At our company the only way to submit a problem ticket is via a web browser. I still haven't figured out how to submit a ticket when my computer won't boot. This is for real at a fortune 500 company.
The same way the welfare crew in my town calls 911 for an ambulance because they have a headache. They go to the one trailer out of 15 that has a phone and tells that person to call 911.
The ambulance ends up getting dispatched to an 'unknown medial somewhere in the trailer park'
I was indeed mistaken (realised it a bit after I had sent the post). The card has three outputs: a VGA port, an S-VHS port and... a DVI port. The DVI port is connected to the HDMI entry of the LCD screen. Now, does that change anything to whether X is stable or not?
No, but it does put into question the other statements you make. Will you be offering the same apology later? 'I was indeed mistaken (realized it a bit after I had sent the post). It appears it wasn't X crashing, but rather my video card due to overheating because my computer is 10 years old and full of dust.'
As a bonus you have 100% control over what gets pushed to your machines.
I am not a debian packager...can you use meta-packages to force removal of an existing installed package? Lets say you update blah-desktop-graphics to install GIMP and then later you want to have it removed and install something different, can you push out a removal of GIMP?
Self-updating is not problem, apt-cron etc will handle that.
The problem is, I have new software which I need to deploy to 4000 machines overnight.
Do I really have to reimage 4000 machines to achieve that goal?
Re-imaging is not a solution--because like you said, it would wipe all the files on the machines and remove the customization, etc...
The same would happen with windows.
In a Microsoft environment, the easiest way (and cheapest way I've found) is to get an MSI package. Deploy it with group policy.
Use a similar packaging system in debian-like distros. Create a deb. Add it to the software repository for users to download--or use something like 'cssh' to issue the command 'apt-get install mypackage' on a bazillion machines.
I suppose if you wanted it more automated, you could create a virtual package (in the same vein as ubuntu-desktop or whatever) and just update the package to include your new package. Then the nightly apt-cron jobs would update the systems.
I have yet to find a free tool, operating system, and/or packaging format that makes deploying software to a ton of machines easy.
Although since I don't have too many linux desktops to manage, it's not worth too much of my time to go searching...
On windows environment you use active directory and sus.
How do you centrally manage software installs and permissions on thousands of machines with oss?
Handful of servers is easy to handle but how are logins and home directories handled in environment this scale?
RedHat has a tool too--I'm not sure what it's called, I haven't RH or Centos in years.
There are lots of directory solutions too. AD is essentially LDAP with a few MS extensions. Most linux boxen now-a-days can hook into AD. On the flip-side, you can use plain 'ol LDAP if you have no Windows machines.
You can run apt-mirror on debian-like distros. You mirror all the updates locally on a machine and have all the others download from it.
There's even been talk recently of a bittorrent-like download system where you can download from neighbors on the network that have already downloaded the patch you need.
We run Openfire as well. Spark is multiplatform (Windows, Linux and Mac) but, as you can read from the other comments, it's not so great.
I used something similar. A linux box running ejabberd with a script that runs every night to sync accounts with AD. I used the shared rosters to put people into groups (until they support rosters from AD groups). Then I used the spark client because it was the only one I found with an MSI package (the company is almost entirely Windows except for the jabber server), and then I deployed it through Group Policy.
Finally, I wrote a quick VB Script that runs on login and checks if a user has a.profile or whatever it is in the Spark directory. If not, it pre-populates the file with a username, server connection info, and some sane defaults. Then checks to make sure the spark client is in the Startup group. Finally Spark launches, tries to autologin and fails (because we can't pre-populate the users passwords, they are unknown). Then the user just has to enter their password and hit enter.
Not the most elegant solution, but once Pidgin has an MSI installer, and an easy way for admins to pre-configure it for massive installs, I'll stick with the Spark client. Of course users can use whatever client they want too.
Honestly, I've never used the Openfire server or whatever it's called--I looked at the word 'java' and said 'F*ck that. Not on a 500 MHz box.'
I only have around 250 users connected at any one time, but ejabberd handles it well with very little memory usage.
I thought I was buying a DIA circuit - as in Direct Internet Access - but apparently you don't exactly do that. That's a breach of contract - that's a violation of your SLA - I want out of my contract now
Sprint's reply: "Okay *flip*. Call us when you realize that getting a T1/T3 takes weeks. By the way, we charge a $1000 installation fee."
After I talked w/ my sales rep earlier today, my new response is: "Ok Sprint, have it your way. I'm calling Comcast. Oh--you didn't hear they just upgraded their local network? Yeah, it's called DOCSIS 3.0. Oh--and within the next 30 days they will be providing 50 Mb down, 20 Mb up service. Oh--and it's less than your f*cking T1. Hell--it's less than most ISDN service."
"Oh yeah--I could also get 'guaranteed' T1 speed from them for about $100/mo--so f*ck you Sprint. F*ck you and your $1,000 fee."
Everyone? Speak for yourself. All Web-based applications that I write now accept Yadis (specifically OpenID) as an alternative/complement to traditional username/password authentication where authentication is a requirement.
Anything the slashdot crowd might be familiar with, or are you talking about your personal website?
I consume OpenIDs in webapps, but they aren't public, so me stating that I use it in all my webapps doesn't f*cking matter.
You have no idea what 5 9's are all about if you think that one box can handle it.
Yeah, I do know what 5 9's are all about.
You could do it with one box--but you'd have to be damn lucky.
The point I was trying to make is that I have a handful of linux boxes at various client sites doing things like intranets, spam filtering, IM servers, etc...most of them have 5 9's of uptime BY ACCIDENT. It's not like I'm promising the clients 5 9's of uptime or anything--I just maintain the box and it gets it. Sure, one of these days a drive will fail, and my response time will be 30 minutes or so, and my stats will be gone.
I never get that on a Windows box. Ever.
Not even if I'm trying.
As Windows 2000 is affected by this vulnerability, I'm wondering if NT4 is as well. There's a still a sprinkle of NT4 servers about hidden in the back of server rooms. Will this be the push to finally replace them?
Hell no. If you still have an NT4 server around, the only thing that will get it replaced is to drive a silver stake through the hard drive and dump it off the nearest bridge.
Damn me and my refusal to run any MS software at home... If only I had a vmware image of XP. I wonder if WINE emulates windows well enough to attack another machine...
Would be strange that you can't afford the USD600+ (inclusive of the 2 x 500GB drives for storing all those vmware images), if you're doing this as a business. Maybe you should bill those companies a bit more.
I don't know about the grandparent, but I'd rather take that money home. If a company wants a patching/testing infrastructure, they can pay for it instead of me having to cut my already slim profit-margins.
To be blunt, no small business wants to pay double for their SBS install--because that's what it would take to get a real server and a test server--or a real server and a VM. (Need more memory and space in the real server for the VM.)
Many clients are fine with leaving it up to MS to get the patches right, not patching at all, or delaying all patch installs by 1 week.
I have tons of clients running SBS 2003. They've been running SBS 2003 since the time SBS 2003 came out. Not a single catastrophic server failure in 5ish years due to software updates.
Seriously--if there were a huge update fuckup, I'd hear about it on Slashdot within a few days and I could delay the patch by another week so MS can fix it.
You don't acheive that with a single Linux box either
Wow--5.3 minutes per year? Shit--that's like 8 reboots on my linux box...
Even though they release kernel updates for my distro about once per month, most of them involve being a local user to exploit some strange privilege in some strange area of the kernel that I don't use--and I don't have local user accounts except for root and a few services like maybe mail, dns, and/or possibly apache. So once you take out all the updates that aren't remotely exploitable, I end up with about 3 reboots per year--and those take under 1 minute before I'm back in operation.
That beats five 9's.
I've never touched Vista or Windows Server 2008...how long do they take to boot on something like an Intel 2.4 GHz machine w/ 1 GB RAM? (I mean boot fully, and have IIS, SQL, etc.. started?)
You may legitimately disagree with my choice, but I have my reasons and I'm sure you have yours. Most Linuxes make great servers, so it's really choosing your favorite incarnation of "awesome."
Damnit! Stop doing that. Your job on Slashdot is to perpetuate the holy OS wars. If you start to lose an argument based in 'nuh uh, yeah huh' then immediately question the person's choice of vi verses emacs.
Never EVER admit that something may come down to personal preference unless you are willing to follow it up by blatantly trashing said person's personal preference by calling them 'dumb' or 'retarded'. Finally, if you are totally and completely losing the argument, link to final irrefutable proof: like this
replace it with nothing. Just eliminate it. It would simplify life at no cost.
It should be replaced with one standard time everywhere.
I don't have to worry that our companies both open at 8:00 AM, but you're on the east coast and I'm on the west coast, so that's um...uh....*google*...4 hours difference?
Screw timezones. Your company can open at 8:00 AM on the east coast (when the sun comes up there), and I can open my company at 10:00 (when the sun comes up here). Everyone would quickly adjust to the new time. Instead of working 9a-5p on the west coast, you'd work 1p-9p....
The whole problem is caused by the fact that we are changing the measurement of time instead of the amount of time.
When I make pancakes, the recipe calls for 2 cups of flower and 1 cup of water. Not 1 cup of flower and 1 cup of water, but the 1 cup of flower is a different sized container we decided to also call 1 cup.
Same thing with time. Stop setting time forward and back. Time isn't actually skipping forward or backward. Use the existing daylight savings dates as the days when some companies may or may not decide to start and end work an hour earlier/later.
Thank you very much. I just wasted several minutes trying to figure out what the f*ck 'namgge' was in relation to law. Then I realized you're one of those people who sign their name without separating it from the rest of the post...
Precisely... as i'm reading this article and replying to you, i'm downloading the new episode of True Blood, the first season of Terminator: The sarah connor chronicles, Seasons 1-10 of Top Gear and The whole series of Rocko's Modern life... To Microsoft: I thumb my nose at you and your silly Anti-piracy Day.
Anti-piracy day made me laugh. Today I just handed over my last Windows CD and license sticker which I never affixed to the case of my old machine to a friend who was denied activation on a new install.
Fuck Microsoft.
I know I just 'enabled' my friend to run Windows XP for another year, but eventually he'll see the light--and now I can say I'm completely MS free. I haven't had Windows XP installed in years, and I finally ditched the last of my install media.
How's that for anti-piracy day? I no longer have any software in my house that anyone can pirate.
I've been putting Ubuntu on anyone's computer who asks me to "fix" it for quite some time now.
You must run into the occasional irate friend or family member, huh? "I wanted you to fix the margins on my word document you little shit--and here I come back an hour later and you've got this Ubuntu crap on my computer? How come I can't open my finances? Where's Microsoft Money? That's the last straw. I have no son!"
Slashdot Mirror
At our company the only way to submit a problem ticket is via a web browser. I still haven't figured out how to submit a ticket when my computer won't boot. This is for real at a fortune 500 company.
The same way the welfare crew in my town calls 911 for an ambulance because they have a headache. They go to the one trailer out of 15 that has a phone and tells that person to call 911.
The ambulance ends up getting dispatched to an 'unknown medial somewhere in the trailer park'
I was indeed mistaken (realised it a bit after I had sent the post). The card has three outputs: a VGA port, an S-VHS port and... a DVI port. The DVI port is connected to the HDMI entry of the LCD screen. Now, does that change anything to whether X is stable or not?
No, but it does put into question the other statements you make. Will you be offering the same apology later? 'I was indeed mistaken (realized it a bit after I had sent the post). It appears it wasn't X crashing, but rather my video card due to overheating because my computer is 10 years old and full of dust.'
As a bonus you have 100% control over what gets pushed to your machines.
I am not a debian packager...can you use meta-packages to force removal of an existing installed package? Lets say you update blah-desktop-graphics to install GIMP and then later you want to have it removed and install something different, can you push out a removal of GIMP?
Self-updating is not problem, apt-cron etc will handle that.
The problem is, I have new software which I need to deploy to 4000 machines overnight. Do I really have to reimage 4000 machines to achieve that goal?
Re-imaging is not a solution--because like you said, it would wipe all the files on the machines and remove the customization, etc...
The same would happen with windows.
In a Microsoft environment, the easiest way (and cheapest way I've found) is to get an MSI package. Deploy it with group policy.
Use a similar packaging system in debian-like distros. Create a deb. Add it to the software repository for users to download--or use something like 'cssh' to issue the command 'apt-get install mypackage' on a bazillion machines.
I suppose if you wanted it more automated, you could create a virtual package (in the same vein as ubuntu-desktop or whatever) and just update the package to include your new package. Then the nightly apt-cron jobs would update the systems.
I have yet to find a free tool, operating system, and/or packaging format that makes deploying software to a ton of machines easy.
Although since I don't have too many linux desktops to manage, it's not worth too much of my time to go searching...
On windows environment you use active directory and sus.
How do you centrally manage software installs and permissions on thousands of machines with oss? Handful of servers is easy to handle but how are logins and home directories handled in environment this scale?
If you're using Ubuntu, use landscape.
RedHat has a tool too--I'm not sure what it's called, I haven't RH or Centos in years.
There are lots of directory solutions too. AD is essentially LDAP with a few MS extensions. Most linux boxen now-a-days can hook into AD. On the flip-side, you can use plain 'ol LDAP if you have no Windows machines.
You can run apt-mirror on debian-like distros. You mirror all the updates locally on a machine and have all the others download from it.
There's even been talk recently of a bittorrent-like download system where you can download from neighbors on the network that have already downloaded the patch you need.
We run Openfire as well. Spark is multiplatform (Windows, Linux and Mac) but, as you can read from the other comments, it's not so great.
I used something similar. A linux box running ejabberd with a script that runs every night to sync accounts with AD. I used the shared rosters to put people into groups (until they support rosters from AD groups). Then I used the spark client because it was the only one I found with an MSI package (the company is almost entirely Windows except for the jabber server), and then I deployed it through Group Policy.
.profile or whatever it is in the Spark directory. If not, it pre-populates the file with a username, server connection info, and some sane defaults. Then checks to make sure the spark client is in the Startup group. Finally Spark launches, tries to autologin and fails (because we can't pre-populate the users passwords, they are unknown). Then the user just has to enter their password and hit enter.
Finally, I wrote a quick VB Script that runs on login and checks if a user has a
Not the most elegant solution, but once Pidgin has an MSI installer, and an easy way for admins to pre-configure it for massive installs, I'll stick with the Spark client. Of course users can use whatever client they want too.
Honestly, I've never used the Openfire server or whatever it's called--I looked at the word 'java' and said 'F*ck that. Not on a 500 MHz box.'
I only have around 250 users connected at any one time, but ejabberd handles it well with very little memory usage.
I thought I was buying a DIA circuit - as in Direct Internet Access - but apparently you don't exactly do that. That's a breach of contract - that's a violation of your SLA - I want out of my contract now
Sprint's reply: "Okay *flip*. Call us when you realize that getting a T1/T3 takes weeks. By the way, we charge a $1000 installation fee."
After I talked w/ my sales rep earlier today, my new response is: "Ok Sprint, have it your way. I'm calling Comcast. Oh--you didn't hear they just upgraded their local network? Yeah, it's called DOCSIS 3.0. Oh--and within the next 30 days they will be providing 50 Mb down, 20 Mb up service. Oh--and it's less than your f*cking T1. Hell--it's less than most ISDN service."
"Oh yeah--I could also get 'guaranteed' T1 speed from them for about $100/mo--so f*ck you Sprint. F*ck you and your $1,000 fee."
Everyone? Speak for yourself. All Web-based applications that I write now accept Yadis (specifically OpenID) as an alternative/complement to traditional username/password authentication where authentication is a requirement.
Anything the slashdot crowd might be familiar with, or are you talking about your personal website?
I consume OpenIDs in webapps, but they aren't public, so me stating that I use it in all my webapps doesn't f*cking matter.
You have no idea what 5 9's are all about if you think that one box can handle it.
Yeah, I do know what 5 9's are all about.
You could do it with one box--but you'd have to be damn lucky.
The point I was trying to make is that I have a handful of linux boxes at various client sites doing things like intranets, spam filtering, IM servers, etc...most of them have 5 9's of uptime BY ACCIDENT. It's not like I'm promising the clients 5 9's of uptime or anything--I just maintain the box and it gets it. Sure, one of these days a drive will fail, and my response time will be 30 minutes or so, and my stats will be gone.
I never get that on a Windows box. Ever.
Not even if I'm trying.
MS Windows & Joe Camel...
The only problem is that I haven't had a Windows box in my house for years...
As Windows 2000 is affected by this vulnerability, I'm wondering if NT4 is as well. There's a still a sprinkle of NT4 servers about hidden in the back of server rooms. Will this be the push to finally replace them?
Hell no. If you still have an NT4 server around, the only thing that will get it replaced is to drive a silver stake through the hard drive and dump it off the nearest bridge.
you probably shouldn't click that unless you trust the owner/controller of milw0rm.com to not infect whichever system you have. </warning >
darkpixel@hoth:~/tmp$ uname -a
...hmm...
.
./MS08-067.c: OK
./srvsvc.h: OK
./srvsvc_c.c: OK
./mem.h: OK
./srvsvc.idl: OK
./MS08-067.exe: OK
./srvsvc_s.c: OK
Linux hoth 2.6.27-7-generic #1 SMP Fri Oct 24 06:42:44 UTC 2008 i686 GNU/Linux
I feel pretty safe...
*time passes*
*time passes*
darkpixel@hoth:~/tmp$ wget -c http://milw0rm.com/sploits/2008-MS08-067.rar
*snip*
MS08-067.rar' saved [12506/12506]
darkpixel@hoth:~/tmp$ unrar e 2008-MS08-067.rar
*snip*
darkpixel@hoth:~/tmp$ clamscan
----------- SCAN SUMMARY -----------
Known viruses: 454416
Engine version: 0.94.1rc1
Scanned directories: 1
Scanned files: 7
Infected files: 0
Data scanned: 0.11 MB
Time: 6.840 sec (0 m 6 s)
darkpixel@hoth:~/tmp$ wine MS08-067.exe
fixme:system:SetProcessDPIAware stub!
fixme:iphlpapi:NotifyAddrChange (Handle 0x7d8699f8, overlapped 0x7d8699dc): stub
fixme:shell:DllCanUnloadNow stub
MS08-067 Exploit for CN by EMM@ph4nt0m.org
MS08-067.exe <Server>
darkpixel@hoth:~/tmp$
Damn me and my refusal to run any MS software at home... If only I had a vmware image of XP. I wonder if WINE emulates windows well enough to attack another machine...
Would be strange that you can't afford the USD600+ (inclusive of the 2 x 500GB drives for storing all those vmware images), if you're doing this as a business. Maybe you should bill those companies a bit more.
I don't know about the grandparent, but I'd rather take that money home. If a company wants a patching/testing infrastructure, they can pay for it instead of me having to cut my already slim profit-margins.
To be blunt, no small business wants to pay double for their SBS install--because that's what it would take to get a real server and a test server--or a real server and a VM. (Need more memory and space in the real server for the VM.)
Many clients are fine with leaving it up to MS to get the patches right, not patching at all, or delaying all patch installs by 1 week.
I have tons of clients running SBS 2003. They've been running SBS 2003 since the time SBS 2003 came out. Not a single catastrophic server failure in 5ish years due to software updates.
Seriously--if there were a huge update fuckup, I'd hear about it on Slashdot within a few days and I could delay the patch by another week so MS can fix it.
Oh yeah? Well, uh, nyah.
You made that post 51 minutes after he did. So close, but forever in his shadow :-)
5 nines is ~5.3 minutes downtime per year
You don't acheive that with a single Linux box either
Wow--5.3 minutes per year? Shit--that's like 8 reboots on my linux box...
Even though they release kernel updates for my distro about once per month, most of them involve being a local user to exploit some strange privilege in some strange area of the kernel that I don't use--and I don't have local user accounts except for root and a few services like maybe mail, dns, and/or possibly apache. So once you take out all the updates that aren't remotely exploitable, I end up with about 3 reboots per year--and those take under 1 minute before I'm back in operation.
That beats five 9's.
I've never touched Vista or Windows Server 2008...how long do they take to boot on something like an Intel 2.4 GHz machine w/ 1 GB RAM? (I mean boot fully, and have IIS, SQL, etc.. started?)
You may legitimately disagree with my choice, but I have my reasons and I'm sure you have yours. Most Linuxes make great servers, so it's really choosing your favorite incarnation of "awesome."
Damnit! Stop doing that. Your job on Slashdot is to perpetuate the holy OS wars. If you start to lose an argument based in 'nuh uh, yeah huh' then immediately question the person's choice of vi verses emacs.
Never EVER admit that something may come down to personal preference unless you are willing to follow it up by blatantly trashing said person's personal preference by calling them 'dumb' or 'retarded'. Finally, if you are totally and completely losing the argument, link to final irrefutable proof: like this
If you make your pancakes with flower and water, I can't imagine they'd taste very good. A little too fragrant, I expect.
Damn--I should have made a car analogy...maybe something about gas tank sizes...hmm...
replace it with nothing. Just eliminate it. It would simplify life at no cost.
It should be replaced with one standard time everywhere.
I don't have to worry that our companies both open at 8:00 AM, but you're on the east coast and I'm on the west coast, so that's um...uh....*google*...4 hours difference?
Screw timezones. Your company can open at 8:00 AM on the east coast (when the sun comes up there), and I can open my company at 10:00 (when the sun comes up here). Everyone would quickly adjust to the new time. Instead of working 9a-5p on the west coast, you'd work 1p-9p....
The whole problem is caused by the fact that we are changing the measurement of time instead of the amount of time.
When I make pancakes, the recipe calls for 2 cups of flower and 1 cup of water. Not 1 cup of flower and 1 cup of water, but the 1 cup of flower is a different sized container we decided to also call 1 cup.
Same thing with time. Stop setting time forward and back. Time isn't actually skipping forward or backward. Use the existing daylight savings dates as the days when some companies may or may not decide to start and end work an hour earlier/later.
Time pisses me off.
Nope. I didn't say I put Ubuntu on there without talking to them about it first. I just refuse to do anything with Windows.
Sorry, I was attempting humor. I promise I won't do it again.
File a lawsuit for what?
Tort.
Namgge
Thank you very much. I just wasted several minutes trying to figure out what the f*ck 'namgge' was in relation to law. Then I realized you're one of those people who sign their name without separating it from the rest of the post...
See--here's how us 'normies' do it:
-darkpixel
You can't just "file a lawsuit," you have to allege some particular violation of civil law.
Not in the U.S.
Right--if she puts the words 'emotional distress', and or 'anguish' into her lawsuit, the case will be hers from day one.
The company BOTH cares about their data AND can't afford a proper backup system.
In this case, linux has one last resort for you:
sudo apt-get install bible
darkpixel@hoth:~$ bible
bible: Debian/BRS Release 4.18, $Date: 2005/01/23 11:29:22 $
Hit '?' for help.
-snip-
bible(KJV) [Gen1:1]> ec3:6
Ecclesiastes 3
6 A time to get, and a time to lose; a time to keep, and a time to cast away;
bible(KJV) [Ec3:6]>
Mainly pay attention to that whole '...and a time to lose' part.
Precisely... as i'm reading this article and replying to you, i'm downloading the new episode of True Blood, the first season of Terminator: The sarah connor chronicles, Seasons 1-10 of Top Gear and The whole series of Rocko's Modern life... To Microsoft: I thumb my nose at you and your silly Anti-piracy Day.
Anti-piracy day made me laugh. Today I just handed over my last Windows CD and license sticker which I never affixed to the case of my old machine to a friend who was denied activation on a new install.
Fuck Microsoft.
I know I just 'enabled' my friend to run Windows XP for another year, but eventually he'll see the light--and now I can say I'm completely MS free. I haven't had Windows XP installed in years, and I finally ditched the last of my install media.
How's that for anti-piracy day? I no longer have any software in my house that anyone can pirate.
I've been putting Ubuntu on anyone's computer who asks me to "fix" it for quite some time now.
You must run into the occasional irate friend or family member, huh? "I wanted you to fix the margins on my word document you little shit--and here I come back an hour later and you've got this Ubuntu crap on my computer? How come I can't open my finances? Where's Microsoft Money? That's the last straw. I have no son!"
Once you get over the fact that everything is in different places you realize that the ribbon actually hinders a lot of tasks.
Fixed that for you.