Actually, the question should be, "which is faster to install the second time around" (keeping your application data intact of course)? The reason I ask this question is because Windows suffers from O/S decay and needs to be reloaded fairly frequently, especially if you have kids or users that love to install software.
Most of you might not know this, but you can build RedHat Linux with a net boot floppy, ftp or nfs server, and that strange file called "anaconda-ks.cfg" in your root directory.
Red Hat Linux is so easy to rebuild and get back to a running state with all your applications, data, and patches.
Windows on the other hand usually requires a week or so, before you can locate all the CD's and license keys for the applications and get back to a useful state. I always DREAD reloading the Windows box, which usually is required about twice a year.
Speaking as the emergency backup holographic DBA who has experience with both MySQL and other Commercial Databases particularaly Oracle, I can give you the following info.
MySQL is small, fast and you can even use it with MS-Access with MyODBC
The drawbacks to MySQL are limited SQL support e.g. (no subselects, no inline views, no stored procedures, and just you TRY to figure out the outerjoin syntax (geez) ), however if you are doing simple queries it's fine. If you want to do more advanced stuff and say have multiple cursors open at the same time you have to use an additional language like Perl with DBD/DBI.
Also, MySQL does not have "read consistency", "row level locking", or the concept of a "transaction" (at least not last time I used it). If you do an insert/update it happens NOW, no need for that pesky SQL "commit".
Again, on the plus side, generally speaking MySQL is FAST for queries! However, when you do hit a snag, it is harder to tune performance and optimize the layout of the database on the physical disks e.g. (You can't partition a table across multiple disks/filesystems and have to rely on RAID0 striping). Also, I don't think there is anything as replication so keeping a hot standby database for failover or disaster recovery can be tricky.
The most important thing to keep in mind is this, "Use the right tool for the job". I still prefer any data I care about or, database that may affect my sleep be an Oracle database. However, replicating data from Oracle to a MySQL database, then using MySQL as the backend for query intensive web applications might make more sense e.g (Amazon-type, Slashdot-type). In this scenario, your data is tucked away securely in an Oracle database, but it feeds a bunch of lowcost, commodity beater boxes that can be quickly deployed to give lowcost scalability and more peace of mind against hacking.
Weigh the importance of your data and "use the right tool for the job". It could be argued that the most valuable asset of a modern company is it's data.
One of my favorite quotes which applies to this situation is: "When the only tool I have is a hammer, every job looks like a nail."
Good Luck!
How many people sent Mrs. Fiorina (CEO) Feedback?
on
HP Backs Off DMCA Threat
·
· Score: 3, Interesting
Last night, when I read about HP swinging the DMCA club I sent their CEO "intelligent feedback". It was polite and used words like "extremely disappointed" and accused HP of shooting the messenger instead of fixing the problem. Additionally, I told her that I wish I had discovered the flaw and had to defend this action and faced a jury.
I imagined the cross examination as follows with HP on the hotseat:
1. Isn't it true that HP learned of this exploit nearly a year ago and has done nothing except try to "silence" someone sounding a critical warning?
2. Can you explain to us what type control a person could have gained over an HP server using this security flaw?
3. Isn't it true that HP servers are used in key government installations, biomedical research labs, and fortune 500 companies and this flaw could have been used to compromise national security and commit corporate espionage?
4. Why would HP delay acting on this information for so long when so much was at risk?
Oh, this would have been soooo much fun to watch on Court TV!
Anyway, I was just curious how many slashdotters fired off a "polite" feedback.
Your elected official doesn't read Slashdot!
on
MPAA vs. Television
·
· Score: 3, Informative
I would like to congratulate all of you who write eloquent replies on Slashdot, however you need to write letters to your "elected officials".
Myself, everytime I read an article on Slashdot which makes my blood boil and pertains to privacy, civil liberties, anti-consumer electronic devices, and/or bad technology legislation, I contact my legislators via email, fax, or snail mail.
Your elected official needs and wants to hear from you on the issues! If they get a mere 10 letters, faxes, or emails on a topic it raises a "red" flag and forces them to look at the issue before unknowing upsetting their constituency.
I urge you to contact these people and let them know what you think on a weekly basis. America is still "Government by the people, for the People."
While you are at it, register to vote!
Lastly, we always hear talk about buying legislation in the form of campaign contributions. Believe it or not, it doesn't cost all that much to buy legislation and once we all get in the habit of contacting our legislative officials and voting, we can donate money to a PAC, donate to campaigns and hire lobbyists. Then the Slashdotter will truly be running with the big dogs, but political involvement has to begin small.
Simple, once these "kids" graduate or leave for other reasons, they will be drunk on the cup of "Free Unlimited" Bandwidth and will have expectation that providers e.g. (ISP's, Cable Companies) provide them with the same level of performance, they had back at college at a "cheap price".
Recently, I took a training class with some of the University of Michigan Network Admins and they were talking about filtering and quoting bandwidth because in the explosion of usage. I explained to them that the solution was to give the students all they could use, so when they leave UofM and head out to the real world, they EXPECT and DEMAND BANDWIDTH. The pathetic amount of bandwidth meagerly doled out by the phone companies is pathetic. The current rate for a T1 is $800 for a measly 1.5MegaBIT, ( yes BIT as opposed to BYTE ). We need higher expectations which will push low cost bandwidth solutions!
Setting expectations is what life is all about and college is a great place to teach it.
Believe it or not, out of all the people in in the world running MS Outlook, fewer than 1% have ever pulled down security patches, see
The Great MS Patch Nobody Uses.
Additionally, the Win2K/NT server guys are afraid to install security patches since they never are really how much of their server is going to break. Often times, Admins will patch the servers which touch the Internet but not the Internal servers for fear of breaking them.
With Code Red, this was quite humorous because the outer servers were patched as soon as the Code Red patch was available, thinking this action would defend the realm against Code Red, but they forgot about the laptop users which brought Code Red in the back door via the local LAN.
But not to worry folks, once we get Palladium hardware in all our servers, this will not happen again right? In fact we won't even have to patch anymore, since everything will be secure and, only secure applications will be allowed to run.
Oh, wait, wouldn't IIS pass the palladium trusted application test?
Why yes it would...... and Code Red would join the list of "Trusted Secure Applications".! Sorry, I have to smack Palladium everytime I get a chance.
All that is needed to make the MPAA and RIAA go away is a new EULA in the P2P software which states that the P2P software may not be used by an entity for the purpose of gaining evidence of copyright violation . The penalty for using the software in this matter will be to provide the person you allege of copyright violation with a legal license.
Click OK to AGREE.
This will stand up in court, or serve to invalidate all other EULA's. Wouldn't that be a catch22.:)
I think the Universe is BIG enough for two Star Wars Episodes I, II, and III. In fact, I think Speilburg should be allowed to make his own Episode I. I'd pay money to see both versions.
Both could exist in parallel time lines as long as the key points in the plot were kept the same, even though I yearn to see Jar Jar get a light saber through his floppy eared head. Then the version with the highest box office gross would become the official version!
If Speilberg did a good enough job, would we allow him to remake Episodes 4,5 and 6? Note: Just because AI sucked doesn't mean Speilberg sucks.
When it comes to security, I have found that training classes and seminars are "cool" and "fun" to watch, but have very little applicability to the configuration at my local site.
I share the same opinion of others. The best way to stay on top of security is to subscribe to Bugtraq. Other subscription lists like CERT and vendor specific lists, are always lagging behind (sometimes as much as WEEKS) since they tend NOT to announce a security issue until the vendor has a fix/patch available. Bugtraq is pretty close to zero day disclosure and is not vendor specific, thus you have to wade through the subjects to see if anything applies to your site. Additionally, BUGTRAQ is moderated which cuts down on the quantity and noise, unlike other sources which can become excessive.
To subscribe to the list, send a message to: bugtraq-subscribe@securityfocus.com
This is my securty mantra, "security is an illusion".
If you are connected to the Internet, you can be hacked. All humans make mistakes and all code is written by humans. The best you can do is manage your risk and increase your odds of not being a hackable target by staying informed and being proficient in application configuration.
My advice is to spend your training money on the specific applications that are Internet facing e.g. (RedHat, Apache, Sendmail, DNS, POP3S, IMAPS, Oracle, MySQL, CISCO IOS), make sure you understand the security configuration and hit it hard in the class. Application Security Mis-configuration and weak passwords are probably the number one source of Internet compromises. Often times if you have your applications locked down and secure, the security exploit of the day may be a non issue.
"The desktop computer industry is dead. Innvoation has virtually ceased. Microsoft dominates with very little innovation. That's over. Apple Lot. The Desktop market has entered the dark ages for the next 10 years, or certainly for the rest of this decade.
Eventually, Microsoft will crumble because of complacency, and maybe some new things will grow. But until that happens, until there's some fundamental technology shift, it's just over.
The two most exciting things happening today are objects and the web."
-- Steve Jobs (Sometime in the 90's)
Well, Steve was right. Microsoft is complacent and has basically assimilated every innovative idea and run the innovators out of business. Now there is nothing new to steal so they just bank their cash in the hopes they can prop up their stock in the future.
I am using this combo as my replacement desktop:
RedHat 7.3 (distro)
Evolution (mua)
KOffice/Open Office/Star Office (office suite)
Cross-Over Office (Run M$ Office 95 native)
Galeon (browser)
WINE
rdesktop (Windows Terminal Server Client)
Open LDAP for authentication
Samba (Connectivity with the Windows World)
This gives you a nice starting point for an OA (Office Automation) platform. The users can get around pretty well here and so far the favorite things are the browser tabs and multiple desktops. Under M$, users tend to stack windows on windows and the multiple desktop concept is a nice way to help them organize and work more efficiently.
Until we can get all the apps to the web or native under Linux, we have been using rdesktop to a Windows terminal server. This is a basically the equivalent of X windows for M$ Windows. It can be a little confusing for the user at first, but gets the job done for that odd application you just can't seem to live without.
Downfalls so far are floppy drive access. Teaching users how to mount/umount floppies to avoid trashing them is hard. Also, cut and paste never seems to work correctly between the various environments and drives me a little nuts. Not being able to install shrink wrap software. Custom firewall software/extranet plugins for e-commerce applications. Lastly, resistance to change and pushback is always present and you have to give users a carrot to get them moving.
We aren't out of the "Desktop Dark Ages" quite yet, but I think we can all see faint light in the distance. Currently, M$ is it's own worst enemy by pressuring everyone to pay up NOW!
I plan to put a webpage up soon, detailing my quest for the Linux desktop.
Slashdot Mirror
Actually, the question should be, "which is faster to install the second time around" (keeping your application data intact of course)? The reason I ask this question is because Windows suffers from O/S decay and needs to be reloaded fairly frequently, especially if you have kids or users that love to install software.
Most of you might not know this, but you can build RedHat Linux with a net boot floppy, ftp or nfs server, and that strange file called "anaconda-ks.cfg" in your root directory.
Red Hat Linux is so easy to rebuild and get back to a running state with all your applications, data, and patches.
Windows on the other hand usually requires a week or so, before you can locate all the CD's and license keys for the applications and get back to a useful state. I always DREAD reloading the Windows box, which usually is required about twice a year.
Which do you dread reloading the most?
Speaking as the emergency backup holographic DBA who has experience with both MySQL and other Commercial Databases particularaly Oracle, I can give you the following info.
MySQL is small, fast and you can even use it with MS-Access with MyODBC
The drawbacks to MySQL are limited SQL support e.g. (no subselects, no inline views, no stored procedures, and just you TRY to figure out the outerjoin syntax (geez) ), however if you are doing simple queries it's fine. If you want to do more advanced stuff and say have multiple cursors open at the same time you have to use an additional language like Perl with DBD/DBI.
Also, MySQL does not have "read consistency", "row level locking", or the concept of a "transaction" (at least not last time I used it). If you do an insert/update it happens NOW, no need for that pesky SQL "commit".
Again, on the plus side, generally speaking MySQL is FAST for queries! However, when you do hit a snag, it is harder to tune performance and optimize the layout of the database on the physical disks e.g. (You can't partition a table across multiple disks/filesystems and have to rely on RAID0 striping). Also, I don't think there is anything as replication so keeping a hot standby database for failover or disaster recovery can be tricky.
The most important thing to keep in mind is this, "Use the right tool for the job". I still prefer any data I care about or, database that may affect my sleep be an Oracle database. However, replicating data from Oracle to a MySQL database, then using MySQL as the backend for query intensive web applications might make more sense e.g (Amazon-type, Slashdot-type). In this scenario, your data is tucked away securely in an Oracle database, but it feeds a bunch of lowcost, commodity beater boxes that can be quickly deployed to give lowcost scalability and more peace of mind against hacking.
Weigh the importance of your data and "use the right tool for the job". It could be argued that the most valuable asset of a modern company is it's data.
One of my favorite quotes which applies to this situation is: "When the only tool I have is a hammer, every job looks like a nail."
Good Luck!
Last night, when I read about HP swinging the DMCA club I sent their CEO "intelligent feedback". It was polite and used words like "extremely disappointed" and accused HP of shooting the messenger instead of fixing the problem. Additionally, I told her that I wish I had discovered the flaw and had to defend this action and faced a jury.
I imagined the cross examination as follows with HP on the hotseat:
1. Isn't it true that HP learned of this exploit nearly a year ago and has done nothing except try to "silence" someone sounding a critical warning?
2. Can you explain to us what type control a person could have gained over an HP server using this security flaw?
3. Isn't it true that HP servers are used in key government installations, biomedical research labs, and fortune 500 companies and this flaw could have been used to compromise national security and commit corporate espionage?
4. Why would HP delay acting on this information for so long when so much was at risk?
Oh, this would have been soooo much fun to watch on Court TV!
Anyway, I was just curious how many slashdotters fired off a "polite" feedback.
I would like to congratulate all of you who write eloquent replies on Slashdot, however you need to write letters to your "elected officials".
Myself, everytime I read an article on Slashdot which makes my blood boil and pertains to privacy, civil liberties, anti-consumer electronic devices, and/or bad technology legislation, I contact my legislators via email, fax, or snail mail.
Your elected official needs and wants to hear from you on the issues! If they get a mere 10 letters, faxes, or emails on a topic it raises a "red" flag and forces them to look at the issue before unknowing upsetting their constituency.
I urge you to contact these people and let them know what you think on a weekly basis. America is still "Government by the people, for the People."
While you are at it, register to vote!
Lastly, we always hear talk about buying legislation in the form of campaign contributions. Believe it or not, it doesn't cost all that much to buy legislation and once we all get in the habit of contacting our legislative officials and voting, we can donate money to a PAC, donate to campaigns and hire lobbyists. Then the Slashdotter will truly be running with the big dogs, but political involvement has to begin small.
Here are some helpful websites to guide you:
U.S. House of Representatives U.S. Senate Congressional News
I fear if we do not act and unite soon, that we will lose control of the Internet and consumer electronics in the name of Patriotism and anti-piracy.
What's the point you ask?
Simple, once these "kids" graduate or leave for other reasons, they will be drunk on the cup of "Free Unlimited" Bandwidth and will have expectation that providers e.g. (ISP's, Cable Companies) provide them with the same level of performance, they had back at college at a "cheap price".
Recently, I took a training class with some of the University of Michigan Network Admins and they were talking about filtering and quoting bandwidth because in the explosion of usage. I explained to them that the solution was to give the students all they could use, so when they leave UofM and head out to the real world, they EXPECT and DEMAND BANDWIDTH. The pathetic amount of bandwidth meagerly doled out by the phone companies is pathetic. The current rate for a T1 is $800 for a measly 1.5MegaBIT, ( yes BIT as opposed to BYTE ). We need higher expectations which will push low cost bandwidth solutions!
Setting expectations is what life is all about and college is a great place to teach it.
Cheap, Unlimited, Bandwidth to the masses NOW!
Believe it or not, out of all the people in in the world running MS Outlook, fewer than 1% have ever pulled down security patches, see The Great MS Patch Nobody Uses.
Additionally, the Win2K/NT server guys are afraid to install security patches since they never are really how much of their server is going to break. Often times, Admins will patch the servers which touch the Internet but not the Internal servers for fear of breaking them. With Code Red, this was quite humorous because the outer servers were patched as soon as the Code Red patch was available, thinking this action would defend the realm against Code Red, but they forgot about the laptop users which brought Code Red in the back door via the local LAN.
But not to worry folks, once we get Palladium hardware in all our servers, this will not happen again right? In fact we won't even have to patch anymore, since everything will be secure and, only secure applications will be allowed to run.
Oh, wait, wouldn't IIS pass the palladium trusted application test?
Why yes it would...... and Code Red would join the list of "Trusted Secure Applications".!
Sorry, I have to smack Palladium everytime I get a chance.
Yes, this in tongue in cheek.
:)
All that is needed to make the MPAA and RIAA go away is a new EULA in the P2P software which states that the P2P software may not be used by an entity for the purpose of gaining evidence of copyright violation . The penalty for using the software in this matter will be to provide the person you allege of copyright violation with a legal license.
Click OK to AGREE.
This will stand up in court, or serve to invalidate all other EULA's. Wouldn't that be a catch22.
I think the Universe is BIG enough for two Star Wars Episodes I, II, and III. In fact, I think Speilburg should be allowed to make his own Episode I. I'd pay money to see both versions.
Both could exist in parallel time lines as long as the key points in the plot were kept the same, even though I yearn to see Jar Jar get a light saber through his floppy eared head. Then the version with the highest box office gross would become the official version!
If Speilberg did a good enough job, would we allow him to remake Episodes 4,5 and 6? Note: Just because AI sucked doesn't mean Speilberg sucks.
When it comes to security, I have found that training classes and seminars are "cool" and "fun" to watch, but have very little applicability to the configuration at my local site.
I share the same opinion of others. The best way to stay on top of security is to subscribe to Bugtraq. Other subscription lists like CERT and vendor specific lists, are always lagging behind (sometimes as much as WEEKS) since they tend NOT to announce a security issue until the vendor has a fix/patch available. Bugtraq is pretty close to zero day disclosure and is not vendor specific, thus you have to wade through the subjects to see if anything applies to your site. Additionally, BUGTRAQ is moderated which cuts down on the quantity and noise, unlike other sources which can become excessive.
To subscribe to the list, send a message to:
bugtraq-subscribe@securityfocus.com
This is my securty mantra, "security is an illusion".
If you are connected to the Internet, you can be hacked. All humans make mistakes and all code is written by humans. The best you can do is manage your risk and increase your odds of not being a hackable target by staying informed and being proficient in application configuration.
My advice is to spend your training money on the specific applications that are Internet facing e.g. (RedHat, Apache, Sendmail, DNS, POP3S, IMAPS, Oracle, MySQL, CISCO IOS), make sure you understand the security configuration and hit it hard in the class. Application Security Mis-configuration and weak passwords are probably the number one source of Internet compromises. Often times if you have your applications locked down and secure, the security exploit of the day may be a non issue.
Good Luck!
"The desktop computer industry is dead. Innvoation has virtually ceased. Microsoft dominates with very little innovation. That's over. Apple Lot. The Desktop market has entered the dark ages for the next 10 years, or certainly for the rest of this decade.
Eventually, Microsoft will crumble because of complacency, and maybe some new things will grow. But until that happens, until there's some fundamental technology shift, it's just over.
The two most exciting things happening today are objects and the web."
-- Steve Jobs (Sometime in the 90's)
Well, Steve was right. Microsoft is complacent and has basically assimilated every innovative idea and run the innovators out of business. Now there is nothing new to steal so they just bank their cash in the hopes they can prop up their stock in the future.
I am using this combo as my replacement desktop:
RedHat 7.3 (distro)
Evolution (mua)
KOffice/Open Office/Star Office (office suite)
Cross-Over Office (Run M$ Office 95 native)
Galeon (browser)
WINE
rdesktop (Windows Terminal Server Client)
Open LDAP for authentication
Samba (Connectivity with the Windows World)
This gives you a nice starting point for an OA (Office Automation) platform. The users can get around pretty well here and so far the favorite things are the browser tabs and multiple desktops. Under M$, users tend to stack windows on windows and the multiple desktop concept is a nice way to help them organize and work more efficiently.
Until we can get all the apps to the web or native under Linux, we have been using rdesktop to a Windows terminal server. This is a basically the equivalent of X windows for M$ Windows. It can be a little confusing for the user at first, but gets the job done for that odd application you just can't seem to live without.
Downfalls so far are floppy drive access. Teaching users how to mount/umount floppies to avoid trashing them is hard. Also, cut and paste never seems to work correctly between the various environments and drives me a little nuts. Not being able to install shrink wrap software. Custom firewall software/extranet plugins for e-commerce applications. Lastly, resistance to change and pushback is always present and you have to give users a carrot to get them moving.
We aren't out of the "Desktop Dark Ages" quite yet, but I think we can all see faint light in the distance. Currently, M$ is it's own worst enemy by pressuring everyone to pay up NOW!
I plan to put a webpage up soon, detailing my quest for the Linux desktop.