly: protect the internet from _your_ machine should some malware be running.
There are a few step in security you should never skip: use as few services as possible, configure them securely and protect yourself with a firewall. Remember: defense in depth is needed. Multiple levels of security are a necessity; relying on only the OS is folly.
we recently converted 75 of our ~100 workplaces to linux-based thin clients (we use linux almost exclusively, so linux-based was a must for us). I would never consider going back to pc's, although I cannot see doing without pc's altogether either.
The ones we chose are commercial thin clients, no homebrew anything. They're based on VIA's Eden platform and are totally silent (which I imagine is a plus in a library). And no moving parts mean almost nothing can go wrong with the hardware. Security is managed very well in our chosen thin client and management can be done from both Windows and Linux. Perhaps they're also less attractive for thieves, I'm not sure.
They can connect to any X Window server and can use RDP, ICA and Tarantella out of the box, which gives you freedom of choice with regards to the server side of the equation.
We chose Igel (http://www.igel.de), but we also looked at Thintune (http://www.thintune.com) and VXL (http://www.vxl.co.uk/).
As for floppy drives: none of these thin clients were equipped with a floppy drive out-of-the-box. Perhaps you could use usb floppy drives, but memory sticks are probably a better bet.
I own an Opteron 246 based system (currently 1 CPU) with 1GB of 333MHz DDR SDRAM (Reg. ECC).
Scores for ubench on my system (with me being logged into gnome and with firefox open, nothing else happening):
ubench -c: 109318
ubench -s: 108116 (for single cpu)
ubench -m: 166149
Remember, this benchmark makes full use of SMP if available and this is (for now) a single cpu system. Also, the 246 Opteron runs at 2.0 GHz, not 2.2 as the amd64 3500+ does.
I'm fairly positive that a dual Opteron will score closer to the new Xeon. It already outperforms the old one (first hand experience here).
Oh, P.S.: I *heart* this machine! So far it cost me about 1450 euros, so before I'm done I'll have a dual rig for less than 2000 euros.
Well, I could have contacted someone probably. Apparently VIA ignores what's being said on their own forums and emails to them. By the way: the problem WAS adressed (there was a beta BIOS that has worked just fine here), but the solution was never released!
And the mainboards in question (and similar ones) are used very often in thin clients. We have (at present) 76 thin clients based on VIA EPIA. They're also ideal as PVR's or similar machines, as they can run fanless. So the market, though definately not comparable to mainstream, is probably not small either (similar to Linux' own situation perhaps?).
I think there are sufficient examples about how quick OSS programs get fixed/patched that my belief in a relatively quick fix is justified. Did you ever notice there's any number of obscure special-interest OSS projects for which there is a viable closed-source commercial alternative?
This story alone may be sufficient to convince some of you of the need for openness in BIOSes:
A while back I bought a VIA EPIA-M system to function as a firewall at home. Nice and quiet, low power consumption, onboard LAN and one extra PCI slot. Nice, I thought, I can install a second NIC and use it as a firewall effectively.
Only problem is: when inserting a second NIC the throughput for both drops to the 100kbit/s range! A known issue with VIA for more than a year now, but they still haven't released a new BIOS. For about half a year I ran with just the onboard LAN and used IP aliasing to get the job done, but that resulted in a less reliable firewall.
I finally went ahead after some encouraging reports and flashed an unreleased beta BIOS that can be found somewhere on the VIA site if you look really hard (or happen to stumble across it). This totally solved the problem. That was late last year.
My point? An open BIOS would have been fixed and released so much faster (not that I could have done so myself as I'm not a programmer) than VIA's "efforts" have been so far.
See here for VIA's last BIOS release; the problem has been known for longer than that.
No kidding? Well, that impresses me no end :) That break I suffered was excrutiatingly painful and I could hardly even sit for days.
200000 feet of climbing? That's like 40 miles or so, right? Or, just about the same as one of the heavier mountain stages in the Tour...
By the way, the Tour was like that in the beginning, only it was about twice as long then. There's a famous story about one cyclist having to forge himself a replacement part for his broken bike. I'm too lazy to google, though.
I heard his collarbone wasn't broken, only had a hairline fracture or something. Having had a broken collarbone myself, I think I can safely say that you can't ride a bike that way (not unless you're drugged into insensibility, anyway).
I'll bite the troll...
My DLT jukebox set me back about 5000 euro; 10 tapes are about 700 euro (storing 400 GB natively; I see about a factor of 1.3-1.4 using compression).
$40000 will get you something much bigger than this.
Oh, and RAID 5? Sure it's nice, but it's not a backup system, silly. Backups are for both hardware and human failures, RAID just covers hardware. (Never accidentally erased something?)
So you're saying that governments should spend money I was forced to give to them on software that performs the same function as free software, so that this money can't be spent on, say, education and health care? And then have me give them more money to make up for the deficit?
I bow to your 'wisdom'.
But having to buy fast hardware for all the users running that programmer-friendly program in order to have these users even slightly productive is the most expensive option.
Face it, programmer time spent optimizing apps is time well spent. That includes language selection.
Well, there you go. For a new linux user, debian must be as bad a choice as I can think of, unless it is Linux From Scratch :)
You'd have done much better with, to name some, Fedora, Mandrake or SuSE since they have more advanced user-friendly setup tools available.
But why install a soundcard on a server anyway?
Oh? I didn't know fedora wasn't free. It came with samba 3 you know.
> I think it's actually possible with addon-software
;-)
It seems to be (or to have been) possible. Some time ago I looked at something called xmove (IIRC) that was supposed to be able to do just that. It was quite old software as I recall and I never got around to actually trying it. I'd google for it, but I'm lazy today
> And you can pry my network transparency from my cold dead hands.
:)
I agree with you totally. Administering a network of about 100 linux thin clients running off a couple of linux servers without that transparency would be painful in the extreme. (Not that we have that many yet over here - only 26 so far - but we'll get there
Let's hope your other comments turn out to be true...
Don't worry, I've been using 'free' since 1998 and I couldn't agree more (including your sig). I've seen uptimes on my boxes of over 380 days... (only to have them ruined by some kernel exploit :( )
Being a sysadmin gives me a different perspective to that as well :)
I guess some of the truth lies in perception of the problem itself. In your story, I wouldn't think of it as a computer problem either, but that would probably change if I had been using the computer at the time the cable was cut... At least some time would have elapsed with me trying to diagnose the problem on the computer and network itself.
If the hair dryer, blender and space heater are driven by his computers, then yes, I would say it's a computer problem :-)
Otherwise, no. He's fixing a problem that only indirectly involves computers (after all, if he blew out a different circuit he'd have no computer downtime but would still have to fix the breakers). If you notice you don't have any more power in a widespread area in your house, do you think your computer is at fault? Probably not. But if you can't connect to the internet, what else but your computer or your IP can it be? And most people think that the IP is better at 'computers stuff' than they are and so assume it's their fault they can't connect.
That's why I count the time.