so what exactly is Qchain... go here to download it :) http://www.webattack.com/get/qchain.shtml
Thanks for the find.. does it work under NT though as well :) Outside of that, keeping the boxes current and healthy does require patching and reboots... hardening a box can hardly be true wherein such is littered with buffer overflows and other things that are the basis of service provision... Needless to say, there are some better planning that everyone might take and apply to minimize risk... However, in the real world and in a diversified environment, like well, service provision to third parties, turning everything off isn't a solution. As for reboots... I estimate each reboot takes me around 10 minutes, by the time memory is counted, RAID is turned up, OS reboots and services start... multiply that times the number of reboot required patches and you sure can have a good chunk of downtime. Considering, these are all production boxes on this end, well it makes for some bad days. Now also, given that you don't want auto-updates, I might :) well not really... However, MS needs to better integrate security... It is annoying to see an alert for a hole... to see some products with patches and others without... just to be told that some patch will come sometime in the future... Perhaps part of the problem here is the granularity within the GUI to manipulate, disable and enable individual services and sub-elements. Unix systems, although a large learning curve, allow for unlimited granularity... if you don't like something or in worst case scenario you can patch it yourself or remove things. Windows does a good job, but certainly could perform better and more securely by applying some common sense things like you recommend Dave. Ideally, that should be the way/job of the software creator, not the implementer/buyer... Kind of like buying a new car with bad breaks and no airbags... Sure some folks will opt to buy at discount to fix themselves... Too bad software isn't sold with such expectation/discount/refund :) -paris -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 16:43 To: CF-Server Subject: RE: PC Server Stability > Simply by default of the high-security risk lately of > Windows systems, daily security patches, mandatory hard > power recycling style reboots of OS and lacking > auto-patching Windows has certainly lost its edge. Well, of course, that doesn't sound like fun. However, it doesn't have to be that way. Again, an ounce of preventative foresight is worth a pound of patches. As for "auto-patching", well, count me out. > In part, if people have to manage, watch and reboot so > much, the additional investments to move to a Linux > environment are seemingly negligible... This coupled > with a ready stream of young and energetic current > college graduates who have exposure to Linux, will lead > more businesses to move their server environment to > Linux platform. I think that's really the key to the success of Linux in the enterprise. Lots of experienced sysadmins. People use what they're familiar with, and in the enterprise right now, that's Solaris/AIX/HP-UX on the higher end, and Windows most other places. > That's my opinion and boy have I been a MS server head for > years... Also, the rollup packages and patching mechanisms > suck... Just to install a fresh box involved around 5 > reboots, since a lot of MS crappy patches require exclusive > patch operation followed by a reboot. That's true for service patches and rollups, but most patches can be run in batches, rebooting only after installing all patches, using qchain. In any case, if you do your patching on setup, is it really that big a deal to reboot the box a few times? I personally don't mind that - it's having to reboot servers in operation, which irks me no end. Fortunately, again, that's pretty rare. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. ------------------------------------------------------------------------------ To unsubscribe, send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body or visit the list page at www.houseoffusion.com
