It is not a Zope 3 app and although it leverages Zope 3 components certainly it is not based on zope 3 Component Architecture
Re:Sudo is only useful when there are lots of admi
on
Sudo vs. Root
·
· Score: 2, Interesting
That's right.
What many linux affectionados do not realize is there are many much more advanced power user control systems then sudo. My favorite example is RBAC which has, unlike sudo, some corporate/security professional appeal. See there. It is mostly used on Solaris where the integration level is impressive. For example we can make a requirement that some operations can be only performed by two admins (a "two men rule" ).
Sure, sudo can also can be taken to a much higher level when properly configured, but still;-)
Fedora Directory Server http://directory.fedora.redhat.com/wiki/Main_Page and Sun Java Directory http://www.sun.com/software/products/directory_srv r/home_directory.xml are both derived from old Netscape LDAP solution and I can highly recommend it.
Time based ACI are supported with no problem and you are also free to provide directory services to MS products. To this end you can choose either the samba (which means extending the schema) or some fancy access manager http://www.sun.com/software/products/access_mgr/in dex.xml like solution.
It is often neglected in discussions on the subject how important it is to make sure you got binding permissions right. If you forbid access to some identity based on time of the day constraints make sure this identity will always try to bind to the directory as "self" - not some other (higher) identity.
No.
You need to turn "hdd0" as an only bootable device.
You protect changing the bios with an password.
Sure this is not that secure. But breaking in would take too much time.
But it doesn't cover the ground completely. There's
lot of stuff aimed specifically for systems Linux
is currently not able to reach (and won't be for some time, IMHO). The main reasons are:
major differences in thread library implementation
incompatible VM system
some subtle differences in basic libraries - things like Solaris gethrtime for example
Such things are commonly used by software on big-iron machines Sun and IBM sell and that's why
Solaris and AIX are certified.
The second major issue is the plethora of possible Linux configurations - distributions, versions, kernel, system security levels etc. It is usually
seen as balkanization by big-iron folks.
Ask Ulrich Drepper if Linux will get The Open Group certificate;-)
I don't get. I'm really not into flame wars of any kind. But it so happens more and more often - good technical comments are modded down for political reasons.
Well, most of that stuff is interesting to web-app people. It is a simple fact that at moment there's
*huge* pressure for OSS to catch up with J2EE related stuff and kill all those BEA or IBM implementations.
It is a pity all those people choose Java for that job instead of for example python... Java is not a perfect language but is already slated to fulfill
all those *beautiful abstractions* promises by academics and now industry.
Having more then a single profile is really handy when doing web programming stuff. You can test multiple cookies sets and test your web app with diffrent security levels, etc.
I was really suprised when I had to switch to httpd-2.xx when I moved on to a Ldap based setup using padl nss_ldap library. (No apache ldap modules involved).
CGI with suexec on 1.3.xx just wouldn't work. All I had were segfaults;-).
Problem vanished when I upgraded to apache2. Now all my CGI users are happy. And, of course I run apache in prefork mode;-).
I've generally had mixed results with autoconf and especially libtool. They are widely abused, often ignoring my environment variables and sometimes even writing broken makefiles. They are complex enough that debugging them is a nightmare. There has been more than one occasion that I wished for a simple file with a simple list of dependencies that I can simply say "lib XYZ is here, dammit."
Well, my experience is diffrent. Sendmail m4 build system experiance counts;-). AFAIK Sun still recomnds hand editing of the cf file;-))).
Eterm? I generally have few problems with Sun's vi, and those problems are almost always related to terminal type issues over telnet to/from Linux.
Terminal types are a UNIX problem, not just a Solaris and Linux problem.
C'mon, solaris terminfo is just broken. That's a reason for lots of problems. vi is unusable if you're on not on serial.
Additional SUNW packages typically get installed under/opt. They generally won't conflict with operating system patches that go under/kernel and/usr.
Not true. SUNW packages rarely install in/opt.
But it's not the point. What I meant is you can't really get them patched unless you manually go thru all your patches and uninstall them (if you can;-) and install once again.
Cheers,
patchcheck is broken. Use (GPL-ed) pca.pl instead.
It will let you control patches for you specific install easly.
Still, the Sun patching concepts amuses me. I hate
the fact I have to make workorounds for the whole thing whenever I add a single additional SUNW package.
Yes, I do worship the autoconf god. Like it or not - it is one of the main reasons for unix software viability nowadays.
And please don't troll on sent-god Sun userland tools. Have you ever used Solaris default vi in a Eterm window ? What do you do with patches applied previously when you install additional SUNW packages ?
This is good software but I have no doubt Sun forgotten of several issues last 10 years or so.
The whole point about XML is to enable interoperability. You know, some people like editing sendmail.cf file, but some would rather pack the thing into something that validates...
TTW = through the web
TTW is actually two separate things:
html textarea you probably know,
webdev/ftp remote access
It is important because it enables access regardless
of location, data gathering through xmlrpc/rss channels and, most importantly gives possibilty of setting up the permition system without giving people shell account and messing up with fiilesystem.
ZODB is important because:
makes all that possible,
enables some really funky stuff with urls (remember acquisition ?),
makes room for some unique cataloging capabilities (remember ZCatalog ?)
Slashdot Mirror
Yup, the wole "problem" has become to look so silly that some zope3 leading developers are planning
to turn the zope3 revolution upside downCPS 3.4 is a Zope 2.9 app
It is not a Zope 3 app and although it leverages Zope 3 components certainly it is not based on zope 3 Component Architecture
That's right.
What many linux affectionados do not realize is there are many much more advanced power user control systems then sudo. My favorite example is RBAC which has, unlike sudo, some corporate/security professional appeal. See there. It is mostly used on Solaris where the integration level is impressive. For example we can make a requirement that some operations can be only performed by two admins (a "two men rule" ).
Sure, sudo can also can be taken to a much higher level when properly configured, but still ;-)
This is false.
Although some zope 3 technology is included (as in all zope 2.9 installations) CPS is certainly NOT based on component architecture.
It's basically another CMF based system just like Plone.
Fedora Directory Server http://directory.fedora.redhat.com/wiki/Main_Page and Sun Java Directory http://www.sun.com/software/products/directory_srv r/home_directory.xml are both derived from old Netscape LDAP solution and I can highly recommend it.n dex.xml like solution.
Time based ACI are supported with no problem and you are also free to provide directory services to MS products. To this end you can choose either the samba (which means extending the schema) or some fancy access manager http://www.sun.com/software/products/access_mgr/i
It is often neglected in discussions on the subject how important it is to make sure you got binding permissions right. If you forbid access to some identity based on time of the day constraints make sure this identity will always try to bind to the directory as "self" - not some other (higher) identity.
Samba 3 is a perfect choice if you need to setup BDCs for windows 2k3.
Wow ! I can't belive how advanced your computer is !
For those really interested in some details of what all this means I'd recommend this.
The point "for RH 7.3" might be more important for some people, I'm afraid.
It can be fetched from Sun for no cost for 4 years now ...
;-)))
For "RH 7.3" too
And you get all the Sun enhancements (secure replication, plugins. many more) too.
No.
You need to turn "hdd0" as an only bootable device. You protect changing the bios with an password.
Sure this is not that secure. But breaking in would take too much time.
This well worth Sun PR's time. ;-)
To shut up all the people in here saying Sun is
not Open-Source enough
PC-focused market does not care, that's sure.
But it doesn't cover the ground completely. There's lot of stuff aimed specifically for systems Linux is currently not able to reach (and won't be for some time, IMHO). The main reasons are:
- major differences in thread library implementation
- incompatible VM system
- some subtle differences in basic libraries - things like Solaris gethrtime for example
Such things are commonly used by software on big-iron machines Sun and IBM sell and that's why Solaris and AIX are certified.The second major issue is the plethora of possible Linux configurations - distributions, versions, kernel, system security levels etc. It is usually seen as balkanization by big-iron folks.
Ask Ulrich Drepper if Linux will get The Open Group certificate ;-)
Mod the parent up, please !
I don't get. I'm really not into flame wars of any kind. But it so happens more and more often - good technical comments are modded down for political reasons.
Well, most of that stuff is interesting to web-app people. It is a simple fact that at moment there's *huge* pressure for OSS to catch up with J2EE related stuff and kill all those BEA or IBM implementations.
It is a pity all those people choose Java for that job instead of for example python ... Java is not a perfect language but is already slated to fulfill
all those *beautiful abstractions* promises by academics and now industry.
Not true.
Having more then a single profile is really handy when doing web programming stuff. You can test multiple cookies sets and test your web app with diffrent security levels, etc.
I was really suprised when I had to switch to httpd-2.xx when I moved on to a Ldap based setup using padl nss_ldap library. (No apache ldap modules involved).
CGI with suexec on 1.3.xx just wouldn't work. All I had were segfaults ;-).
Problem vanished when I upgraded to apache2. Now all my CGI users are happy. And, of course I run apache in prefork mode ;-).
I've generally had mixed results with autoconf and especially libtool. They are widely abused, often ignoring my environment variables and sometimes even writing broken makefiles. They are complex enough that debugging them is a nightmare. There has been more than one occasion that I wished for a simple file with a simple list of dependencies that I can simply say "lib XYZ is here, dammit."
Well, my experience is diffrent. Sendmail m4 build system experiance countsEterm? I generally have few problems with Sun's vi, and those problems are almost always related to terminal type issues over telnet to/from Linux. Terminal types are a UNIX problem, not just a Solaris and Linux problem.
C'mon, solaris terminfo is just broken. That's a reason for lots of problems. vi is unusable if you're on not on serial.Additional SUNW packages typically get installed under /opt. They generally won't conflict with operating system patches that go under /kernel and /usr.
Not true. SUNW packages rarely install inCheers,
patchcheck is broken. Use (GPL-ed) pca.pl instead. It will let you control patches for you specific install easly.
Still, the Sun patching concepts amuses me. I hate the fact I have to make workorounds for the whole thing whenever I add a single additional SUNW package.
Yes, I do worship the autoconf god. Like it or not - it is one of the main reasons for unix software viability nowadays.
And please don't troll on sent-god Sun userland tools. Have you ever used Solaris default vi in a Eterm window ? What do you do with patches applied previously when you install additional SUNW packages ?
This is good software but I have no doubt Sun forgotten of several issues last 10 years or so.
Seriously, I don't think it is problematic for them anyway. SO is not that diffrent and we've already seen many similar Sun moves in the Java world.
That's intersting.
What kind of interfaces are those ?
How many aliases ?
Did you really ?
Seems like a pretty rocket science to me.
Except I can do the same thing with my slackware boxes (boxen if you prefer). And I have some boxes with much more then 1 CPU.
Cheers
You got it right this time, dude.
The whole point about XML is to enable interoperability. You know, some people like editing sendmail.cf file, but some would rather pack the thing into something that validates ...
Think about it - it is a change.
TTW = through the web
TTW is actually two separate things:
- html textarea you probably know,
- webdev/ftp remote access
It is important because it enables access regardless of location, data gathering through xmlrpc/rss channels and, most importantly gives possibilty of setting up the permition system without giving people shell account and messing up with fiilesystem.ZODB is important because:
- makes all that possible,
- enables some really funky stuff with urls (remember acquisition ?),
- makes room for some unique cataloging capabilities (remember ZCatalog ?)
Cheers