After Hours

General discussion

Locked

In my own words...

By Justin Fielding ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Flying junk!

by dawgit In reply to Flying junk!

<p>Now that's interesting.!. It's still techi, so, in my mind it fits here :-)  (this is the Tech-Rep, not just IT Rep) I only wish you'd given a link on that info as it sounds like a fun project (as if I don't have enough to do). Anyway There's always enough junk, worn-out or CD drives that are just out-dated (as in too slow) laying around, the supply is endless. It'll keep some out of the garbage problem cycle. Thanks...................................................</p>

Collapse -

Flying junk!

by Justin Fielding In reply to Flying junk!

"I only wish you'd given a link on that info"<br /><br />I did, I included 3 links (click on the blue text)--tons of info there :)<br /><br /><br />Have to admit I have already ripped apart one old cd-rom and brought two others on ebay for a few pence!

Collapse -

Cable management: new options

by Justin Fielding In reply to In my own words...

So, last time we looked at the classic approach, but what
other options are available? To be honest, there aren't a great deal of other
options out there--I spent quite some time Googling for innovative new ways of
tackling patch panels and the related tangle of cables; nothing out of the
ordinary appeared; most companies offer a continuation of the aforementioned
clips, ducts and cable tie method of attack. I did come across one interesting
company called <a href="http://www.neatpatch.com/">NeatPatch</a>--these guys
use a combination of forethought (in the design/layout stage) and discipline
(including having the correct cable lengths) to achieve a very nice end result.
Their layouts also allow excess cable length to be stored horizontally rather
than vertically, which inevitably leads to less mess. NeatPatch also claim to
be the first patch panel system to introduce 'bend radius compliance'--this
relates to any bends in your network cable which in turn can introduce
interference and therefore performance loss on your network (the bend radius is
related to the wavelength of transmissions).<br /><br />All in all the results look pretty good--here are some samples from the
NeatPatch site:<br /><br /> <img alt="" src="http://i.i.com.com/cnwk.1d/i/tr/NL_images/clip_imageG.jpg" /><br /><br /><img alt="" src="http://i.i.com.com/cnwk.1d/i/tr/NL_images/clip_imageH.jpg" /><br /><br />


NeatPatch provided this <a href="http://www.neatpatch.com/Install%20Guide.pdf">'Cabling
Guide'</a> which has some interesting information in it and is probably worth a
read if you're interested in the topic.<br /><br />One other solution I found was <a href="http://www.ecat.rittech.com/generalpage.asp?id=49">PatchView from RiT</a>.
This takes physical cable management to a new level. RiT describe it as an
'Intelligent Physical Layer Management Solution (IPLMS)'. The system is a
combination of the PatchView management software and smart patch panel units;
these include an LED display to guide technicians and LED indicators for each
port. The PatchView software allows all connectivity events/changes to be
reported to a central network management station, immediately alerting the
network administrator to any issues arising; the system can even direct a
technician on what port to connect a new patch and will alert if an error has
been made!<br /><br />These are obviously different approaches to slightly different problems. The
NeatPatch system addresses the physical problem of cables, mess, and patch
panel spaghetti; the PatchView system addresses the issue of keeping track of
which ports should be patched together, changes made, and tracking down
physical problems. These two systems would probably combine to make a very tidy
and robust solution.<br /><br />For some tips on good practice while cabling in the server room, take a look at
this weblog (http://www.oreillynet.com/pub/wlg/9263) by Chris Josephes--a sys
admin for Internet Broadcasting.


<br /><br />If you have any advice on keeping cabling tidy, tips and tricks or can suggest
any good cable management products then leave a comment so we can all benefit.<br /><br />

Collapse -

Fedora Update

by Justin Fielding In reply to In my own words...

I mentioned previously that I would post an update on my experience with
Fedora Core 5 once I had a chance to install and use it. What can I
say, the install went without a hitch; the installation interface is
nice and guides a user through the experience pretty painlessly. I had
no issues with hardware drivers, although this is a pretty standard
desktop PC without fancy graphics cards etc.<br /><br />Once installed and running I have had no problems with the system,
everything works fine, updates download/install correctly and new
packages can be installed via the yum utility (similar to apt on Debian
based systems). All things considered I would say I am much happier
with Fedora Core 5 than with previous releases 3 and 4 (which drove me
crazy due to hardware issues).<br /><br />That said, it seems a lot of people are unhappy with the state of Fedora
Core 5--some questioning whether it was really ready to be released (<a href=".">http://www.fedoraforum.org/forum/showthread.php?t=101470">http://www.fedoraforum.org/forum/showthread.php?t=101470</a&gt. Maybe
hardware compatibility is pretty hit and miss with any Fedora release?
I must say that although I have had no issues with Fedoras latest
offering (<a href="http://www.fedoraforum.org/forum/showthread.php?t=100162">this poll</a> gives a less individual overview) I still prefer
Ubuntu; so far I have installed this on many different hardware
platforms and not once has an installation failed--the range of packages
in the universe repository is also much more diverse than those
available through yum (I couldn't find VLC for FC5; I installed it in 20
seconds using apt-get on Ubuntu).<br /><br />Has anyone else given FC5 a try yet; any comments?

Collapse -

Linux Patch Management ? How do you keep up?

by Justin Fielding In reply to In my own words...

There are many areas of system
administration which pose a much bigger challenge to Linux sys admins
than to our Windows counterparts. One of the biggest areas of
difficulty I have personally come across is that of patch management.<br /><br />Every day new vulnerabilities
are reported in all kinds of software?be it for Windows, Linux, BSD,
or proprietary systems; all software suffers from one bug or another
in its lifecycle, which can prove to be an Achilles? heel, opening
up the opportunity for exploitation. To you and me that spells
?trouble?; the last thing we want is a breach of our networks due
to an ?old?, known, and perfectly preventable security hole!<br /><br />The first question is how to
keep up with the latest news and alerts regarding newly discovered vulnerabilities,
bugs, and potential issues? There are many sources of information
on vulnerabilities that we can use to keep on top of these things, but
no single source is definitive, so we need to use them together in order
to keep up. Examples are the infamous <a href="http://www.securityfocus.com/vulnerabilities">SecurityFocus</a> website (and <a href="http://www.securityfocus.com/archive/1">BugTraq</a>), <a href="http://www.securitytracker.com/archives/summary/9000.html">SecurityTracker</a>, <a href="http://cve.mitre.org/cve/downloads/allcves.html">CVE</a> and <a href="http://www3.ca.com/securityadvisor/vulninfo/default.aspx">ca</a> (a bit slow compared to the aforementioned).
RSS feeds are also available from some sources: <a href="http://www.sans.org/newsletters/risk/">sans.org</a> offer their @RISK feed which seems
to be updated weekly, <a href="http://www.securityfocus.com/rss/vulnerabilities.xml">SecurityFocus provide
an RSS feed</a>, as
do <a href="http://www.securiteam.com/securiteam.rss">SecuriTeam</a>. Providers of your distribution
(Debian, RedHat, Suse, etc.) may offer advisory services. <a href="http://www.redhat.com/security/updates/advisory/">RedHat</a> offers this via mailing lists and
RSS feeds; Suse/Novell e-mails its registered enterprise customers each
time a critical patch is released; and <a href="http://www.debian.org/security/#DSAS">Debian</a> offers advisories on their website
as do <a href="http://www.openbsd.org/errata38.html">OpenBSD</a>.<br /><br />You will of course need an
RSS client to take advantage of the RSS/live feed services. I
personally use <a href="http://www.mozilla.com/thunderbird/">Mozilla Thunderbird</a> as my e-mail client?this has built
in RSS support which is great as it means I don?t need to have yet
another program running and slowing down my PC. If you don?t
use <a href="http://www.mozilla.com/thunderbird/">Thunderbird</a> then you may want to try a desktop
ticker like <a href="http://www.anse.de/rdfticker/">RDFTicker</a>.
<p>Moving away from the issue
of vulnerabilities to the wider area of patches and non-critical software
updates, what are our options? So many programs' libraries and
packages which go towards making up our Linux system are scattered all
over the internet in many different projects?these are developed,
improved and fixed by various different development groups and are usually
updated ?as and when? rather than on a predefined roadmap/schedule.
It would be impossible for an administrator to track each individual
package, take note of every update made to each of those packages and
then download/compile the update on each system. Luckily, pretty
much all major distributions provide a way of keeping systems up to
date with minimal effort (bar OpenBSD, which only updates a package
when a security flaw appears or as part of a new release); next week
we?ll take a look and see what solutions the major players have on
offer.</p>

Collapse -

Linux Patch Management ? How do you keep up?

by apotheon In reply to Linux Patch Management ? ...

<div style="text-align: justify">
<p>It's pretty simple, really. As a Debian user, I can sum it up with one acronym: APT.</p>
<p>My Debian Etch/Testing laptop shows 21,680 packages in the archive cache. With that kind of breadth and depth of software availability and the universality and ease of software management that the Advanced Package Tool provides, software management is a matter of a few seconds a day. It'd be even less if I was using Debian Sarge/Stable on this machine.</p>
<p>Many other distributions offer similar tools, albeit with considerably fewer packages in their archives.</p>
</div>

Collapse -

Linux Patch Management ? How do you keep up?

by Thrash Cardiom In reply to Linux Patch Management ? ...

I run SuSE on a number of computers.  On most of them I use the
automated online update tool and on a couple I run it manually. 
It takes very little time or effort to keep them up to date.

Collapse -

Linux Patch Management ? How do you keep up?

by cookspc In reply to Linux Patch Management ? ...

I run SUSE Linux 9.3 - 10.0 on serveral systems and use the YaST-Online-Update tool. I do each manually whenever the tool informs me that updates are available, but I would not be concerned about setting it to automatic. None of the security updates installed this way have ever broken my system.<br />I have used this distribution on my primary desktops since November 2003.

Collapse -

Linux Patch Management ? How do you keep up?

by brendlerjg In reply to Linux Patch Management ? ...

It's true that most modern *nix systems have nice updating capabilities. So that's irrelevant for the most part. What IS worth better understanding is the relative speed and accuracy with which each system gets patches in the system and out to users. Reactive patching leaves a window of exploitable opportunity between the time hackers figure out the vulnerability and the time end-users apply the patches. So speed and accuracy of implementing patches would seem to be an important security metric.<br /><br />For example, Edmund DeJesus of searchsecurity.com sampled how fast various Linux distro's responded to 30 recent security vulnerabilities of various severity. While not entirely scientific, his analysis shows some interesting results. (See his article entitled "Linux patch problems: Your distro may vary" at http://searchsecurity.techtarget.com/).<br /><br />According to his analysis (summary table below) Ubuntu and Fedora Core are the best at this while SUSE and Slackware suck? I also read a post somewhere else where somebody applied this to OpenBSD and they are well down the totem pole too. (Although they admittedly don't focus their limited resources on patching 3rd-party ports, this demonstrates why OpenBSD excels in applications such as firewall and not as a basis for a desktop). If this is accurate (and I have not verified the analysis) one might feel reluctant to use SUSE as a desktop as well! <br /><br /><table border="0" width="350"><tbody><tr><td><b><u>Name</u></b></td>
<td><b><u>Free?</u></b></td>
<td><b><u>Owner</u></b></td>
<td><b><u>Score</u></b></td></tr>
<tr>
<td>Ubuntu
</td>
<td>Yes </td>
<td><a href="http://www.ubuntu.com/">Ubuntu Project</a> (sponsored by <a href="</td>">http://www.cannonical.com/">Cannonical</a&gt</td>
<td>76</td></tr>

<tr>
<td>Fedora Core
</td>
<td>Yes
</td>
<td><a href="http://www.fedoraproject.org/">Fedora Project</a> (sponsored by <a href="http://www.redhat.com/">Red Hat</a&gt
</td>
<td>70
</td></tr>

<tr>
<td>Red Hat Enterprise Linux
</td>
<td>No
</td>
<td><a href="http://www.redhat.com/">Red Hat</a>
</td>
<td>63
</td></tr>

<tr>
<td>Debian GNU/Linux
</td>
<td>Yes
</td>
<td><a href="http://www.debian.org/">Debian</a>
</td>
<td>61
</td></tr>

<tr>
<td>Mandriva Linux (Mandrake)
</td>
<td>Yes (plus commercial versions)
</td>
<td><a href="http://www.mandriva.com/">Mandriva</a>
</td>
<td>54
</td></tr>

<tr>
<td>Gentoo Linux
</td>
<td>Yes
</td>
<td><a href="http://www.gentoo.org/">Gentoo Foundation</a>
</td>
<td>39
</td></tr>

<tr>
<td>Trustix Secure Linux
</td>
<td>Yes
</td>
<td><a href="http://www.trustix.org/">Trustix Project</a> (sponsored by <a href="http://www.comodogroup.com/">Comodo Group</a&gt
</td>
<td>32
</td></tr>

<tr>
<td>SUSE Linux Enterprise
</td>
<td>No
</td>
<td><a href="http://www.novell.com/linux">Novell</a></td>
<td>32
</td></tr>

<tr>
<td>Slackware Linux
</td>
<td>Yes
</td>
<td><a href="http://www.slackware.com/">Slackware Linux</a></td>
<td>30
</td></tr></tbody></table><br /><br /><br />

Collapse -

Linux Patch Management ? How do you keep up?

by Justin Fielding In reply to Linux Patch Management ? ...

brendlerjg I completely agree with what you have posted--I would rate Ubuntu (and therefore Debian) very highly and SUSE has to be right at the bottom.  I noticed some comments above rate SUSE quiet highly, however these sound like desktop users.  Once you start dealing with farms of servers you don't want to be required to interact after kicking off an update--SUSE frequently stops at random points of the update with demands that certain services must be stopped, restarted etc.  Ubuntu deals with all of this--the update mechanism is fire and forget.

Related Discussions

Related Forums