That "Dell is playing Intel" comment was toungue-in-cheek, and I was modded accordingly. But I am concerned about the lack of availabiity. One of our colocation sites is Dell-only, and I really need to get a new 4-socket database server, and don't want to buy another NetBurst machine. So where are these Opteron-based Dells?
Yes, there are SQL language standards (which are lamentably followed by commercial and open source databases at about a 7-year lag). But there are no standardized protocol interfaces for connecting to databases. So every different database requries a custom protocol driver of some sort. Even programming-language-specific but "standard" database APIs (ODBC, JDBC, ADO.NET, whatever) require a driver layer beneath them to speak the particualr database connection protocol needed.
I recall reading about a Microsoft-built web-service (SOAP) based database access protocol, but I'm not sure if anything ever came of that, or if it was ever submitted to a standards body of any type.
(from her not-so-limited user account). Who can blame her?
I don't blame her, I blame you. You're the techie. My mom runs XP as a limited user, and so does my wife, and so do I for day-to-day Windows tasks. No issues to report.
Any time I am in the home of a friend or relative that has an insecure Windows box, I set them up with automatic updates, turn on the XP firewall, install AVG Free, convert them to a limited user account, and add a separate admin account for software installation. It ususally takes 20 minutes (faster than installing Ubuntu and training them on it), and yet I've never been asked for computer help from any of those folks again.
Vista... includes Network Center, the hub for managing networking in Windows Vista, Computers and Devices, which replaces My Network Places and Network Neighborhood from Windows XP
So... can you help me figure out how to do simple weighted-queue prioritization for RTP voice traffic on a Cisco 2800? Everything I've tried results in a bandwidth reservation, and also a limit on total RTP throughput equal to the bandiwdth reservation(!). Cisco documentation, support, and a certified consultant we hired via Insight (questionable choice) couldn't figure it out either (although they all say "it's supposed to work, and not limit throughput like that").
Now granted, I'm no Cisco expert, but I've administered corporate networks for 10 years and can figure out just about anything with a good manual. I shouldn't need in-depth training to do the simplest form of RFC-standard QoS on a router. The simple configuration I want took 3 minutes to implement via GUI on all of our SonicWall devices.
I have configured many Cisco routers, switches, and VPN concentrators. None had anything close to an intuitive interface, and even standard operations differ from model to model. There's as much backward-compatibility cruft and illogical organization in IOS as in Windows. Cisco documentation is often just plain wrong or so poorly written as to have ambiguous meaning.
In fact I've never worked on another brand of router besides Cisco, but the CLIs and GUIs of other complex networking devices like Checkpoints & SonicWalls let me know that something more intiutive than IOS is definitely possible.
Umm... note that even Netgear calls thes "VPN Firewalls", and not routers. Yes, they are technically routers in that they route between a single LAN and the internet. But the functionality and performance differences between one of those Netgears and even a fairly inexpensive enterprise router like the Cisco 2800 is similar to the difference between an ultralight aircraft and a Boeing 737.
FYI, we're talking about "real routers" here... routers that speak BGP and other dynamic routing protocols to link sprawling multi-site networks with leased lines and VPNs. Enterprise-class stuff.
By comparison, the Netgear, Linksys, D-Link, or whatver else you picked up at CompUSA are not "real routers" at all, as they only use simple NAT and static routes with 2-3 interfaces at most.
any other application that isn't made by Microsoft.
Check again... Microsoft has released updates for Macromedia/Adobe's flash player at least, and thousands of 3rd-party device drivers via WSUS. In fact, it seems Microsoft intends for WSUS to be the "apt" for windows, with 3rd party developers distributing signed patches through Microsoft.
Presumably, though, Microsoft charges something for the use of this infrastructure. I think that may be why there hasn't been much uptake except from hardware manufacturers.
Perhaps I'm wrong, though, and Microsoft offers the use of Windows Update for free to partners. But the testing and packaging requirements for Windows Update are so onerous that 3rd-party developers don't do it. I have never had a serious and undocumented issue with a Microsoft patch on my network in the post Win2K era, but I've had plenty of struggles with patches from Adobe, Symantec, Sun, Sunbelt, etc.
I don't see MS changing the licencing terms for any of their Server products any time soon, so that'll still require one licence per VM.
Umm... since the release of Windows 2003 R2, MS changed their license to allow up to four virtual instances of the OS in addition to the "real" host OS.
When you factor in the developer OS licenses that come with Visual Studio (which essentially allow you to run just about anything for non-production use), Microsoft is actually pretty friendly towards VMs from a licensing perspective.
I would imagine their upcoming application releases will allow as many virutal isntallations as desired on a single physical server (for example, running multiple SharePoint instances in different VMs).
You are not the target market for this service. This is targeted at the 99% of regular people that actually pay for stuff: they go to Blockbuster, subscribe to Netflix, and visit the multiplex theater.
I love it when geeks believe that they are so "bleeding edge" that they must be the target demographic for any technology. Here's the facts: we're geeks... other than influincing corporate IT purchases, we represent a miniscule speck of the consumer market for anything. We're not hip, and we generally don't waste money on things like fashion or the car-of-the-month. The iPod did not become successful because geeks bought and used them. iPods became successful because one day hot chicks started showing up at the gym with them. And those hot chicks bought iPods because they were cute, hand neat ads, and were simple enough for her to figure out.
Except that there is really no reliable temperature data that goes back far enough to provide anything but broad hints about climate change. Measurement points that were once in the wilderness 20 years ago are now near parking lots, raising their average readings. And some of the measurement points have moved significatnly over the last 100 years. And there are huge regions of the earth with no temperature data records at all for geopolitical reasons.
I know a lot of people dismiss this "bad data" argument as bunk because it was in Creighton's terrible book, but it rings true to me. You can't make statments like "OMG average temperatures have risen by 0.3% Kelvin in the last 40 years" using source data that is only accurate to within at best 5%.
Now, I know other warming fans will say that "Well, there's a lot of other ways to measure temperature than using actual thermometers, and we have that data too! Like plant fossils, and ice cores, and the depth of the muck in the Mississippi river delta." And you know what? That data is even fuzzier than the 100 years of thermometer readings we have.
The real point is that most global warming proponents are served by an alarmist, sky-is-falling approach, just as Exxon and others are served by a head-in-the-sand approach. Climatologists who support GW get increased grant funding, fame in print, support from most of their idelogically similar peers, and favor from left-leaning university administrators. Oil company shills get cash. There's not much difference in my mind; it's all payola.
I do agree we should switch away from fossil fuels, but for purely economic and national security reasons. If that makes Al Gore happy, so be it.
We recently implemented a iSCSI SAN from LeftHand Networks. Basically, it's a system of dual-CPU, dual-GigE x86 servers with gigabytes of cache lots of disk. Their "Network-based iSCSI RAID" software (Linux-based) allows the individual units to pool their storage, cache, and network bandwidth into a single cluster. So every unit you add to the SAN adds capacity and performance. Traditional SAN features of snapshots, replication, virtualization, etc. are supported.
Going with iSCSI over FC will save you a factor of 2x or more in cost/GB without requiring performance sacrifices. Remember, you not only have to buy the array with FC, but also very expensive switches and HBAs. With iSCSI, all that hardware is cheap - you don't even really need HBAs in most cases - so you can buy a lot of it, and use link aggregation or MPIO for increased performanced and redundancy.
Equalogic has similar iSCSI offerings, but with proprietary building blocks. Both vendors seem "big enough" to be stable partners, and the support from LeftHand has so far been very good.
Don't even think about building something yourself if you care about reliability or management functionality; we tried that, and the iSCSI target software available for linux and windows isn't there yet, and just can't scale like this stuff can. We ended up buying a commercial offering. We looked at EMC, HP, etc. but their iSCSI stuff is immature compared with the aformentioned "iSCSI specialist" vendors.
Most challenge-response schemes can be cracked off-line as well, if the initial authentication (including nonce) is intercepted. Micrsoft NTLM, Kerberos, HTTP Digest, LDAP, RADIUS, and NIS all share this same vulnerability if the password complexity is low.
Performing your authentication inside a TLS/SSL session prevents this type of attack, but TLS use is rare for anything other than HTTP and SMTP even though most recent versions of popular authentication systems support it or IPsec in some fashion.
Of course dictionary attacks are the best initial off-line attack approach after you capture the network packets of an authentication session. But even a completely random 6-character password, for example, would require only about 300 million hash/encrypt operations to crack off-line. This is trivial on modern hardware... perhaps hours of CPU time. A 12-character random password, on the other hand, would require about 2^78 operations, which would take thousands of CPU-years.
So basically, passwords suck, even with "good" authentication protocols. They're only any good inside encrypted channels, and truly strong passwords are too hard to remember.
I use this for some of my locked-down client machines, and it works pretty much as advertised. However, maintaining the list of allowed executables is a pain. Most 3rd-party windows developers neglect to sign their code, so you have to do a lot of manual entry of hashes. There are 3rd party management tools and scripting which can be used to overcome these problems.
Your post indicates you're quite familiar with computers in general, and know how to keep yourself out of trouble. My point is 95% of the users of Win98 out there do not know how to stay out of trouble, don't back up their data, and don't check things out when they notice "unusual blinky lights".
You represent an exceptional Win98 user, not the norm.
I do, however, predict Win98 will probably become safer to use as time progresses, since fewer and fewer malware authors will target it as it decreases in popularity.
You do realize that you need to patch client application security vulnerabilities too? Sure, there may be no "invisible" wormable exploit such as that used by Blaster (since Win98 is running no services). But all of the holes in IE, AIM, MS Office, Quicken, Firefox, and whatever else you use are still there. A large amount of malware relies on client-application vulnerabilites (straight buffer overflows, file parsing errors, etc.) to spread.
Now, you can say, "I never use applications except games from Win98". And if that's true, good for you. But those games could have holes, or they could rely on DLLs that have holes (IE libraries in particular).
Even worse, a whole lot of other folks are browsing the web, answering email, and using IM from Win98. A firewall does not provide client-app security, and these folks will be quickly owned when patches stop coming. Nor does AV software protect you from a lot of attacks at the network protocol layer, as most AV software does not scan network connections in real time or only handles HTTP and POP3 scanning. Until we can formally prove the correctness of all software running on the device, patching will always be necessary for Internet-connected machines (no matter what the operating system).
Microsoft has actually had this "exectuable firewall" working for years. It's called "Software Restriction Policies", and it's been part of Windows Group Policy since XP was released.
The problem is, maintaining a list of hashes and signatures for all exectuables, DLLs, scripts, etc. in a coporate environment is a real pain in the butt. The list is constantly changing, so almost nobody uses this feature. We use it for limited end user machines, and kiosks, but it is unworkable for end-users like developers (which would still probably fall for this example of social engineering).
In my mind, there is no substitute for a Viking. Every feature you could imagine, and they'll do any customizations you want. Dock it at Atlantis in the Bahamas...
The television ratings of the NCAA tournament in the USA are on par with the World Cup television ratings in Europe (on a percentage-of-population basis). Sure, the NCAA Tournament is not a global event, but presumably interest in most World Cup will also not be global. Not many Brazilians are going to be banging away at the BBC website in order to see the USA/Czech Republic match, for example.
Slashdot Mirror
That "Dell is playing Intel" comment was toungue-in-cheek, and I was modded accordingly. But I am concerned about the lack of availabiity. One of our colocation sites is Dell-only, and I really need to get a new 4-socket database server, and don't want to buy another NetBurst machine. So where are these Opteron-based Dells?
Where are these AMD-powered Dell servers, exactly? Nowhere to be found on their site. Methinks Dell is playing Intel for more discounts.
Yes, there are SQL language standards (which are lamentably followed by commercial and open source databases at about a 7-year lag). But there are no standardized protocol interfaces for connecting to databases. So every different database requries a custom protocol driver of some sort. Even programming-language-specific but "standard" database APIs (ODBC, JDBC, ADO.NET, whatever) require a driver layer beneath them to speak the particualr database connection protocol needed.
I recall reading about a Microsoft-built web-service (SOAP) based database access protocol, but I'm not sure if anything ever came of that, or if it was ever submitted to a standards body of any type.
I don't blame her, I blame you. You're the techie. My mom runs XP as a limited user, and so does my wife, and so do I for day-to-day Windows tasks. No issues to report.
Any time I am in the home of a friend or relative that has an insecure Windows box, I set them up with automatic updates, turn on the XP firewall, install AVG Free, convert them to a limited user account, and add a separate admin account for software installation. It ususally takes 20 minutes (faster than installing Ubuntu and training them on it), and yet I've never been asked for computer help from any of those folks again.
The press release was back in October 2005:
So... can you help me figure out how to do simple weighted-queue prioritization for RTP voice traffic on a Cisco 2800? Everything I've tried results in a bandwidth reservation, and also a limit on total RTP throughput equal to the bandiwdth reservation(!). Cisco documentation, support, and a certified consultant we hired via Insight (questionable choice) couldn't figure it out either (although they all say "it's supposed to work, and not limit throughput like that").
Now granted, I'm no Cisco expert, but I've administered corporate networks for 10 years and can figure out just about anything with a good manual. I shouldn't need in-depth training to do the simplest form of RFC-standard QoS on a router. The simple configuration I want took 3 minutes to implement via GUI on all of our SonicWall devices.
I have configured many Cisco routers, switches, and VPN concentrators. None had anything close to an intuitive interface, and even standard operations differ from model to model. There's as much backward-compatibility cruft and illogical organization in IOS as in Windows. Cisco documentation is often just plain wrong or so poorly written as to have ambiguous meaning.
In fact I've never worked on another brand of router besides Cisco, but the CLIs and GUIs of other complex networking devices like Checkpoints & SonicWalls let me know that something more intiutive than IOS is definitely possible.
Umm... note that even Netgear calls thes "VPN Firewalls", and not routers. Yes, they are technically routers in that they route between a single LAN and the internet. But the functionality and performance differences between one of those Netgears and even a fairly inexpensive enterprise router like the Cisco 2800 is similar to the difference between an ultralight aircraft and a Boeing 737.
FYI, we're talking about "real routers" here... routers that speak BGP and other dynamic routing protocols to link sprawling multi-site networks with leased lines and VPNs. Enterprise-class stuff.
By comparison, the Netgear, Linksys, D-Link, or whatver else you picked up at CompUSA are not "real routers" at all, as they only use simple NAT and static routes with 2-3 interfaces at most.
Trolling for a +1 funny mod, are we?
I don't remember who said it, but this is my favorite quote about Cisco software: "Cisco makes easy things difficult, but difficult things possible."
Check again... Microsoft has released updates for Macromedia/Adobe's flash player at least, and thousands of 3rd-party device drivers via WSUS. In fact, it seems Microsoft intends for WSUS to be the "apt" for windows, with 3rd party developers distributing signed patches through Microsoft.
Presumably, though, Microsoft charges something for the use of this infrastructure. I think that may be why there hasn't been much uptake except from hardware manufacturers.
Perhaps I'm wrong, though, and Microsoft offers the use of Windows Update for free to partners. But the testing and packaging requirements for Windows Update are so onerous that 3rd-party developers don't do it. I have never had a serious and undocumented issue with a Microsoft patch on my network in the post Win2K era, but I've had plenty of struggles with patches from Adobe, Symantec, Sun, Sunbelt, etc.
Umm... since the release of Windows 2003 R2, MS changed their license to allow up to four virtual instances of the OS in addition to the "real" host OS.
When you factor in the developer OS licenses that come with Visual Studio (which essentially allow you to run just about anything for non-production use), Microsoft is actually pretty friendly towards VMs from a licensing perspective.
I would imagine their upcoming application releases will allow as many virutal isntallations as desired on a single physical server (for example, running multiple SharePoint instances in different VMs).
Judging from most of the posts I read here, I think "mommy" is more likely.
I would assume BitTorrent's aim is to become the iTunes Music Store of movies. Which is certainly not aiming at a hard-core techie audience.
You are not the target market for this service. This is targeted at the 99% of regular people that actually pay for stuff: they go to Blockbuster, subscribe to Netflix, and visit the multiplex theater.
I love it when geeks believe that they are so "bleeding edge" that they must be the target demographic for any technology. Here's the facts: we're geeks... other than influincing corporate IT purchases, we represent a miniscule speck of the consumer market for anything. We're not hip, and we generally don't waste money on things like fashion or the car-of-the-month. The iPod did not become successful because geeks bought and used them. iPods became successful because one day hot chicks started showing up at the gym with them. And those hot chicks bought iPods because they were cute, hand neat ads, and were simple enough for her to figure out.
MSFT has been doing just that for several years, and it's a pretty impressive project. It's called Singularity.
Except that there is really no reliable temperature data that goes back far enough to provide anything but broad hints about climate change. Measurement points that were once in the wilderness 20 years ago are now near parking lots, raising their average readings. And some of the measurement points have moved significatnly over the last 100 years. And there are huge regions of the earth with no temperature data records at all for geopolitical reasons.
I know a lot of people dismiss this "bad data" argument as bunk because it was in Creighton's terrible book, but it rings true to me. You can't make statments like "OMG average temperatures have risen by 0.3% Kelvin in the last 40 years" using source data that is only accurate to within at best 5%.
Now, I know other warming fans will say that "Well, there's a lot of other ways to measure temperature than using actual thermometers, and we have that data too! Like plant fossils, and ice cores, and the depth of the muck in the Mississippi river delta." And you know what? That data is even fuzzier than the 100 years of thermometer readings we have.
The real point is that most global warming proponents are served by an alarmist, sky-is-falling approach, just as Exxon and others are served by a head-in-the-sand approach. Climatologists who support GW get increased grant funding, fame in print, support from most of their idelogically similar peers, and favor from left-leaning university administrators. Oil company shills get cash. There's not much difference in my mind; it's all payola.
I do agree we should switch away from fossil fuels, but for purely economic and national security reasons. If that makes Al Gore happy, so be it.
We recently implemented a iSCSI SAN from LeftHand Networks. Basically, it's a system of dual-CPU, dual-GigE x86 servers with gigabytes of cache lots of disk. Their "Network-based iSCSI RAID" software (Linux-based) allows the individual units to pool their storage, cache, and network bandwidth into a single cluster. So every unit you add to the SAN adds capacity and performance. Traditional SAN features of snapshots, replication, virtualization, etc. are supported.
Going with iSCSI over FC will save you a factor of 2x or more in cost/GB without requiring performance sacrifices. Remember, you not only have to buy the array with FC, but also very expensive switches and HBAs. With iSCSI, all that hardware is cheap - you don't even really need HBAs in most cases - so you can buy a lot of it, and use link aggregation or MPIO for increased performanced and redundancy.
Equalogic has similar iSCSI offerings, but with proprietary building blocks. Both vendors seem "big enough" to be stable partners, and the support from LeftHand has so far been very good.
Don't even think about building something yourself if you care about reliability or management functionality; we tried that, and the iSCSI target software available for linux and windows isn't there yet, and just can't scale like this stuff can. We ended up buying a commercial offering. We looked at EMC, HP, etc. but their iSCSI stuff is immature compared with the aformentioned "iSCSI specialist" vendors.
Most challenge-response schemes can be cracked off-line as well, if the initial authentication (including nonce) is intercepted. Micrsoft NTLM, Kerberos, HTTP Digest, LDAP, RADIUS, and NIS all share this same vulnerability if the password complexity is low.
Performing your authentication inside a TLS/SSL session prevents this type of attack, but TLS use is rare for anything other than HTTP and SMTP even though most recent versions of popular authentication systems support it or IPsec in some fashion.
Of course dictionary attacks are the best initial off-line attack approach after you capture the network packets of an authentication session. But even a completely random 6-character password, for example, would require only about 300 million hash/encrypt operations to crack off-line. This is trivial on modern hardware... perhaps hours of CPU time. A 12-character random password, on the other hand, would require about 2^78 operations, which would take thousands of CPU-years.
So basically, passwords suck, even with "good" authentication protocols. They're only any good inside encrypted channels, and truly strong passwords are too hard to remember.
Mandatory code signing has been built-in to Windows since 2001 (with the release of XP).
I use this for some of my locked-down client machines, and it works pretty much as advertised. However, maintaining the list of allowed executables is a pain. Most 3rd-party windows developers neglect to sign their code, so you have to do a lot of manual entry of hashes. There are 3rd party management tools and scripting which can be used to overcome these problems.
Your post indicates you're quite familiar with computers in general, and know how to keep yourself out of trouble. My point is 95% of the users of Win98 out there do not know how to stay out of trouble, don't back up their data, and don't check things out when they notice "unusual blinky lights".
You represent an exceptional Win98 user, not the norm.
I do, however, predict Win98 will probably become safer to use as time progresses, since fewer and fewer malware authors will target it as it decreases in popularity.
You do realize that you need to patch client application security vulnerabilities too? Sure, there may be no "invisible" wormable exploit such as that used by Blaster (since Win98 is running no services). But all of the holes in IE, AIM, MS Office, Quicken, Firefox, and whatever else you use are still there. A large amount of malware relies on client-application vulnerabilites (straight buffer overflows, file parsing errors, etc.) to spread.
Now, you can say, "I never use applications except games from Win98". And if that's true, good for you. But those games could have holes, or they could rely on DLLs that have holes (IE libraries in particular).
Even worse, a whole lot of other folks are browsing the web, answering email, and using IM from Win98. A firewall does not provide client-app security, and these folks will be quickly owned when patches stop coming. Nor does AV software protect you from a lot of attacks at the network protocol layer, as most AV software does not scan network connections in real time or only handles HTTP and POP3 scanning. Until we can formally prove the correctness of all software running on the device, patching will always be necessary for Internet-connected machines (no matter what the operating system).
Microsoft has actually had this "exectuable firewall" working for years. It's called "Software Restriction Policies", and it's been part of Windows Group Policy since XP was released.
The problem is, maintaining a list of hashes and signatures for all exectuables, DLLs, scripts, etc. in a coporate environment is a real pain in the butt. The list is constantly changing, so almost nobody uses this feature. We use it for limited end user machines, and kiosks, but it is unworkable for end-users like developers (which would still probably fall for this example of social engineering).
In my mind, there is no substitute for a Viking. Every feature you could imagine, and they'll do any customizations you want. Dock it at Atlantis in the Bahamas...
The television ratings of the NCAA tournament in the USA are on par with the World Cup television ratings in Europe (on a percentage-of-population basis). Sure, the NCAA Tournament is not a global event, but presumably interest in most World Cup will also not be global. Not many Brazilians are going to be banging away at the BBC website in order to see the USA/Czech Republic match, for example.