[KLUG Members] Replacing "gatekeeper" and "mail beamer".

Bryan-TheBS-Smith members@kalamazoolinux.org
Fri, 10 Aug 2001 19:25:52 -0400
Previous message: [KLUG Members] Replacing "gatekeeper" and "mail beamer".
Next message: [KLUG Members] Meeting 2001-08-14 - NNTPCache: News at local host speed
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bryan-TheBS-Smith wrote:
> I can vouch that this article is "real" and very much gone.

They used to have a "placeholder" for the article, but his no longer
true.  They really ripped MS Proxy a new one, short of literally. 
They were very technical and MS Proxy just didn't have the features
let alone the performance -- no faster than local browser cache. 
Every other software solution was over twice as fast and Squid
really set itself apart.

Personally, I'm surprised they haven't removed this Jan 2001 article
on MS ISA.  How can you have an "enterprise firewall" without a
freak'n DMZ?!?!?!
   http://www.networkcomputing.com/1203/1203sp2.html

> I think TCO is "FUD".  Reliably calculating something like TCO in
> anything but the most abstract sense is purely argumentative.

Agreed.  One of the reasons most TCO "studies" have Linux behind is
because they are commercially funded.  I've _never_ seen an
"independent" TCO study.

What I mean by "TCO" is my personal experience -- 4:1.  I can
administer upto 200 UNIX workstations under the same load as 50 NT
workstations.  Throw Windows 9x into the mix and forget it.  Add in
a few Access dbs and I'm in a nightmare (die Jet-Access, die!).

I've done some advanced NT network configs and I've done your
standard UNIX ones.  Simply put, both server and workstation, UNIX
rules.  I cannot get NT "roaming profiles" to work like UNIX's
standard home directory setup.  And most Windows applications don't
separate binaries from data.  It goes on and on.

Now you have to be familar with UNIX to take advantage of this --
e.g., NIS, NFS, automounter, LPR, etc..., but it's *NOT* that hard
to pickup.  But once you do, it's cake.

> To be fair, WinY2K does away with many, but not all, of the "You must
> now restart your computer" nonsense.  Of course it is still monolithic
> and proprietary, and comes with no decent development enviroment.

There are still _too_many_ reboots for simple reconfigurations. 
Yes, it's better than NT, but still not as good as UNIX (except for
SCO, but they were co-founded by Microsoft if that explains anything
;-).

> Anyone with their salt on NT could pickup Linux, no sweat,  and vice
> versa.  The "worth their salt" is the hard part,  most IT people are
> worthless acronymn spouting marketroids.  If someone is WILLING they can
> be familiar with Linux in those six months,  but lets face it,  most of
> those NT networks are "that bad", not merely because NT is "that bad"
> but because the admins don't have a clue what they are doing,  read no
> relevent material after work hours, attend no professional
> organizations, have no peer network, etc...  A pointy-haired NT admin
> will make a pointy-haired Linux admin.

Well, I've taught MCSE's out to do stuff.  I was hacking Perl on NT
before ActiveState came along (and made it much more simple) simply
because there was no way to automate stuff!  I meet NT admins
everyday who ask "what program do you use to do that?" and when I
say Perl they say "oh, I'm not a programmer!"

Still, NT is "that bad" IMHO.  After hearing Microsoft renig on
promise after promise I got fed up in 1999.

> On the up side,  the Linux/UNIX people I have met tend to be ***WAY***
> more knoweledgeable about their area of expertise than NT types.  Of
> course there are fewer of them.

Time is changing that.

> In place glibc upgrades,  no problem.

Depends on the version.  Minor revisions, like RedHat revision
releases, no problem.  Major versions, like RedHat version changes,
yes problem.

> In part,  I think Linux people tend to "like" what they do more,  and
> thus do a better job.  Smart people are attracted to systems that let
> them have real control.  Spend all the money you want on someone,  a
> labor of love will always be better in the end.

Yes.  Seen way to sysadmins that are "in it for the money." 
Especially MCSEs.  I've only met one MCSE I can stand.  He is also a
CNAA (instructor) and RHCE.

> Agree.  And anyone who says Win?? is supported hasn't dealt with many
> MCSEs.

You've got that right.  If Microsoft would have never created
"Chicago" (aka MS-DOS 7 aka Windows 9x) they'd be so much better
off.  But they did, and we've paid the price -- especially in
today's interconnected Internet.

> That may be a little of an over statement (IMHO).

Well they've moved so much crap into the NT/2000 kernel when they've
had to bloat NT/2000 to support all the Windows 9x shit.  Never seen
so many stupid decisions in my life (nor have most of the NT
developers themselves!).

> Oh, so very true.

UNIX is a _superior_ application platform -- _period_!

Heck, even Loki Entertainment has this down for games.  One click
updates with both automatic and manual MD5 verification, a single
~/.loki config directory for all settings -- _each_user_ has their
own settings!  Damn sweet!

> Mmmmm, I don't think so.  Many feel a kerbized Linux network is
> "overkill to the point of confusion",  it feels about right to me.  And
> is about the same method as WinY2k uses.

I'm talking about the >>200 privaledges in Win2K.  Majorly
redundant.

As far as Kerberos, it _does_ serve a purpose.  Which is why both
Win2K and UNIX use it.  Win2K especially needed it because the SMB
protocol used to send a "password equivalent" over the wire when it
was using "encryption."  I heard an NT admin complain that Linux is
not as secure with passwords as NT (he was talking about Samba 2.0
defaulting to "clear text") and I laughed hard.  He asked me why and
I told him he didn't know anything about how SMB works, especially
compared to modern UNIX PAM systems.

> Preach it brother.

You know it!

> Yes.

Don't use those "trick BIOS" IDE RAID controllers like the Promise
FastTrak and all mainboard ones.  Only the 3Ware Escalade, Adaptec
AAA-UDMA/2400A and Promise SuperTrak are _real_ ATA RAID
controllers.  You can tell because the OS doesn't see the IDE
controller at all -- they only talk to a microcontroller on-board,
which is the only thing that talks directly to the controllers.

The Adaptec AAA-UDMA lacks Linux drivers and the Adaptec 2400A is
actually a DPT board (that Adaptec inherited in their buyout) which
has "questionable" Linux drivers at this point (DPT has a "generic"
i2c driver, but I don't know how well it works with its non-SCSI
controllers).  The Promise SuperTrack is a crappy board period and
I'm sick of seeing people buy them for their brand name.  Same with
Adaptec (especially all those "Linux unsupported" RAID controllers).

The 3Ware is a solid, proven RAID-0, 1 and 0+1 board -- with drivers
in the stock kernel since 2.2.15 (and RedHat keeps the latest
patched in their kernels).  Newer firmware for the 6000 series has
RAID-5, and the newer 7000 series is designed for RAID-5, but RAID-5
really requires a lot of local cache memory good write performance,
which the 3Ware's don't sport.  The 3Ware's rock at read RAID-5
performance but the small, on-chip memory just bombs on RAID-5
performance -- some 1/4th read.  The Adaptec 2400A with on-board
memory is good at RAID-5 but, again, the Linux support is
questionable (and not likely to get better being that Adaptec
withholds specs).

IMHO, for an enterprise Linux file server, it's best to just grab a
3Ware 7800 and put 8 hard drives in a RAID-0+1 (aka RAID-10)
configuration, even though the drive "waste" is 50%.

-- TheBS

-- 
Bryan "TheBS" Smith     mailto:b.j.smith@ieee.org     chat:thebs413
Engineer   Absolute Value Systems, Inc.   http://www.linux-wlan.org
President     SmithConcepts, Inc.      http://www.SmithConcepts.com
Previous message: [KLUG Members] Replacing "gatekeeper" and "mail beamer".
Next message: [KLUG Members] Meeting 2001-08-14 - NNTPCache: News at local host speed
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]