blog.scottlowe.org

A recent opinion article from eWeek titled “Hot Ideas Don’t Always Win the Race” (or “Just too hot an idea,” in the print version of eWeek) takes a very practical view of Apple’s move to the Intel platform.  Basically, while the PowerPC is technologically superior to x86 CPUs, the best technology doesn’t always win. We saw this with OS/2 (far superior to Windows 95) and the MCA bus architecture, among others.

I agree with him.  As technical people, we need to be sure to take a step back from the “this technology is better” argument and look at the choice from a practicality perspective.  And that goes not only for assessing this specific incident, but for the rest of our technical decisions as well.  Sure, Linux may be superior to Windows from a technology perspective (I’m not saying it is or it isn’t), but is it the most practical decision?  Sure, OpenBSD may be far superior to Linux (again, I’m not saying it is or it isn’t), but is it the most practical decision?  Does it make the most sense not only from a technical viewpoint, but also from a business perspective?  From a cost perspective?

To be successful in our IT careers, we must look at these kinds of things from all perspectives, including the practicality perspective.

As part of my experimentation with OpenBSD 3.7, I’m going to try to setup a way of transparently tunneling RDP (Remote Desktop Protocol, used by Windows Remote Desktop/Terminal Services) inside SSL.  I’m thinking that I can use IP aliases and Stunnel to have “ordinary” RDP encapsulated in SSL by Stunnel and then passed off to another instance of Stunnel at the other end.  Then, from the RDP client, I just connect to one of the IP aliases and the rest is handled transparently.

When I get it working, I’ll post more details here as well as on the Mercurion Systems web site.

Here’s an interesting side effect of Apple’s announcement to move the Macintosh platform to Intel-based CPUs:  CodeWeavers has announced that they will expand their services and products to include the new Intel-based Macs (see CodeWeavers sees Mactel move as an opportunity on the NewsForge site).  More information is also available in the official CodeWeavers press release.

This is a very good thing.  If CodeWeavers is successful in making a version of CrossOver Office to run on the Intel-based Macs, it will make it easier to users to choose whatever platform best suits their needs, be it Windows, Linux, or Mac OS X.  They won’t feel tied to a specific platform just because there’s one application they need that only runs on one specific platform.

Right now, I use Microsoft’s Virtual PC for the Mac to run any Windows-specific programs I need.  This works reasonably well, but takes a performance hit because it has to emulate an Intel-compatible CPU.  With Intel-based CPUs under the hood already, Virtual PC (or CrossOver Office, or VMware, or Xen, or any other emulation software) will practically fly.  This makes emulation a much more attractive option than it is right now.  That, in turn, means more choice and more freedom for end users.

I’m a big fan of virtualization.  I love the VMware products (VMware Workstation, GSX Server, and ESX Server) and, as I have mentioned in previous posts, use Microsoft’s Virtual PC product currently (but only because VMware doesn’t have a Mac version of VMware Workstation).  I’m looking forward to hardware-based virtualization technologies such as AMD’s Pacifica (discussed briefly here and here) and Intel’s Vanderpool technology.  I’m very much hoping that Apple will take the plunge and build in virtualization support in Mac OS X 10.5, aka “Leopard”.

Virtualization is more than just running multiple operating systems on a single computer, though.  Virtualization occurs in networking through the use of virtual LANs (VLANs) and virtual private networks (VPNs); both of these technologies are core technologies in today’s flexible networks.  Virtualization occurs in storage area networks (SANs) as virtual disks and virtual SANs (VSANs).  Technologies such as load balancing via virtual servers (recently read an interesting article on Linux virtual servers) also employ a form of virtualization.  Even mundane technologies such as network address translation (NAT) can be considered forms of virtualization, since they abstract a server’s public IP address from its private (actual) IP address.

As IT professionals, it behooves us to embrace new technologies like virtualization, in all its forms.  If you haven’t already taken the time to get used to these kinds of products and technologies, now might be a good time.

I just finished installing the latest version (3.7) of OpenBSD, and I was reminded of just how different OpenBSD and Linux really are.  Those on the “outside” just see them as Unix-like operating systems, but they really are much more different than you might expect.  I’m no expert in either (I just dabble), but the differences are even evident to me.  I haven’t yet had the opportunity to experiment with FreeBSD or NetBSD, so I don’t know if these differences are particular to OpenBSD or to all BSDs when compared to Linux.

In any case, I find that I really like OpenBSD.  I think that the more that I use OpenBSD, the more ways I will find that I can use OpenBSD.  It won’t replace Linux in my environment, but it is a very worthy addition to the network.

Everyone remember Blaster?  There are concerns that the next big Internet worm is about to surface, based upon a vulnerability revealed by Microsoft in the Windows implementation of Server Message Block, or SMB.  Get the details on that patch here.

Several articles have been posted recently indicating that traffic patterns have been observed that might indicate an exploit of that vulnerability. This article indicates that some experts believe the traffic patterns are indicative of a new exploit, but others are not concerned.

More recent than even that article is this posting, revealing that an exploit for MS05-011 has actually been discovered and made available on the Internet.

So is there anything you can do to protect yourself?  Most firewalls (network-based and host-based) already block TCP port 445, the port used by SMB.  If you know your organization allows SMB across the firewall, then you should be concerned.  Make sure your systems are patched properly, and keep your anti-virus up to date.  That’s about all you can do: just stay vigilant.

It’s articles like this one from NewsForge entitled Pipes and Filters that demonstrate why I like Linux and other Unix-like operating systems (such as Mac OS X).  This kind of command-line wizardry isn’t nearly as possible on Windows.  At least, not as far as I know.

Novell recently posted the article An Introduction to LDAP: Part 1—LDAP Primer on their Cool Solutions web site.  It’s a good article for those that are new to LDAP.  I’m neither new to LDAP nor an expert, but this article was helpful in solidifying some basics.

The Internet grows more dangerous every day.  Why? Well, have a look at this recent eWeek article and this slightly older eWeek article and you’ll see what I mean.

Spyware acting like root kits?  Viruses taking on root kit features and able to hide their processes?  This is scary stuff.  When one of these malicious programs exploits a vulnerability in your web browser, you could get infected and not even know it.  And if that application starts using I/O blocking to hide its processes and NTFS data streams to hide files inside other (legitimate) files, you’re really in trouble.

I know that Mac OS X may only be more secure than Microsoft Windows because not as many people use it, but the end result is the same.  If you use Windows, at least protect yourself—don’t use Internet Explorer (use Firefox), stay up to date on patches (visit Windows Update regularly), use an anti-virus application (and keep it updated as well), and use a good anti-spyware program (there are several, take your pick).  You’ll be glad you did.

OK, I know this is a shameless plug, but I just published an updated version of the Mercurion Systems web site this evening. Have a look!