1) In what terms, hardware support, Sun is working real hard to catch up, see the deals with SCO, Dell, the choice of Xorg on Intel for Solaris 10 etc for where the work is being done. 2) It's been ported to PowerPC in the past (indeed SM has suggested there may even be an IBM distro in the future), IA64/AMD64 are ready to go and Sun started off supporting SunOS (prior to Solaris) on 3 different hardware platforms. Not to mention that it's also running on Fujitsu's SPARC hardware. Okay, not quite GNU/Linux or NetBSD portability, but enough to prove it's doable and more than enough for enterprise users. who won't require a build for their toaster. 3) They've already promised it will be OSI approved, as I said in another post here, I suspect given the changes already seen in Solaris 9/10 we'll see a variety of licences depending on circumstances, they've already started importing Open Source projects such as Wu-FTPd, IPFilter, Xorg into their tree, making deals with the likes of SCO for code they don't initially intend to rewrite and rewriting key elements such as the TCP/IP stack and init subsystem to remove propriety code. 4) Unlike GNU/Linux which has no propriety code? You checked all those drivers modules for microcode recently? And that's without mentioning the likes of NVidia. 5) JCP is a reasonably open process, okay not as open as IBM would like, but Sun have been keen to encourage Open Source implementations which is why they open up their standards and APIs.
Sure they will *giggle*, I mean, GNU/Linux has a wonderful history of stable kernel API to support the migration eh? RedHat spend time backporting 2.6 patches back to 2.4, so you can't even assume kernels with the same major number will be compatible. Marvel at how Linus change the interception of system calls in 2.6, how this caused problems for kernel module developers, and how RedHat then ported it back to their 2.4 tree. I'm sorry, but Sun don't believe it's possible to bolt their code on to GNU/Linux which is why they're going down this road in the first place. Can't really see Linus suddenly accepting patches to the kernel to support DTrace, zones, ZFS, FireEngine etc.
Sun are intending to release OpenSolaris under an OSI licence and have even suggested other competing distros may appear. Given the changes seen since Solaris 9 (introduction of OpenSSH, Wu-FTPd, IPFilter, bash, Xorg as part of the default install etc), I suspect Sun will import Open Source code into their tree where they feel it is practical to do so, in other cases they will either settle with the IP owner (see SCO and Microsoft) or develop their own code as a drop in replacement (see smf replacing the old SysV init subsystem). Whatever, given their history, I see no reason why Sun wouldn't choose a liberal license for the opening of their code. Sun kit is now some of the cheapest enterprise kit available and Sun are busy signing up Intel/AMD hardware partners to support Solaris on x86. I don't think their plans will kill GNU/Linux but they will give us all another choice./. drones remind me of Henry Ford, any OS as long as it's GNU/Linux.
A lot of Slashdot drones would take offense at that description were it applied to Sun. Seems IBM have a similar plan to Sun, but are a lot better at playing the F/OSS card.
Ironically, not only has this provided press on Indymedia, hilighting the clampdown by a right wing government on free speach but it's also likely to improve our infrastructure as we set up round robin DNS and additional mirrors. As of 4am GMT last night, I believe all sites were back up in at least a static form, many with multiple mirrors.
And owner of 4/5 of the IMC UK, DNS and mail servers, I'm quite startled to get back from the pub to this. Couple of interesting links: The global viewThe local view
Remember the uproar on/. several months ago about their use of GPLd code - they use EZ-IPUpdate. I remember since their Flash updates included a couple of my patches:)
CA would seem to have prior art with their eTrust AC (developed out of SeOS from Memco) product which uses a kernel module to intercept syscalls on Unix, Windows and mainframe platforms and grant/deny access based on rules held by daemons which hold them in a database and add/remove/update them based on requests either from a master policy server and/or userland tools. Wonder how they'll feel about potentially having their legs removed by this patent from marketing the product on Windows.
Powerbroker isn't bad, but aside from the central management it has many of the same issues as sudo. We ended up using eTrust AC which is more like a cross platform implementation of SELinux.. Particularly nice that even once you switch user, eTrust AC track against your originating login, so you can give awayfull root access and then prevent individual actions even once they've switched.
I work for the security team at FTSE100 comapny in the UK. We've just spent several million building an eTrust AC and eTrust Audit audit infrastructure allowing us to manage privileged access and audit use of system resources (files, sockets etc) across several hundred Unix systems running RedHat, AIX, Solaris and HP-UX.
We have centralised management of policies, extremely detailed and centralised audit logs (think Solaris BSM but cross platform and logging to remote audit servers) and as a free gimme, centralised user account management. We could even roll it out to the Win32 infrastructure as this too is supported.
Basically, it's a kernel module which interacts with userland daemons which subscribe to the policy servers along with some userland utilities for managing the polices.
Perhaps this is somewhat overengineered for your requirements but for anyone working in the enterprise I can wholly recommend it. Oh and designing/implementing the infrastructure was a real fun project.
Don't. We use Tivoli Identity Manager to provision user access on 300 odd servers at work. Problems include it losing subscribed servers, failing to create shadow entries and/or home directories, not being able to support company standard compliant passwords and crashing with nonsensical error messages every time we try to use it. If the rest of the Tivoli product line is of a similar quality, I'd suggest we'd be better off replacing it with a rather small shell script.
I've an old 366Mhz PII powered Thinkpad 570 (192Mb RAM, 6.4Gb HD) running Debian unstable (it also runs Windows 2K at a reasonable speed in VMware) that I use like this. It weighs in at 4lb exactly and if you can find one on eBay or elsewhere I really recommend it. It's nicely supported by Linux and if you can do without an internal CD-ROM it should fit the bill nicely. Mine cost me just over 300ukp.
Glad to see the GPL is now being honoured, although this issue would have made an interesting test case.
I'm a shade confused though, I can't see any good reason why Linksys rebranded from ez-ipupdate to ipupdate.
Anyway, as far as ez-ipupdate itself goes, the version in the firmware appears to be the same as source that has been released although it is nowhere near the latest version. It doesn't appear LinkSys have made any changes.
IBM own Sequent who designed Dynix. They have plenty enough experience with NUMA from this alone not to have required SCO help in adding NUMA to Linux... (if indeed it was them that submitted the NUMA related patches to the Linux source tree)
Speaking as a contributor to EZ-IPUpdate, which it has alledgedly been included in LinkSys and others products, I'd like to know more. Can anyone point me at a URL giving more details of what has been discovered so far. I've only contributed about 40 lines to the EZ-IPUpdate source tree, but IMO we must do everything we can to enforce the GPL, otherwise the progress made since the founding of the FSF will have been in vain. I'm not talking about financial gain, but simply enforcing the ideals of those kind souls who contribute to the community.
Just done the upgrade myself, and Apache2 appears fine. HOWEVER, I had big problems with the latest mod_php (4.3.1), they seem to have changed the behaviour of includes, so that when you do an include, the pwd becomes the directory in which the include was located. This breaks a lot of web applications such as phpBB2 and Postnuke. I ended up reverting to an older version of PHP (4.2.1) compiled as a CGI which did the trick fine. IPv6 support sure is nice though!
Keep on smokin'... I work in banks too, for the UNIX team... but as I posted elsewhere, I cross train on main frames and I can assure you they're not the same thing.. that being said, I prefer OS/390 to Windows NT:)
I asked our main frame guys this, apparently the most common route is to start out as an operator doing stuff like tapes etc and then work your way up...
I work for a large uk bank, and I haven't found this to be the case, whilst I work with the unix security team, I cross train with the main frame guys and gals and here they range from 22 to 60 odd... They're not a bad bunch for a night out either...
I don't agree that working with main frames is boring either, the guys that work on ACF/2 and RACF are extremely highly skilled
One odd thing that ammuses me is the Microsoft like feature of capitalising the dataset if you enter a string containing only capitals... almost makes me expect to see clippy pop up:)
I was considering this just the other day as I purchased 2 CDs, one was from an independant UK label - no problems there, but the other was Blackalicious who are signed to Universal. I ended up buying the CD, I've already dowloaded a fair few songs by them and I'd like to see them get some of my money, even if it is only a dollar or two. How else can we donate to bands like this who are unlikely to tour near me any time soon?
My policy is to give the developer first opportunity to allow them to acknowledge the bug. However, what happens if the developer fails to acknowledge the bug exists? It took CascadeSoft almost 4 months to patch a remote vulnerability I found in W3Mail and even then their fix contained a new hole. Whilst I'm quite happy to sit on a bug if the developer is doing the right thing, bad developers NEED to be named and shamed otherwise they'll never learn.
PS. I'm a nobody in the security world and CascadeSoft have since promised to treat security as a higher priority;>.
Slashdot Mirror
1) In what terms, hardware support, Sun is working real hard to catch up, see the deals with SCO, Dell, the choice of Xorg on Intel for Solaris 10 etc for where the work is being done.
2) It's been ported to PowerPC in the past (indeed SM has suggested there may even be an IBM distro in the future), IA64/AMD64 are ready to go and Sun started off supporting SunOS (prior to Solaris) on 3 different hardware platforms. Not to mention that it's also running on Fujitsu's SPARC hardware. Okay, not quite GNU/Linux or NetBSD portability, but enough to prove it's doable and more than enough for enterprise users. who won't require a build for their toaster.
3) They've already promised it will be OSI approved, as I said in another post here, I suspect given the changes already seen in Solaris 9/10 we'll see a variety of licences depending on circumstances, they've already started importing Open Source projects such as Wu-FTPd, IPFilter, Xorg into their tree, making deals with the likes of SCO for code they don't initially intend to rewrite and rewriting key elements such as the TCP/IP stack and init subsystem to remove propriety code.
4) Unlike GNU/Linux which has no propriety code? You checked all those drivers modules for microcode recently? And that's without mentioning the likes of NVidia.
5) JCP is a reasonably open process, okay not as open as IBM would like, but Sun have been keen to encourage Open Source implementations which is why they open up their standards and APIs.
Sure they will *giggle*, I mean, GNU/Linux has a wonderful history of stable kernel API to support the migration eh? RedHat spend time backporting 2.6 patches back to 2.4, so you can't even assume kernels with the same major number will be compatible. Marvel at how Linus change the interception of system calls in 2.6, how this caused problems for kernel module developers, and how RedHat then ported it back to their 2.4 tree. I'm sorry, but Sun don't believe it's possible to bolt their code on to GNU/Linux which is why they're going down this road in the first place. Can't really see Linus suddenly accepting patches to the kernel to support DTrace, zones, ZFS, FireEngine etc.
Sun are intending to release OpenSolaris under an OSI licence and have even suggested other competing distros may appear. Given the changes seen since Solaris 9 (introduction of OpenSSH, Wu-FTPd, IPFilter, bash, Xorg as part of the default install etc), I suspect Sun will import Open Source code into their tree where they feel it is practical to do so, in other cases they will either settle with the IP owner (see SCO and Microsoft) or develop their own code as a drop in replacement (see smf replacing the old SysV init subsystem). Whatever, given their history, I see no reason why Sun wouldn't choose a liberal license for the opening of their code. Sun kit is now some of the cheapest enterprise kit available and Sun are busy signing up Intel/AMD hardware partners to support Solaris on x86. I don't think their plans will kill GNU/Linux but they will give us all another choice. /. drones remind me of Henry Ford, any OS as long as it's GNU/Linux.
A lot of Slashdot drones would take offense at that description were it applied to Sun. Seems IBM have a similar plan to Sun, but are a lot better at playing the F/OSS card.
Ironically, not only has this provided press on Indymedia, hilighting the clampdown by a right wing government on free speach but it's also likely to improve our infrastructure as we set up round robin DNS and additional mirrors. As of 4am GMT last night, I believe all sites were back up in at least a static form, many with multiple mirrors.
And owner of 4/5 of the IMC UK, DNS and mail servers, I'm quite startled to get back from the pub to this. Couple of interesting links: The global view The local view
Remember the uproar on /. several months ago about their use of GPLd code - they use EZ-IPUpdate. I remember since their Flash updates included a couple of my patches :)
CA would seem to have prior art with their eTrust AC (developed out of SeOS from Memco) product which uses a kernel module to intercept syscalls on Unix, Windows and mainframe platforms and grant/deny access based on rules held by daemons which hold them in a database and add/remove/update them based on requests either from a master policy server and/or userland tools. Wonder how they'll feel about potentially having their legs removed by this patent from marketing the product on Windows.
Powerbroker isn't bad, but aside from the central management it has many of the same issues as sudo. We ended up using eTrust AC which is more like a cross platform implementation of SELinux.. Particularly nice that even once you switch user, eTrust AC track against your originating login, so you can give awayfull root access and then prevent individual actions even once they've switched.
I work for the security team at FTSE100 comapny in the UK. We've just spent several million building an eTrust AC and eTrust Audit audit infrastructure allowing us to manage privileged access and audit use of system resources (files, sockets etc) across several hundred Unix systems running RedHat, AIX, Solaris and HP-UX.
We have centralised management of policies, extremely detailed and centralised audit logs (think Solaris BSM but cross platform and logging to remote audit servers) and as a free gimme, centralised user account management. We could even roll it out to the Win32 infrastructure as this too is supported.
Basically, it's a kernel module which interacts with userland daemons which subscribe to the policy servers along with some userland utilities for managing the polices.
Perhaps this is somewhat overengineered for your requirements but for anyone working in the enterprise I can wholly recommend it. Oh and designing/implementing the infrastructure was a real fun project.
Erm, Solaris has pkill and pgrep for killing and locating process by name and other process attributes.
I work for in IT for a bank too as it happens and we use Remedy with little pain... Of course, without users there'd be no pain but never mind ;o)
Don't. We use Tivoli Identity Manager to provision user access on 300 odd servers at work. Problems include it losing subscribed servers, failing to create shadow entries and/or home directories, not being able to support company standard compliant passwords and crashing with nonsensical error messages every time we try to use it. If the rest of the Tivoli product line is of a similar quality, I'd suggest we'd be better off replacing it with a rather small shell script.
I've an old 366Mhz PII powered Thinkpad 570 (192Mb RAM, 6.4Gb HD) running Debian unstable (it also runs Windows 2K at a reasonable speed in VMware) that I use like this. It weighs in at 4lb exactly and if you can find one on eBay or elsewhere I really recommend it. It's nicely supported by Linux and if you can do without an internal CD-ROM it should fit the bill nicely. Mine cost me just over 300ukp.
Glad to see the GPL is now being honoured, although this issue would have made an interesting test case.
I'm a shade confused though, I can't see any good reason why Linksys rebranded from ez-ipupdate to ipupdate.
Anyway, as far as ez-ipupdate itself goes, the version in the firmware appears to be the same as source that has been released although it is nowhere near the latest version. It doesn't appear LinkSys have made any changes.
IBM own Sequent who designed Dynix. They have plenty enough experience with NUMA from this alone not to have required SCO help in adding NUMA to Linux... (if indeed it was them that submitted the NUMA related patches to the Linux source tree)
Speaking as a contributor to EZ-IPUpdate, which it has alledgedly been included in LinkSys and others products, I'd like to know more. Can anyone point me at a URL giving more details of what has been discovered so far. I've only contributed about 40 lines to the EZ-IPUpdate source tree, but IMO we must do everything we can to enforce the GPL, otherwise the progress made since the founding of the FSF will have been in vain. I'm not talking about financial gain, but simply enforcing the ideals of those kind souls who contribute to the community.
Just done the upgrade myself, and Apache2 appears fine. HOWEVER, I had big problems with the latest mod_php (4.3.1), they seem to have changed the behaviour of includes, so that when you do an include, the pwd becomes the directory in which the include was located. This breaks a lot of web applications such as phpBB2 and Postnuke. I ended up reverting to an older version of PHP (4.2.1) compiled as a CGI which did the trick fine. IPv6 support sure is nice though!
Keep on smokin'... I work in banks too, for the UNIX team... but as I posted elsewhere, I cross train on main frames and I can assure you they're not the same thing.. that being said, I prefer OS/390 to Windows NT :)
I asked our main frame guys this, apparently the most common route is to start out as an operator doing stuff like tapes etc and then work your way up...
I work for a large uk bank, and I haven't found this to be the case, whilst I work with the unix security team, I cross train with the main frame guys and gals and here they range from 22 to 60 odd... They're not a bad bunch for a night out either...
:)
I don't agree that working with main frames is boring either, the guys that work on ACF/2 and RACF are extremely highly skilled
One odd thing that ammuses me is the Microsoft like feature of capitalising the dataset if you enter a string containing only capitals... almost makes me expect to see clippy pop up
You mean like cut?
host slashdot.org | cut -f 4,1 -d " "
I was considering this just the other day as I purchased 2 CDs, one was from an independant UK label - no problems there, but the other was Blackalicious who are signed to Universal. I ended up buying the CD, I've already dowloaded a fair few songs by them and I'd like to see them get some of my money, even if it is only a dollar or two. How else can we donate to bands like this who are unlikely to tour near me any time soon?
snoop (the packet sniffer in Solaris) has had an option to "listen" to packets since at least SunOS 5.6: ... snipped from man snoop ...
/dev/audio (warning: can
OPTIONS
-a Listen to packets on
be noisy).
My policy is to give the developer first opportunity to allow them to acknowledge the bug. However, what happens if the developer fails to acknowledge the bug exists? It took CascadeSoft almost 4 months to patch a remote vulnerability I found in W3Mail and even then their fix contained a new hole. Whilst I'm quite happy to sit on a bug if the developer is doing the right thing, bad developers NEED to be named and shamed otherwise they'll never learn.
;>.
PS. I'm a nobody in the security world and CascadeSoft have since promised to treat security as a higher priority