Ask Bloggie

November 19th, 2006

Comprehension and Retention

Posted by Paul Murphy @ 8:52 am

Categories: Advice

Tags:

I need your help in doing a simple experiment - and yes, I'll report the results here.

The purpose of the thing is to see whether there are grounds for believing that a more controlled experiment would reveal systemic differences in information comprehension and retention depending on whether that information is conveyed on paper or on screen.

This is important because a difference in either, or both, comprehension and retention, would mean that a wide range of significant endeavours, from stock market and related financial decision making to public education, have been more affected by the transition from paper to screen than we previously understood.

Read the rest of this entry »

August 16th, 2006

How and why to use Sun Ray

Posted by Paul Murphy @ 5:45 am

Categories: Advice

Tags:

I’ve just moved from Ontario back to my home province of Alberta - where the Sun shines, the air is clean, and the economy is booming.

During the move we ran a series of eight chapter summaries, or notes to myself, for a possible book on how and why to use Sun’s Sun Ray thin clients and smart displays along with a guest blog written by frequent contributor Roger Ramjet.

The point of doing this was to request comment, guidance, and alternative ideas - and I got some interesting stuff, but I know more people have more to say and so this is being posted to askbloggie in a kind of reversal: I’m asking you for help, instead of having you ask me for help.

What I’m hoping you’ll do is show me the errors of my ways - the counter arguments and as many of the things I’ve missed as possible. You do not have to be kind; what I’m looking for is reasoned argument, not necessarily support.

The biggest problem I want to address arises from the fact that corporate IT management is dominated by data processing people and their Windows successors - meaning that their instinct is to use smart displays as thin clients in an attempt to recreate the 1970s mainframe systems and therefore that users will fight tooth and nail to keep their PCs instead.

So the subtext on every page, in every paragraph, of every sentence is going to be that things don’t have to go that way

Read the rest of this entry »

April 6th, 2006

Ageism, IT, and Jobs

Posted by Paul Murphy @ 3:13 am

Categories: Advice

Tags:

Here’s the askbloggie request:

Dear bloggie:

I am in a rut and was hoping you could help me. I know you are busy and I will understand if you choose not to reply. I just hope this email gets to you and you do actually read it.

I chose to email you because, quite frankly, I don’t know who else to turn to. I can’t speak openly to other IT guys in my workplace.

I have been a fan of your blog and your writing for a few years. I keep a copy of your "Using Linux in Your Resume" article on my cork board and refer to it regularly when updating my resume.

My email to you is to ask some advice as to how to get out of this rut I have dug myself into. Here is my situation. This is my seventh year in IT. I am a senior support IT guy. I like IT and want to stay in it. I get a very good salary where I am. But my problem is — I do nothing. I am bored out of my mind day in and day out. There is no work for me. I just sit around thinking of things to do to occupy my time. This has been going on for almost 2 years now. I am desperately trying to leave to go somewhere else where I actually do work.

My problem is, I can’t get any other job. And it’s a two fold problem. Firstly, I am a senior IT guy. I am over qualified for level 1 support jobs. I also can’t afford the pay cut. But it seems that I am under qualified for other jobs at my level and especially senior jobs. I have been bombing one intervew after another. And the truth is, it’s becuase I haven’t done that much at the job I have been at.

I read books and attend seminars on other technologies. But at the interviews I fail. And I think it’s because I don’t have the real world hands on experience with the products. I just have the genereal overview of what the books teach. So the technical interviewers stump me when they throw real world scenarios at me that someone with my years of expeirence should be able to handle.

Any thoughts or advice would be greatly appreciated.

Signed: trapped in my job

Dear trapped:

Ok, so you’re getting to the interview stage but not getting the jobs?

Let me tell you two stories. First, there’s one about my friend John. John’s an HP-UX sysadmin for a local company. He’s competent, got his head screwed on straight, comes to work every the morning and always gets the job done. Great, except he can’t get a better job to save his life -in large part because his boss loves Windows and deprecates his abilities, doesn’t assign him to new projects, and doesn’t promote him to to his own colleagues. I’ve been telling him to quit for years, but he’s comfortable where he is because they pay well and it’s a "no suprises" job.

Secondly, I once argued that a group of employees at a Winnipeg company whose IT managers had left them trapped in the System 36/SSP world for at least a decade after the thing was widely recognized as obsolete should launch a Worker’s Compensation Board claim. They didn’t have the stomach for it, but I saw their inability to get work after the company went under more as management’s responsibility then as theirs: after all, they had done everything asked of them, but management had failed to take their career needs into account - and had, at least in my opinion, intentionally stuck with obsolete technology as a way of reducing turnover in IT.

I think you’re facing something similar: your bosses have to know you’re wasted in your present role, and their failure to do something about that borders, to my mind, on criminal dereliction because they have a responsibility to you. Unfortunately I’m not aware of anything in the law, on either side of the US/Canadian border, that bears on this so it is clearly going to be up to you to do something about it.

You’ve been trying to get out, getting the interviews, but then bombing out. You say this is because you fail the interview tests when they throw real world scenarios at you that you should be able to handle, but can’t.

I’ll bet you can and it’s the interview process and environment that’s throwing you off. Now the reason I say that is because there are really only two kinds of things they can throw at you in qualification interviews, and there are "always right" answers to both kinds.

The purely factual ones come up if you get into a position where you’ve gotten to the interview by claiming expertise and they want to see if you really have it. If, for example, you’re applying for a programming job with a Solaris software developer you’ll get questions like: "What does the def statement look like in Greenhills to use the SPARC SIMD instruction set?" (None needed) or "How would you structure a function, in Java, to compute the greatest common divisor of a pair of integers?" (a recursion: if (a == 0) return b; return gcd(a, b%a))

If you get hit with these, don’t babble: trust yourself enough to think it through before answering and if you really don’t know, say you don’t know and move on.

The real bottom line on these, however, is simple: if you don’t have the expertise, don’t apply for the job. And there’s a corolary: if you were competent with earlier generations of the tools the employer wants expertise on, say so up front. Tell them you were really good with K&R C on NCR Unix VR3, that you’ve read about and think you understand more recent developments but don’t have much hands on experience with that technology, and leave them the decision on what it means in terms of start-up costs on hiring you.

So what’s the always right answer to a question like: "Can you sketch a Forth program to verify an ATA drive bay for a SATA drive?" Honesty: don’t exaggerate your qualifications, admit what you don’t know, commit to learning, and sell what you do know.

The judgement/action interview scenarios are more management focused and are designed to see if you can use. or apply, specific technologies or ideas. For example: "How do you find and stop all unauthorized wired or wireless access from inside the company?"

You should know this has something to do with MAC address authentication, but you can’t know the specific technologies the employer has in place, the DHCP/Mac address policy for visiting laptop users, or whether they recycle network cards from failed PCs -so tell the interviewer about the things you don’t know, mention some software that does some of this, (e.g. Cisco does some of everything, usually badly -:) ) and talk sensibly about what you’d have to find out, and where you’d look for the information, before taking action.

Bottom line: you need to know what to do, and where to get the information you need on doing it with whatever technology the employer has or needs to get, but you do not need to know which IOS facilities to invoke or which buttons to push to do that.

None of this stuff applies to human interaction or judgement scenarios of the kind you get in management interviews: "Milly says she’ll file a sexual harrassment suit if you don’t get Rube to stop giving her the best assignments…"; but if someone posits a specific technical scenario and asks you for the solution steps, it’s always right to admit you don’t know - provided the job you’re applying for is genuinely within your range and you show that you understand the generic issue well enough to go about getting the job done.

So what’s the always right answer for these? "I don’t know, but I know how to find out and what issues to worry about."

Now all of this assumes you have a level playing field: the jobs you’re applying for are appropriate, your boss doesn’t secretly sabotage your efforts (I know one IT manager who makes it policy to badmouth current and former employees as a way of reducing turnover), and you’re not sabotaging yourself by doing something inappropriate -like bringing a Tadpole to an interview at Microsoft.

And that leaves you with two possible reasons for getting lots of interviews and no jobs: first, you really could have a skills deficit; and, second, you could be a victim of ageism or other prejudice.

The answer to a skills deficit is education and practice, the answer to prejudice is community.

If the job you want involves a technology you don’t know, or simply requires a facility you don’t have because you don’t practice enough - then go get the experience or education you need.

Volunteerism works well for this: go find a hospital, a community organization, or a political campaign that is big on needs, low on money, and go help them. Take responsibility: not "can I help with your website?" but "I’ve a got a web server, time, and commitment to your goals. Here’s what i can do to help…" They won’t put you in charge of the crown jewels (usually the membership list) on day one, but they’ll be results focused and you can earn their trust by being yourself, being honest about your goals, and delivering the results they need.

Remember, nothing will force you to stretch your technical skills more or faster than a bunch of unreasonable users whose satisfaction you actually care about.

Formal education can be valuable too, depending on what it is and how it applies. There’s a non obvious bit to this, in that SOX has made some useless certifications valuable again. For example, training certification in Oracle tuning may be pretty meaningless for you, but may meet an employer’s SOX control criterion. It’s sad but true, most American public companies are being forced by their auditors to prove IT staff certifications - so offering that kind of employer a bunch of certifications having nothing whatsoever to do with your job may be just the ticket for getting the job -not because they apply to your new job or actually mean anything, but because they’ll let your new boss tick off some boxes on an audit checkoff list.

Enrolling in long term professional qualification programs like Canada’s CGA or CMA programs can provide real long term value - look carefully at your own needs and abilities, decide what works, and then act.

Ageism, the belief that young people make better employees than the middle aged or older people, is rampant in IT. Few want to admit it, but most IT managers want to hire people who are younger then they are, who will not question their decisions, who fit into age and cultural groups assumed to be "Windows friendly," and who are perceived as willing to put in long hours for minimal non financial rewards. Remember, weak people hire weaker people - and the weakest people in the workplace are young, are under qualified, have trouble with English, or just don’t get socially involved.

The answer to prejudice in general and ageism in particular, is community. Look deep into the psyche of your average late twenties, early thirties, IT manager - particularly the Windows kind - and his deepest, most secret, fear will be of being found out as a fraud -and just the sight of your older face will trigger subconscious memories of negative judgements by parents and teachers.

Now, of course, the people who know you, know better -and that’s really the answer: get more people to know you, not as an older face, but as a "good guy;" as someone like my friend John, who’s got his head screwed on straight and gets the job done.

So how do you build a community around yourself?

From inside your present job you do it by finding a niche, and making yourself known for it. Do your colleagues use Windows? Great, set up Linux on your home PC and start teaching other people how to use it on theirs - become the go to guy for home Linux users in your existing community and square it with the bosses by doing it on your own time and gear.

Become an expert on something; it really doesn’t much matter on what. Find something you’re good at and enjoy, then become the local expert on it. Communicate your enthusiasm, and the community will build itself either around you or to accomodate you. Either way, you win -and they win too.

Getting involved with an open source project can help, but often doesn’t. The problem is that the internet both facilitates community building and takes away the value of locale - meaning that it’s like working from home: you’ll get lots of new contacts and learn a lot, but your new friends won’t actually know you and they’ll be spread across too large a geographical area to be value to you in job hunting.

Building communities outside work is much harder than doing it inside your current company or field. Volunteer work helps. Training and education are playgrounds for socialization. Join things, work at making new contacts.

Join a business card exchange (aka a professional group), and shake lots of hands while siding with majority views on the latest speaker: you know the game, go play it.

One option to consider is moving right out of your present job to one that forces you to build community. Know some recruiters? there’s high turn-over in their industry, so have them talk their bosses for you and become one: you’ll soon know every employer in town - More importantly, they’ll know you.

Communities beat prejudice by adding factual knowledge and creating social counter presures. Get to the interview stage in your job hunt with a community behind you, and your next boss will have heard good things about you before the interview - meaning he’ll go into it looking for a reason to hire you, not a reason to skip to the next file.

And did I mention that it helps to be lucky?

 

February 10th, 2006

How to deploy Windows software on Sun Ray

Posted by Paul Murphy @ 1:18 pm

Categories: Advice

Tags:

Here’s the core bit from the question I got:

I’m doing some research for my Unix/Linux Administration class, and I’m wondering about Smart Displays. I’m looking for more information on how to run Windows and Unix programs on them simultaneously and I’m assuming that there would be a Windows server involved somewhere. Would I be correct in this assumption?

Yes and no, mostly yes.

There are many different ways to provide access to Windows applications on Sun Ray smart displays. This Sun page offers "white papers" and real how-to information on a wide range of choices.

Of these, the least troublesome, and often most effective, require the use of a Windows 2003/XP or comparable Microsoft server, while those offering the lowest cost and the most interest to home or hobbyist users provide the needed services on a Linux or other Unix machine.

For example, WINE (Wine Is Not an Emulator) runs most major market Windows applications directly on Linux (or Solaris for x86) by plugging in emulated libraries. Getting things working can be a pain, so "crosss over" products like those from codeweavers and win4lin cost something but let you install and run most major MS apps out of the box.

WINE is much better than most people believe, but its downside is simply that you can’t trust all users with it - the more users you have, the more likely it becomes that someone will try to show how smart he, or she, is by taking WINE outside the boundaries of what it will do, and thereby bring it, and ultimately you, down.

Rdesktop provides a very good open source mechanism linking your Unix desktop to a Microsoft Terminal User slot on a Windows/XP or 2000 server. That gives you reliable Windows application access on your Linux, Solaris, or Sun Ray desktop.

At the moment the biggest downside is that some functions, noteably sound, have yet to be mapped to their Unix equivelents.

Citrix Metaframe offers a high end commercial solution that obviously requires a Windows server to run on, but nicely lets your Unix desktop (console or Sun Ray) handle Windows and Unix applications concurrently.

The downside on Citrix is licencing cost, downstream suppport complexity, and its Windows centric support and implementation processes - in other words, a good Windows person will feel right at home with it, while a Unix sysadmin will get (I know I did) pretty frustrated.

Tarantella is pretty much a Citrix competitor but based on earlier technology. This is probably the easiest option to implement, works quite well, and is considerably cheaper (particularly now that Sun owns it) than Citrix despite the extra hardware needed.

I suspect that Tarantella is one of those products you have to use for a long time to get to like. Personally, I’ve never understood why it didn’t go out with the 486, but some people I respect swear by it and assure me that what I see as kludgey operational complexity is actually simple and valuable.

There are some less heralded options too.

For example:

1. if your employer requires you to use Windows for some jobs but you can get your hands on a Sun Ray with a big screen, you can put that Windows machine in a storage closet (or under your desk) and then map its display to a CDE or other Solaris Window on your Sun Ray using VNC - just run the server on your PC and the client on your primary Solaris host.

2. Once upon a time there was a product called WABI - Windows Application Binary Interface- that ran on Solaris 2.5.1 (and HP-UX and a few others too) which allowed users to run Windows 3.11 binaries on the Unix machine. WABI was insanely great: at one time I had 30+ 21" NCD X-terminals running a major application and made Windows 3.11 available to all of them via WABI running on a SPARC 20 with dual Hypersparc 125s -that gave me today’s PC graphics on 21" screens and running much faster than on a 486. Legal action killed that and Sun’s replacement was the PC co-processor board - putting a 486 then or Pentium now into your SPARC machine to load and run Windows as just another Unix network task. Personally I think the graphics and mouse control transfer issues have never really been resolved for this, and don’t recommend it -but it can be useful for running (and rebooting) some Wintel applications directly under a Solaris monitor.

One word of caution, however. It’s been my experience that using Wintel software as part of a transition to Unix ends up being self defeating because busy users won’t take the time to learn - they’ll just use whatever opportunities you give them to carry forward whatever they already know.

For example, I once gave a bunch of bookkeeppers access to their old MS-DOS based accounting software on a new SCO Unix system loaded with an integrated RealWorld accounting system. My idea was that they would use MS-DOS access to ease the transition and move data from the old software to the new, but a year later they were all still running the old stuff - turning my ten user Realworld machine into ten underpowered MS-DOS machines.

More recently I’ve seen the same thing happen to a company which decided to transition the majority of its MS-Office users to OpenOffice.org but elected to give them temporary Windows access during the transition period. It’s been two years now: and no one’s made the change.

So here’s my advice with respect to running Windows on Sun Ray: it’s not hard to do, and you have many widely supported options, but you should ask yourself if it’s really necessary and avoid it where possible.

January 24th, 2006

Are Wi-Fi security myths good for deterrence?

Posted by George Ou @ 2:10 am

Categories: Advice

Tags:

In response to my popular "The six dumbest ways to secure a Wireless LAN", Timothy wrote a letter to me asking if there was any legitimate deterrence value against the casual hacker to some of the common myths in securing a Wireless LAN such as "SSID suppression", "DHCP restrictions", and "MAC filtering".

Timothy writes:

I had some opinions on those specific items and I was curious what your thoughts were. My feeling is that most vulnerabilities to a network come from more subtle sources than a blatant hacker. While the three items mentioned will not keep out skilled hackers they may help secure a network from the malicious intent of a non-technically skilled disgruntled employee or contractor. I worked for a company with 20,000 employees and about 98% of them wouldn’t even know the definition of the word hacker. That being said they may know how to bring in their home laptop and connect it to the wireless network. If MAC filtering is enabled along with DHCP restrictions or SSID broadcasts disabled this may help protect a network from the majority of less technically savvy users that have just enough knowledge to connect to a network and do harm.

I think these methods should be encouraged along with WPA and future wireless security standards.  What are your thoughts?

Respectfully,
Timothy

My response to Timothy:

This is the same question I get over and over again and I give the same answer over and over again.  I’m going to clear this issue once and for all.

Does MAC filtering offer any deterrence value?  Technically yes but you’d be extremely "stupid" (I don’t know how else to describe it) to employ it.  The reason it’s so "stupid" is that MAC filtering is 10 times harder to deploy than configuring WEP yet WEP is 10 times more difficult to break than MAC filtering.  So essentially you’re getting 1/10th the deterrence value for 10 times the work.  If we ignored the security argument against MAC filtering, anyone who would prefer the less effective yet more painful solution can only be described as "stupid".  The same is true of SSID broadcast suppression and DHCP disabling.  If you think about it, MAC filtering and DHCP suppression makes WLAN management unbearable.  To "encourage" these methods is to engage in obfuscation of the truth and will only result in confusion.  I believe there needs to be a clear and simple answer on this, and the clear practical answer is a resounding NO.  "SSID suppression", "DHCP restrictions", and "MAC filtering" are a huge waste of time.  If you absolutely can’t run good WPA security, just turn on WEP for some real deterrence.

Having said that, it’s ironic that WPA-PSK security when used correctly has no known method of being cracked yet it’s even easier to deploy than WEP which is breakable in a couple of minutes.  WEP on the other hand is much easier to deploy than MAC filtering which is breakable in a matter of seconds using freely available GUI tools that run on Linux.  These simple-to-use tools will actually scan the air in real-time and display hidden SSIDs in the clear, MAC address in the clear so you can cut-paste them in to the MAC spoofing utility, and IP schemes are clearly displayed.

Now since you mentioned you had 20,000 employees, MAC filtering management gets out of hand the minute there is more than 1 AP and more than 10 users.  With 20,000 users and maybe 100 Access Points, you’re looking at 2 millions MAC addresses you need to enter across all the Access Points.  If you had a RADIUS server to manage the MAC addresses centrally, you’ll cut that number down to 20,000 MAC addresses but it’s still insanely difficult to manage.

Since this is an enterprise deployment and it’s all but impossible to keep a static secret in the form of a WPA-PSK pass-phrase; you really should be deploying WPA Enterprise which ironically is even easier to deploy than WPA-PSK.  All you need is a RADIUS server which comes free on Linux and is included with Windows 2000 and 2003.  The RADIUS server in Windows 2003 easily integrates in to Active Directory (or NT domain) which in turn allows you to centrally manage certificate policies and client-side wireless configuration settings using Group Policies.  This means all 20,000 users (if they were Windows XP SP2) could be configured for WPA Enterprise mode in a matter of minutes!  So if we completely ignore the superior security argument, MAC filtering and all the other myths are a huge waste of time.

December 1st, 2005

Can you make Linux easy?

Posted by Dana Blankenhorn @ 1:19 pm

Categories: Advice

Tags:

Frank in Charlotte (the Golden City) asks,

I’ve always wanted to learn about and try Linux but ‘Net search results are a chow mein of technical chatter. Is there a site that talks about Linux for the novice? And how do I get a copy of Linux?

Dear Frank:

The glib answer is to get yourself the latest edition of "Linux for Dummies," although I prefer a competing title, O’Reilly’s Linux Pocket Guide.

Slashdot editor Robin Miller also offers "Point and Click Linux", which for $20 (plus shipping etc.) includes a CD-ROM with SimplyMEPIS Linux, and a DVD where Roblimo himself helps guide you through.

Want some free Linux? Just about any Linux project offers free downloads. There are many links to such locations at Linux.org.

Still confused? Linuxquestions.com promises to treat your questions with respect. Remember, as ESPN’s Chris Berman said, that there are no stupid questions, only stupid people who ask questions. Bloggie humor.

Just remember that knowledge is the greatest gift you can give yourself, and time spent learning Linux is always time well spent.

November 28th, 2005

So why do people hate Windows?

Posted by Dana Blankenhorn @ 5:00 pm

Categories: Advice

Tags:

"Mired in New Zealand" asked, in part, " I was having some trouble believing that Windows is such the slam-dunk winner that it’s purported to be over Linux."

Paul answered with some great comparisons on issues of security. Security is one way to measure durability.

But durability is another way to measure durability. And when it comes to having a system that lasts, Windows has some "issues."

While I write about Linux for a living, I have in fact been the owner of many Windows boxes. I even have a copy of Windows 1.0, hand-signed in the manual by Bill Gates himself, from the software’s launch party.

What I’ve noticed is that Windows winds down hardware. As time goes by, patches and updates and upgrades and necessary applications load my box up with code that hogs my memory, and takes up CPU cycles, until the memory and cycles needed for new work magically disappear. Then you’re supposed to replace the box, and over time buy new software.

It’s a form of built-in obsolescence that has nothing to do with a PC’s features becoming tired. The PC itself just becomes slow and clunky. The only way to extend its life, eventually, is to reload Windows itself. No way to spend a day, that.

Recently I reviewed a product called The Ultimate Troubleshooter that claims to solve the problem of Windows, and its applications, wasting space and time.

It doesn’t. Not really. These things persist. You turn them off and they come back on, like viruses. Anti-viral monitors, monitor monitors, Java monitors, Microsoft FindFast, Skype and Google Talk and Windows Messenger clients. They’re taking up memory, and running processes, whether they’re doing anything or not.

The best way to slow them down I’ve found is to turn the computer off regularly, so I would never run a Windows server if I expected 24-7 service.

Google doesn’t run Windows. Neither do most big Web sites.

So, while I can understand that patching a Linux server is a hassle, there’s something to be said for control and real durability. Windows may be idiot-proof, but if you want something to be on all the time get a useful idiot who knows Linux.

November 28th, 2005

Does Windows rule?

Posted by Paul Murphy @ 4:29 pm

Categories: Advice

Tags:

Here’s the reader request:

 

Dear Bloggie:

I rec’d this email newsletter today, and I found it very interesting, and admittedly down right controversial. As a Windows guy, even I was having some trouble believing that Windows is such the slam-dunk winner that it’s purported to be over Linux. What are your 2 cents? I’d love to see a blog entry on this. This is of particular interest to my IT shop since we’re contemplating a move from our z/OS environment to possibly a Linux environment.

 

 

From: WindowsITPro Update
[mailto:WindowsITPro_UPDATE@list.windowsitpro.com]
Sent: Tuesday, November 22, 2005 2:19 PM
To: Mired in Zealand
Subject: Microsoft vs Linux 2005: It’s All About Reliability

by Paul Thurrott, News Editor, thurrott@windowsitpro.com …

OSS proponents have been pushing the supposed security, reliability, and durability advantages of Linux over Windows for years now. My gut feeling has always been that were Linux installed in as many production environments as Windows, it would fall apart as much or more, albeit in different ways. What’s lacking, of course, is evidence. Whereas Microsoft has sponsored study after study to examine the competitive advantages of Windows and Linux, the cozy relationships between the software giant and the companies making these studies always made the results less than believable.

Last week, however, I think we reached a turning point in understanding how Linux and Windows differ in the real world. Yes, yet another study is involved, and yes, Microsoft commissioned this one as well. However, the company that performed the study, Security Innovation, is highly regarded for its independence and methodology. In this study, "Reliability: Analysing Solution Uptime as Business Needs Change", [URL added - murph] Security Innovation examines the real-world reliability of Windows and Linux, not abstract and often pointless statistics such as uptime.

…

As part of the study, sets of experienced Windows and Linux systems administrators were given control of e-commerce environments based on their respective systems. The Windows environments were based on Windows 2000, then upgraded to Windows Server 2003 and any applicable hotfixes and security patches during the simulated year of the study. The Linux environments began life with Novell SuSE Linux Enterprise Server 8 and were upgraded to SuSE 9 and any applicable updates. Both groups of administrators had to configure and maintain the systems over time, introduce new functionality to the e-commerce application over time (including personalisation, dynamic search, and list-targeting features), and perform the major OS version upgrades. Security Innovation examined the performance of the administrators, noting how long they took to execute each task.

At a high level, the Windows systems were dramatically more reliable than the Linux systems. On average, patching Linux took six times longer than patching Windows, and there were almost five times as many patches to apply on Linux (187) as there were on Windows (39). More important, perhaps, the Linux systems suffered from 14 "critical breakages," software dependency failures in which software simply stopped working on those systems. Windows had no dependency failures.

 

Signed: Mired in Zealand

 

Sounds compelling doesn’t it? I thought so, in fact I thought both this newsletter and the Reliability study it reports on were among the best things of this kind I’ve seen. On the other hand there’s a challenge to the Linux community here we’d be fools to ignore.

As step one, lets look closely

Read the rest of this entry »

November 15th, 2005

How do you stop Sony's rootkit at the office?

Posted by George Ou @ 10:30 am

Categories: Advice

Tags:

Some colleagues of mine were asking me how to stop CDs from auto-playing which allows something like Sony’s rootkit to install on their computers.  The solution is actually quite simple and effective with Microsoft Active Directory Group Policy.  It’s easy to disable auto-play from every single computer in the Enterprise globally with just a few tweaks in Group Policy and here’s how you do it.  The same technique works for individual PCs as well.

Open up the "Active Directory Users and Computers" console.  Right click on the top of the Active Directory and click "Properties"

Jump to the "Group Policy" tab, highlight "Default Domain Policy", and then click "Edit".

Expand "Computer Configuration" as shown below and click on the "System" folder.  On the right hand pane, double click "Turn off Autoplay".  Note that home users can jump to this screen by typing "gpedit.msc" from their "Start-run" prompt.  If you’re not sure what that means, it’s probably not a good idea to mess with "gpedit.msc".

Choose "Enable" and select "All drives" to turn auto-play off for any device including CD and DVD drives and hit "Apply".

Close everything out and every computer on your domain is protected against auto-play and the Sony rootkit.  Any business or organization that is serious about security should do this immediately.

November 1st, 2005

Lost in the Ethernet

Posted by Dana Blankenhorn @ 11:56 am

Categories: Advice

Tags:

Dear Bloggie,

I have both Windows XP Pro and Redhat Linux on my notebook computer. I love using the Linksys WPC54G PCMCIA card with WiFi communications. Unfortunately, this only works out of the box with the Windows operating system. A Google search showed multiple very technical solutions that let the Linksys PCMCIA wireless card work in the Linux world. It seems that Linux support works very hard to show that it can be used as a Windows replacement, except for a few applications that haven’t migrated to Linux. Surely wireless communications isn’t one of those applications?

Would you or your colleagues have a solution that could be used to use the Linksys WPC54G PCMCIA card in the Redhat Linux world?

Tied to Ethernet; Dreaming of WiFi

Dear Tied to Ethernet:

Bloggie can sympathize with your plight.

My son and I just spent an exciting hour crawling through the dirt of our half dug-out basement, trying to run a new Ethernet cable to his PC following a lightning strike that knocked out
our home network.

We had 30 feet of cable. We should have had 50.

While my dirty son thinks about whether he’s going to talk to me again or not, here’s a funny point. Linksys wireless routers actually run Linux commands internally, interfacing with Wind River’s VxWorks. (Wind River even has a complete Linux strategy, which CEO Ken Klein described for us in April.)

UNFORTUNATELY, this doesn’t help you with your PCMCIA card problems. To make 802.11 happen under Linux with Linksys, you need an access card that works with Linux. Besides, PCMCIA access cards are dirt cheap. (Bloggie has dirt on the brain.)

Tuxmobil has a list of such cards that work with its routers. Check with Linksys on compatibility with your specific router before handing over the greenbacks. Then you just plug in the Linux card while running Linux, and the Windows card when running Windows. And don’t forget to get in touch with Card Services for Linux, a complete PCMCIA support package.  

UPDATE: After hours spent in the basement pulling cable, we found the old cable does work. But the son refuses to go back downstairs. Right now Ethernet is snaking around our ceiling like Christmas lights. Help!

Sincerely,

Bloggie