I hear what you are saying, but I mean that the Samba box was on the Server Manager list as a member server. If I would've tried to add an NT Workstation or Server to the domain in this capacity the action wouldn't failed because I wouldn't have known the admin logon to authenticate. AFAIK you can't add another node to the domain in this manner without admin rights. But the Linux box popped right in without a problem.
Here is a footnote of the other side of the coin. I recall back around 1999 working with Samba 2.0.something-or-other. Our company had many sites but centralized Windoze NT domain administration at CHQ. I was interested in trying to sneak a Samba server onto the domain.
Typically in the Windoze NT model in order to add a server to the domain you have to have admin rights. I recall the Samba box added itself to the domain without any authentication necessary. It was funny when an NT admin from CHQ called me to ask me why our site had this new server showing up. He couldn't browse any of the shares (only local Linux accounts were defined in the Samba user file and/etc/passwd file) and was pissed.
I apologized and proceeded to take the box off the network, but found it funny that no authentication was necessary. With all of the inherent flaws in Microsoft's security models I would bet that a Samba box could potentially wreak havok on a pre-Windows 2003 network!
The BDC functionality has been in Samba for awhile now. I recall working with a beta test of that back before the Y2K. There's a decent amount of tweaking and fine-tuning to be done to get it to work, but once it works it usually works well. Companies who still think they have to run Windoze on the client end due to the application suite folks are supposedly so used to can still migrate the server end to Linux, potentially without anyone noticing any difference.
Serious question here, not flamebait. Does Samba use similar RPC methods to thje Windoze NT family? If so are there potential exploits? I'm not sure. I've used Samba and Mars_NWE (a Linux emulator of a Novell Netware server) for years now but never thought of potential parallel security holes. I doubt that the code could be that similar, but am curious. I recall back in the day where anonymous RPC sessions on Windoze NT could totally give admin access through that simple sechole.exe exploit.
Aside from that concern I can personally say that Samba rules. I have benchmarked it as being a faster file/print server compared to Windoze on identical hardware. A Linux box that can act as a domain controller, and now participate in cross-domain trust relationships and use AD is a helpful tool for weaning folks away from Micro$loth.
I think what's impressive about modern technology is how whatever fictional gadget is dreamed up for TV and movies can be made into reality. Think back to the old Star Trek shows. They had CD's (that library episode with the wacky video librarian who could bring up landscapes to jump into), flip cell phones (communicators), flat screen TV's (the screen on the brdige).
The video newspaper displays even echoes something that started in sci-fi. Wasn't that featured in that Tom Cruise film "Minority Report?"
You need to look in detail about the underlying transport methods. Broadband cable is shared access, meaning you, your next door neighbor, and the guy next to him are all sharing from the same pipe. If an area has a saturation of subscribers then transmission speed decreases significantly. I know of folks who were the first on their block to get cable modems and they were more than happy. Then everyone jumped on the bandwagon and their speeds decreased accordingly.
DSL is an example of dedicated access. Subscribe to this and you have a dedicated pipe just for you. If it's 1.5 Mbps then, by God, that's what you have available. 100% of it. OTOH all cable modem access is shared, as that's why the disclaimers include maximum speeds, average speeds, etc. I could care less about limited, unlimited, whatever. It's shared access no matter what. And THAT'S why I say that cable access sucks.
The fact that you are talking about not wanting DSL only shows your ignorance of the technology being used. If you have a problem with uptime, repair time, installation time, etc. that's one thing. But as for bandwidth access you're argument is fundamentally moot.
I think RoadRunner is the same way. Some pinheads on their ISP network had the Blaster worm and their IP's were constantly hitting my company's logs. So I tried to contact their abuse department. The only way I could get through was to e-mail them. No phone number other than a voice mailbox. Even the tech support folks over at Time Warner didn't know of another contact method.
Ridiculous. The fact that RoadRunner "spam filters" block entire classes of IP addresses, including legitimate IP ranges, has me forced to contact the abuse department over and over again. It's like trying to get an audience with the freakin' pope!
Just like when you could type certain phrases in Word and the thesaurus would translate them into something even funnier. I can't recall which older version, but if you typed in something like, "Bill Gates died." then the thesauraus would return "Hallelujah". All I know is that Bill Gates is a separated twin with the bassist for REM.
There used to be a page with public BSOD pix. ATM's were on there, as folks have mentioned this is old news. The funniest BSOD I saw was one of those large television screens that are mounted up on the side of some public building (ala Times Square). I'll post the URL if I can google it.
If someone can't sync with Palm (which is the easiest, most straightforward option available) then I suggest removing all sharp instruments from their kitchen, not allowing them to operate heavy machinery, and have them reread the instructions on that bottle of Pert.
The problem isn't the hardware or software when it comes to PDA usage. The problem is moronic PHB's who need to go back to their goddamn daytimers since they can't figure out something as straightforward as Palm.
And yes, I do know of PHB's, and yes, I have supported PDA implementations at a larger corporate level. If we are talking about Outlook and Palm we aren't talking about microbiology or astrophysics. ACT! might be another story, but Outlook and Palm is a no-brainer.
Agreed here. Sprint supposedly has a national footprint but their coverage in most areas (outside of pure metro urban ones) pales in comparison to competitors. I worked on the tech end at VerizonWireless and can tell you the CDMA network for VZW beats Sprint hands down. At least they're not as bad a T-Mobile in terms of coverage!
WTF? What exactly is going to replace it if the decade for Windows is about to close? Linux?
I have actively used Linux in a server environment since 1997 and can honestly say it's not mature, intuitive, and idiotproof enough for a typical home user to have it on their system. Perhaps in a well-trained corporate environment that is already somewhat computer literate. But Joe Sixpack, who can barely keep his Windows system patched and keep Gator off of as well? GMAFB!
You might have valid points in the rest of your post but that closing windows business has me amazed!
This seems to be echoed in past history as well. The idea of interfacing between disparate systems is always at the top of most business environment's wish lists. This has been the case for years now. It seems as if the main way to accomplish this is by having open standards so the systems can communicate on a common ground. Those players who wish to play *should* be standards compliant. I see this payoff everyday in everything from SQL code to C++ code to Java code.
What is the smoke and mirrors angle is how Micro$loth loves to join these "consortiums" to help develop and propagate these supposed open standards. "Embrace and extend" is insulting given their track record. But in the end the M$ implementations are a little out in left field at best. At worst they are flawed. I am in the process of reviewing a GPL C# IDE and still trying to pick out the proprietary points that are hidden in the background. Micro$loth has these other web sites giving free code, free docs, free tips, etc. in the guise of third party involvement. But it's actually them heading up the projects.
Reminds me of The Church of $cientology. They have these masked organizations getting their tentacle into areas behind the scenes. Like primary educational presence. Kind of parallels the Damien Thorn...er...Bill Gates Foundation:-)
True that about basic fundamental flaws. Reminds me of some project I had to write in college on the old DEC VAX'es. That's about the level of expertise and sophistication exhibited in sendmail.
People bash Micro$loth because their software has an inherently insecure architecture (e.g. - unnecessary services enabled by default, services running with admin rights, etc.), not just being poorly coded. But then again there are some inherent shortcomings in older *NIX software and sendmail is just one example.
Even the Internet as a whole. Back when the Internet was exclusively a failsafe/experimental communication backup for military installations and college campuses it was never meant to be secure in the software sense. It was secure more in terms of physical access. For example, there probably wouldn't be a compromise of an Air Force computer room if external "bad guys" couldn't get physical access into the room and room activities were strictly monitored for internal users. There was never the assumption that the general public would all share remote access to the Internet.
That being said, it will obviously take a massive effort not just to code new software more securely, but to review, patch, or pitch legacy code such as seen in stories like this. Each generation of computer users is savvier and savvier, as most exploits are propagated by kids who toilet paper houses on the weekend. And that is a scary thought if I was Joe Head-up-my-ass PHB too cheap to update/upgrade/migrate software and still running old crap like this.
I know. Just misspoke. I have a Perl sendmail.pl script on one of my Windoze servers that shoots off SMTP messages. And in past lives I had to use *NIX sendmail due to poor corporate choices in mail processing.
Just trying (albeit failing) to draw some parallel between Micro$loth holes and *NIX holes. Buffer overflows and overruns are 99.9% due to lazy code that lacks proper boundary checking. I guess the Micro$loth folks get paid more and have more hands on deck so perhaps their holes should be plugged first. But OTOH the *NIX open source community can all see the source code so that's an advantage as well.
All of these arguments seems like Ford versus Chevy or Yankees versus Red Sox sometimes...*sigh*
There have been published sendmail exploits for years. Recently this is the second or third one that's been announced. Although most of the first posts have been flamed out I agree that there are alternative mail client choices out there. No big deal.
Same with the Micro$loth world. Hate Outlook Express? Use something else. God knows I would.
Don't have to imagine. My Zaurus is Linux-based and I use Verizon Wireless' IXRTT network to remote in and administer my servers, do some minor desktop support, run Windoze apps (using a Terminal Services client), check e-mail, browse the web, have lower grade VoIP conversations, etc.
It's cool having a PDA with VNC, Samba, Apache/PHP, MySQL, GCC, SSH, on it. This Royal model has lower hardware specs and costs more than the Sharp Zaurus SL-5500 model, however. So I can't way I'd consider this Royal entry as a strong candidate.
Agreed. Accidental coding flaws are one thing and poor design is indeed another. Running unnecessary services by default is an issue. And running these services with root (or administrator as the case may be) rights is a huge issue.
I recall back when IIS 4.0 first came out. You could just Google part of the default IIS home page in quotes as the search string. You'd get results pages with hundreds of new IIS boxes on the 'Net likely with nothing locked down.
I think that the design portion of M$ software is starting to get there (note that Windoze 2003 Server is at least a little more locked down by default). Of course the RPC flaws are still in the code, going from NT 4.0 all the way to include Win2K3.
I will admit that the *NIX platform and apps are inherently more secure since a lot of the code is open source, has lots of reviewing eyes, and patches come about quickly. But nevertheless it's not as secure as folks crow about.
Uhhhh, I don't know. Who did say that? I was just pointing out some core apps that have been around for awhile. I would think that sendmail and ssh are relatively common, widespread apps that are out there.
That's like a Microsoft Outlook Express vulnerability being announced. Choosing to use a different mail reader app would obviously negate any potential pitfalls.
Exactly. The Blaster worm was "in the wild" in August, but the patch had been available since July. I can't think of any M$ vulnerabilities that have hit without there being an accompanying patch.
I am not touching myself while looking at a Bill Gates 8x10 glossy either. But I am realistic. M$ does have its scores of buffer overruns, developmental shortcomings, its corporate arrogance, and its anticompetitive practices. I'm just trying to put things into perspective since every time there's a M$ flaw announced there are countless Linux folks crowing about how that Linux is so bulletproof.
Not performing boundary checking when writing code is flat out bad code writing. Any student C programmer could tell you that.
Slashdot Mirror
I hear what you are saying, but I mean that the Samba box was on the Server Manager list as a member server. If I would've tried to add an NT Workstation or Server to the domain in this capacity the action wouldn't failed because I wouldn't have known the admin logon to authenticate. AFAIK you can't add another node to the domain in this manner without admin rights. But the Linux box popped right in without a problem.
Typically in the Windoze NT model in order to add a server to the domain you have to have admin rights. I recall the Samba box added itself to the domain without any authentication necessary. It was funny when an NT admin from CHQ called me to ask me why our site had this new server showing up. He couldn't browse any of the shares (only local Linux accounts were defined in the Samba user file and /etc/passwd file) and was pissed.
I apologized and proceeded to take the box off the network, but found it funny that no authentication was necessary. With all of the inherent flaws in Microsoft's security models I would bet that a Samba box could potentially wreak havok on a pre-Windows 2003 network!
The BDC functionality has been in Samba for awhile now. I recall working with a beta test of that back before the Y2K. There's a decent amount of tweaking and fine-tuning to be done to get it to work, but once it works it usually works well. Companies who still think they have to run Windoze on the client end due to the application suite folks are supposedly so used to can still migrate the server end to Linux, potentially without anyone noticing any difference.
Aside from that concern I can personally say that Samba rules. I have benchmarked it as being a faster file/print server compared to Windoze on identical hardware. A Linux box that can act as a domain controller, and now participate in cross-domain trust relationships and use AD is a helpful tool for weaning folks away from Micro$loth.
The video newspaper displays even echoes something that started in sci-fi. Wasn't that featured in that Tom Cruise film "Minority Report?"
DSL is an example of dedicated access. Subscribe to this and you have a dedicated pipe just for you. If it's 1.5 Mbps then, by God, that's what you have available. 100% of it. OTOH all cable modem access is shared, as that's why the disclaimers include maximum speeds, average speeds, etc. I could care less about limited, unlimited, whatever. It's shared access no matter what. And THAT'S why I say that cable access sucks.
The fact that you are talking about not wanting DSL only shows your ignorance of the technology being used. If you have a problem with uptime, repair time, installation time, etc. that's one thing. But as for bandwidth access you're argument is fundamentally moot.
Ridiculous. The fact that RoadRunner "spam filters" block entire classes of IP addresses, including legitimate IP ranges, has me forced to contact the abuse department over and over again. It's like trying to get an audience with the freakin' pope!
Just like when you could type certain phrases in Word and the thesaurus would translate them into something even funnier. I can't recall which older version, but if you typed in something like, "Bill Gates died." then the thesauraus would return "Hallelujah". All I know is that Bill Gates is a separated twin with the bassist for REM.
We didn't say space camera, we said space gamera !
Maybe you could open for the Tampa, FL band Hell on Earth. They are promising to have an onstage suicide next month. Jump on board!
Here's the link I was looking for. Classic stuff!
The problem isn't the hardware or software when it comes to PDA usage. The problem is moronic PHB's who need to go back to their goddamn daytimers since they can't figure out something as straightforward as Palm.
And yes, I do know of PHB's, and yes, I have supported PDA implementations at a larger corporate level. If we are talking about Outlook and Palm we aren't talking about microbiology or astrophysics. ACT! might be another story, but Outlook and Palm is a no-brainer.
Agreed here. Sprint supposedly has a national footprint but their coverage in most areas (outside of pure metro urban ones) pales in comparison to competitors. I worked on the tech end at VerizonWireless and can tell you the CDMA network for VZW beats Sprint hands down. At least they're not as bad a T-Mobile in terms of coverage!
It's not made up.
Sincerely,
Hu Phlung Pu
I have actively used Linux in a server environment since 1997 and can honestly say it's not mature, intuitive, and idiotproof enough for a typical home user to have it on their system. Perhaps in a well-trained corporate environment that is already somewhat computer literate. But Joe Sixpack, who can barely keep his Windows system patched and keep Gator off of as well? GMAFB!
You might have valid points in the rest of your post but that closing windows business has me amazed!
What is the smoke and mirrors angle is how Micro$loth loves to join these "consortiums" to help develop and propagate these supposed open standards. "Embrace and extend" is insulting given their track record. But in the end the M$ implementations are a little out in left field at best. At worst they are flawed. I am in the process of reviewing a GPL C# IDE and still trying to pick out the proprietary points that are hidden in the background. Micro$loth has these other web sites giving free code, free docs, free tips, etc. in the guise of third party involvement. But it's actually them heading up the projects.
Reminds me of The Church of $cientology. They have these masked organizations getting their tentacle into areas behind the scenes. Like primary educational presence. Kind of parallels the Damien Thorn...er...Bill Gates Foundation :-)
People bash Micro$loth because their software has an inherently insecure architecture (e.g. - unnecessary services enabled by default, services running with admin rights, etc.), not just being poorly coded. But then again there are some inherent shortcomings in older *NIX software and sendmail is just one example.
Even the Internet as a whole. Back when the Internet was exclusively a failsafe/experimental communication backup for military installations and college campuses it was never meant to be secure in the software sense. It was secure more in terms of physical access. For example, there probably wouldn't be a compromise of an Air Force computer room if external "bad guys" couldn't get physical access into the room and room activities were strictly monitored for internal users. There was never the assumption that the general public would all share remote access to the Internet.
That being said, it will obviously take a massive effort not just to code new software more securely, but to review, patch, or pitch legacy code such as seen in stories like this. Each generation of computer users is savvier and savvier, as most exploits are propagated by kids who toilet paper houses on the weekend. And that is a scary thought if I was Joe Head-up-my-ass PHB too cheap to update/upgrade/migrate software and still running old crap like this.
Just trying (albeit failing) to draw some parallel between Micro$loth holes and *NIX holes. Buffer overflows and overruns are 99.9% due to lazy code that lacks proper boundary checking. I guess the Micro$loth folks get paid more and have more hands on deck so perhaps their holes should be plugged first. But OTOH the *NIX open source community can all see the source code so that's an advantage as well.
All of these arguments seems like Ford versus Chevy or Yankees versus Red Sox sometimes...*sigh*
Same with the Micro$loth world. Hate Outlook Express? Use something else. God knows I would.
It's cool having a PDA with VNC, Samba, Apache/PHP, MySQL, GCC, SSH, on it. This Royal model has lower hardware specs and costs more than the Sharp Zaurus SL-5500 model, however. So I can't way I'd consider this Royal entry as a strong candidate.
I recall back when IIS 4.0 first came out. You could just Google part of the default IIS home page in quotes as the search string. You'd get results pages with hundreds of new IIS boxes on the 'Net likely with nothing locked down.
I think that the design portion of M$ software is starting to get there (note that Windoze 2003 Server is at least a little more locked down by default). Of course the RPC flaws are still in the code, going from NT 4.0 all the way to include Win2K3.
I will admit that the *NIX platform and apps are inherently more secure since a lot of the code is open source, has lots of reviewing eyes, and patches come about quickly. But nevertheless it's not as secure as folks crow about.
That's like a Microsoft Outlook Express vulnerability being announced. Choosing to use a different mail reader app would obviously negate any potential pitfalls.
I am not touching myself while looking at a Bill Gates 8x10 glossy either. But I am realistic. M$ does have its scores of buffer overruns, developmental shortcomings, its corporate arrogance, and its anticompetitive practices. I'm just trying to put things into perspective since every time there's a M$ flaw announced there are countless Linux folks crowing about how that Linux is so bulletproof.
Not performing boundary checking when writing code is flat out bad code writing. Any student C programmer could tell you that.