I am so tired of applying security patches for system software... the latest double-double vulnerability of samba and sendmail were quite trying.
We keep hearing that the use of a language with bounds checking and a GC would solve a great many security problems. Is there any push towards such a platform?
I don't know much about Objective C, but it seems to be tight with gcc, g++, and g77. Does it have the needed security features?
At this point, I'd almost prefer that Samba was written in Java.
Linux has a spectacular reputation in security circles for the speed of patch development and deployment. The recent up2date changes will change all of this - RedHat will now be worse than Microsoft (which still supports Win98 for free).
up2date has not developed p2p characteristics - torrent has proven the efficacy, but RedHat appears to ignore it. p2p should play a larger role.
RedHat still lacks the Korn shell.
Unless you like emacs,/etc/inputrc belongs in skel like it used to be.
Claims that ext3 is all things to all people fall on deaf ears. XFS has dynamic inode creation; ext3 doesn't (granted that ext3 can journal data as well as metadata, which XFS doesn't). RedHat has been uniquely lethargic in the Linux filesystem arena, and unfairly biased.
xinetd - man do I hate this thing. The BSDs can do ipv6 with a standard inetd, but RedHat wanted to make it easy for the setup utility to turn on telnet. This was a Phyrric victory.
RPM - if RedHat was willing to trash inetd (one of the bastions of standard UNIX), then they should be willing to trash RPM for its many deficiencies.
The installer - the text-based installer in 9 is substandard for many reasons, and 8 was no gem.
While RedHat cannot include support for MP3, DVD, or patented truetype code, it should be easy to retrofit an installed system with these features - it is not (the last reference I saw required Debian apt). While RedHat cannot be directly involved with such a site, it should lend some assistance.
I have an old 486 laptop that I would like to configure as my NAT gateway (I am currently running RedHat 6.2 on a p133, and I am looking forward to cutting my power consumption down to 27W).
I have two IBM Home & Away 14.4+Ethernet PCMCIA cards, plus an Accton EN2218.
How can I install FreeBSD on this system? I gather that support for my PCMCIA cards is nil, so I tried some others (3com, etc.), but the 5.0 installer said that "only a limited subset" of the supported PCMCIA cards are supported by the installer, but I cannot find a list of these installer-supported cards anywhere in the documentation (the installer actually said that the list is on the floppy, but I don't know how to mount it).
Red Hat 9 also has some major PCMCIA brain damage. Red Hat 6.2 was the last true Red Hat Linux - far superior to all preceding and following versions. It is with great sadness that I contemplate its removal.
Oracle SGAs have been living on 64-bit systems since they ported to the Alpha; Oracle can rightly look upon MS SQL Server and call it a bit player because it is bound to a 32-bit architecture with a theoretical maximum of 4GB of directly addressable memory - it is effectively running in the memory of a pocket calculator when compared to enterprise Oracle.
Even if MS SQL Server pounds Oracle in every benchmark TPC can muster, you still shouldn't implement standard SQL Server for an enterprise system because Oracle can have 10-100 times the cache. Yes, datacenter edition and memory bank switching address this problem, but they are ugly hacks, and I don't particularly want to go back to LIM EMS 4.0.
Remember, the very first application that MS ported to Itanium was SQL Server - it is obvious that MS feels this pain. In the meantime, Oracle is 64-bit now, has been quite cozy with Linux for sometime, and now beats SQL Server clusters on the same hardware with Linux. Opteron will only make this worse.
MS may be ignoring Opteron at the insistence of Intel. If they are doing so, they will pay a terrible price - the enterprise Win32 environment will be destroyed.
Assuming worst-case scenario where everything that can move to India does, what has to stay here?
someone has to set up the network
likewise, boxes have to be obtained and installed
software packages, license key administration, and system setup will probably be done here
I do think that some areas of IT are less vulnerable than others. I hope that I've guessed correctly.
p.s. This page may be a surprise to many of you. Digital Equipment Company is alive and well in India, and many of the 20,000 people that HP laid off (thanks Carly) were replaced by H1-Bs from this subsidiary.
If IBM found compelling reasons to do so, then said compelling reasons must exist. Now, you don't see AS/400s at the top of the charts at tpc.org, so I would tend to believe that it isn't necessary for high performance, but that doesn't mean that there is no benefit at all.
p.s. With no views, no triggers, and no foreign keys, I wonder why MySQL gets all of this hype. There are so many free databases that implement these features and don't seem to suffer from performance issues.
You have just picked a fight with an 800lb gorilla; you are not going to win. IBM will trot out a few thousand patents that you infringe upon, game over.
You want a business plan? Here you go:
RedHat has eaten your lunch, but they are starting to make mistakes. Offer to take over free up2date support. Reimplement up2date using a p2p engine so it doesn't cost you bandwidth. Make sure that you can advertise over this support channel, and make your products an obvious upgrade path out of RedHat.
Put out a stripped-down, free UnitedLinux version that is completely open-source, and maintain a subscription version. Don't mess with the free version (a la RedHat).
Sun has a free UNIX license in perpetuity. Offer the same to HP, in exchange for AdvFS and whatever other technology is good. Implement these components in the commercial server product. All of HP's UNIX products are dying, and they are ripe for the plucking.
If you somehow obtain AdvFS, you can take Oracle away from RedHat. You should start working on making your platform a preferred place for RAC right away. This goal is potentially worth giving AdvFS away under GPL.
Stop suing IBM and start making sure that you will have a place on the new Power blade servers they are planning to produce. Get cozier with the Power crowd; you bring a lot to the table.
Opening up a support service to P2P could solve the bandwidth problem of downloads directly from Red Hat. It provides no mechanism for the system management capabilities of RHN to be pushed off to another system, though. Or testing and QA of all packages. Why don't Microsoft SysAdmins patch their systems as soon as m$ puts out a patch? because they're afraid of the patches and the repercussions on running systems. That's the real way to guarantee another slammer - take out the QA, bungle a few simple patches, and have no one trust patches for something important.
What? Why would p2p have any impact on QA? Patch development and distribution are entirely separate issues, as is administrator hesitation in applying patches (redhat sendmail is bad here anyway). p2p solves the bandwidth problem, and nothing else, and only if you can guarantee patch integrity. I do assume that if bandwidth were no longer a concern that resources within redhat would be free to maintain 6.2 for a long, long time.
Honestly, though, if Red Hat loses the 1% or whatever it might be of RHN users who still run 6.2 or lower, what have they lost? they've lost the users who don't appreciate the work Red Hat's employees do on making new versions of gcc, glibc, the kernel, etc. They've lost the "customers" in their system who don't support new development. If they lose the users of supported releases who don't have the time or whatever to type junk into a survey every couple months, they can only provide a better service for paying customers.
I don't have a count of the active 6.2 systems on rhn; I don't think redhat releases this info (shame on them). Let's assume that its somewhere around 10,000. Is this enough of a critical mass to cause major problems if they are hacked? Perhaps redhat ought to come clean before cutting the life support.
What does redhat lose? My company likes to buy HP SuperDome servers for Oracle Applications. Occasionally, we buy redhat products. My voice is now strongly against redhat, and I have a bit of influence. There are a lot of people like me.
Redhat also loses its reputation for security - patching is now much more difficult, and redhat boxes will be increasing targets for attack. After the fifth or sixth wave of worms, redhat will backpeddle on this stupid new policy.
We aren't really discussing technical aspects here, we are discussing the increasing corporatization of our culture in general - everything has to be a profit center, curtail anything that isn't. We see aspects of this every day as small companies are acquired by large and service declines. Redhat is a victim of this thinking, and is doing irrepairable damage to its customer base. Am I right? Only time will tell.
In the mean time, I've got to find a distribution that fits my needs. I'd use Debian, but everything is in RPM format these days. I'm looking into KRUD, and if I like the support terms I may switch.
p.s. slammer was ms sql server - slapper was the linux worm (redhat-specific).
If there are a million servers that need updates, has redhat done a disservice by cutting them off? Has redhat just single-handedly insured that Slapper2 will eat an installed redhat base alive? What is avoiding such a scenario worth?
Yes, bandwidth is a problem, and this problem should be solved by p2p. Paying redhat network customers should download direct, while "demo" accounts should fetch the packages via gnutella (which should be safe when the packages are signed by redhat's private key). I would certainly be willing to share my/var/spool/up2date directory and pay my $60/yr for continued 6.2 support.
There were a lot of options for the growth of up2date, and redhat chose the worst. Not one red cent for them.
I haven't stuck with 6.2 because I don't have time to upgrade - I've stuck with 6.2 because I really don't like everything that came after, for a variety of reasons.
Your arguments on feasibility are reasonable - until you consider what is happening to the "demo" accounts - "demo" users have had years of trouble-free up2date service, and now we have to complete some "survey" every three months. We went from great to lousy almost instantaneously in the grand scheme. What changed? Was this a true monetary concern, or a PHB decision? No company can spin its users on a dime like this. This is the boiling frog.
I really don't know which distribution I'll use to migrate my servers, but it's time to jump ship.
...especially when I have to fill out a survey every three months to keep my patch updates, and they no longer support 6.2. I'd consider paying to keep 6.2 support, but not otherwise.
I really hope that we have non-redhat up2date servers soon. Redhat grows less and less tolerable as time goes on.
p.s. Redhat's updated default sendmail.cf does not accept remote incoming connections, and redhat's manual says that you must create a new one with M4 to enable this functionality. They are lying. Comment out the line containing "DaemonPortOptions" in the cf file, and sendmail will accept these connections.
There is a great deal of music that just doesn't fit in a small performance hall. The stuff that I like is fringe, and most of it has 20+ individual performers per disc.
It's great when a musical arrangement can fit within the constraints of a bar, but a lot can't.
...And then Microsoft would be in the unenviable position of advising its customers to migrate to free Sybase for Linux (11.0.3.3), since it is compatible with SQL Server 6.5.
Why isn't Sybase having this problem? SQL Server and Sybase were at one time the same product (v 4.8).
Both Netscape and IE have infrastructure for distributing certs with no complaints. HTTP clients are far more sophisticated in this dept than almost anything else out there. The fact that it warns users about 'self-signed' stuff just shows the level of encryption support in the clients. Sorry that's not good enough.
My SSH currently supports 4 different encryption protocol types, and I can pick the one that I want to use; https does not support this. Which is more advanced?
When I load a page via https, assuming that I receive no warning, I still have no idea who provided me this trusted key. An icon for the issuing authority should appear which, when clicked, leads me to their website. Self-signed keys should just get a question mark, and no annoying dialogs.
Then maybe the CLI people should fix that. HTTP WebDAV GUIs are virtually transparent on Windows and OS X. Not a protocol issue... HTTP upload works exactly like HTTP download. There's nothing weak about it, except maybe your tools. (Don't confuse the lame INPUT TYPE='file' with the protocol. See the GUI clients.)... various assumptions that HTTP == Apache...
The cli people can't fix it, because although uploads are supported via http, browsing the destination is not. Also, any upload mechanism must be supported by an external script/cgi, making standardization impossible. The W3C issuing better upload standards at this stage is unlikely. Conclusion? cli uploads should use a real protocol.
cli has always been an http afterthought; look at how long it took us to get curl.
WebDAV is just a CVS wannabe.
To the end user, protocol issues and implementation issues are indistinguishable.
With 60% of the market, apache is http. (I wish that they would throw their weight around a little more. A commented option in httpd.conf that opens a popup window saying "get a real os" for every page downloaded when the client is win32 would be welcome [at least by me].)
I wasn't around in 1982 so I can't say.
On a local, non-lossy network, UDP is more efficient. Surprise, surprise.
...was available in Netscape 4; under windows, just open an FTP url, then drag a file on top of the browser. Under UNIX, after opening an ftp url, an "upload file" option appears in the file menu.
Slashdot Mirror
I am so tired of applying security patches for system software... the latest double-double vulnerability of samba and sendmail were quite trying.
We keep hearing that the use of a language with bounds checking and a GC would solve a great many security problems. Is there any push towards such a platform?
I don't know much about Objective C, but it seems to be tight with gcc, g++, and g77. Does it have the needed security features?
At this point, I'd almost prefer that Samba was written in Java.
Cartrige-based app. I'm surprised that Visicalc never made it to this machine.
In no particular order.
I could go on and on...
I have an old 486 laptop that I would like to configure as my NAT gateway (I am currently running RedHat 6.2 on a p133, and I am looking forward to cutting my power consumption down to 27W).
I have two IBM Home & Away 14.4+Ethernet PCMCIA cards, plus an Accton EN2218.
How can I install FreeBSD on this system? I gather that support for my PCMCIA cards is nil, so I tried some others (3com, etc.), but the 5.0 installer said that "only a limited subset" of the supported PCMCIA cards are supported by the installer, but I cannot find a list of these installer-supported cards anywhere in the documentation (the installer actually said that the list is on the floppy, but I don't know how to mount it).
Red Hat 9 also has some major PCMCIA brain damage. Red Hat 6.2 was the last true Red Hat Linux - far superior to all preceding and following versions. It is with great sadness that I contemplate its removal.
I would consider paying redhat if they had only done one of the points below:
By taking both steps, they have assured that they will never see another dime from me.
...is not at all driven by stable releases of the kernel, compiler, or c-libraries.
To find the proof of this, look no further than the glorious debacle of RedHat 7.0.
I for one have had enough; my next RedHat upgrade will be to either Debian or FreeBSD.
Oracle SGAs have been living on 64-bit systems since they ported to the Alpha; Oracle can rightly look upon MS SQL Server and call it a bit player because it is bound to a 32-bit architecture with a theoretical maximum of 4GB of directly addressable memory - it is effectively running in the memory of a pocket calculator when compared to enterprise Oracle.
Even if MS SQL Server pounds Oracle in every benchmark TPC can muster, you still shouldn't implement standard SQL Server for an enterprise system because Oracle can have 10-100 times the cache. Yes, datacenter edition and memory bank switching address this problem, but they are ugly hacks, and I don't particularly want to go back to LIM EMS 4.0.
Remember, the very first application that MS ported to Itanium was SQL Server - it is obvious that MS feels this pain. In the meantime, Oracle is 64-bit now, has been quite cozy with Linux for sometime, and now beats SQL Server clusters on the same hardware with Linux. Opteron will only make this worse.
MS may be ignoring Opteron at the insistence of Intel. If they are doing so, they will pay a terrible price - the enterprise Win32 environment will be destroyed.
Assuming worst-case scenario where everything that can move to India does, what has to stay here?
I do think that some areas of IT are less vulnerable than others. I hope that I've guessed correctly.
p.s. This page may be a surprise to many of you. Digital Equipment Company is alive and well in India, and many of the 20,000 people that HP laid off (thanks Carly) were replaced by H1-Bs from this subsidiary.
And will this set a precedent that the rest of us can use?
Sybase ASE version 11.0.3.3 is free for production use on Linux.
Since this is my (tax) money that we are talking about, please tell me that you are using this version for non-critical applications.
If IBM found compelling reasons to do so, then said compelling reasons must exist. Now, you don't see AS/400s at the top of the charts at tpc.org, so I would tend to believe that it isn't necessary for high performance, but that doesn't mean that there is no benefit at all.
p.s. With no views, no triggers, and no foreign keys, I wonder why MySQL gets all of this hype. There are so many free databases that implement these features and don't seem to suffer from performance issues.
...IBM, AT&T, or Lucent buying the remains of USL and UNIX?
Let's just pray that Microsoft doesn't get any ideas.
What? Why would p2p have any impact on QA? Patch development and distribution are entirely separate issues, as is administrator hesitation in applying patches (redhat sendmail is bad here anyway). p2p solves the bandwidth problem, and nothing else, and only if you can guarantee patch integrity. I do assume that if bandwidth were no longer a concern that resources within redhat would be free to maintain 6.2 for a long, long time.
We aren't really discussing technical aspects here, we are discussing the increasing corporatization of our culture in general - everything has to be a profit center, curtail anything that isn't. We see aspects of this every day as small companies are acquired by large and service declines. Redhat is a victim of this thinking, and is doing irrepairable damage to its customer base. Am I right? Only time will tell.
In the mean time, I've got to find a distribution that fits my needs. I'd use Debian, but everything is in RPM format these days. I'm looking into KRUD, and if I like the support terms I may switch.
p.s. slammer was ms sql server - slapper was the linux worm (redhat-specific).
There were a lot of options for the growth of up2date, and redhat chose the worst. Not one red cent for them.
I really don't know which distribution I'll use to migrate my servers, but it's time to jump ship.
...is under development here.
...especially when I have to fill out a survey every three months to keep my patch updates, and they no longer support 6.2. I'd consider paying to keep 6.2 support, but not otherwise.
I really hope that we have non-redhat up2date servers soon. Redhat grows less and less tolerable as time goes on.
p.s. Redhat's updated default sendmail.cf does not accept remote incoming connections, and redhat's manual says that you must create a new one with M4 to enable this functionality. They are lying. Comment out the line containing "DaemonPortOptions" in the cf file, and sendmail will accept these connections.
There is a great deal of music that just doesn't fit in a small performance hall. The stuff that I like is fringe, and most of it has 20+ individual performers per disc.
It's great when a musical arrangement can fit within the constraints of a bar, but a lot can't.
And just to be clear, are we talking about the CUBE and ROLLUP functions in SQL?
...And then Microsoft would be in the unenviable position of advising its customers to migrate to free Sybase for Linux (11.0.3.3), since it is compatible with SQL Server 6.5.
Why isn't Sybase having this problem? SQL Server and Sybase were at one time the same product (v 4.8).
On a local, non-lossy network, UDP is more efficient. Surprise, surprise.
...was available in Netscape 4; under windows, just open an FTP url, then drag a file on top of the browser. Under UNIX, after opening an ftp url, an "upload file" option appears in the file menu.
I don't know if Mozilla et al still support this.
http support for self-signed keys is weak - it complains too much.
http upload is weak, and the method to accomplish an http upload is akward.
Why would I want to use UDP? Don't you imagine that there were performance reasons behind the choice of UDP for NFS?
cli support for http is weak - show me how you upload with wget.
Since when did Apache run chroot?
Funny, I don't remember linking in zlib for compressed http streams the last time I built apache (let alone bzip2)...
...according to Andrew Tridgell, who says by that time that Samba will be long, long gone.