I know they have the best intentions but, I've had it with these acronyms! OSI(Open Source Initiative), not to be confused with OSI(Open Systems Interconnect) Model, courtesy of the good old ISO(International Organization for Standardization). Yes, the last one is correct.
I've had it with these groups, which are all in the same industry, coming up with multitudes of acronyms that all have different meanings. In some cases, even the context in which the acronym is used does not reduce the ambiguity of the acronym. Some of these acronyms are so cute I just want to wretch!
Being a reasonable size media company, that you rely heavily on Microsoft products. There are numerous mail filtering packages, such as Mime Sweeper, that can filter these abusive messages rather effectively out of the box. For a Linux solution, you will have to do a lot more work but, it is still possible.
Would you mind explaining what this is used for? I do not see or understand the application. I can see where it might be used as a client to a Unix console but, what is the advantage over telnet, ssh, or VNC? To me these seem like simpler, cheaper, faster solutions.
Perhaps my problem is that I have never fully utilized X's capabilities. For me it is just a graphical front end. What am I missing?
I'm afraid that this isn't so. It is trivial to sniff a switched network so switches don't offer any security. LPRng doesn't help either as the problem isnt the print server daemon it is the printer itself.
For those that don't see the issue, I'll try to explain. Most if not all network printers today, do not have a secure channel between the submitter and the printer itself. This means that print jobs can be intercepted and read from the wire. Big deal? Well suppose that the print job is an ultra secret NSA document or perhaps the blueprint for a secret weapon, that would be a big deal.
The second issue is control of the printer itself. Suppose that the printer is a cheque printer in a bank or insurance company. It is possible for you to submit your own job to the printer. This means that you can print your own cheques on the companies official cheque stock. Now, I understand that network printers have authentication which can be turned on to control access to the printer. But, this password based access control is communicated in plain text on the wire, like a telnet session. That means that even if you password protect the printer, it is possible to sniff a legitimate print job and get the password. Then you have control of the printer and again start submitting your own jobs.
Right now, the only means of securing printers is to directly attach the printer to the print server, either via cable or a VLAN with only the printer and the server on it and no means of routing beyond the VLAN. Also, a secure channel is required between the client workstation that generates the print job and the print server. This can be done with ssl or ssh or even IPSec.
What is needed is a network printer that will speak only ssl or IPSec between the printer and the submitter, then the password based access control can be effective.
Encrypted?? Sorry, I'm afraid not. Switches do not encrypt anything the traffic will still be plain text or plain PCL anyway. Additionally, sniffing a switched network is a trivial task.
I realize that old books state that one of the advantages of switches is security and the switch vendors preached this mantra for several years. But, it no longer holds true, if it ever did. The fact is that I can sniff your traffic on a switched network, even if your VLAN spans the globe.
Dell uses something called the Netropa Multi-Media Keyboard. It has four extra buttons 3 are programmable using a utility called Dell Touch and the forth is the sleep button.
These buttons, certainly the sleep button, rely on a psuedo service called MMKEYBD.EXE. While MMKEYBD.EXE is running, pressing the sleep key will put NT/2000 into sleep mode. To prevent this from happening you simply disable the service.
To disable the service open regedit and delete the following key value: HKey_Local_MAchine\Software\Microsoft\Windows\Curr entVersion\Run
SZ Multimedia Keyboard
The next time the PC is started, MMKEYBD.EXE will not run and the sleep key will be dead. NOw, if you also need the other programmable keys to work, you still have a problem as I believe that they will also be dead when this service is stopped.
As for good mailing lists...... I've never seen one.
Dell uses something called the Netropa Multi-Media Keyboard. It has four extra buttons 3 are programmable using a utility called Dell Touch and the forth is the sleep button.
These buttons, certainly the sleep button, rely on a psuedo service called MMKEYBD.EXE. While MMKEYBD.EXE is running, pressing the sleep key will put NT/2000 into sleep mode. To prevent this from happening you simply disable the service.
To disable the service open regedit and delete the following key value: HKey_Local_MAchine\Software\Microsoft\Windows\Curr entVersion\Run
SZ Multimedia Keyboard
The next time the PC is started, MMKEYBD.EXE will not run and the sleep key will be dead. NOw, if you also need the other programmable keys to work, you still have a problem as I believe that they will also be dead when this service is stopped.
In the present market, and definitely in my region, your situation is a very dangerous one. Presently, the few companies that are hiring in the region are taking full advantage of the market downturn and its resulting glut of skilled professionals. These few and far between companies are demanding degrees, usually advanced degrees and offering pathetic salaries in return.
Here's one: Major insurance company seeks mid-level programmer. Requires Master's degree in Computer Science or related field and minimum 10 years experience developing in C/C++ and Java. $65,000US + Benefits.
This is the best entrant in my opinion. It isn't the "most" fuel efficient entrant but, it is the most practical.
This stealth car not only gets great mileage, it is also invisible to radar. No more worries about those pesky speed traps. Of course, at 20 MPH the only speed trap you'll have to worry about is a school zone. But, no worries in this puppy.
To answer your question, the smallest PCs as a matter of volume, will probably laptops or Cappucino PCs. You could fit 4-6 of them in the same volume of a standard desktop PC.
But, it sounds like you are looking for a high density solution. Perhaps you plan to do some server clustering? For this, the solution is going to be a blade server or something like it. Cubix is one of the best and oldest in this business.
SSH is a proprietery product from SSH.COM. It is an outstanding technology that has been adopted by the open movement and SSH "tolerates" Open SSH. However, all other commercial products must license it from SSH. So, if you must get it from a commercial vendor then why not get it from the horses mouth, as it were.
Now, to answer your question regarding Open SSH specifically. The only major and well known company that I know for sure that uses Open SSH is Cisco. There are certainly many others but, there are probably few who use it as a matter of policy. But, that doesn't mean that their engineers, having half a brain, haven't all acquired a copy and rely heavily on Open SSH. Part of the problem with free software is that it doesn't show up on the radar unless it is used very heavily but, that doesn't mean that it isn't used by many.
You've got a tough sell ahead of you as you must sell mind share, which is very difficult. It's far eaisier to sell SSH on technical merit but, that's already been done for you. To add further insult, if anyone does take you seriously and checks into Open SSH they will likely find a couple of recent vulnerabilities which, although already fixed, won't help your arguement.
I'd say let it go. If they want to pay for SSH then let them. Comfort yourself in thinking that that money will be used by SSH to advance the product and some of those advancements will make it into OpenSSH too.
It is certainly on the list. The fact that your company doesn't choose to restrict that category or uses an older version of the software doesn't mean that it isn't on the list.
As an after thought, your company may have that category set to log. In which case you will likely get a visit from management wanting to discuss your mp3 habits during work hours.
What we have here is a router that supports two or more equal cost paths. That fact is that any real router that supports OSPF or some other dynamic routing protocol the supports multiple equal cost paths(BGP) has been able to do this for years.
What broadband users need is something like MPPPoE(Multilink PPP over Ethernet). This is something that I proposed, several years ago, while working for one of the top three network vendors. Marketing determined that there was insufficient demand and it was never implemented in any of the equipment ISP or CPE. There are a few obscure vendors that claim their products do this. But, in order for this to work the ISP must support it at their end. To date, I am not aware of any ISPs that do.
From the web site: BBLCD is a toolkit for building your own bootable Linux CD from your favorite (and possibly customized) distribution. It is more or less an intelligent cp -a //dev/cdrom (with Linux, it's not that simple, but with Windows, it's impossible). I have created this toolkit because these single-floppy Linux systems have three major drawbacks: floppies are slow, errorprone and always too small.
The current stable version is fully functional. I have tested it with SuSE 7.x, Red-Hat 7 and Debian 2.2. I have user reports that it also works with Red-Hat 6.2. In fact, it would surprise me if it didn't work with any distribution, but there are so many around, so you never know.
Sure, it dates the movie. But, I think that "dating" makes the movie pretty cool. I'm always intrigued and amused when I see the Pan Am, Hilton, and AT&T?? ads in 2001: A Space Odessy. But, it may be just me. I also enjoy reading the ads in 30 and 40 year old National Geographics. Seeing the companies, products and the way that they advertise them offers a great window in to the way of life at the time.
Can't understand.
on
World Cup Final
·
· Score: 5, Insightful
As the arguements rage back and forth on this story, I still can't grasp the rabid dissention against the World Cup and "soccer". There is constant comparison to American Football, yet to me the two are about as comparable as relativity and cheese!
When 1.5 billion people watch the World Cup with agonized anticipation people say "who cares" and "nobody's interested in that". Yet these same people think it is a great big deal that a paltry, in comparison, 131 million watched the Super Bowl and for months afterwards discuss the game and the commercials!?!?!?
People argue about the name of the sport. Despite the fact that most of the world refers to a game that is played almost entirely with the feet as Football(makes sense to me), the dissenters call it soccer and argue that it should never have been called football. These same people call a much younger game in which a ball may be kicked only twice over the course of a four hour period and is played almost exclusively with the hands, Football. Huh????
To be honest I enjoy both sports. But, I just don't understand how a small group of people can be so rabid in their dismissal of a sport that is, obviously, of tremendous significance to the entire world. Nobody said that you have to like it but, how can you not see it for what it truely is.
I addressed an earlier question about load balancing that is very pertinent to your question.
Put simply there is no better solution than a hardware one, for this situation. This Nortel solution does it all in one box. However, if your traffic load is great enough you might want to look at splitting out the functions across multiple boxes like these Nortel/Alteoon 180 Series switches. There is also a separate SSL concentrator/accelerator.
Speed! DO you need load balancing or do you need redundacy. There are several, pretty good, Linux solutions that have already been mentioned. But, these solutions all have a significant limitation. Processing power is that limitation. They can provide the redirection necessary for redundancy but they will suffer if your goal is truely load balancing for performance reasons.
While it is straight forward enough to perform layer 7 redirecting, if your load is such that it will crush IIS or Apache, then putting a single box with a single or dual CPU in front of the web servers won't help much as this box will then become the bottle neck.
The "expensive" layer 4-7 switches that you mentioned are specifically designed for their function with multiple high bandwidth ports and, most importantly, one or more ASICs per port to handle the processing. This is something that Linux or any PC based load balancer cannot provide for you. Certainly if you are balancing more than a couple of ports.
So, if you want redundancy and the load isn't all that high, Linux could be the answer. But if you have a truely high load you need to look at the real deal like Nortel/Alteon or Cisco/Arrowpoint. And if you're doing SSL a hardware SSL accelerator is the ONLY way to fly!
I found several ways to do this manually, but now I have to find a way to script a solution to do this on over 4000 machines!
You don't say what the manual ways are. I suspect that you are doing it with the Dell keyboard utility that Dell places on the desktop. This utility is more than likely making a registry change or has an ini file where it keeps the settings. You need to find out which and locate the change.
Once you have located the change it is a simple matter to push it out to the other machines. First, there are management applications that you should look at. With 4000 machines to manage you should definitely be running a management application. Microsoft sells SMS which is somewhere between OK and weak. Novell sells ZenWorks for Desktops(yes it runs on NT/2000 too), which is outstanding for this kind of thing. Both of these products will allow you to easily scan the system to find the changes that the Dell utility is making. Both management systems will allow you to image these changes and then automatically push them out to the clients.
If you are not already using some such managent system, it would take a fair amount of time to install and deploy them and I get the impression that you need instant gratification. To do this, you must manually locate the changes that the Dell utility is making, either in the registry or the ini file. Once you've found them you can run a small batch file/login scipt at login to automatically copy the configuration changes to your client machines. I do this all the time in small environments that do not have management systems.
In any case, you really need to look at a management system when you are running 4000 machines. What's going to happen when Microsoft tells you that you must upgrade to the new M$ Office XP 2004? Under the licensing scheme that goes into effect 7-31-2002 they could do just that at any time. Are you going to manually install 4000 copies?
Slashdot Mirror
The Honorable Mr. Boucher will be branded either a nut case or a heretic by the rest of the house.
The wispering in the halls of congress has already begun. "Didn't he get his check from the RIAA yet???"
I know they have the best intentions but, I've had it with these acronyms! OSI(Open Source Initiative), not to be confused with OSI(Open Systems Interconnect) Model, courtesy of the good old ISO(International Organization for Standardization). Yes, the last one is correct.
I've had it with these groups, which are all in the same industry, coming up with multitudes of acronyms that all have different meanings. In some cases, even the context in which the acronym is used does not reduce the ambiguity of the acronym. Some of these acronyms are so cute I just want to wretch!
Enough already!!
That was most helpful.
Being a reasonable size media company, that you rely heavily on Microsoft products. There are numerous mail filtering packages, such as Mime Sweeper, that can filter these abusive messages rather effectively out of the box. For a Linux solution, you will have to do a lot more work but, it is still possible.
Would you mind explaining what this is used for? I do not see or understand the application. I can see where it might be used as a client to a Unix console but, what is the advantage over telnet, ssh, or VNC? To me these seem like simpler, cheaper, faster solutions.
Perhaps my problem is that I have never fully utilized X's capabilities. For me it is just a graphical front end. What am I missing?
I'm afraid that this isn't so. It is trivial to sniff a switched network so switches don't offer any security. LPRng doesn't help either as the problem isnt the print server daemon it is the printer itself.
For those that don't see the issue, I'll try to explain. Most if not all network printers today, do not have a secure channel between the submitter and the printer itself. This means that print jobs can be intercepted and read from the wire. Big deal? Well suppose that the print job is an ultra secret NSA document or perhaps the blueprint for a secret weapon, that would be a big deal.
The second issue is control of the printer itself. Suppose that the printer is a cheque printer in a bank or insurance company. It is possible for you to submit your own job to the printer. This means that you can print your own cheques on the companies official cheque stock. Now, I understand that network printers have authentication which can be turned on to control access to the printer. But, this password based access control is communicated in plain text on the wire, like a telnet session. That means that even if you password protect the printer, it is possible to sniff a legitimate print job and get the password. Then you have control of the printer and again start submitting your own jobs.
Right now, the only means of securing printers is to directly attach the printer to the print server, either via cable or a VLAN with only the printer and the server on it and no means of routing beyond the VLAN. Also, a secure channel is required between the client workstation that generates the print job and the print server. This can be done with ssl or ssh or even IPSec.
What is needed is a network printer that will speak only ssl or IPSec between the printer and the submitter, then the password based access control can be effective.
Encrypted?? Sorry, I'm afraid not. Switches do not encrypt anything the traffic will still be plain text or plain PCL anyway. Additionally, sniffing a switched network is a trivial task.
I realize that old books state that one of the advantages of switches is security and the switch vendors preached this mantra for several years. But, it no longer holds true, if it ever did. The fact is that I can sniff your traffic on a switched network, even if your VLAN spans the globe.
Dell uses something called the Netropa Multi-Media Keyboard. It has four extra buttons 3 are programmable using a utility called Dell Touch and the forth is the sleep button.
r entVersion\Run
These buttons, certainly the sleep button, rely on a psuedo service called MMKEYBD.EXE. While MMKEYBD.EXE is running, pressing the sleep key will put NT/2000 into sleep mode. To prevent this from happening you simply disable the service.
To disable the service open regedit and delete the following key value: HKey_Local_MAchine\Software\Microsoft\Windows\Cur
SZ Multimedia Keyboard
The next time the PC is started, MMKEYBD.EXE will not run and the sleep key will be dead. NOw, if you also need the other programmable keys to work, you still have a problem as I believe that they will also be dead when this service is stopped.
As for good mailing lists...... I've never seen one.
Dell uses something called the Netropa Multi-Media Keyboard. It has four extra buttons 3 are programmable using a utility called Dell Touch and the forth is the sleep button.
r entVersion\Run
These buttons, certainly the sleep button, rely on a psuedo service called MMKEYBD.EXE. While MMKEYBD.EXE is running, pressing the sleep key will put NT/2000 into sleep mode. To prevent this from happening you simply disable the service.
To disable the service open regedit and delete the following key value: HKey_Local_MAchine\Software\Microsoft\Windows\Cur
SZ Multimedia Keyboard
The next time the PC is started, MMKEYBD.EXE will not run and the sleep key will be dead. NOw, if you also need the other programmable keys to work, you still have a problem as I believe that they will also be dead when this service is stopped.
In the present market, and definitely in my region, your situation is a very dangerous one. Presently, the few companies that are hiring in the region are taking full advantage of the market downturn and its resulting glut of skilled professionals. These few and far between companies are demanding degrees, usually advanced degrees and offering pathetic salaries in return.
Here's one: Major insurance company seeks mid-level programmer. Requires Master's degree in Computer Science or related field and minimum 10 years experience developing in C/C++ and Java. $65,000US + Benefits.
MCSE's beware!!!!
This is the best entrant in my opinion. It isn't the "most" fuel efficient entrant but, it is the most practical.
This stealth car not only gets great mileage, it is also invisible to radar. No more worries about those pesky speed traps. Of course, at 20 MPH the only speed trap you'll have to worry about is a school zone. But, no worries in this puppy.
To answer your question, the smallest PCs as a matter of volume, will probably laptops or Cappucino PCs. You could fit 4-6 of them in the same volume of a standard desktop PC.
But, it sounds like you are looking for a high density solution. Perhaps you plan to do some server clustering? For this, the solution is going to be a blade server or something like it. Cubix is one of the best and oldest in this business.
SSH is a proprietery product from SSH.COM. It is an outstanding technology that has been adopted by the open movement and SSH "tolerates" Open SSH. However, all other commercial products must license it from SSH. So, if you must get it from a commercial vendor then why not get it from the horses mouth, as it were.
Now, to answer your question regarding Open SSH specifically. The only major and well known company that I know for sure that uses Open SSH is Cisco. There are certainly many others but, there are probably few who use it as a matter of policy. But, that doesn't mean that their engineers, having half a brain, haven't all acquired a copy and rely heavily on Open SSH. Part of the problem with free software is that it doesn't show up on the radar unless it is used very heavily but, that doesn't mean that it isn't used by many.
You've got a tough sell ahead of you as you must sell mind share, which is very difficult. It's far eaisier to sell SSH on technical merit but, that's already been done for you. To add further insult, if anyone does take you seriously and checks into Open SSH they will likely find a couple of recent vulnerabilities which, although already fixed, won't help your arguement.
I'd say let it go. If they want to pay for SSH then let them. Comfort yourself in thinking that that money will be used by SSH to advance the product and some of those advancements will make it into OpenSSH too.
It is certainly on the list. The fact that your company doesn't choose to restrict that category or uses an older version of the software doesn't mean that it isn't on the list.
As an after thought, your company may have that category set to log. In which case you will likely get a visit from management wanting to discuss your mp3 habits during work hours.
2600 is Political/Religious? Thats a bit of a stretch.
Now if Slashdot were rated Political/Religious, that would be perfectly understandable.
Flame on Zealots!
Huh?
What we have here is a router that supports two or more equal cost paths. That fact is that any real router that supports OSPF or some other dynamic routing protocol the supports multiple equal cost paths(BGP) has been able to do this for years.
What broadband users need is something like MPPPoE(Multilink PPP over Ethernet). This is something that I proposed, several years ago, while working for one of the top three network vendors. Marketing determined that there was insufficient demand and it was never implemented in any of the equipment ISP or CPE. There are a few obscure vendors that claim their products do this. But, in order for this to work the ISP must support it at their end. To date, I am not aware of any ISPs that do.
Take a look at this.
/dev/cdrom (with Linux, it's not that simple, but with Windows, it's impossible). I have created this toolkit because these single-floppy Linux systems have three major drawbacks: floppies are slow, errorprone and always too small.
From the web site: BBLCD is a toolkit for building your own bootable Linux CD from your favorite (and possibly customized) distribution. It is more or less an intelligent cp -a /
The current stable version is fully functional. I have tested it with SuSE 7.x, Red-Hat 7 and Debian 2.2. I have user reports that it also works with Red-Hat 6.2. In fact, it would surprise me if it didn't work with any distribution, but there are so many around, so you never know.
Sure, it dates the movie. But, I think that "dating" makes the movie pretty cool. I'm always intrigued and amused when I see the Pan Am, Hilton, and AT&T?? ads in 2001: A Space Odessy. But, it may be just me. I also enjoy reading the ads in 30 and 40 year old National Geographics. Seeing the companies, products and the way that they advertise them offers a great window in to the way of life at the time.
As the arguements rage back and forth on this story, I still can't grasp the rabid dissention against the World Cup and "soccer". There is constant comparison to American Football, yet to me the two are about as comparable as relativity and cheese!
When 1.5 billion people watch the World Cup with agonized anticipation people say "who cares" and "nobody's interested in that". Yet these same people think it is a great big deal that a paltry, in comparison, 131 million watched the Super Bowl and for months afterwards discuss the game and the commercials!?!?!?
People argue about the name of the sport. Despite the fact that most of the world refers to a game that is played almost entirely with the feet as Football(makes sense to me), the dissenters call it soccer and argue that it should never have been called football. These same people call a much younger game in which a ball may be kicked only twice over the course of a four hour period and is played almost exclusively with the hands, Football. Huh????
To be honest I enjoy both sports. But, I just don't understand how a small group of people can be so rabid in their dismissal of a sport that is, obviously, of tremendous significance to the entire world. Nobody said that you have to like it but, how can you not see it for what it truely is.
Has anyone got this Three Tenors album in mp3 or ogg vorbis? I haven't heard it yet.
Bwahahahaha
But, for some reason, in my mind, "quality load balancing platform" and eBay just don't go together.
Do they have sthe support contracts on eBay too?
I addressed an earlier question about load balancing that is very pertinent to your question.
Put simply there is no better solution than a hardware one, for this situation. This Nortel solution does it all in one box. However, if your traffic load is great enough you might want to look at splitting out the functions across multiple boxes like these Nortel/Alteoon 180 Series switches. There is also a separate SSL concentrator/accelerator.
Speed! DO you need load balancing or do you need redundacy. There are several, pretty good, Linux solutions that have already been mentioned. But, these solutions all have a significant limitation. Processing power is that limitation. They can provide the redirection necessary for redundancy but they will suffer if your goal is truely load balancing for performance reasons.
While it is straight forward enough to perform layer 7 redirecting, if your load is such that it will crush IIS or Apache, then putting a single box with a single or dual CPU in front of the web servers won't help much as this box will then become the bottle neck.
The "expensive" layer 4-7 switches that you mentioned are specifically designed for their function with multiple high bandwidth ports and, most importantly, one or more ASICs per port to handle the processing. This is something that Linux or any PC based load balancer cannot provide for you. Certainly if you are balancing more than a couple of ports.
So, if you want redundancy and the load isn't all that high, Linux could be the answer. But if you have a truely high load you need to look at the real deal like Nortel/Alteon or Cisco/Arrowpoint. And if you're doing SSL a hardware SSL accelerator is the ONLY way to fly!
I found several ways to do this manually, but now I have to find a way to script a solution to do this on over 4000 machines!
You don't say what the manual ways are. I suspect that you are doing it with the Dell keyboard utility that Dell places on the desktop. This utility is more than likely making a registry change or has an ini file where it keeps the settings. You need to find out which and locate the change.
Once you have located the change it is a simple matter to push it out to the other machines. First, there are management applications that you should look at. With 4000 machines to manage you should definitely be running a management application. Microsoft sells SMS which is somewhere between OK and weak. Novell sells ZenWorks for Desktops(yes it runs on NT/2000 too), which is outstanding for this kind of thing. Both of these products will allow you to easily scan the system to find the changes that the Dell utility is making. Both management systems will allow you to image these changes and then automatically push them out to the clients.
If you are not already using some such managent system, it would take a fair amount of time to install and deploy them and I get the impression that you need instant gratification. To do this, you must manually locate the changes that the Dell utility is making, either in the registry or the ini file. Once you've found them you can run a small batch file/login scipt at login to automatically copy the configuration changes to your client machines. I do this all the time in small environments that do not have management systems.
In any case, you really need to look at a management system when you are running 4000 machines. What's going to happen when Microsoft tells you that you must upgrade to the new M$ Office XP 2004? Under the licensing scheme that goes into effect 7-31-2002 they could do just that at any time. Are you going to manually install 4000 copies?