Dear All, To clear up the speculation concerning RM and Linux: - The RM Internet business (IFL) has run Linux since day one, i.e. over 5 years. - All the core services run under Linux with the exception of RM EasyMail and virtual web servers where users wish to use FrontPage extensions, which for commercial reasons run under NT. SMTP: Sendmail and Exim POP3: Qpopper HTTP: Apache FTP: wu-ftpd NNTP: INN DNS: BIND SQL: PostgreSQL and MySQL NTP: xntpd filtered web access: Squid - The server owl.rmplc.co.uk runs some majordomo mailing lists and a few virtual web servers. It is open for SMTP, HTTP, FTP and telnet access. It has been in service for some time (Pentium 133) and we have never felt the need to upgrade the kernel from 2.0.33. If it ain't broke don't fix it. - We never bothered to change the default web site on owl from the Apache intro page. It's no big deal. The virtual web servers use host headers to index the correct document root. - Owl is the only server on the IFL network that is open to telnet. It is required by a small number of developers who have a virtual web server on the machine and need more than FTP access. They are too mobile for us to restrict access using lists based on client IP address. Regular checks are made to ensure that owl has not been compromised and firewalls are in place to prevent it from being used to attack other hosts in the event that it is. Regards, Simon. ------------------------------------------------------------- Simon Rainey E-mail: srainey@rmplc.net Principal Internet Consultant RM IFL Engineering Internet for Learning, Research Machines plc, New Mill House, 183 Milton Park, Abingdon, Oxfordshire, OX14 4SE, England.
On Thu, Jul 27, 2000 at 02:50:04PM +0100, Simon Rainey wrote:
Dear All,
To clear up the speculation concerning RM and Linux:
- The RM Internet business (IFL) has run Linux since day one, i.e. over 5 years.
Since you want to clear up speculation, perhaps you could explain why your company felt it was necessary to lean on Becta to stop them `promoting' the use of OSS in schools.
- All the core services run under Linux with the exception of RM EasyMail and virtual web servers where users wish to use FrontPage extensions, which for commercial reasons run under NT.
SMTP: Sendmail and Exim POP3: Qpopper ... < useful cracking info snipped >
- Owl is the only server on the IFL network that is open to telnet. It is required by a small number of developers who have a virtual web server on the machine and need more than FTP access. They are too mobile for us to restrict access using lists based on client IP address. Regular checks are made to ensure that owl has not been compromised and firewalls are in place to prevent it from being used to attack other hosts in the event that it is.
I guess you haven't heard of ssh. Now where's that clue-stick..... ;-) -- Frank *-------*-----*-----*-----*-----*-----*-----*-----*-----*-------* | Boroughbridge | Tel: 01423 323019 | PGP keyID: 0xC0B341A3 | *-------*-----*-----*-----*-----*-----*-----*-----*-----*-------* http://www.esperance.demon.co.uk/
Frank,
Since you want to clear up speculation, perhaps you could explain why your company felt it was necessary to lean on Becta to stop them `promoting' the use of OSS in schools.
I can't comment on corporate policy and was not aware that anyone had influenced Becta against OSS. Personally I think OSS is a good thing, as witnessed by the fact that practically all the software IFL uses is OSS. However for the average school, and primary schools in particular, I would question whether the skill set is available to install and manage a network based on Linux / OSS. Please don't take this the wrong way - there is a small and growing group of schools who are using Linux very successfully. However I can see that it might be irresponsible for an organisation such as Becta to endorse the use of OSS at this stage.
- All the core services run under Linux with the exception of RM EasyMail and virtual web servers where users wish to use FrontPage extensions, which for commercial reasons run under NT.
SMTP: Sendmail and Exim POP3: Qpopper ... < useful cracking info snipped >
Any half-decent hacker would have no problem whatsover in discovering what O/S and software is used on any given system. Giving out such information is not considered a significant risk.
- Owl is the only server on the IFL network that is open to telnet. It is required by a small number of developers who have a virtual web server on the machine and need more than FTP access. They are too mobile for us to restrict access using lists based on client IP address. Regular checks are made to ensure that owl has not been compromised and firewalls are in place to prevent it from being used to attack other hosts in the event that it is.
I guess you haven't heard of ssh. Now where's that clue-stick.....
The users in question do not wish to use SSH. We could insist on it, but there has to be a balance between security and useability. We are happy that the server is sufficiently secure. There is an obvious risk in sending plain text passwords across the Internet, but this applies just as much to FTP as to telnet. On the security issue, we recently commissioned an extensive independent audit and were assessed to be "significantly more secure than the majority of ISPs". Regards, Simon. ------------------------------------------------------------- Simon Rainey E-mail: srainey@rmplc.net Principal Internet Consultant RM IFL Engineering Internet for Learning, Research Machines plc, New Mill House, 183 Milton Park, Abingdon, Oxfordshire, OX14 4SE, England.
I can't comment on corporate policy and was not aware that anyone had influenced Becta against OSS.
Personally I think OSS is a good thing, as witnessed by the fact that practically all the software IFL uses is OSS. However for the average school, and primary schools in particular, I would question whether the skill set is available to install and manage a network based on Linux / OSS. Please don't take this the wrong way - there is a small and growing
Most of the skills to manage a network are OS independant. Also the skill level needed to manage Windows effectivly is at least as high as any unix like system. (In many cases higher because of the "spaghetti" design of the OS.)
group of schools who are using Linux very successfully. However I can see that it might be irresponsible for an organisation such as Becta to endorse the use of OSS at this stage.
But ok to endorse the use of Windows...
hi all that RM use Linux is not unknown, i saw a few Linux boxes (and an SGI machine) in the server room a couple of years ago... also that a UK mirror for Tucows is http://tucows.rmplc.co.uk and they host the UK mirror for PostgreSQL, remember it's a large IT organisation with geeks :-) some individuals i've met from RM aren't so keen, but they are not ignoring it. Classmate for KDE ? Malc ------------------------------- Dr Malcolm Herbert Head of Technology R&D, Becta 02476 847126 Mob: 07801 612438 -------------------------------
-----Original Message----- From: Mark Evans [mailto:mpe@st-peters-high.devon.sch.uk] Sent: 27 July 2000 19:54 To: Simon Rainey Cc: Frank Shute; suse-linux-uk-schools@suse.com Subject: Re: [suse-linux-uk-schools] Re: Fw:
I can't comment on corporate policy and was not aware that anyone had influenced Becta against OSS.
Personally I think OSS is a good thing, as witnessed by the fact that practically all the software IFL uses is OSS. However for the average school, and primary schools in particular, I would question whether the skill set is available to install and manage a network based on Linux / OSS. Please don't take this the wrong way - there is a small and growing
Most of the skills to manage a network are OS independant. Also the skill level needed to manage Windows effectivly is at least as high as any unix like system. (In many cases higher because of the "spaghetti" design of the OS.)
group of schools who are using Linux very successfully. However I can see that it might be irresponsible for an organisation such as Becta to endorse the use of OSS at this stage.
But ok to endorse the use of Windows...
Mark, The following comments are my own and do not reflect the opinions of RM.
I hope you don't mind me asking, but do RM offer any linux services for schools eg. a router/proxy server or even mail server? You'd think it would save a lot of money for schools as they wouldnt have to buy ntmail or MS Proxy Server.
Or maybe even (radical idea) schools could save money *and* RM could make more money.
OK, you've got a developer base of several hundred programmers who eat, drink and sleep Microsoft class libraries, Visual C++, Visual Basic and Developer Studio. They know NT inside out but can't tell sed from awk and think vi is probably a character from Deep Space Nine. On top of that the Microsoft marketing behemoth is going into overdrive to promote Win2k *and* to belittle Linux along the way. With Microsoft intent on polarising the market you need to back Win2k or Linux. You can't do both - it's too expensive - and besides, your established user base won't appreciate an apparent change of direction. You've been selling them NT for years and now you want them to change to Linux? And all the while your investors are keeping a close eye on your performance against predictions made up to a year ago. Overspend without a convincing story and your share price will plummet. It's a tough call. All I can say is that RM does listen. If enough users make serious noises about Linux to their account managers then things may well change. Otherwise NT is here to stay.
Is RM positivly identified as the offender here? Maybe they'd also like to answer why RM continues to promote Microsoft offerings...
I never did get the point about the ongoing OS wars and Microsoft bashing. I'm no great Microsoft fan but it's a free country and there are alternatives. No-one is forced to buy what Microsoft or RM has to offer (at least not now the Windows OEM licensing issue has been sorted out). Becta can only make recommendations. If you think there are better solutions then fine - go and use them.
Most of the skills to manage a network are OS independant. Also the skill level needed to manage Windows effectivly is at least as high as any unix like system. (In many cases higher because of the "spaghetti" design of the OS.)
I'd agree that the basic skills are the same no matter what OS is used. I'd also agree that Unix is an easier beast to master than NT, but then I've used Unix for years and virtually never touch NT. However over time you become familiar with whatever OS you're using - the quirks, the tricks and so forth. If you're working from scratch then why not choose Linux / Unix? It does the job and it does it well. But if you've spent the past 5 years or more getting to grips with NT (or RM Connect) then the decision to replace an NT-based network for a Linux-based one is more difficult. I know I'd feel very nervous if I was told to replace our Linux systems with NT. I think what is needed is a tried and tested migration path that will allow the two platforms to coexist on the same network. Then a network manager can gain experience of Linux without fear of screwing up the more critical parts of an existing network.
group of schools who are using Linux very successfully. However I can see that it might be irresponsible for an organisation such as Becta to endorse the use of OSS at this stage.
But ok to endorse the use of Windows...
Let's face it, like it or not Microsoft has got the desktop market sewn up. At the end of the day computers have to be useful. You decide what apps you want to run and then buy the hardware and OS that those apps will run on. Windows has the largest range of apps of any OS, which makes it the natural OS of choice no matter how much better Unix is technically. It is supported almost universally so no matter what piece of software or PC hardware you buy, chances are it will run under Windows. And because Windows is pre-installed with most PCs the cost is hidden and the system is ready to run right out of the box. Basically, Windows is the *safest* choice even if it's not the cheapest or the most robust. Regards, Simon.
On Fri, Jul 28, 2000 at 06:30:33AM +0100, Simon Rainey wrote:
The following comments are my own and do not reflect the opinions of RM.
I hope you don't mind me asking, but do RM offer any linux services for schools eg. a router/proxy server or even mail server? You'd think it would save a lot of money for schools as they wouldnt have to buy ntmail or MS Proxy Server.
Or maybe even (radical idea) schools could save money *and* RM could make more money.
OK, you've got a developer base of several hundred programmers who eat, drink and sleep Microsoft class libraries, Visual C++, Visual Basic and Developer Studio. They know NT inside out but can't tell sed from awk and think vi is probably a character from Deep Space Nine. On top of that the Microsoft marketing behemoth is going into overdrive to promote Win2k *and* to belittle Linux along the way. With Microsoft intent on polarising the market you need to back Win2k or Linux. You can't do both - it's too expensive - and besides, your established user base won't appreciate an apparent change of direction.
I understand your company's position but I'd say it is backing the wrong horse. Sooner or later an integrated software solution for schools based on OS and linux will be developed and as with all these things it's best to lead rather than follow.
You've been selling them NT for years and now you want them to change to Linux? And all the while your investors are keeping a close eye on your performance against predictions made up to a year ago. Overspend without a convincing story and your share price will plummet. It's a tough call.
It is a tough call but they'd be in good company if they did go for linux in a big way eg IBM.
All I can say is that RM does listen. If enough users make serious noises about Linux to their account managers then things may well change. Otherwise NT is here to stay.
Users are making do with what they are given, they are not going to get on the 'phone to RM and tell them that they've seen the light, RM will find out after they've jumped ship to a cheaper and better alternative.
I never did get the point about the ongoing OS wars and Microsoft bashing. I'm no great Microsoft fan but it's a free country and there are alternatives.
I think things have moved on beyond religious wars, it's now a question of economic necessity. It is no longer possible to make an economic case for using NT/W2K when you can have a Linux box doing the same job for less money - this isn't just me saying it, it's being demonstrated by the customers voting with their feet and the corresponding `sales' of linux v W2K. <snip>
No-one is forced to buy what Microsoft or RM has to offer (at least not now the Windows OEM licensing issue has been sorted out). Becta can only make recommendations. If you think there are better solutions then fine - go and use them.
When certain companies are putting pressure on Becta and other arms of government not to `promote' alternatives and when those companies have considerable economic muscle, the question of choice is somewhat moot.
I know I'd feel very nervous if I was told to replace our Linux systems with NT. I think what is needed is a tried and tested migration path that will allow the two platforms to coexist on the same network. Then a network manager can gain experience of Linux without fear of screwing up the more critical parts of an existing network.
From reading this list, I think school network managers are beginning to do that ie. get a linux box in to do mail, then samba, maybe Apache.....the two platforms do co-exist very amicably.
<snip>
But ok to endorse the use of Windows...
Let's face it, like it or not Microsoft has got the desktop market sewn up. At the end of the day computers have to be useful. You decide what apps you want to run and then buy the hardware and OS that those apps will run on. Windows has the largest range of apps of any OS, which makes it the natural OS of choice no matter how much better Unix is technically. It is supported almost universally so no matter what piece of software or PC hardware you buy, chances are it will run under Windows. And because Windows is pre-installed with most PCs the cost is hidden and the system is ready to run right out of the box. Basically, Windows is the *safest* choice even if it's not the cheapest or the most robust.
Yes, MS have presently got the desktop sewn up but they're coming under pressure from above and below - linux on the server and linux embedded. For your company (and others) to persist with Microsoft products makes about as much sense as the recording industry trying to stop napster/mp3s - in the long run it will be a sure fire loser.
Regards, Simon.
-- Frank *-------*-----*-----*-----*-----*-----*-----*-----*-----*-------* | Boroughbridge | Tel: 01423 323019 | PGP keyID: 0xC0B341A3 | *-------*-----*-----*-----*-----*-----*-----*-----*-----*-------* http://www.esperance.demon.co.uk/
I needed a break from DIY, and my typing went a bit OTT here. If anyone at RMplc wants any more information or guidance then please email me directly - advice is free, and I'm not sure if this is OT. On Fri, 28 Jul 2000, Simon Rainey wrote:
OK, you've got a developer base of several hundred programmers who eat, drink and sleep Microsoft class libraries, Visual C++, Visual Basic and Developer Studio. They know NT inside out but can't tell sed from awk and think vi is probably a character from Deep Space Nine.
A software developer is a software developer is a software developer. They solve problems, and our skills are easily transferred across a whole range of languages and development environments. I get very insulted if told that I 'know' a particular environment and therefore do not 'know' another and cannot solve problems on it. Probably several hundred of your several hundred programmers went to a University or equivalent and have experience of *nix systems. They probably do not know NT and developer studio inside out, for 2 reasons. Firstly, it is over complicated, and secondly it is constantly changing and being re-invented. MCPs have to constantly sit exams if they want to stay certified, and software needs constant changing just to keep it the same - how many times has there been the necessity for software to be updated for a 'transparent' OS or developer tools update (which you are forced to do just for a minor bugfix)? And you don't need to use sed awk or vi to produce *nix applications - the command line just improves productivity for those with the ability to use it.
On top of that the Microsoft marketing behemoth is going into overdrive to promote Win2k *and* to belittle Linux along the way.
And for once it is being ignored. Huge amounts of money was spent on replacing PC kit to make it Y2K complient, which came with the latest versions of MS software which (arguably) is fit for purpose. Very little money is being spent on OSes this year. The next major spend will be in 2003, by which time there should be a choice between an expensive OS which requires high spec hardware, and another OS we all know and love. If not by then, then it will be in 2006.....
With Microsoft intent on polarising the market you need to back Win2k or Linux. You can't do both - it's too expensive -
Sounds like you need to replace your advisors here - you can do both, and it saves money. The only people saying otherwise are those who stand to lose profits. Take a good look at the MS roadmap. The next OS to expect is going to be based on wonderful new technology that the world has never seen before. Hmm. Actually, the next OS is going to be a thin-client, as MS have realised the threat from server-side applications. Have another look at the roadmap. What is missing? If you haven't spotted it yet, then have another look at what is new. C#, which is pronounced 'C hash' by computer literate people, and 'C sharp' by musicians. You will be expected to retrain your developers to use C#, and that is going to cost money. What benefits will that give you? Apparently it is cross platform, although it will only ever succeed on the MS platform, as MS will probably change it so often that other vendors will give up. By now you should have noticed what is missing. Java. MS couldn't buy it, they couldn't hijack it, so now they are pretending that it doesn't exist. It does exist, and it does everything it says on the tin. You can even download development tools for free to give it a try. (Have a look at Visual age for Java from IBM). You have all the benefits of C#, but you are now backing both horses, and with current hardware Java performance is not the issue it once was.
and besides, your established user base won't appreciate an apparent change of direction. You've been selling them NT for years and now you want them to change to Linux?
The problem here is that they will want to know why you have been selling them NT for years. In fact, this doesn't have to be a problem. All the user ever sees is the interface to the program. They don't mind what it is written in, or if the back-end is Oracle, DB2, or SQL server, hosted on NT, Netware, or Linux. If you move some of the funtionality to the server, then what would they care? Only that it would save them money as their desktop has a longer useful life, and the server resources are a more cost-effective upgrade. Start that process now, learn about Java and Enterprise java beans - you've got nothing to lose. Otherwise, make sure that your applications run under WINE as an absolute minimum.
And all the while your investors are keeping a close eye on your performance against predictions made up to a year ago. Overspend without a convincing story and your share price will plummet. It's a tough call.
Hmm. You could actually be going out of business. IBM refer to Linux as a 'disruptive technology'. That means that it is such a big change, and so important, that they are prepared to re-engineer their entire business around it. What are you doing? Remember, for a zero cost you can back both horses.
All I can say is that RM does listen. If enough users make serious noises about Linux to their account managers then things may well change. Otherwise NT is here to stay.
The earth is flat, cars will never catch on, and if we were meant to fly we would be born with wings. NT only has a limited shelf life, as does W2K. We are not that far away from any OS being able to run any application - who would want NT then? Microsoft are aware of this, as are all other OS vendors. Microsoft will be around forever in one form or another, but now that they are being forced to separate their applications from the OS, the programming interfaces can be very easily translated to native OS calls on any platform. The WINE project is now aiming at a relatively fixed target, for example. If RM only follow then other vendors will start to lead. Here is a news announcement which should give you the roadmap to the real future of computing IMHO, and I would suggest that you do some serious cost-benefit analysis, and get your IT director nervous - he/she should be, as his/her future is at stake. For info., SuSE do have a Linux distribution for the computer mentioned in the following (currently in beta). Also note that the machine in question is relatively low-spec. How about one machine to serve every pupil in the country? One day it will be possible, and the economies of scale don't get any better than that. When reading it, bear in mind that Star Office is now available under the GPL, and we are talking about application servers, not just http and email. Note also that the figure of 41500 may not be a real limit - the machine was not optimally configured. $125,000 is also roughly what it costs to employ a developer for a year (not what they are paid, I might add!), so the figure is not as big as it may seem. Clive. ____________________________________________________________ The open source IT Express is sponsored by SupportSource.com ____________________________________________________________ the open source IT Express! July 31, 2000 ************************************************************ The open source IT Express is a service of EarthWeb Inc., a public company. For information about our company, please go to http://www.ewbx.com ************************************************************ The $45 Linux PC This week, IBM will announce a new pricing scheme for Linux on the S/390. By the end of September, you will be able to buy a mainframe engine that runs Linux for $125,000. That's a third of what it costs for one that runs OS/390. For $20,000 more, you can buy software that will let you run multiple copies of Linux on the same machine. IBM is calling it S/390 Virtual Image Facility or VIF. (You can do the same thing under OS/390 and VM, but that costs more). How many instances of Linux can you run on one machine? David Boyes, a consultant who works with the S/390, managed to boot 41,500 Linux servers on one mainframe. You may not be able to run that many in real life. But Boye's company, Dimension Enterprises, in Herndon, VA, has one telecom customer which has 3,200 copies of Linux running on one S/390. At $145,000 for the mainframe engine and license, that works out to $45.31 per (virtual) Linux box. Try buying a PC for that. Dan Orzech editor OpenSourceIT.com editor@opensourceit.com -------------------------------------------------------
hi all (again) Simon's comments here on Becta's position re Open Source are spot on and i understand his position. Like many organisations the technical people understand the correct and appropriate use of Open Source, but have difficulty in explaining the benefits to senior management and others. as i said at the seminar on Tuesday, the main role Becta has with OSS is telling people that it exists and what it does. We cant promote a Linux distribution like Suse, (or as matter of fact a single excellent supplier like RM). We can however explain the pro's and cons of certain solutions (like our recent Thin Server review), of which the Open Source-based solutions faired very well. Oh by the way like lots of other ISPs (incl IFL) the NGfL servers use the following Solaris (almost OSS :-) Linux Apache (NES has been taken out completely) MySQL JServ (we also use commercial JRun) PHP (extensively) Perl/CGI (a lot) Sendmail, Postscript and Exim OpenLDAP (replace Netscape Dir Server) Cisco's TACACS server for authentification for routers and firewall (yep it's Open Source) MRTG (for traffic monitoring, although we also use Open View) regards Malcolm (Simon, i'm in the Didcot area next Wednesday, you can buy me a pint for the 'excellent') ------------------------------- Dr Malcolm Herbert Head of Technology R&D, Becta 02476 847126 Mob: 07801 612438 -------------------------------
-----Original Message----- From: Simon Rainey [mailto:srainey@rmplc.net] Sent: 27 July 2000 17:02 To: Frank Shute Cc: suse-linux-uk-schools@suse.com Subject: Re: [suse-linux-uk-schools] Re: Fw:
Frank,
Since you want to clear up speculation, perhaps you could explain why your company felt it was necessary to lean on Becta to stop them `promoting' the use of OSS in schools.
I can't comment on corporate policy and was not aware that anyone had influenced Becta against OSS.
Personally I think OSS is a good thing, as witnessed by the fact that practically all the software IFL uses is OSS. However for the average school, and primary schools in particular, I would question whether the skill set is available to install and manage a network based on Linux / OSS. Please don't take this the wrong way - there is a small and growing group of schools who are using Linux very successfully. However I can see that it might be irresponsible for an organisation such as Becta to endorse the use of OSS at this stage.
- All the core services run under Linux with the exception of RM EasyMail and virtual web servers where users wish to use FrontPage extensions, which for commercial reasons run under NT.
SMTP: Sendmail and Exim POP3: Qpopper ... < useful cracking info snipped >
Any half-decent hacker would have no problem whatsover in discovering what O/S and software is used on any given system. Giving out such information is not considered a significant risk.
- Owl is the only server on the IFL network that is open to telnet. It is required by a small number of developers who have a virtual web server on the machine and need more than FTP access. They are too mobile for us to restrict access using lists based on client IP address. Regular checks are made to ensure that owl has not been compromised and firewalls are in place to prevent it from being used to attack other hosts in the event that it is.
I guess you haven't heard of ssh. Now where's that clue-stick.....
The users in question do not wish to use SSH. We could insist on it, but there has to be a balance between security and useability. We are happy that the server is sufficiently secure. There is an obvious risk in sending plain text passwords across the Internet, but this applies just as much to FTP as to telnet.
On the security issue, we recently commissioned an extensive independent audit and were assessed to be "significantly more secure than the majority of ISPs".
Regards, Simon.
------------------------------------------------------------- Simon Rainey E-mail: srainey@rmplc.net Principal Internet Consultant RM IFL Engineering Internet for Learning, Research Machines plc, New Mill House, 183 Milton Park, Abingdon, Oxfordshire, OX14 4SE, England.
On Thu, Jul 27, 2000 at 05:01:55PM +0100, Simon Rainey wrote:
Since you want to clear up speculation, perhaps you could explain why your company felt it was necessary to lean on Becta to stop them `promoting' the use of OSS in schools.
I can't comment on corporate policy and was not aware that anyone had influenced Becta against OSS.
This was posted to this list the other day: <--------------------------------> On Fri, Jul 07, 2000 at 12:58:05PM +0100, Malcolm (ngfl) wrote: Originally the proposal was to hold a largish conference in Birmingham in July, but it was felt by senior management that this might be inappropriate given Becta's independent role. Also concerns were expressed by leading education IT companies (you can guess) that it was not within Becta's remit to promote an Operating System over any other (sic). <--------------------------------> I don't suppose you can assure us that it wasn't RM that was applying the pressure?
Personally I think OSS is a good thing, as witnessed by the fact that practically all the software IFL uses is OSS. However for the average school, and primary schools in particular, I would question whether the skill set is available to install and manage a network based on Linux / OSS.
But there generally isn't the skill set within these schools to install and manage a NT network either.
Please don't take this the wrong way - there is a small and growing group of schools who are using Linux very successfully. However I can see that it might be irresponsible for an organisation such as Becta to endorse the use of OSS at this stage.
Yet it isn't irresponsible for them to endorse the use of software that costs a lot of money and falls over all the time? I don't expect them to endorse the use of OSS but what I do expect is Becta to investigate the /possibilities/ and potential for it's use without being intimidated by commercially interested parties.
- All the core services run under Linux with the exception of RM EasyMail and virtual web servers where users wish to use FrontPage extensions, which for commercial reasons run under NT.
SMTP: Sendmail and Exim POP3: Qpopper ... < useful cracking info snipped >
Any half-decent hacker would have no problem whatsover in discovering what O/S and software is used on any given system. Giving out such information is not considered a significant risk.
Help them as little as possible is my motto.
I guess you haven't heard of ssh. Now where's that clue-stick.....
The users in question do not wish to use SSH. We could insist on it, but there has to be a balance between security and useability. We are happy that the server is sufficiently secure. There is an obvious risk in sending plain text passwords across the Internet, but this applies just as much to FTP as to telnet.
You should insist on it. It doesn't apply `just as much' to FTP - cracking a box with telnet is a walk in the park in comparison and if you install ssh you can dump FTP aswell. I don't understand the `useability' issue with ssh that you talk about. To an end user they simply login as they would using telnet, it's a bit slower than telnet because of the encryption overhead but it means that your passwords can't be sniffed.
On the security issue, we recently commissioned an extensive independent audit and were assessed to be "significantly more secure than the majority of ISPs".
Go back to the people who carried out your security audit and ask for your money back! -- Frank *-------*-----*-----*-----*-----*-----*-----*-----*-----*-------* | Boroughbridge | Tel: 01423 323019 | PGP keyID: 0xC0B341A3 | *-------*-----*-----*-----*-----*-----*-----*-----*-----*-------* http://www.esperance.demon.co.uk/
Hi, Keeping this thread going as I'm hoping it proves vaguely useful, hoping Simon stays on the list even though he's indirectly taking some flak, and presuming Roger will stomp on us if we drift too far away from the SuSE schools subject matter.... On Thu, 27 Jul 2000, Frank Shute wrote:
On Thu, Jul 27, 2000 at 05:01:55PM +0100, Simon Rainey wrote:
<snip policy and politics>
< useful cracking info snipped >
Any half-decent hacker would have no problem whatsover in discovering what O/S and software is used on any given system. Giving out such information is not considered a significant risk.
Help them as little as possible is my motto.
Agreed, though presumably the membership off this list is vaguely audited? Of course having a sysadm@junior.sch.uk address doesn't make you trustworthy, but it makes you a little more trustworthy than evilhax0r@hotmail.com :)
The users in question do not wish to use SSH. We could insist on it, but there has to be a balance between security and useability. We are happy that the server is sufficiently secure. There is an obvious risk in sending plain text passwords across the Internet, but this applies just as much to FTP as to telnet.
You should insist on it. It doesn't apply `just as much' to FTP - cracking a box with telnet is a walk in the park in comparison and if you install ssh you can dump FTP aswell.
Yeah. though it's not *quite* as simple admittedly. Vague experience of SSH windows clients available on request.
I don't understand the `useability' issue with ssh that you talk about. To an end user they simply login as they would using telnet, it's a bit slower than telnet because of the encryption overhead but it means that your passwords can't be sniffed.
Also, with the right options, you can take emphasis on the authenticity of the source away from the source IP and give it to the host keys held by whatever source IP connects.
On the security issue, we recently commissioned an extensive independent audit and were assessed to be "significantly more secure than the majority of ISPs".
Go back to the people who carried out your security audit and ask for your money back!
Heh, while being "less insecure" that your digital neighbours isn't the greatest guarantee it does mean you're less likely to be attacked, however I think that comment is probably more of a comment on the ISPs than yourselves. -- Nick Drage, helping fill up the internet since 1993. Third Rule of Windows Troubleshooting: RE-INSTALL EVERYTHING.... TWICE
On Thu, Jul 27, 2000 at 02:50:04PM +0100, Simon Rainey wrote:
Dear All,
To clear up the speculation concerning RM and Linux:
- The RM Internet business (IFL) has run Linux since day one, i.e. over 5 years.
Since you want to clear up speculation, perhaps you could explain why your company felt it was necessary to lean on Becta to stop them `promoting' the use of OSS in schools.
Is RM positivly identified as the offender here? Maybe they'd also like to answer why RM continues to promote Microsoft offerings... -- Mark Evans St. Peter's CofE High School Phone: +44 1392 204764 X109 Fax: +44 1392 204763
Dear All,
To clear up the speculation concerning RM and Linux:
- The RM Internet business (IFL) has run Linux since day one, i.e. over 5 years.
- All the core services run under Linux with the exception of RM EasyMail and virtual web servers where users wish to use FrontPage extensions, which for commercial reasons run under NT.
SMTP: Sendmail and Exim POP3: Qpopper HTTP: Apache FTP: wu-ftpd NNTP: INN DNS: BIND SQL: PostgreSQL and MySQL NTP: xntpd filtered web access: Squid
- The server owl.rmplc.co.uk runs some majordomo mailing lists and a few virtual web servers. It is open for SMTP, HTTP, FTP and telnet access. It has been in service for some time (Pentium 133) and we have never felt the need to upgrade the kernel from 2.0.33. If it ain't broke don't fix it.
- We never bothered to change the default web site on owl from the Apache intro page. It's no big deal. The virtual web servers use host headers to index the correct document root.
- Owl is the only server on the IFL network that is open to telnet. It is required by a small number of developers who have a virtual web server on the machine and need more than FTP access. They are too mobile for us to restrict access using lists based on client IP address. Regular checks are made to ensure that owl has not been compromised and firewalls are in
I hope you don't mind me asking, but do RM offer any linux services for schools eg. a router/proxy server or even mail server? You'd think it would save a lot of money for schools as they wouldnt have to buy ntmail or MS Proxy Server. RM succesfully integrated win9x and nt, why not linux and nt? (or maybe they have?) I know, cos if done it, that you can integrate software like squid, and qmail with users on nt domains (eg proxy authentication, pop authentication). thnx. place
to prevent it from being used to attack other hosts in the event that it is.
Regards, Simon.
------------------------------------------------------------- Simon Rainey E-mail: srainey@rmplc.net Principal Internet Consultant RM IFL Engineering Internet for Learning, Research Machines plc, New Mill House, 183 Milton Park, Abingdon, Oxfordshire, OX14 4SE, England.
Richard, As far as I am aware, RM have no plans to integrate Linux and NT. Regards, Simon.
I hope you don't mind me asking, but do RM offer any linux services for schools eg. a router/proxy server or even mail server? You'd think it would save a lot of money for schools as they wouldnt have to buy ntmail or MS Proxy Server. RM succesfully integrated win9x and nt, why not linux and nt? (or maybe they have?) I know, cos if done it, that you can integrate software like squid, and qmail with users on nt domains (eg proxy authentication, pop authentication).
thnx.
[Charset iso-8859-1 unsupported, filtering to ASCII...]
I hope you don't mind me asking, but do RM offer any linux services for schools eg. a router/proxy server or even mail server? You'd think it would save a lot of money for schools as they wouldnt have to buy ntmail or MS Proxy Server.
Or maybe even (radical idea) schools could save money *and* RM could make more money.
RM succesfully integrated win9x and nt, why not linux and nt? (or maybe they have?) I know, cos if done it, that you can integrate software like squid, and qmail with users on nt domains (eg proxy authentication, pop authentication).
Except that you don't need the NT server in the first place... -- Mark Evans St. Peter's CofE High School Phone: +44 1392 204764 X109 Fax: +44 1392 204763
Hi, On Thu, 27 Jul 2000, Simon Rainey wrote:
- The server owl.rmplc.co.uk runs some majordomo mailing lists and a few virtual web servers. It is open for SMTP, HTTP, FTP and telnet access. It has been in service for some time (Pentium 133) and we have never felt the need to upgrade the kernel from 2.0.33. If it ain't broke don't fix it.
Fair point - however I'm told that the speed difference between the 2.0 and 2.2 kernels is pretty noticeable, worth a try on a P133? -- Nick Drage, helping fill up the internet since 1993. First Rule of Windows Troubleshooting: REBOOT EVERYTHING
Hi all, Would someone who knows what they're doing take a look at my headers please, reason being, I've got sendmail working (I think) but I've not sent a *live* email until now. Any comments from someone who might know what they're doing with sendmail would be gratefully appreicated, especially as the tek and I have *evil* plans for the dickensian win router back at school in September <cackle>. I hope no one objects to this, but who can I trust to check that I've not done something silly with my setup via the headers. After I've sent this, I'll be going back to normal dialup send/colection through smtp/pop. If I've done anything silly, please let me know. And that includes posting this. If anyone objects, my apologies now. Thanks in advance, -- paul I've tried to give them up. But I'm back on the sigs again.
participants (8)
-
Clive Jones
-
Frank Shute
-
Malcolm
-
Mark Evans
-
Nick Drage
-
Paul Hornshaw
-
Richard Naylor
-
Simon Rainey