Better for what? You see, there is no end-all in the OS world. I'd prefer if people would see a problem, then evaluate the strengths and weaknesses of possible OS choices -- just as they do when choosing applications. Sweeping generalizations aren't intelligent and they don't help anyone.
I use windows nt for workstation use at home and at work. I use windows 98 at home primarily for game usage. I also happen to have an alpha FreeBSD workstation as well as a p200 FreeBSD server -- which i use windows to telnet to as well as an X server to the X client (FreeBSD). I have an x86 linux box just because and I run a mix of FreeBSD, BSDi, Solaris, and NT servers at work. Some functionality may overlap making a number of Operating systems right for $insert_problem_here. In that case, just go with personal preference.
As I recall, when just starting to learn FreeBSD a couple of years ago, the mailing list archives on www.freebsd.org were especially helpful. Any question from newbie to advanced has most likely already been asked.
Even today when I have an obscure question I can often find the answer on the mailing list archives.
They can be found here. Also, If you want to browse the archives, you can go here. ----------
HEH. It's a laugh when you read 300 posts and they're all about the same neverending dance. Actually, I received a release candidate for a product from our san jose offices yesterday that's supposed to ship next week -- and surprise, it was utter drivel; and they had been telling us for weeks that they were making progress.
Anyway, it's even more fun to get a look into some companies when you come on board as a consultant. After a week I find 3 or 4 people who probably still have a copy of "learn C++ and MFC in 21 days" taped to the bottom of their desk and spend half the day asking one of their buddies how to do something. The leads, however, are too busy actually getting the work done to even notice -- as well as mid management who are too busy taking flack from upper management about not being able to produce 200,000 units of product by next week for a big OEM deal with xxxx.
It doesn't hurt to release crap from time to time though:). After a year and almost getting nowhere, sales decided that particular division HAD to have something -- so alpha 2 turned into gold and we ended up with sales of 22 million even despite it being complete crap:). It's better than being in the hole because of 4 million in R&D expenses. Fortunately for us, our target market is the end-user who is so used to complete crap that they don't know the difference. Of course, most of our deals are OEMs with hardware manufacturers, so we have to get it past their people first -- but they usually don't care if the product has a nice UI and partially works. ----------
Ermm, the reason for the premature aging is because the telomeres were shortened. If they cloned it from a baby -- and it works -- then it shouldn't have the same premature again as would occur if they cloned an adult. ----------
Nope, not assuming only commercial off-the-shelf software -- but also not assuming every sector of the software industry would be as affected as those in straight commercial sales. Obviously competitors aren't at a standstill.
I was merely stating that the OSS movement in the macro-economy had potential to create changes that are unwelcome to some. Rather, as the scene has proliferated thus far, we have seen mostly scientific and system administration utilities. If, however, you look into the not-so-distant future, as seen by some companies, they want to expand OSS into the desktop market, End-User applications markets, E-commerce, and even specialize in certain industries. The big investors are trying to get sold on their services, not their products.
Also, you fail to move yourself in time. Yes, there are always new avenues for software, and tools that are not yet available unless developed by self; however, the proliferation as such, has the potential to cause a lot of change. Do you assume the OSS community to be the same 5-10 years from now? Again, I was assuming an extreme, based on a model presented by many people as the optimum. I never stated anything was good or bad -- just the potential changes that could be brought on.
And as there are more OSS programmers, there will be more mundane applications such as admin tools. However, since its the market forcing commercial application programmers over to OSS software, they arent going to be moving over free of will. Lower cost products (0 cost + some maintenance) doesn't equal higher profits in an industry. Unless you can show me some magical way to make more on support than those charging for support and software.
Then you ask, but why does it affect me? Well lets see, more people entering industry with decided lower costs == lower salaries + shift to other service sectors + inevitable increased competition in services industry tied to OSS == again, lower prices and lower salaries. You may well also not be affected at all -- it will affect someone though... but maybe its for the best? I was only presenting market possibilities.
If you'd study economics before, you would also know that a number of unknowns are not accounted for -- even in econometrics. It's essentially possible to forecast a long-term truth when the human factor is so strong. Just go read the Harvard Business Review 1997 and 1998. You might laugh at the speculation, but it does indeed help. Perhaps I should have presented my intentions with more clarity, as well as the adoption of the model -- not the current likelyhood. I was only attempting to delve into the model, not put it down, or make black and white decisions. If you had read more closely (or my writing was more concise) you would have also noticed that my conclusion was that I thought a balance was good enough for the next 5 or 10 years, because that gain in productivity is useful, as well as taking money away from companies such as ms and distributing them more fairly to companies who help create a real alternative. It's better than blind advocacy on either side. ----------
Yes, indeed. However, I was talking about the macro-economy, not the micro-economy. The more widespread OSS gets, the more impact we will see. My problem is deciding if I should side with the programmer community, or the economy that benifits from this. OSS, if widely accepted will cut costs in every IT department, in every country, hopefully around the world. It may also bring with it software that doesn't suck. However, it may also greatly diminish profits in certain industries and their respected programmers (and I'm not just talking about Microsoft).
My question is, if OSS achieves "Total world Domination" as Linus playfully said (yeah I know, PR stunt); will programmers be able to command the same high paying salaries as before? I just don't believe the model where I get "adequate monetary return" for my work. As far as I see it, It's "I do this work for this company that needs this tool, and then everyone else has it, so I can't gain anything else from it in the future, except in maintenance (which others can also do)". As well, the VA Linux route, to bundle OSS software with hardware, will only work to their advantage for so long. Before they know it, there will be many other support companies popping up to take market share. The only advantage they will have is the top-notch programmers that they have in-house. However, the problem with that model is realized when any another company can benifit from their every gain. If its not proprietary, all they have is their reputation to run on -- and competition will be stiff. Again, competition in the macroeconomy is a very good thing. I'm just worried about the a possible shift in the marketplace in the next 5-10 years as a matter of consequence. It has the potential to affect every industry with IT, as well as all open and closed source software.
Note that I was commenting on this as a model. If I were to hypothesize would would occur in the next 5-10 years, I would say critics would keep this industry decidedly mixed. When I see companies such as IBM and SGI entering the market, I only see businessmen that are grabbing free market share in the wake of popularity generated by linux, coming from social minded advocates such as ESR. I cannot, however, make a straight decision as to what inevitable effect it will have, as anyone following economics knows the market can change in a month -- as well as the potential problems both ways.
Again, This is analysis at the macroeconomic level (the economy as a whole). 1. OSS cuts costs, as well as increasing productivity in all IT industries as per cut costs and programming model. 2. OSS, if widely accepted, as some hope, can and will make a shift in the economy. Like it or not. Less dollars made == less people in the industry => shift in economy to other service sectors (so in effect, the big investors in OSS are funneling the IT economy in their direction[solutions]).
My argument in the first place was, what will happen, when these industry changes happen, and there is less demand as a whole on the macroeconomic level for programmers and their software solutions (whether closed or open). I think it still stands. There has to be a trade off on either extreme. I may be assuming extreme circumstances, but I thought I'd just point out the strengths and weaknesses of the idealogy. Companies like VA Linux and IBM only have money to gain from this. It's a tradeoff.
I do not advocate anything except possibilities. If this movement can mount a successful crusade against the likes of Microsoft with better software, I say go ahead. I just want people to be ready for change.
I won't comment on the first 14 paragraphs, as I think you've effectively painted a portion of the picture, without paying attention to the rest.
I just felt I needed to defend your perceived view of what Katz is trying to do. Yes, his self promotion is often translucent -- but would you rather no one play devils advocate? There aren't many other sites that take the even semi-deep look katz does at a number of issues. Actually, his writing doesn't even have to be particularly detailed or insightful. When Katz outlines a topic and briefly comments on it, he starts a flicker of conversation that can often turn to wildfire. It's in the comments under the story that many possibilities, truths, lies, stereotypes, and feelings are expressed. I welcome his what if statements and perceived ways things should be. Arguments more often enlighten us than they do poison the community (even if we don't like to admit when we're wrong). I look forward to the day when more mainstream sites adopt the slashdot way of thinking. I can't wait to argue with the online community about politics, economics, law, society, and life. ----------
Don't you think that this is a case of sharp diminishing utility? There's software for end-users, then there's all these various utilities (as seen on freshmeat) to facilitate system administration and applications for other industries). Now, this "gift culture" can only go so far as to facilitate lower costs in other industries such as telecommunications, government, new media, retail et al. You have to make a buck some way. I can't consume my code, I can't drive my code around, my code doesn't give me a sense of security. Yes, I do see that you obviously feel more inclined to social rewards for you work. Let's just see how your feelings hold up during the next inevitable downturn of the business cycle.
> Skip quite a few years. We've basically eliminated middle software from big industry. This means a shift in the economy to either, other service type jobs, or other industries completely. I hope some people here don't seriously believe that keeping everything open will create a better situation for themselves in this industry.
But then something else dawned on me; OSS Software will never be the best solution for many types of software. If you're working for free, you're just going to be providing for the companies actually making money off this shift in the conomy such as IBM, Red Hat, VA Linux, etc etc more to come. Why? Because by eliminating the profit in actually producing the software, you eliminate your job, period. What will happen, is we'll have a number of large companies buying up OSS programmers so they can make all their money on support. Oh wait, profits were higher before when we actually sold and supported our software. Oh well.
Of course, this doesn't eliminate the market, but it certainly diminishes its profitability and in turn those participating in it. We just haven't seen the consequences yet, because this movement is still in its infancy. Just wait until every company is forced to do the same -- and then realizes that since there is no product differentiation, all we can offer is service differentiation (which anyone who can view the source code can do) -- we're essentially splitting the market profits to a ton of different companies now. Then those like IBM, realize: shit, we can't afford all these people to stay competitive anymore. Guess we'll have to venture into another industry or scale down completely.
This is why, OSS can exist; But if it does, it must co-exist with closed source software. This is actually funny, because this sort of mirrors the shift that occurred in the manufacturing industry -> the services industry a number of years ago -- Except we're doing it to ourselves now, not those damn slave labor working economies. It feels kind of artificial, unlike, say, an advancement in technology that throws millions out of jobs, but increases productivity many times over. OSS may, but it's not good for you people, the workers in this economy.
This of course, is mere speculation of a worse case scenario -- wherein all the fantasies of these OSS advocates are realized. Hopefully the economy will realize this fact. OSS has its place. But it isn't a replacement for other --GDP-inflating-but-still-putting-money-in-your-po cket economic idealogies. You could say it's inevitable. I hope not.
Actually, I use a slightly modified version of AIDE. It has the same feature set as tripwire as well as a couple of other features. Search on freshmeat with the keyword 'tripwire' and you'll get many similar utilities.
As well as that, I run a tty watching daemon that monitors user commands and pages me and mails a message if someone tries something especially stupid. I also have the regular userland jailed to prevent regular users from doing something stupid as well.
Another tip for the real sysadm nazi is to mount the filesystem with system commands as read only so that idgits can't install their handy rootkit that prevents you noticing what they are doing.
As well as that, you could also set it up to log certain breaking attempts and to automatically send mail to the set arin administrator of that ip range. That sometimes works and is satisfying when I get a reply back stating that the user doing such a thing was deleted (though you'll never get a response if it is a large ISP and doesn't care at all [see uunet dialup users and no responses for repeated spammers and breakin attempts]). ----------
While you are partially right when it comes to the case of posting to mailing lists such as bugtraq, you fail to understand that many of the posters notify the developer of the software before doing such a thing. Unfortunately, if no one puts a message on bugtraq after the problem is taken care of and there is a patch (or the developer never responds, even after a couple of months) -- then the message makes its way to bugtraq where the problem WILL get fixed.
I hate to tell you, but bugtraq isn't the only way kids get these exploit scripts. Many are passed around on irc months and/or weeks before they make their way there. If you've ever ventured on efnet, you'll notice half the bots in a number of channels are hacked university/nasa/navy, and other boxes hacked with exploits that were cracked before and after the exploits made their way to bugtraq. If you want an example, I'll give you one. Last year there was an exploit for qualcomm pop3d that would allow anyone to remotely get root. Script kids had the exploit maybe a month before anyone knew about it, and so hacked a couple hundred boxes. Now, word of this made its way to qualcomm, and they did provide a patch. However, most people wouldn't know of the problem and have fixed it if they hadn't read about it on bugtraq.
So how does not mailing these problems to places like bugtraq fix the problem? It doesn't. It may stop a certain group of people from doing so, but it sure as hell won't stop the people who are a real threat.
And as for you alluding to terrorist attacks that kill people as proof that people shouldnt post to bugtraq -- that's just absurd. ----------
Ermm. I don't see how this works besides pissing a lot more people off. If the attack is strong enough it's going to saturate the line no matter where you 're-route' the traffic. Just get your ISP or their tier1 provider to filter it at their border. I've escalated DoS attack issues with sprint and uunet before and they are usually willing to install filters at their border where it is a lot harder for packet kids to do any damage.
Yes, you are right that it does take a while for the diplomacy route though. I had to threaten sprint that I would be moving my main DS3 service over to cerf if they didn't get their act together and install the filters I asked for. ----------
Realsecure is a nice complement to the system, yes. However, if you run a large network, it isn't the only thing you should be doing. How much do they update realsecure? There are sure to be many security vulnerabilities that ISS doesn't know about weeks or months before they add that support into the realsecure security scanner.
In other words, use it as a complement to a large network with hundreds of machines not all administrated by you -- but don't think that by itself will stop all problems. ----------
oh yeah, I forgot. If you're an admin at a university, you're pretty much screwed when it comes to public access boxes. No matter how much work you put into them, you're still going to have intruders. So just get proactive on auditing every so often; or just forget about it. ----------
Ok, I admit, I did some cracking back when i was 15. My advice to most admins would be to actually close all services to all but those machines that actually need the service. Do you really want to give the entire world a free chance at taking over one of your systems because you wanted to open a certain service to one or two people? What you should really do, is close everything except the absolutely needed ports (httpd, imap, pop3, smtp) and watch those closely. If you absolutely need un-ip-restricted access to a network, set up one box with ssh open, with nothing else on it, then allow that ip to connect to all your other boxes running the other services.
You also have to keep up on bugtraq. However, that's not going to always help, as people have a lot of these exploits weeks and even months before someone posts the vulnerability there. So that's where intrusion detection comes in. Tripwire and other nice programs work pretty well. You should probably also do a remote syslog or immediate mailings when problems are detected. This includes users or intruders editing or modifying files they shouldn't be, contacting remote ports they shouldnt be, having a local ethernet interface on promiscuous mode, immediate pager or mailing for commands that shouldnt be executed, such as su (use the command yourself, but copy it to another file name, so if someone else uses it, you know its unauthorized).
Now, if your problem is local authorized users, then you can do many things. You can, again, set up some intrusion detection -- or even a jailed login so you can minimize the damage that they can do once logged in. That, as well as limiting how man processes and memory users can take up, just in case you're worried about fork attacks or you just dont want your users using excessive resources.
Yes exactly. You have to get the packets filtered at the backbone provider though. It only makes matters worse when the DoS kiddie brings down your small ISP's (if you have one) entire network. Also note that we're talking about icmp echo-reps that come with smurf, not icmp echo's that would come with a ping attack. Why? Because it's almost impossible for someone to mount such an attack unless you only have a t1 and they have 20 shells. Now, if you're getting a genuine ping flood, you can do something about that (though it won't necessarily help much unless you pay by line traffic). Then there is the syn attack. Of course, you should already have all ports that shouldn't be available to external users closed. I'd recommend only opening privileged ports to certain ip ranges. This includes ssh, telnet, x, and other administrative ports. Anyway, the fewer ports abusive users have to attack, the better. The only useful way to stop syn attacks is to limit syns, or to drop ip addresses flooding (that is of course assuming they aren't spoofed addresses). If you're getting flooded with spoofed syn attacks, you're pretty much screwed, unless your operating system or firewall software will dynamically drop excess syn packets. The only patch I've ran into for this is for FreeBSD 3.x, and you can get it here That text file also includes an explanation as to its use in a bugtraq message. Note that you can also limit all ICMP packets to an arbitrary number in FreeBSD with options ICMPLIMIT. Oh yeah, and if you're constantly getting flooded with syn or ICMP packets, then you've either pissed a lot of people off, or you have idiot users on IRC losing you a heck of a lot of money. So get to the root of the problem as well as preparing yourself. ----------
Did this originate from the joke about linux users being fundamentalists to their OSS religion? A lot of people have drawn a line between both on many sites including this one.
Exactly. Politicians are mostly involved with getting re-elected. Unfortunately, the people won't really agree (or vote for) no tax cuts because sound economic theory states that their potentially inflationary economy will indirectly put *less* money in their pockets. All they think about is the direct effect to themselves. Therefore, politicians are only worried about the political acceptability.
You, however, underestimate the power of fiscal policy. If the government goes on a mass spending spree for a coming election, it will be difficult for the FEDS to exercise their monetary policy. It is also up to those exercising fiscal policy to act in cases of cost-push inflation. Unfortunately, monetary policy ain't going to cut it in that case, cause they can't force banks to give out loans with a easy money policy. That's where increased government spending must come as a result of easier fiscal policy. Alluding back to the original comment by the guy who mentioned reagan, though, the simple fact was that his policies were incredibly stupid and unsound. This is the guy who believed the laffer curve, where cutting taxes didn't have to mean decreased government revenues. Unfortunately for them, their leap of faith, believing they were right of the curve instead of left, ended up costing them the economy. So you see, both sides of the economy come hand in hand. ----------
Um, not that I like getting off topic even more, but have you ever heard of reaganomics? Reagan was a supply sider who relied on unproven, wishful economic policies that ulimately hurt the economy. He believed in big business tax cuts -- while cutting goverment spending -- hoping that it would take a turn for the business cycle. Well unfortunately, cutting goverment spending while cutting taxes for big businesses, is more like a trade off. They both offset each other, leaving the economy where it was before. If anyone here has ever read any keynesian literature, they would know that much government spending is automatic stabilizers such as unemployment insurance and welfare. The problem with stagflation (higher prices[inflation] and lower output), however, is that you dig yourself a hole that is hard to climb out of. Therefore, it's a good thing that sound keynesian economists like greenspan are in power today.
In times of economic prosperity, where inflation is starting to show its ugly face in the gdp deflator or core cpi, it's smart to raise interest rates and cut government spending. Just as it's smart to increase government spending and decrease interest rates during the dips in the business cycle. Yes, general economic theory does state that as inflation rises, so will employment. However, fiscal and monetary policy have to be working and reacting in the first place to adjust for unknowns such as high rising oil cartel prices (happening now as in the 80's)-- otherwise you get big dips and peaks in the business cycle. ----------
Actually, I'm led to believe that it's the mentality that is causing all these problems. There are plenty of other countries that have lots of guns where crime rates are far lower and mass murder suicides just don't occur. Americans, on the other hand think that they should be able to shoot someone who is trying to violate their property and possessions. For some reason, the fact that these types of acts are accepted feeds people who do such things.
There are also examples where harsher gun control can work. In canada, no on carries a gun for protection. Our crime rates are far lower. There may be other factors as to why, but I'm sick of the fear mongers advocating guns as vigilante self-defence weapons.
The truth, however, is that the mentality has to change. ----------
possible local root exploits in fts and core only, which arent really a problem with most systems since most systems with a large number of users have quotas and/or coredump limits and proc limits not set to unlimited. I'm not downplaying these problems (which are hard to pull off anyway) -- but in two years this and about 3 other 'potential' problems is all i've seen.
As for NOT running into problems, it's true. I don't even use 3.x on the majority of my production systems. This is a 1.5 year old box im talking about. The only major modifications that I made were a jailed userland a little rewrite of process accounting to accomodate users, and icmp and syn limiting patches to the tcp/ip stack (along with darren reeds awesome IPFilter).
I havent seen my freebsd boxes reboot ever. Even when a brain dead user decided to pop up on irc and get me smurfed, saturating the entire 100mbps line with echo-reps (although the technician on site observed the terminal temporarily frozen:) ----------
I meant ftp and http. Both traffic server and squid support http and passive ftp methods. Anyway,
"When the main installation window comes up, select the Options page. On the options page change the logon name from ftp to anonymous@ftp.freebsd.org and for the password use name@ or whatever. I use reggie@."
This was ripped from a message 2 years old for 2.2.2, so you may have to modify what it says slightly. It is possible -- and now I know also for some boxes i have running delegate:).
Anyway, whenever I have a problem i search the extremely large mailing list archives -- where ever conceivable newbie and expert questions are asked --at http://www.freebsd.org/search/search.html ----------
1. It would be interesting to see linux in a situation such as FreeBSD is on CDROM.com. I'd be happy that it would shut up a lot of people (either which way it performed).
2. When yahoo started, linux wasn't really a viable option. It might be now, but sorry, it wasn't stable or able to scale to the level they wanted then.
3. FreeBSD still does scale better under default configuration. I, however, would like to see someone perform some fair tests with both systems tweaked for the best performance. I know I'm still not using the default serve-all config on either my freebsd or linux systems.
4. I would say that FreeBSD is more stable now -- and has been for a couple years. It's annoying to have showstopper bugs like those in Linux 2.2.5 which was supposed to be a stable kernel. I've never run into problems such as those on so-called stable linux kernels on FreeBSD. Don't get me wrong here though, I use and love both systems. Meanwhile, I have 2.2.7 systems that have been running for at least a year without modification and thousands of users. Pair.com who I am a co-loc customer of also has thousands of users on over 140 servers and 65000 domains. It's just annoying from a maintenance point of view. ----------
minor point. FreeBSD net install does support proxy install. Used it myself with squid and and inktomi traffic servers multiple times. I'd also like to chime in and say that I run FreeBSD, linux, windos 98, NT, bsdi, hp/ux and solaris.. all for different purposes. Some may overlap in certain categories, so i just evaluate whats best for me at the time. Note that I'm writing this on windows 98 with about 12 securecrt windows open to various boxes and a lil x server for when i feel like running stuff like openview or a choice irc client or something. ----------
Slashdot Mirror
Better for what? You see, there is no end-all in the OS world. I'd prefer if people would see a problem, then evaluate the strengths and weaknesses of possible OS choices -- just as they do when choosing applications. Sweeping generalizations aren't intelligent and they don't help anyone.
I use windows nt for workstation use at home and at work. I use windows 98 at home primarily for game usage. I also happen to have an alpha FreeBSD workstation as well as a p200 FreeBSD server -- which i use windows to telnet to as well as an X server to the X client (FreeBSD). I have an x86 linux box just because and I run a mix of FreeBSD, BSDi, Solaris, and NT servers at work. Some functionality may overlap making a number of Operating systems right for $insert_problem_here. In that case, just go with personal preference.
----------
As I recall, when just starting to learn FreeBSD a couple of years ago, the mailing list archives on www.freebsd.org were especially helpful. Any question from newbie to advanced has most likely already been asked.
Even today when I have an obscure question I can often find the answer on the mailing list archives.
They can be found here. Also, If you want to browse the archives, you can go here.
----------
HEH. It's a laugh when you read 300 posts and they're all about the same neverending dance. Actually, I received a release candidate for a product from our san jose offices yesterday that's supposed to ship next week -- and surprise, it was utter drivel; and they had been telling us for weeks that they were making progress.
:). After a year and almost getting nowhere, sales decided that particular division HAD to have something -- so alpha 2 turned into gold and we ended up with sales of 22 million even despite it being complete crap :). It's better than being in the hole because of 4 million in R&D expenses. Fortunately for us, our target market is the end-user who is so used to complete crap that they don't know the difference. Of course, most of our deals are OEMs with hardware manufacturers, so we have to get it past their people first -- but they usually don't care if the product has a nice UI and partially works.
Anyway, it's even more fun to get a look into some companies when you come on board as a consultant. After a week I find 3 or 4 people who probably still have a copy of "learn C++ and MFC in 21 days" taped to the bottom of their desk and spend half the day asking one of their buddies how to do something. The leads, however, are too busy actually getting the work done to even notice -- as well as mid management who are too busy taking flack from upper management about not being able to produce 200,000 units of product by next week for a big OEM deal with xxxx.
It doesn't hurt to release crap from time to time though
----------
Ermm, the reason for the premature aging is because the telomeres were shortened. If they cloned it from a baby -- and it works -- then it shouldn't have the same premature again as would occur if they cloned an adult.
----------
Nope, not assuming only commercial off-the-shelf software -- but also not assuming every sector of the software industry would be as affected as those in straight commercial sales. Obviously competitors aren't at a standstill.
I was merely stating that the OSS movement in the macro-economy had potential to create changes that are unwelcome to some. Rather, as the scene has proliferated thus far, we have seen mostly scientific and system administration utilities. If, however, you look into the not-so-distant future, as seen by some companies, they want to expand OSS into the desktop market, End-User applications markets, E-commerce, and even specialize in certain industries. The big investors are trying to get sold on their services, not their products.
Also, you fail to move yourself in time. Yes, there are always new avenues for software, and tools that are not yet available unless developed by self; however, the proliferation as such, has the potential to cause a lot of change. Do you assume the OSS community to be the same 5-10 years from now? Again, I was assuming an extreme, based on a model presented by many people as the optimum. I never stated anything was good or bad -- just the potential changes that could be brought on.
And as there are more OSS programmers, there will be more mundane applications such as admin tools. However, since its the market forcing commercial application programmers over to OSS software, they arent going to be moving over free of will. Lower cost products (0 cost + some maintenance) doesn't equal higher profits in an industry. Unless you can show me some magical way to make more on support than those charging for support and software.
Then you ask, but why does it affect me? Well lets see, more people entering industry with decided lower costs == lower salaries + shift to other service sectors + inevitable increased competition in services industry tied to OSS == again, lower prices and lower salaries. You may well also not be affected at all -- it will affect someone though... but maybe its for the best? I was only presenting market possibilities.
If you'd study economics before, you would also know that a number of unknowns are not accounted for -- even in econometrics. It's essentially possible to forecast a long-term truth when the human factor is so strong. Just go read the Harvard Business Review 1997 and 1998. You might laugh at the speculation, but it does indeed help. Perhaps I should have presented my intentions with more clarity, as well as the adoption of the model -- not the current likelyhood. I was only attempting to delve into the model, not put it down, or make black and white decisions. If you had read more closely (or my writing was more concise) you would have also noticed that my conclusion was that I thought a balance was good enough for the next 5 or 10 years, because that gain in productivity is useful, as well as taking money away from companies such as ms and distributing them more fairly to companies who help create a real alternative. It's better than blind advocacy on either side.
----------
Yes, indeed. However, I was talking about the macro-economy, not the micro-economy. The more widespread OSS gets, the more impact we will see. My problem is deciding if I should side with the programmer community, or the economy that benifits from this. OSS, if widely accepted will cut costs in every IT department, in every country, hopefully around the world. It may also bring with it software that doesn't suck. However, it may also greatly diminish profits in certain industries and their respected programmers (and I'm not just talking about Microsoft).
My question is, if OSS achieves "Total world Domination" as Linus playfully said (yeah I know, PR stunt); will programmers be able to command the same high paying salaries as before? I just don't believe the model where I get "adequate monetary return" for my work. As far as I see it, It's "I do this work for this company that needs this tool, and then everyone else has it, so I can't gain anything else from it in the future, except in maintenance (which others can also do)". As well, the VA Linux route, to bundle OSS software with hardware, will only work to their advantage for so long. Before they know it, there will be many other support companies popping up to take market share. The only advantage they will have is the top-notch programmers that they have in-house. However, the problem with that model is realized when any another company can benifit from their every gain. If its not proprietary, all they have is their reputation to run on -- and competition will be stiff. Again, competition in the macroeconomy is a very good thing. I'm just worried about the a possible shift in the marketplace in the next 5-10 years as a matter of consequence. It has the potential to affect every industry with IT, as well as all open and closed source software.
Note that I was commenting on this as a model. If I were to hypothesize would would occur in the next 5-10 years, I would say critics would keep this industry decidedly mixed. When I see companies such as IBM and SGI entering the market, I only see businessmen that are grabbing free market share in the wake of popularity generated by linux, coming from social minded advocates such as ESR. I cannot, however, make a straight decision as to what inevitable effect it will have, as anyone following economics knows the market can change in a month -- as well as the potential problems both ways.
Again, This is analysis at the macroeconomic level (the economy as a whole).
1. OSS cuts costs, as well as increasing productivity in all IT industries as per cut costs and programming model.
2. OSS, if widely accepted, as some hope, can and will make a shift in the economy. Like it or not. Less dollars made == less people in the industry => shift in economy to other service sectors (so in effect, the big investors in OSS are funneling the IT economy in their direction[solutions]).
My argument in the first place was, what will happen, when these industry changes happen, and there is less demand as a whole on the macroeconomic level for programmers and their software solutions (whether closed or open). I think it still stands. There has to be a trade off on either extreme. I may be assuming extreme circumstances, but I thought I'd just point out the strengths and weaknesses of the idealogy. Companies like VA Linux and IBM only have money to gain from this. It's a tradeoff.
I do not advocate anything except possibilities. If this movement can mount a successful crusade against the likes of Microsoft with better software, I say go ahead. I just want people to be ready for change.
----------
I won't comment on the first 14 paragraphs, as I think you've effectively painted a portion of the picture, without paying attention to the rest.
I just felt I needed to defend your perceived view of what Katz is trying to do. Yes, his self promotion is often translucent -- but would you rather no one play devils advocate? There aren't many other sites that take the even semi-deep look katz does at a number of issues. Actually, his writing doesn't even have to be particularly detailed or insightful. When Katz outlines a topic and briefly comments on it, he starts a flicker of conversation that can often turn to wildfire. It's in the comments under the story that many possibilities, truths, lies, stereotypes, and feelings are expressed. I welcome his what if statements and perceived ways things should be. Arguments more often enlighten us than they do poison the community (even if we don't like to admit when we're wrong). I look forward to the day when more mainstream sites adopt the slashdot way of thinking. I can't wait to argue with the online community about politics, economics, law, society, and life.
----------
Don't you think that this is a case of sharp diminishing utility? There's software for end-users, then there's all these various utilities (as seen on freshmeat) to facilitate system administration and applications for other industries). Now, this "gift culture" can only go so far as to facilitate lower costs in other industries such as telecommunications, government, new media, retail et al. You have to make a buck some way. I can't consume my code, I can't drive my code around, my code doesn't give me a sense of security. Yes, I do see that you obviously feel more inclined to social rewards for you work. Let's just see how your feelings hold up during the next inevitable downturn of the business cycle.
o cket economic idealogies. You could say it's inevitable. I hope not.
> Skip quite a few years. We've basically eliminated middle software from big industry. This means a shift in the economy to either, other service type jobs, or other industries completely. I hope some people here don't seriously believe that keeping everything open will create a better situation for themselves in this industry.
But then something else dawned on me; OSS Software will never be the best solution for many types of software. If you're working for free, you're just going to be providing for the companies actually making money off this shift in the conomy such as IBM, Red Hat, VA Linux, etc etc more to come. Why? Because by eliminating the profit in actually producing the software, you eliminate your job, period. What will happen, is we'll have a number of large companies buying up OSS programmers so they can make all their money on support. Oh wait, profits were higher before when we actually sold and supported our software. Oh well.
Of course, this doesn't eliminate the market, but it certainly diminishes its profitability and in turn those participating in it. We just haven't seen the consequences yet, because this movement is still in its infancy. Just wait until every company is forced to do the same -- and then realizes that since there is no product differentiation, all we can offer is service differentiation (which anyone who can view the source code can do) -- we're essentially splitting the market profits to a ton of different companies now. Then those like IBM, realize: shit, we can't afford all these people to stay competitive anymore. Guess we'll have to venture into another industry or scale down completely.
This is why, OSS can exist; But if it does, it must co-exist with closed source software. This is actually funny, because this sort of mirrors the shift that occurred in the manufacturing industry -> the services industry a number of years ago -- Except we're doing it to ourselves now, not those damn slave labor working economies. It feels kind of artificial, unlike, say, an advancement in technology that throws millions out of jobs, but increases productivity many times over. OSS may, but it's not good for you people, the workers in this economy.
This of course, is mere speculation of a worse case scenario -- wherein all the fantasies of these OSS advocates are realized. Hopefully the economy will realize this fact. OSS has its place. But it isn't a replacement for other --GDP-inflating-but-still-putting-money-in-your-p
----------
the stock price flies up or splits, I'll be happy. The 500 shares I bought last year have done very well :)
----------
Actually, I use a slightly modified version of AIDE. It has the same feature set as tripwire as well as a couple of other features. Search on freshmeat with the keyword 'tripwire' and you'll get many similar utilities.
As well as that, I run a tty watching daemon that monitors user commands and pages me and mails a message if someone tries something especially stupid. I also have the regular userland jailed to prevent regular users from doing something stupid as well.
Another tip for the real sysadm nazi is to mount the filesystem with system commands as read only so that idgits can't install their handy rootkit that prevents you noticing what they are doing.
As well as that, you could also set it up to log certain breaking attempts and to automatically send mail to the set arin administrator of that ip range. That sometimes works and is satisfying when I get a reply back stating that the user doing such a thing was deleted (though you'll never get a response if it is a large ISP and doesn't care at all [see uunet dialup users and no responses for repeated spammers and breakin attempts]).
----------
While you are partially right when it comes to the case of posting to mailing lists such as bugtraq, you fail to understand that many of the posters notify the developer of the software before doing such a thing. Unfortunately, if no one puts a message on bugtraq after the problem is taken care of and there is a patch (or the developer never responds, even after a couple of months) -- then the message makes its way to bugtraq where the problem WILL get fixed.
I hate to tell you, but bugtraq isn't the only way kids get these exploit scripts. Many are passed around on irc months and/or weeks before they make their way there. If you've ever ventured on efnet, you'll notice half the bots in a number of channels are hacked university/nasa/navy, and other boxes hacked with exploits that were cracked before and after the exploits made their way to bugtraq. If you want an example, I'll give you one. Last year there was an exploit for qualcomm pop3d that would allow anyone to remotely get root. Script kids had the exploit maybe a month before anyone knew about it, and so hacked a couple hundred boxes. Now, word of this made its way to qualcomm, and they did provide a patch. However, most people wouldn't know of the problem and have fixed it if they hadn't read about it on bugtraq.
So how does not mailing these problems to places like bugtraq fix the problem? It doesn't. It may stop a certain group of people from doing so, but it sure as hell won't stop the people who are a real threat.
And as for you alluding to terrorist attacks that kill people as proof that people shouldnt post to bugtraq -- that's just absurd.
----------
Ermm. I don't see how this works besides pissing a lot more people off. If the attack is strong enough it's going to saturate the line no matter where you 're-route' the traffic. Just get your ISP or their tier1 provider to filter it at their border. I've escalated DoS attack issues with sprint and uunet before and they are usually willing to install filters at their border where it is a lot harder for packet kids to do any damage.
Yes, you are right that it does take a while for the diplomacy route though. I had to threaten sprint that I would be moving my main DS3 service over to cerf if they didn't get their act together and install the filters I asked for.
----------
Realsecure is a nice complement to the system, yes. However, if you run a large network, it isn't the only thing you should be doing. How much do they update realsecure? There are sure to be many security vulnerabilities that ISS doesn't know about weeks or months before they add that support into the realsecure security scanner.
In other words, use it as a complement to a large network with hundreds of machines not all administrated by you -- but don't think that by itself will stop all problems.
----------
oh yeah, I forgot. If you're an admin at a university, you're pretty much screwed when it comes to public access boxes. No matter how much work you put into them, you're still going to have intruders. So just get proactive on auditing every so often; or just forget about it.
----------
Ok, I admit, I did some cracking back when i was 15. My advice to most admins would be to actually close all services to all but those machines that actually need the service. Do you really want to give the entire world a free chance at taking over one of your systems because you wanted to open a certain service to one or two people? What you should really do, is close everything except the absolutely needed ports (httpd, imap, pop3, smtp) and watch those closely. If you absolutely need un-ip-restricted access to a network, set up one box with ssh open, with nothing else on it, then allow that ip to connect to all your other boxes running the other services.
You also have to keep up on bugtraq. However, that's not going to always help, as people have a lot of these exploits weeks and even months before someone posts the vulnerability there. So that's where intrusion detection comes in. Tripwire and other nice programs work pretty well. You should probably also do a remote syslog or immediate mailings when problems are detected. This includes users or intruders editing or modifying files they shouldn't be, contacting remote ports they shouldnt be, having a local ethernet interface on promiscuous mode, immediate pager or mailing for commands that shouldnt be executed, such as su (use the command yourself, but copy it to another file name, so if someone else uses it, you know its unauthorized).
Now, if your problem is local authorized users, then you can do many things. You can, again, set up some intrusion detection -- or even a jailed login so you can minimize the damage that they can do once logged in. That, as well as limiting how man processes and memory users can take up, just in case you're worried about fork attacks or you just dont want your users using excessive resources.
heh, anyway. Have fun.
----------
Yes exactly. You have to get the packets filtered at the backbone provider though. It only makes matters worse when the DoS kiddie brings down your small ISP's (if you have one) entire network. Also note that we're talking about icmp echo-reps that come with smurf, not icmp echo's that would come with a ping attack. Why? Because it's almost impossible for someone to mount such an attack unless you only have a t1 and they have 20 shells. Now, if you're getting a genuine ping flood, you can do something about that (though it won't necessarily help much unless you pay by line traffic). Then there is the syn attack. Of course, you should already have all ports that shouldn't be available to external users closed. I'd recommend only opening privileged ports to certain ip ranges. This includes ssh, telnet, x, and other administrative ports. Anyway, the fewer ports abusive users have to attack, the better. The only useful way to stop syn attacks is to limit syns, or to drop ip addresses flooding (that is of course assuming they aren't spoofed addresses). If you're getting flooded with spoofed syn attacks, you're pretty much screwed, unless your operating system or firewall software will dynamically drop excess syn packets. The only patch I've ran into for this is for FreeBSD 3.x, and you can get it here That text file also includes an explanation as to its use in a bugtraq message. Note that you can also limit all ICMP packets to an arbitrary number in FreeBSD with options ICMPLIMIT. Oh yeah, and if you're constantly getting flooded with syn or ICMP packets, then you've either pissed a lot of people off, or you have idiot users on IRC losing you a heck of a lot of money. So get to the root of the problem as well as preparing yourself.
----------
Did this originate from the joke about linux users being fundamentalists to their OSS religion? A lot of people have drawn a line between both on many sites including this one.
----------
Exactly. Politicians are mostly involved with getting re-elected. Unfortunately, the people won't really agree (or vote for) no tax cuts because sound economic theory states that their potentially inflationary economy will indirectly put *less* money in their pockets. All they think about is the direct effect to themselves. Therefore, politicians are only worried about the political acceptability.
You, however, underestimate the power of fiscal policy. If the government goes on a mass spending spree for a coming election, it will be difficult for the FEDS to exercise their monetary policy. It is also up to those exercising fiscal policy to act in cases of cost-push inflation. Unfortunately, monetary policy ain't going to cut it in that case, cause they can't force banks to give out loans with a easy money policy. That's where increased government spending must come as a result of easier fiscal policy. Alluding back to the original comment by the guy who mentioned reagan, though, the simple fact was that his policies were incredibly stupid and unsound. This is the guy who believed the laffer curve, where cutting taxes didn't have to mean decreased government revenues. Unfortunately for them, their leap of faith, believing they were right of the curve instead of left, ended up costing them the economy. So you see, both sides of the economy come hand in hand.
----------
Um, not that I like getting off topic even more, but have you ever heard of reaganomics? Reagan was a supply sider who relied on unproven, wishful economic policies that ulimately hurt the economy. He believed in big business tax cuts -- while cutting goverment spending -- hoping that it would take a turn for the business cycle. Well unfortunately, cutting goverment spending while cutting taxes for big businesses, is more like a trade off. They both offset each other, leaving the economy where it was before. If anyone here has ever read any keynesian literature, they would know that much government spending is automatic stabilizers such as unemployment insurance and welfare. The problem with stagflation (higher prices[inflation] and lower output), however, is that you dig yourself a hole that is hard to climb out of. Therefore, it's a good thing that sound keynesian economists like greenspan are in power today.
In times of economic prosperity, where inflation is starting to show its ugly face in the gdp deflator or core cpi, it's smart to raise interest rates and cut government spending. Just as it's smart to increase government spending and decrease interest rates during the dips in the business cycle. Yes, general economic theory does state that as inflation rises, so will employment. However, fiscal and monetary policy have to be working and reacting in the first place to adjust for unknowns such as high rising oil cartel prices (happening now as in the 80's)-- otherwise you get big dips and peaks in the business cycle.
----------
Actually, I'm led to believe that it's the mentality that is causing all these problems. There are plenty of other countries that have lots of guns where crime rates are far lower and mass murder suicides just don't occur. Americans, on the other hand think that they should be able to shoot someone who is trying to violate their property and possessions. For some reason, the fact that these types of acts are accepted feeds people who do such things.
There are also examples where harsher gun control can work. In canada, no on carries a gun for protection. Our crime rates are far lower. There may be other factors as to why, but I'm sick of the fear mongers advocating guns as vigilante self-defence weapons.
The truth, however, is that the mentality has to change.
----------
possible local root exploits in fts and core only, which arent really a problem with most systems since most systems with a large number of users have quotas and/or coredump limits and proc limits not set to unlimited. I'm not downplaying these problems (which are hard to pull off anyway) -- but in two years this and about 3 other 'potential' problems is all i've seen.
:)
As for NOT running into problems, it's true. I don't even use 3.x on the majority of my production systems. This is a 1.5 year old box im talking about. The only major modifications that I made were a jailed userland a little rewrite of process accounting to accomodate users, and icmp and syn limiting patches to the tcp/ip stack (along with darren reeds awesome IPFilter).
I havent seen my freebsd boxes reboot ever. Even when a brain dead user decided to pop up on irc and get me smurfed, saturating the entire 100mbps line with echo-reps (although the technician on site observed the terminal temporarily frozen
----------
I meant ftp and http. Both traffic server and squid support http and passive ftp methods. Anyway,
:).
"When the main installation window comes up, select the Options page. On the options page change the logon name from ftp to anonymous@ftp.freebsd.org and for the password use name@ or whatever. I use reggie@."
This was ripped from a message 2 years old for 2.2.2, so you may have to modify what it says slightly. It is possible -- and now I know also for some boxes i have running delegate
Anyway, whenever I have a problem i search the extremely large mailing list archives -- where ever conceivable newbie and expert questions are asked --at http://www.freebsd.org/search/search.html
----------
it's 2:30am. forgot to say that 2.2.7 was FreeBSD.
"duh"
----------
1. It would be interesting to see linux in a situation such as FreeBSD is on CDROM.com. I'd be happy that it would shut up a lot of people (either which way it performed).
2. When yahoo started, linux wasn't really a viable option. It might be now, but sorry, it wasn't stable or able to scale to the level they wanted then.
3. FreeBSD still does scale better under default configuration. I, however, would like to see someone perform some fair tests with both systems tweaked for the best performance. I know I'm still not using the default serve-all config on either my freebsd or linux systems.
4. I would say that FreeBSD is more stable now -- and has been for a couple years. It's annoying to have showstopper bugs like those in Linux 2.2.5 which was supposed to be a stable kernel. I've never run into problems such as those on so-called stable linux kernels on FreeBSD. Don't get me wrong here though, I use and love both systems. Meanwhile, I have 2.2.7 systems that have been running for at least a year without modification and thousands of users. Pair.com who I am a co-loc customer of also has thousands of users on over 140 servers and 65000 domains. It's just annoying from a maintenance point of view.
----------
minor point. FreeBSD net install does support proxy install. Used it myself with squid and and inktomi traffic servers multiple times. I'd also like to chime in and say that I run FreeBSD, linux, windos 98, NT, bsdi, hp/ux and solaris.. all for different purposes. Some may overlap in certain categories, so i just evaluate whats best for me at the time. Note that I'm writing this on windows 98 with about 12 securecrt windows open to various boxes and a lil x server for when i feel like running stuff like openview or a choice irc client or something.
----------