Sparcs are designed to console off the serial port, and work just fine without keyboard, monitor, or video card/VSIMM. Generally a monitor isn't worth the cost to ship it.
Most production Sparc installations don't have any Sun monitors, and order their servers without a video card.
Spend the money you save from not buying a monitor or frame buffer on RAM, especially if you plan to run Solaris --- Solaris thrives on extra memory.
The older 'shoebox' sparc systems (LX,LC,etc) are cute little slow systems that can be bought for next to nothing (Universities often give them away), and will run Linux as well as NetBSD, OpenBSD, and older versions of SunOS/Solaris.
Load OpenBSD on an LX with 48Mb RAM and you have a nice little secure box you can stick in the corner running TinyDNS and never have to think about it again.
I was playing around with LX systems as MP3 players (they have onboard 16-bit stereo audio chipsets) but got stuck finding a netbootable OS that supports the DBRI audio and was fast enough to decode MP3 in realtime. The LX is just a bit too slow for this, a Sparc 5 can keep up with MP3 playback with no trouble.
Both the Ultra-2 and Sparc 20 are capable of using two CPU modules, and can be purchased cheaply with a single slow CPU then upgraded later. Both will run Solaris 8 and most every Sun binary application you can find.
In general, SBUS cards are interchangable between the Sparc 5/10/20 and Ultra-1/2 product lines. Memory is interchangable between the Sparc 20, Ultra-1, and Ultra-2.
The Sparc 20 is readily available at reasonable (think $200-$500 for a complete system, no monitor) prices . An Ultra-2 system with one CPU will run $600-$2000. I keep my Sparc 5/10/20 systems around to run OpenBSD.
Speaking of monitors, you do not need a video card, VSIMM, keyboard, or a monitor to use a Sparc as a server.
All these systems will happily use the serial port 'A' as their console, from power-on through system administration. Most Sun shops have maybe one monitor (if that), and one keyboard. Nearly every sun server I have ever dealt with has been serial consoled and networked.
All Sparc 5/10/20 systems and older Ultra-1 systems include an onboard 'le' ethernet interface. Some newer Ultra-1 and all Ultra-2 systems include an onboard 'hme' FastEthernet interface. If you purchase a Sparc 20 or Ultra system with a 10Mbps ethernet, you will want to look for a HME 100Mbps (FastEthernet) card as your first add-on SBUS card.
But the term doesn't just apply to Americans, it applies to plenty of people in other countries as well.
By the very fact that we have recognized the condition of overly-trusting authority and coined a term for it, it can be said that America has more non-sheeple than other nations.
You are mistaken. Actually 'the press' has no special rights compared to other forms of media, just some extra political power to make a stink when their normal everyday rights are violated.
IOW, the American government avoids pissing off the press, not because of any special legal protection, but more because of 'protection' in the cosa nostra sense of the word.
There is a difference between speaking your mind and making trouble for others you stupid mother fucking piece of shit.
Not according to the U.S. Bill of Rights. I believe you'll find it in Amendment 1, you totalitarianist fuckwit.
Basically, that link (http://www.epic.org/free_speech/cohen.html) demonstrates that in the USA, "freedom of the press" and more generally "freedom of speech" is all but absolute.
I have a similar, but slightly different question:
Has anybody run across a device that will transparently make two identical IDE drives appear to the controller as a single drive with twice the capacity ( Either striping/RAID-0 or concatenation)?
I know these exist to make several IDE drives in a RAID configuration appear as a SCSI interface to the host system, but cannot find a device that presents an IDE interface to the host.
Specifically, I'd like to be able to have two 80Gb IDE drives appear as a single 160Gb IDE drive to the host OS, with no appreciable loss in read/write performance.
Yes, I am aware that doing pure striping means that if one drive fails, the data on both drives is lost.
This is a trivial question that should never have been posted -- simply opening up a recent issue of Computer Shopper to the latest full-page ad from 'Dirt Cheap Drives' would have found the answer, an Arco product for $199:
The pre-order form has a space for a "promotional code", and the form suggests using their code "GG471297" for free installation.
Anybody known of other promotional codes to use?
RSLEEP(1), for distributing requests over time.
on
CVS Infrastructure
·
· Score: 2
The problem of 'everybody deciding to update their mirror at exactly 12 midnight' is an issue for more than just CVS.
I first ran into this at $VERY_LARGE_CORP where every machine was built off a standard image, which included a cron job to synchronize the clock with the master NTP server every hour, on the hour- which meant that precisely on the hour, the NTP server got slammed with hundreds of requests for the time.
I'm not sure why nobody has adopted my solution to the problem of ensuring that all the hosts do not hit the server exactly on the hour- the 'rsleep' command.
RSLEEP(1) MSG.Net General Commands Manual RSLEEP(1)
NAME rsleep - suspend execution for a random interval of time
SYNOPSIS rsleepseconds
DESCRIPTION The rsleep command suspends execution for a minimum of 1 second, and as many as seconds.
Primarily useful for scheduling cron jobs to introduce some 'jitter' in the timing of requests from numerous clients all built off the same image, for example:
5 0 * * * rsleep 300; ntpdate -s ntphost
Credits
This incarnation of rsleep was first implemented by MSG.Net in 1994 as a 'ksh' script.
I 'paste' the first 12 characters of the password in from the copy buffer using
Password Safe, then type the last four characters from memory, letter-by-letter.
If you're going to be paranoid, why be paranoid by half measures?
I tried this approach with a major US company. It failed miserably.
I found a serious design flaw and major security vulnerabilities in their systems. I attempted to notify the company, and got no response. I posted 'Partial Disclosure' to a security mailing list with just an outline of the problem and notes on where they had weak security, but I did not post details to exploit them.
The company did not respond.
Three months later, another person independently found the same issues, confirmed with me that these were the same holes I had described in my vague message, then he posted 'Full Disclosure' to the same mailing list.
This time the vendor responded, and toke action to notify users and fix the problem, nearly six months after I first notified them.
This isn't the first Microsoft vulnerability that Eeye has documented, nor the first time they have come under fire for their handling of the release of the advisory and sample exploit code.
Eeye does give Microsoft advance notice before releasing details, but the minimal advance notice they give isn't sufficient for Microsoft to get moving on a fix, much less for thousands of admins to patch hundreds of thousands of servers.
But who is ultimately at fault here? Eeye for releasing the information, or the black hat for writing the worm, or Microsoft for releasing buggy code in the first place?
The first hackers were Hardware hackers
on
Taming the Web
·
· Score: 2
Reading the article at 'Technology Review', it is very clear that the author is forgetting the roots of Technology, and the roots of hacking.
Hacking isn't about software or hardware, it's about making a system of any sort behave outside of it's designed constraints.
The very first hackers were the people who built and modified hardware, and there has always been a strong culture of hardware hacking in the USA, Germany, and many other countries.
Has everyone forgotten the days of blue boxes, satellite TV hacks, Cable TV decoders, and every other method of physically either bypassing hardware controls or building replacement hardware decoders to bypass attempts to protect content from access by unintended recipients?
For somebody purporting to write an article about the future of technology, this guy sure has ignored the history of technology.
"... Those who fail to learn from history are doomed to repeat it"
-- George Santayana
Why is it always about piracy?
on
Taming the Web
·
· Score: 2
Fiber Optic cable (not as expensive as you'd think.)
Low-power IR lasers (great for line-of-sight)
Tunneling - via leased lines, over IP, over any other bidirectional transmission that might otherwise be restricted.
More importantly, there are many uses of a 'free' Internet which have no relation with the theft of intellectual property, and which, though Corporations may wish them to be supressed, cannot be legally controlled in a "free" society.
Actually, a well-designed application proxy firewall which strictly enforces limits on HTTP requests would have blocked the 'Code Red' attack, as the exploit code is outside of usual 255 byte length limitation on 'GET' requests- this limit is set by many proxies, but is not part of the HTTP specification.
A good firewall helps by enforcing protocols, and refusing to pass unknown protocols without explicit configuration by the adminstrators.
The ultimate example of this are the various products which allow you to 'profile' the normal requests and system calls of a product, and will block anything outside of the profile.
By careful enforcement of 'least privledge' and protocol-specific proxies, a firewall can protect against attacks that are not yet known.
Dmitri should have known that he was at risk for being arrested- he took the chance of taking actions that put him at risk for being prosecuted for DMCA violations, then flew to a hacker conference in the USA to talk about the exact actions which were in violation of the law.
The best test case for unconstitutional laws are people who have volunteered to publically break the law in order to fight it, but sometimes people 'volunteer' less explicitly, like Dmitri...
Web sites only use SSL for 'sensitive' information because the calculations required to set up the SSL session and communicate with the browser has a definite cost in system load and delay in the browser receiving, decoding, and displaying the page.
A site that used HTTPS urls for every page, every graphic, every click, would 'feel' slower to the end user, and the server would not be able to handle as many concurrent users as a site which makes
New variant is a blessing in disguise?
on
Code Redux
·
· Score: 2
Actually, the new variant may be easier to eradicate than previous versions. The fact that it preferentially scans 'nearby' network address ranges means that the worm will be less widespread, and it should be easier for providers and businesses to detect infected hosts in their network, just by watching for the characteristic overflow attempts in the logs on their various webservers.
I've already seen at least one site sending out automated 'a host in your network may be infected' notices by putting up a CGI script in place of vulnerable IIS binary, and using the ARIN database to try to guess who controls the network that the attacking host resides in.
I only received the warning message because it guessed wrong:-)
The primary benefit of something like the 'Realtime blackhole list' (RBL) was that it was a centralized resource for the blocking and unblocking of actively exploited open relays.
If a site maintained an open relay, that relay would rapidly end up on the blackhole list, and ISPs using the list would immediately (the whole point of 'realtime') start rejecting spam relayed through that specific host.
More importantly, when the site fixed their open relay, and proved this to the list maintainer, they would immediately be removed from the list. This is a vast improvement over the old way doing things, where each of thousands of sites would manually add known open relays to their own private blocking list, and might never be removed from some of them, depending on the whims of individual admins.
Obviously you are biased due to ORBS having blocked your site. IIRC, ORBS doesn't call you 'spammers' for blocking their probes, they have a distinct category for sites that cannot be tested... if they called you spammers, it was because you sent spam.
In the USA, asking "Have you ever been arrested"? is in unlawful question according to most state Equal Employment Opportunity (EEO) laws, and may run afoul of the Federal EEOC regulations.
Unless you are forced to hire a female due to company policy or the law, do not choose a female system admin.
Choose the best qualified person for the position, male or female. You might ask, "What if I have two equally qualified applicants, one male, one female?".
IMHO, that's bullshit, a cop out- in the IT world, there is no such thing as two equally qualified applicants. I assume your company exists for the purpose of making a profit for the owners or shareholders, not to make the world a better place for women...
If you choose to hire a female candidate out of some misguided notion of righting past wrongs, you are derelict in your duty. Your primary overriding purpose is "Maximize shareholder value". You do this by hiring based on what the employee can offer the company, with no regard for the color of their skin or the number of X chromosomes in their DNA.
Trust me, you don't want to be a SysAdmin, it is a crappy job, the glorified digital equivalent of being 'Building Engineer' at a Public Housing project.
Instead, consider taking a position at a smaller company where you would wear many hats- Network Engineer, Programmer, Analyst, and also, System Administrator. If the company grows, hire yourself a PFY (aka 'Junior Admin') to do the grunt work.
The best way to get real world experience is to find a small but growing company that cannot afford to hire somebody who is already experienced in system administration.
I find the idea of a 'functional' interview where you ask the prospective employee to solve real problems that you are currently facing to be a major insult.
The only thing worse is a company that asks you to come in to work for a few days, without pay, to 'see if you are a good fit'.
I've been a corporate employee, I have been a consultant, and asking me to solve your operational problems or spend a few days working for you isn't part of a job interview, it's a very short consulting gig- and should pay accordingly.
Trying to get job candidates to give you for free what would cost you thousands of dollars from a consulting firm is a slimy and unethical interview practice, and should never be tolerated.
Unfortunately, I don't know of any way to refuse these requests without ensuring you won't get the job- no big loss, who would want to work for a company that behaves in such a manner?
Slashdot Mirror
Most production Sparc installations don't have any Sun monitors, and order their servers without a video card.
Spend the money you save from not buying a monitor or frame buffer on RAM, especially if you plan to run Solaris --- Solaris thrives on extra memory.
Load OpenBSD on an LX with 48Mb RAM and you have a nice little secure box you can stick in the corner running TinyDNS and never have to think about it again.
I was playing around with LX systems as MP3 players (they have onboard 16-bit stereo audio chipsets) but got stuck finding a netbootable OS that supports the DBRI audio and was fast enough to decode MP3 in realtime. The LX is just a bit too slow for this, a Sparc 5 can keep up with MP3 playback with no trouble.
In general, SBUS cards are interchangable between the Sparc 5/10/20 and Ultra-1/2 product lines. Memory is interchangable between the Sparc 20, Ultra-1, and Ultra-2.
The Sparc 20 is readily available at reasonable (think $200-$500 for a complete system, no monitor) prices . An Ultra-2 system with one CPU will run $600-$2000. I keep my Sparc 5/10/20 systems around to run OpenBSD.
Speaking of monitors, you do not need a video card, VSIMM, keyboard, or a monitor to use a Sparc as a server.
All these systems will happily use the serial port 'A' as their console, from power-on through system administration. Most Sun shops have maybe one monitor (if that), and one keyboard. Nearly every sun server I have ever dealt with has been serial consoled and networked.
All Sparc 5/10/20 systems and older Ultra-1 systems include an onboard 'le' ethernet interface. Some newer Ultra-1 and all Ultra-2 systems include an onboard 'hme' FastEthernet interface. If you purchase a Sparc 20 or Ultra system with a 10Mbps ethernet, you will want to look for a HME 100Mbps (FastEthernet) card as your first add-on SBUS card.
But the term doesn't just apply to Americans, it applies to plenty of people in other countries as well.
By the very fact that we have recognized the condition of overly-trusting authority and coined a term for it, it can be said that America has more non-sheeple than other nations.
This isn't as difficult as it sounds, trying all 1081 possible combinations takes about 10 minutes when done by hand.
IOW, the American government avoids pissing off the press, not because of any special legal protection, but more because of 'protection' in the cosa nostra sense of the word.
Not according to the U.S. Bill of Rights. I believe you'll find it in Amendment 1, you totalitarianist fuckwit.
Basically, that link (http://www.epic.org/free_speech/cohen.html) demonstrates that in the USA, "freedom of the press" and more generally "freedom of speech" is all but absolute.
Has anybody run across a device that will transparently make two identical IDE drives appear to the controller as a single drive with twice the capacity ( Either striping/RAID-0 or concatenation)?
I know these exist to make several IDE drives in a RAID configuration appear as a SCSI interface to the host system, but cannot find a device that presents an IDE interface to the host.
Specifically, I'd like to be able to have two 80Gb IDE drives appear as a single 160Gb IDE drive to the host OS, with no appreciable loss in read/write performance.
Yes, I am aware that doing pure striping means that if one drive fails, the data on both drives is lost.
http://www.dirtcheapdrives.com/cgi-bin/GProductVi
The product requires the second drive to be of 'equal or better size' to the first, and works with ATA, IDE, EIDE or U/DMA hard drives.
Anybody known of other promotional codes to use?
I first ran into this at $VERY_LARGE_CORP where every machine was built off a standard image, which included a cron job to synchronize the clock with the master NTP server every hour, on the hour- which meant that precisely on the hour, the NTP server got slammed with hundreds of requests for the time.
I'm not sure why nobody has adopted my solution to the problem of ensuring that all the hosts do not hit the server exactly on the hour- the 'rsleep' command.
RSLEEP(1) MSG.Net General Commands Manual RSLEEP(1)
NAME
rsleep - suspend execution for a random interval of time
SYNOPSIS
rsleep seconds
DESCRIPTION
The rsleep command suspends execution for a minimum of 1 second, and as many as seconds.
Primarily useful for scheduling cron jobs to introduce some 'jitter' in the timing of requests from numerous clients all built off the same image, for example:
Credits
This incarnation of rsleep was first implemented by MSG.Net in 1994 as a 'ksh' script.
If you're going to be paranoid, why be paranoid by half measures?
I found a serious design flaw and major security vulnerabilities in their systems. I attempted to notify the company, and got no response. I posted 'Partial Disclosure' to a security mailing list with just an outline of the problem and notes on where they had weak security, but I did not post details to exploit them.
The company did not respond.
Three months later, another person independently found the same issues, confirmed with me that these were the same holes I had described in my vague message, then he posted 'Full Disclosure' to the same mailing list.
This time the vendor responded, and toke action to notify users and fix the problem, nearly six months after I first notified them.
Eeye does give Microsoft advance notice before releasing details, but the minimal advance notice they give isn't sufficient for Microsoft to get moving on a fix, much less for thousands of admins to patch hundreds of thousands of servers.
But who is ultimately at fault here? Eeye for releasing the information, or the black hat for writing the worm, or Microsoft for releasing buggy code in the first place?
Hacking isn't about software or hardware, it's about making a system of any sort behave outside of it's designed constraints.
The very first hackers were the people who built and modified hardware, and there has always been a strong culture of hardware hacking in the USA, Germany, and many other countries.
Has everyone forgotten the days of blue boxes, satellite TV hacks, Cable TV decoders, and every other method of physically either bypassing hardware controls or building replacement hardware decoders to bypass attempts to protect content from access by unintended recipients?
For somebody purporting to write an article about the future of technology, this guy sure has ignored the history of technology.
Low-power IR lasers (great for line-of-sight)
Tunneling - via leased lines, over IP, over any other bidirectional transmission that might otherwise be restricted.
More importantly, there are many uses of a 'free' Internet which have no relation with the theft of intellectual property, and which, though Corporations may wish them to be supressed, cannot be legally controlled in a "free" society.
A good firewall helps by enforcing protocols, and refusing to pass unknown protocols without explicit configuration by the adminstrators.
The ultimate example of this are the various products which allow you to 'profile' the normal requests and system calls of a product, and will block anything outside of the profile.
By careful enforcement of 'least privledge' and protocol-specific proxies, a firewall can protect against attacks that are not yet known.
The best test case for unconstitutional laws are people who have volunteered to publically break the law in order to fight it, but sometimes people 'volunteer' less explicitly, like Dmitri...
A site that used HTTPS urls for every page, every graphic, every click, would 'feel' slower to the end user, and the server would not be able to handle as many concurrent users as a site which makes
I've already seen at least one site sending out automated 'a host in your network may be infected' notices by putting up a CGI script in place of vulnerable IIS binary, and using the ARIN database to try to guess who controls the network that the attacking host resides in.
I only received the warning message because it guessed wrong :-)
The primary benefit of something like the 'Realtime blackhole list' (RBL) was that it was a centralized resource for the blocking and unblocking of actively exploited open relays.
If a site maintained an open relay, that relay would rapidly end up on the blackhole list, and ISPs using the list would immediately (the whole point of 'realtime') start rejecting spam relayed through that specific host.
More importantly, when the site fixed their open relay, and proved this to the list maintainer, they would immediately be removed from the list. This is a vast improvement over the old way doing things, where each of thousands of sites would manually add known open relays to their own private blocking list, and might never be removed from some of them, depending on the whims of individual admins.
Obviously you are biased due to ORBS having blocked your site. IIRC, ORBS doesn't call you 'spammers' for blocking their probes, they have a distinct category for sites that cannot be tested... if they called you spammers, it was because you sent spam.
Here is a list of some other 'inappropriate' interview questions: http://www.sunfeatures.com/inapprop.htm
Choose the best qualified person for the position, male or female. You might ask, "What if I have two equally qualified applicants, one male, one female?".
IMHO, that's bullshit, a cop out- in the IT world, there is no such thing as two equally qualified applicants. I assume your company exists for the purpose of making a profit for the owners or shareholders, not to make the world a better place for women...
If you choose to hire a female candidate out of some misguided notion of righting past wrongs, you are derelict in your duty. Your primary overriding purpose is "Maximize shareholder value". You do this by hiring based on what the employee can offer the company, with no regard for the color of their skin or the number of X chromosomes in their DNA.
Instead, consider taking a position at a smaller company where you would wear many hats- Network Engineer, Programmer, Analyst, and also, System Administrator. If the company grows, hire yourself a PFY (aka 'Junior Admin') to do the grunt work.
The best way to get real world experience is to find a small but growing company that cannot afford to hire somebody who is already experienced in system administration.
The only thing worse is a company that asks you to come in to work for a few days, without pay, to 'see if you are a good fit'.
I've been a corporate employee, I have been a consultant, and asking me to solve your operational problems or spend a few days working for you isn't part of a job interview, it's a very short consulting gig- and should pay accordingly.
Trying to get job candidates to give you for free what would cost you thousands of dollars from a consulting firm is a slimy and unethical interview practice, and should never be tolerated.
Unfortunately, I don't know of any way to refuse these requests without ensuring you won't get the job- no big loss, who would want to work for a company that behaves in such a manner?