w2k c2 certified? Last I heard even NT 3.51+ wasn't certified due to the fact that MS inserted the GUI into kernel mode or something, essentially adding hundreds of thousands of lines of code to the 'trusted code base' and making it too hard to certify.
I may be wrong, but if that's true then w2k certainly isn't c2 certified.
Excuse me...ancient PIII/866's? That's way over the specs for about 3/4 of our pc's here. I have ~25 PII/266's and the same amount of PII/400's, both with 128 MB ram and I expect them to do ok with RH8.0 (not that they'll be speed demons or anything).
Are you sure there are no configuration issues? My Athlon 600 (with 256MB) runs RH8 just fine and dandy here. No speed issues at all. Not that I'm a screaming fanatic about speed;-)
That would indeed be interesting...perhaps I'll take some time. Mostly though, I tend to do fresh installs (using kickstart, that isn't a chore at all).
IIRC, an upgrade (at least the ones I do:) just preserves settings as far as services go.
I recently installed a server in the following way: installed off the LAN with RH7.2 with the absolute minimum I could get away with, excepting only openssh-server (no client even). This took some 258MB only. Then I took some time installing apt on these machines (using the enabled ssh service, of course) and upgraded them to RH8 (I did this off a custom-built apt repository with rpms leaked from an ftp site as RH8 wasn't out yet:)
The only services open now are openssh and postfix (since it's going to be a mail gateway), both of which I had to enable. Two open tcp ports, no open udp ports, according to netstat.
So that would qualify as 'secure by default' in this set of services at least. As to others...who knows? Perhaps you run some services that are enabled by default that I don't run? (I guess X enables port 6000 by default, and I run that too, on the desktops at least, so that might be considered 'unsecure by default' perhaps.)
Well, I use custom installs exclusively too, and at least RH7.1/2 didn't enable any service by default. I haven't done any new installs using RH8 or 7.3 (just upgraded), but I find it very hard to believe that they would regress like that.
I'll be able to check soon though, since I'm going to install 8 on the ~100 computers I admin. You're right about pre-7.1 installs, I don't dispute their poor security record at all.
>For instance, getting OpenSSH up and running to integrate a Windows box to be able to ftp from/to the secure Linux install takes alot of work, and fishing >around.
You mean, apart from doing 'chkconfig --level 345 openssh on' or running 'setup' and then either reboot (*shudder*) or typing 'service sshd start'?
You might want to look at the Getting Started Guide RedHat provides for free on their website - no amount of trying is a substitute for RTFM;-)
And please don't blame RedHat for possibly poor ssh documentation that's part of one package.
You (and my co-responder) haven't run RedHat for a while haven't you? By default, since RH7.1, NO services are started!
Get your facts straight before flaming please. Red Hat is doing a good job, progressively being more 'secure by default' since about RH 6.1 (took them a while though;-)
RMS was having trouble with this printer and wanted to look at the source code for the driver he was using. He found someone who had access to the source code. That person had signed an NDA however and stuck with it.
Since this meant that RMS couldn't fix the problems with that (expensive!!!!!) printer he got quite angry. That was the start of Free Software.
Re:Installation not so hard -- and not so importan
on
Libranet 2.7 Released
·
· Score: 1
Small consolation for you: I've been using apt-get on RH for several months now, with good results.
Get apt for RH from http://freshrpms.net/ Specific links for RH 7.3: http://valhalla.freshrpms.net/rpm.html?id=10
Just make sure that when you build the apt root you use file permissions ('bloat' is the term) so you can actually use it:)
Having worked quite a lot with kickstart, I can say the following: it's quite enough for all your installation automation.
The reference you linked to is very good and tells you all you might want to know. I especially like the ability to runs scripts in the %post section, for customizing after installation.
The only downside to kickstart is that if you don't have a network to play with, you're stuck with the cd's....and it can't change them for you, of course:~(
Well, unless you fancy having a spare hard disk and installing it in every one of those hundreds of machines and doing the installs off of that.
rpm -ql should do the trick. Having to be root should be clear: it prevents an new/unsure user from fiddling with the system too much (god knows, I was scared of the root prompt once) and thereby promotes system stability.
Amen to that. I've used RedHat since 5.0/1 and have loved it from the moment I saw it. Of course, that was a computer set up for me at the university, but I was able to get RH running at home almost without any assistance at all (not that I'm an average user, but at that time I mostly used *cough*windows*cough*)
Only problem was with my totally unsupported graphics card of that time, no X possible.
As of RH 7.0 I couldn't believe how easy it is to set up, especially compared to ANY form of windows (Does windows ever support your latest-and-greatest hardware out of the box? Not in my experience, it doesn't!). Windows takes longer than RH to install itself, then I have to spend some more hours (about 3) to get everything working, compared to ~10 minutes on RH.
Guess what's easier for a novice computer user who has to install an OS?
(And don't bitch about all the package choices either, just hit "desktop" when asked what to install if you're unsure.)
Boy, are you right about 3) ! As a sysadmin working for a university in the Netherlands it's the one thing that causes me a lot of stress and headaches!
That and the impossibly tight budgets (think: nothing to spend, actually) tend to drive me right up the wall at times...
million-year-old as in 'the light you see coming from the sun was created about a million years ago'. I meant that that light bounces around for (on average) a million years before it escapes the sun, showing the difference between light and neutrinos.
Neutrinos _do_ pass through matter more easily, but they also get sent out a bit before the light from the implosion (yes, it's actually an implosion triggering an explosion) gets underway. Remember, space is quite empty between the stars. The light only has a difficult time inside a star (you're seeing million-year-old light outside, for instance:)
Actually, the distances to the Magellanic Clouds are about 50000 pc (LMC) and 60000 pc (SMC) which translates to about 160000 and 195000 ly respectively. (I did research on that very subject during my years as an astronomy student;-)
I think you're right. What's more, I can't even seem to find any stores selling Linux games here in the Netherlands!
Yes, I would pay for Linux Games.
Yes, I would wait up to about 4 months before I bought the Windows version.
No, I don't mind struggling through an installation (as long as I can get some help if needed).
BUT: if I can't get my hands on the games all my willingness to put up with delays, expense and such counts for NOTHING!
I was very lucky to get Civ:CTP for linux and bought it even though I already had the Windows version. I'm very sad to see Loki go, I'd have bought more games if I could've gotten my hands on them...
almost from the start (2.4.3 if I remember correctly). We patched XFS into the kernels and some other stuff we needed and the transition to 2.4 was relatively painless using a fresh install (for XFS).
We ran into some trouble with a number of Athlon systems but that was due to the 'Athlon bug' and was soon fixed. More worrisome was the performance of pre-2.4.9 kernels on the desktop: sometimes they slowed down to a crawl (and i'm talking about lightly loaded ~750MHz machines here).
We got over that with the -ac kernels however, and it's been a breeze ever since. We currently use 2.4.14 with XFS patched in (although we're ditching it in favor of ext3 now that it's been integrated and the RH installer supports it) and we're looking at 2.4.17 now.
Why use 2.4 on servers (as some have asked)? Well, iptables is a good reason, for one. Other security-related things count heavily too. And XFS seemed a good reason to do it at the time too. It can deliver very good performance.
Some stats:
zuse [1] > uname -a
Linux zuse 2.4.14-xfs_MI10 #1 Tue Nov 6 17:34:04 MET 2001 i686 unknown
zuse [2] > uptime
2:25pm up 61 days, 21:21, 1 user, load average: 1.07, 1.02, 0.93
Essentially correct, but there's another thing: the interference from the sun is no great issue, astronomers also observe during daytime. Not only that, but the frequency you're observing on may not even have significant interference from the sun at all.
Then there's the issue of not actually seeing all of the sky at once (radio telescopes have [a few] lobes in which they're most sensitive) so the sun may not bother you much at all even if it _is_ radiating at your observing frequency!
Overall, radio telescopes can almost always be usefully employed, unlike optical ones.
Personally I'd want to place an optical telescope in one of those polar regions, preferably in a crater that doesn't get much sunlight. That'd be really useful (good seeing and stable soil).
(I've studied astronomy at Leiden University for 7 years although I got sidetracked by sysadminning so I didn't graduate.)
I think a P4/2GHz wouldn't 'feel' more than twice as fast as the P3/900MHz. Of course, if it would that means that the scores for the Itanium are very interesting, yielding a fast PC at only 800MHz, which should be pretty easy to keep quiet w.r.t. cooling.
That would've been nice to know for the 64-bit discussion a while back:-)
perhaps I wasn't clear enough, sorry. What I meant was that I'd be interested in the _source_ of that information, not the quote in the article. Couldn't find that in there...
Don't blame me for being modded up, I'm not doing that.
Slashdot Mirror
Thank you :-)
Dammit, I'm a _Dutchman_ living in the Netherlands and I pretty well AGREE with you! I DETEST Dutch on *any* computer.
;-)
I'm pretty sure it should be against the law or something, or at least be considered blasphemy.
w2k c2 certified? Last I heard even NT 3.51+ wasn't certified due to the fact that MS inserted the GUI into kernel mode or something, essentially adding hundreds of thousands of lines of code to the 'trusted code base' and making it too hard to certify.
I may be wrong, but if that's true then w2k certainly isn't c2 certified.
Excuse me...ancient PIII/866's? That's way over the specs for about 3/4 of our pc's here. I have ~25 PII/266's and the same amount of PII/400's, both with 128 MB ram and I expect them to do ok with RH8.0 (not that they'll be speed demons or anything).
;-)
Are you sure there are no configuration issues? My Athlon 600 (with 256MB) runs RH8 just fine and dandy here. No speed issues at all. Not that I'm a screaming fanatic about speed
That would indeed be interesting...perhaps I'll take some time. Mostly though, I tend to do fresh installs (using kickstart, that isn't a chore at all).
:) just preserves settings as far as services go.
:)
IIRC, an upgrade (at least the ones I do
I recently installed a server in the following way: installed off the LAN with RH7.2 with the absolute minimum I could get away with, excepting only openssh-server (no client even). This took some 258MB only. Then I took some time installing apt on these machines (using the enabled ssh service, of course) and upgraded them to RH8 (I did this off a custom-built apt repository with rpms leaked from an ftp site as RH8 wasn't out yet
The only services open now are openssh and postfix (since it's going to be a mail gateway), both of which I had to enable. Two open tcp ports, no open udp ports, according to netstat.
So that would qualify as 'secure by default' in this set of services at least. As to others...who knows? Perhaps you run some services that are enabled by default that I don't run? (I guess X enables port 6000 by default, and I run that too, on the desktops at least, so that might be considered 'unsecure by default' perhaps.)
Well, I use custom installs exclusively too, and at least RH7.1/2 didn't enable any service by default. I haven't done any new installs using RH8 or 7.3 (just upgraded), but I find it very hard to believe that they would regress like that.
I'll be able to check soon though, since I'm going to install 8 on the ~100 computers I admin. You're right about pre-7.1 installs, I don't dispute their poor security record at all.
>For instance, getting OpenSSH up and running to integrate a Windows box to be able to ftp from/to the secure Linux install takes alot of work, and fishing >around.
;-)
You mean, apart from doing 'chkconfig --level 345 openssh on' or running 'setup' and then either reboot (*shudder*) or typing 'service sshd start'?
You might want to look at the Getting Started Guide RedHat provides for free on their website - no amount of trying is a substitute for RTFM
And please don't blame RedHat for possibly poor ssh documentation that's part of one package.
You (and my co-responder) haven't run RedHat for a while haven't you? By default, since RH7.1, NO services are started!
;-)
Get your facts straight before flaming please. Red Hat is doing a good job, progressively being more 'secure by default' since about RH 6.1 (took them a while though
RMS was having trouble with this printer and wanted to look at the source code for the driver he was using. He found someone who had access to the source code. That person had signed an NDA however and stuck with it.
Since this meant that RMS couldn't fix the problems with that (expensive!!!!!) printer he got quite angry. That was the start of Free Software.
Small consolation for you: I've been using apt-get on RH for several months now, with good results.
:)
Get apt for RH from http://freshrpms.net/
Specific links for RH 7.3: http://valhalla.freshrpms.net/rpm.html?id=10
Just make sure that when you build the apt root you use file permissions ('bloat' is the term) so you can actually use it
Having worked quite a lot with kickstart, I can say the following: it's quite enough for all your installation automation.
:~(
The reference you linked to is very good and tells you all you might want to know. I especially like the ability to runs scripts in the %post section, for customizing after installation.
The only downside to kickstart is that if you don't have a network to play with, you're stuck with the cd's....and it can't change them for you, of course
Well, unless you fancy having a spare hard disk and installing it in every one of those hundreds of machines and doing the installs off of that.
right-left-right or down-right should do that.
Look at the galeon manual, section 2.7 for more gestures.
rpm -ql should do the trick. Having to be root should be clear: it prevents an new/unsure user from fiddling with the system too much (god knows, I was scared of the root prompt once) and thereby promotes system stability.
Amen to that. I've used RedHat since 5.0/1 and have loved it from the moment I saw it. Of course, that was a computer set up for me at the university, but I was able to get RH running at home almost without any assistance at all (not that I'm an average user, but at that time I mostly used *cough*windows*cough*)
Only problem was with my totally unsupported graphics card of that time, no X possible.
As of RH 7.0 I couldn't believe how easy it is to set up, especially compared to ANY form of windows (Does windows ever support your latest-and-greatest hardware out of the box? Not in my experience, it doesn't!). Windows takes longer than RH to install itself, then I have to spend some more hours (about 3) to get everything working, compared to ~10 minutes on RH.
Guess what's easier for a novice computer user who has to install an OS?
(And don't bitch about all the package choices either, just hit "desktop" when asked what to install if you're unsure.)
Boy, are you right about 3) ! As a sysadmin working for a university in the Netherlands it's the one thing that causes me a lot of stress and headaches!
That and the impossibly tight budgets (think: nothing to spend, actually) tend to drive me right up the wall at times...
million-year-old as in 'the light you see coming from the sun was created about a million years ago'. I meant that that light bounces around for (on average) a million years before it escapes the sun, showing the difference between light and neutrinos.
Neutrinos _do_ pass through matter more easily, but they also get sent out a bit before the light from the implosion (yes, it's actually an implosion triggering an explosion) gets underway. Remember, space is quite empty between the stars. The light only has a difficult time inside a star (you're seeing million-year-old light outside, for instance :)
Actually, the distances to the Magellanic Clouds are about 50000 pc (LMC) and 60000 pc (SMC) which translates to about 160000 and 195000 ly respectively. (I did research on that very subject during my years as an astronomy student ;-)
Since we're countrymen apparently, do you have any info on how to register with that central and independent database you're talking about?
did you try to use lbxproxy? Just do :1 &
;-)
$ xhost +localhost
$ lbxproxy
$ export DISPLAY=:1
start apps with low bandwidth X...work wonders
I think you're right. What's more, I can't even seem to find any stores selling Linux games here in the Netherlands!
Yes, I would pay for Linux Games.
Yes, I would wait up to about 4 months before I bought the Windows version.
No, I don't mind struggling through an installation (as long as I can get some help if needed).
BUT: if I can't get my hands on the games all my willingness to put up with delays, expense and such counts for NOTHING!
I was very lucky to get Civ:CTP for linux and bought it even though I already had the Windows version. I'm very sad to see Loki go, I'd have bought more games if I could've gotten my hands on them...
almost from the start (2.4.3 if I remember correctly). We patched XFS into the kernels and some other stuff we needed and the transition to 2.4 was relatively painless using a fresh install (for XFS).
We ran into some trouble with a number of Athlon systems but that was due to the 'Athlon bug' and was soon fixed. More worrisome was the performance of pre-2.4.9 kernels on the desktop: sometimes they slowed down to a crawl (and i'm talking about lightly loaded ~750MHz machines here).
We got over that with the -ac kernels however, and it's been a breeze ever since. We currently use 2.4.14 with XFS patched in (although we're ditching it in favor of ext3 now that it's been integrated and the RH installer supports it) and we're looking at 2.4.17 now.
Why use 2.4 on servers (as some have asked)? Well, iptables is a good reason, for one. Other security-related things count heavily too. And XFS seemed a good reason to do it at the time too. It can deliver very good performance.
Some stats:
zuse [1] > uname -a
Linux zuse 2.4.14-xfs_MI10 #1 Tue Nov 6 17:34:04 MET 2001 i686 unknown
zuse [2] > uptime
2:25pm up 61 days, 21:21, 1 user, load average: 1.07, 1.02, 0.93
Essentially correct, but there's another thing: the interference from the sun is no great issue, astronomers also observe during daytime. Not only that, but the frequency you're observing on may not even have significant interference from the sun at all.
Then there's the issue of not actually seeing all of the sky at once (radio telescopes have [a few] lobes in which they're most sensitive) so the sun may not bother you much at all even if it _is_ radiating at your observing frequency!
Overall, radio telescopes can almost always be usefully employed, unlike optical ones.
Personally I'd want to place an optical telescope in one of those polar regions, preferably in a crater that doesn't get much sunlight. That'd be really useful (good seeing and stable soil).
(I've studied astronomy at Leiden University for 7 years although I got sidetracked by sysadminning so I didn't graduate.)
how MTOPS relate to real-life performance?
:-)
I think a P4/2GHz wouldn't 'feel' more than twice as fast as the P3/900MHz. Of course, if it would that means that the scores for the Itanium are very interesting, yielding a fast PC at only 800MHz, which should be pretty easy to keep quiet w.r.t. cooling.
That would've been nice to know for the 64-bit discussion a while back
perhaps I wasn't clear enough, sorry. What I meant was that I'd be interested in the _source_ of that information, not the quote in the article. Couldn't find that in there...
Don't blame me for being modded up, I'm not doing that.