Re: Whacky Weekend: Is Internet Access a Human Right?
On 5 January 2012 16:22, Jay Ashworth j...@baylink.com wrote: Vint Cerf says no: http://j.mp/wwL9Ip But I wonder to what degree that's dependent on how much our governments make Internet access the most practical/only practical way to interact with them. Understand: I'm not saying that FiOS should be a human right. But as a society, America's recognized for decades that you gotta have a telephone, and subsidized local/lifeline service to that extent; that sort of subsidy applies to cellular phones now as well. Thoughts? You don't need a new right. The human rights include education and access to be able to participate in your culture. A human banned from using the internet would not have access to culture, and will be banned from participate in it. Based on this page: http://en.wikipedia.org/wiki/Human_rights 5.5 5.7 5.7.* Practical terms: The ugly conclusion is that you can put a men in jail, but that don't include ban such men to access the internet. Say, you put in jail a cracker. The judge as to remove him from two rights, the right to freelly walk anywhere, and the right to post in his favorite forum/mail list. -- -- ℱin del ℳensaje.
In search of uplink vendor
Hi all, We are at a stage where we need an all-out uplink vendor to fuel our business endeavor. The bells and whistles we need are: 1. 1 Gbps link with complete block of UDP/ICMP protocol 2. BGP session with our AS 3. Ability to blackhole (no route to host) by /32 prefix 4. Presence in Equinix SV1 or SV5 (San Jose) DC's - this is not mandatory, we're open for suggestions If you feel your company measures up or is a cut above the rest, please get in touch with us to discuss the specific details. Cheers Paul
Re: In search of uplink vendor
On Thu, 12 Jan 2012, Paul Kaminsky wrote: We are at a stage where we need an all-out uplink vendor to fuel our business endeavor. The bells and whistles we need are: 1. 1 Gbps link with complete block of UDP/ICMP protocol 2. BGP session with our AS 3. Ability to blackhole (no route to host) by /32 prefix 4. Presence in Equinix SV1 or SV5 (San Jose) DC's - this is not mandatory, we're open for suggestions If you feel your company measures up or is a cut above the rest, please get in touch with us to discuss the specific details. Note: I am not a vendor. One question: 1. Not knowing anything about your business, is there a specific reason that you want a complete block of UDP/ICMP protocol? That can be problematic with IPv4, and downright foolish with IPv6. jms
Re: In search of uplink vendor
On Thu, Jan 12, 2012 at 08:01:58AM -0500, Justin M. Streiner wrote: On Thu, 12 Jan 2012, Paul Kaminsky wrote: We are at a stage where we need an all-out uplink vendor to fuel our business endeavor. The bells and whistles we need are: 1. 1 Gbps link with complete block of UDP/ICMP protocol 2. BGP session with our AS 3. Ability to blackhole (no route to host) by /32 prefix 4. Presence in Equinix SV1 or SV5 (San Jose) DC's - this is not mandatory, we're open for suggestions If you feel your company measures up or is a cut above the rest, please get in touch with us to discuss the specific details. Note: I am not a vendor. One question: 1. Not knowing anything about your business, is there a specific reason that you want a complete block of UDP/ICMP protocol? That can be problematic with IPv4, and downright foolish with IPv6. jms perhaps we are walking around w/ incomplete notions of what constitutes a complete block of UDP/ICMP protocol... for me, literally,this makes no sense whatsoever. ratcheting back on my literal filter (be liberal in what you accept) I beleive what he is asking for is a contigious block of IP addresses for use in his network. am also making the inference that he is only looking for IPv4 (no route to host by /32 prefix). so the only remaining, burning question is - what size block? a /33? a /31? maybe a /28? or a /22? a /19? (the /33 is right out... filtering on /32 would block both hosts!) I think its quite reasonable to expect a contigious block of addresses, regardless of address family. Not at all downright foolish. It is rare to see someone -not- get a contigious block. ymmv of course. /bill
Re: In search of uplink vendor
On Thu, Jan 12, 2012 at 8:01 AM, Justin M. Streiner strei...@cluebyfour.org wrote: On Thu, 12 Jan 2012, Paul Kaminsky wrote: We are at a stage where we need an all-out uplink vendor to fuel our business endeavor. The bells and whistles we need are: 1. 1 Gbps link with complete block of UDP/ICMP protocol 2. BGP session with our AS you have an asn? 3. Ability to blackhole (no route to host) by /32 prefix 4. Presence in Equinix SV1 or SV5 (San Jose) DC's - this is not mandatory, we're open for suggestions If you feel your company measures up or is a cut above the rest, please get in touch with us to discuss the specific details. Note: I am not a vendor. One question: 1. Not knowing anything about your business, is there a specific reason that you want a complete block of UDP/ICMP protocol? That can be problematic with IPv4, and downright foolish with IPv6. maybe he's upset that his current EU provider is in Sannyvale not Sunnyvale? inetnum:109.206.160.0 - 109.206.191.255 netname:SERVEREL descr: Serverel Corp. country:EU org:ORG-SC64-RIPE admin-c:SN2485-RIPE tech-c: SN2485-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: SERVEREL-MNT mnt-lower: RIPE-NCC-END-MNT mnt-routes: SERVEREL-MNT mnt-domains:SERVEREL-MNT source: RIPE # Filtered organisation: ORG-SC64-RIPE org-name: Serverel Corp org-type: OTHER address:970 Corte Madera ave, Sannyvale, CA, US phone: +18772467863 abuse-mailbox: ab...@serverel.com admin-c:AN495-RIPE ripe.. you may want to clean up some data here :) Also, that small townhouse, it surprises me that someone was able to get a gig pipe into it... especially with a /19 assigned. Odd, why is RIPE supplying space to what seems like clearly a ARIN region endpoint? -chris jms
Re: In search of uplink vendor
On Thu, 12 Jan 2012, bmann...@vacation.karoshi.com wrote: On Thu, Jan 12, 2012 at 08:01:58AM -0500, Justin M. Streiner wrote: On Thu, 12 Jan 2012, Paul Kaminsky wrote: 1. 1 Gbps link with complete block of UDP/ICMP protocol One question: 1. Not knowing anything about your business, is there a specific reason that you want a complete block of UDP/ICMP protocol? That can be problematic with IPv4, and downright foolish with IPv6. perhaps we are walking around w/ incomplete notions of what constitutes a complete block of UDP/ICMP protocol... My notion of the original statement was that the OP was looking for a provider that would block all UDP and ICMP, as in firewalls and packet filters. I also made the possibly-incorrect assumption that if the OP has an ASN from which to announce prefixes, it would also be reasonable to expect that they already have at least one prefix to announce. From that angle, 'problematic' and 'downright foolish' is not such a far walk ;) jms
Re: In search of uplink vendor
On Thu, Jan 12, 2012 at 08:41:23AM -0500, Justin M. Streiner wrote: On Thu, 12 Jan 2012, bmann...@vacation.karoshi.com wrote: On Thu, Jan 12, 2012 at 08:01:58AM -0500, Justin M. Streiner wrote: On Thu, 12 Jan 2012, Paul Kaminsky wrote: 1. 1 Gbps link with complete block of UDP/ICMP protocol One question: 1. Not knowing anything about your business, is there a specific reason that you want a complete block of UDP/ICMP protocol? That can be problematic with IPv4, and downright foolish with IPv6. perhaps we are walking around w/ incomplete notions of what constitutes a complete block of UDP/ICMP protocol... My notion of the original statement was that the OP was looking for a provider that would block all UDP and ICMP, as in firewalls and packet filters. I also made the possibly-incorrect assumption that if the OP has an ASN from which to announce prefixes, it would also be reasonable to expect that they already have at least one prefix to announce. From that angle, 'problematic' and 'downright foolish' is not such a far walk ;) jms ndeed. and now i am curious.. what business plan/product/service could make money w/o ICMP or UDP access.. ??? /bill
Re: In search of uplink vendor
In a message written on Thu, Jan 12, 2012 at 05:43:08PM +, bmann...@vacation.karoshi.com wrote: ndeed. and now i am curious.. what business plan/product/service could make money w/o ICMP or UDP access.. ??? Turn the OP's e-mail into a URL: http://www.impletec.com/ Impletec Traffic Laboratory was established with the aim to develop and provide high-load solutions for Network Engineering, CDN, DDoS Protection and other high-level network services. At the highest possible standards, with minimum hassle and lowest expense to you - our valued customer. I know of a half dozen DDoS Protection ISP's that block all UDP and ICMP. It also fits with his desire to have a blackhole community by the /32 with his upstream. I don't know if this sort of filter all ICMP behavior is more a symtom of the providers or their customer bases, but regardless of the source it makes most of the sites behind these services very slow and/or unreachable from some locations. I'm not sure posting I'm a DDoS magnet on NANOG will get a lot of people jumping up to offer service, or good rates! :) -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpHyKr5hhvd7.pgp Description: PGP signature
Re: In search of uplink vendor
On Thu, Jan 12, 2012 at 12:50 PM, Leo Bicknell bickn...@ufp.org wrote: Turn the OP's e-mail into a URL: http://www.impletec.com/ Impletec Traffic Laboratory was established with the aim to develop and provide high-load solutions for Network Engineering, CDN, DDoS Protection and other high-level network services. At the highest possible standards, with minimum hassle and lowest expense to you - our valued customer. wait, they are a dos mitigation service provider and they can't handle udp/icmp traffic? so ... really: We do dos mitigation for tcp services, we outsource the udp/icmp to someone else ?
RE: In search of uplink vendor
QUOTE I know of a half dozen DDoS Protection ISP's that block all UDP and ICMP Isn't this Internet censorship? Ephesians 4:32Cheers!!! -Original Message- From: Leo Bicknell [mailto:bickn...@ufp.org] Sent: Thursday, January 12, 2012 9:50 AM To: NANOG Subject: Re: In search of uplink vendor In a message written on Thu, Jan 12, 2012 at 05:43:08PM +, bmann...@vacation.karoshi.com wrote: ndeed. and now i am curious.. what business plan/product/service could make money w/o ICMP or UDP access.. ??? Turn the OP's e-mail into a URL: http://www.impletec.com/ Impletec Traffic Laboratory was established with the aim to develop and provide high-load solutions for Network Engineering, CDN, DDoS Protection and other high-level network services. At the highest possible standards, with minimum hassle and lowest expense to you - our valued customer. I know of a half dozen DDoS Protection ISP's that block all UDP and ICMP. It also fits with his desire to have a blackhole community by the /32 with his upstream. I don't know if this sort of filter all ICMP behavior is more a symtom of the providers or their customer bases, but regardless of the source it makes most of the sites behind these services very slow and/or unreachable from some locations. I'm not sure posting I'm a DDoS magnet on NANOG will get a lot of people jumping up to offer service, or good rates! :) -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Re: In search of uplink vendor
In a message written on Thu, Jan 12, 2012 at 11:45:58AM -0800, Network IP Dog wrote: QUOTE I know of a half dozen DDoS Protection ISP's that block all UDP and ICMP Isn't this Internet censorship? It's not censorship when you pay someone to stuff a sock in your own mouth. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpdBMjWRAbFd.pgp Description: PGP signature
Re: In search of uplink vendor
On Thu, Jan 12, 2012 at 11:53:24AM -0800, Leo Bicknell wrote: In a message written on Thu, Jan 12, 2012 at 11:45:58AM -0800, Network IP Dog wrote: QUOTE I know of a half dozen DDoS Protection ISP's that block all UDP and ICMP Isn't this Internet censorship? It's not censorship when you pay someone to stuff a sock in your own mouth. yes it is... :) when you do it yourself or pay to have t done for you. /bill
Re: In search of uplink vendor
On Thu, 12 Jan 2012 11:53:24 PST, Leo Bicknell said: In a message written on Thu, Jan 12, 2012 at 11:45:58AM -0800, Network IP Dog wrote: Isn't this Internet censorship? It's not censorship when you pay someone to stuff a sock in your own mouth. Collorary: It is, however, censorship when somebody tries to shut down websites about the practice. ;) pgpHvgi6wbzSK.pgp Description: PGP signature
Re: In search of uplink vendor
- Original Message - From: bmann...@vacation.karoshi.com 1. 1 Gbps link with complete block of UDP/ICMP protocol One question: 1. Not knowing anything about your business, is there a specific reason that you want a complete block of UDP/ICMP protocol? That can be problematic with IPv4, and downright foolish with IPv6. perhaps we are walking around w/ incomplete notions of what constitutes a complete block of UDP/ICMP protocol... for me, literally,this makes no sense whatsoever. ratcheting back on my literal filter (be liberal in what you accept) I beleive what he is asking for is a contigious block of IP addresses for use in his network. am also making the inference that he is only looking for IPv4 (no route to host by /32 prefix). Well, I dunno; I concur with jms: I assumed he meant where the provider drops all incoming UDP and ICMP traffic addressed towards my IP space on the floor. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: In search of uplink vendor
- Original Message - From: Network IP Dog network.ip...@gmail.com Isn't this Internet censorship? Repeat after me: It's not censorship unless it's imposed by a government. I don't know that per speaker or per topic are required, but they're common. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Looking for Capitol One, NA POC
If there is a member Capitol One North America's IT/Security on this distro please contact me off line please.
Linux Centralized Administration
Hey folks. just curious what people are using for automating updates to Linux boxes? Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? Cheers, Paul
Re: Linux Centralized Administration
On Thu, 12 Jan 2012 16:02:49 EST, Paul Stewart said: Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? You can configure yum-updatesd to download and/or apply new updates automagically. Whether that's a good idea is a different question. pgpsJfzLdaKPq.pgp Description: PGP signature
Re: Linux Centralized Administration
On Thu, Jan 12, 2012 at 04:02:49PM -0500, Paul Stewart wrote: Hey folks. just curious what people are using for automating updates to Linux boxes? yum Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? yum install yum-cron chkconfig yum-cron on service yum-cron start
Re: Linux Centralized Administration
On 12 January 2012 21:02, Paul Stewart p...@paulstewart.org wrote: Hey folks. just curious what people are using for automating updates to Linux boxes? Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? It so happens that just yesterday I stumbled across Spacewalk (http://spacewalk.redhat.com) - which is the open source version of RHN Satellite. I ran into a few problems setting the server up - but nothing too difficult to solve, and client installation is a breeze. Dan
Re: Linux Centralized Administration
On Thu, Jan 12, 2012 at 1:02 PM, Paul Stewart p...@paulstewart.org wrote: Hey folks. just curious what people are using for automating updates to Linux boxes? Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? There's no tool I could recommend that would be very close to RHN. However, for solving the problem of keeping packages up to date and systems in a known-state, I would recommend checking out some configuration management tools. There are several popular ones nowadays, though I personally prefer Puppet or Chef. Both are tools that allow administrators to declare what a system should look like, and abstract away the hard work of making that happen on a variety of platforms. In both cases, it's possible to monitor how well those tools are working and what they're doing in the background so that you can get an idea of what's up to date and what's not. Are you just trying to solve for making sure that packages are up to date? Making sure that running daemons are also up to date? Cheers, jof
RE: Linux Centralized Administration
We are using Security Blanket. It's a COTs product that works really well -Original Message- From: Chuck Anderson [mailto:c...@wpi.edu] Sent: Thursday, January 12, 2012 4:10 PM To: nanog@nanog.org Subject: Re: Linux Centralized Administration On Thu, Jan 12, 2012 at 04:02:49PM -0500, Paul Stewart wrote: Hey folks. just curious what people are using for automating updates to Linux boxes? yum Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? yum install yum-cron chkconfig yum-cron on service yum-cron start
Re: Linux Centralized Administration
We use puppet - http://puppetlabs.com/. Works good for us. Nitin - Original Message - From: Paul Stewart p...@paulstewart.org To: nanog@nanog.org Sent: Thursday, January 12, 2012 4:02:49 PM Subject: Linux Centralized Administration Hey folks. just curious what people are using for automating updates to Linux boxes? Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? Cheers, Paul
Re: Linux Centralized Administration
We use SALT, written in python and setup in 10 minutes. Seriously easy! Wickedly fast! http://saltstack.org/ -Bret On Jan 12, 2012, at 2:13 PM, Nitin Mehrotra wrote: We use puppet - http://puppetlabs.com/. Works good for us. Nitin - Original Message - From: Paul Stewart p...@paulstewart.org To: nanog@nanog.org Sent: Thursday, January 12, 2012 4:02:49 PM Subject: Linux Centralized Administration Hey folks. just curious what people are using for automating updates to Linux boxes? Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? Cheers, Paul
RE: QinQ switch or similar
On Sun, 2012-01-08 at 14:06 -0600, Jensen Tyler wrote: We have been using Ciena switches for QinQ. CN3920 would fit best for low cost. Pretty easy to use. The 3916 is one generation newer, cheaper, has a hardware FIB and therefore also does all the MPLS bits and bobs (though don't use that until 6.10, we're told.) If I remember rightly a 3920 can't pop-off an S-tag on egress, too. There's some silly limitation like that. Tom
Re: Linux Centralized Administration
Fabric is also a fine one, if you *don't* want abstraction of what you're doing: http://fabfile.org On Thu, Jan 12, 2012 at 1:16 PM, Bret Palsson b...@getjive.com wrote: We use SALT, written in python and setup in 10 minutes. Seriously easy! Wickedly fast! http://saltstack.org/ -Bret On Jan 12, 2012, at 2:13 PM, Nitin Mehrotra wrote: We use puppet - http://puppetlabs.com/. Works good for us. Nitin - Original Message - From: Paul Stewart p...@paulstewart.org To: nanog@nanog.org Sent: Thursday, January 12, 2012 4:02:49 PM Subject: Linux Centralized Administration Hey folks. just curious what people are using for automating updates to Linux boxes? Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? Cheers, Paul
Re: Linux Centralized Administration
I run spacewalk (as mentioned above), and have for some time. Once you get the errata importing set up, it's pretty much full RHN. -Blake
RE: Linux Centralized Administration
Awesome! I remember someone telling me about this before and couldn't remember the name til now... Cheers, Paul -Original Message- From: Daniel Ankers [mailto:md1...@md1clv.com] Sent: Thursday, January 12, 2012 4:08 PM To: Paul Stewart Subject: Re: Linux Centralized Administration On 12 January 2012 21:02, Paul Stewart p...@paulstewart.org wrote: Hey folks. just curious what people are using for automating updates to Linux boxes? Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? It so happens that just yesterday I stumbled across Spacewalk (http://spacewalk.redhat.com) - which is the open source version of RHN Satellite. I ran into a few problems setting the server up - but nothing too difficult to solve, and client installation is a breeze. Dan
Re: In search of uplink vendor
On 12/01/12 12:18 PM, Jay Ashworth wrote: - Original Message - From: Network IP Dognetwork.ip...@gmail.com Isn't this Internet censorship? Repeat after me: It's not censorship unless it's imposed by a government. The wikipedia definition seems more accurate: http://en.wikipedia.org/wiki/Censorship *Censorship* is the suppression of speech or other public communication which may be considered objectionable, harmful, sensitive, or inconvenient to the general body of people as determined by a government, media outlet, or other controlling body. The key aspect that makes something censorship is that you can't easily get around the block by the controlling body. Obviously, if you do it yourself or ask someone to do it for you (e.g. ask your upstream to filter) it's not censorship. If it's done by someone else, you have no say in the matter and no (easy and/or legal) opportunity to avoid the filtering, then it's censorship. If Comcast or ATT decided to filter/block requested data from reaching their customers (e.g. access to .xxx sites, access to torrents), we would all agree that this was censorship. jc
Re: Linux Centralized Administration
On Thu, Jan 12, 2012 at 04:02:49PM -0500, Paul Stewart wrote: Hey folks. just curious what people are using for automating updates to Linux boxes? Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? At work, we use (and built) a tool called 'tingle' (https://github.com/anchor/tingle), which handles it all for us across our internal and managed-for-customers infrastructures. Personally, I don't run CentOS, but I use unattended-upgrades on my personal herd of Debian machines, which works well enough. - Matt -- A woman in liquor production / Owns a still of exquisite construction. The alcohol boils / Through magnetic coils. She says that it's proof by induction. -- http://limerickdb.com/?34
Re: Linux Centralized Administration
Here at Twitter we make extensive use of Puppet. It's great, but we had a hard learning curve and much customization to get it to work the way we wanted to. I'd also recommend Chef, which is like Puppet but includes more tools (like a machine database) out of the box. -j On Thu, Jan 12, 2012 at 2:27 PM, Matthew Palmer mpal...@hezmatt.org wrote: On Thu, Jan 12, 2012 at 04:02:49PM -0500, Paul Stewart wrote: Hey folks. just curious what people are using for automating updates to Linux boxes? Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? At work, we use (and built) a tool called 'tingle' (https://github.com/anchor/tingle), which handles it all for us across our internal and managed-for-customers infrastructures. Personally, I don't run CentOS, but I use unattended-upgrades on my personal herd of Debian machines, which works well enough. - Matt -- A woman in liquor production / Owns a still of exquisite construction. The alcohol boils / Through magnetic coils. She says that it's proof by induction. -- http://limerickdb.com/?34
community strings for Reliance Globalcom
does anybody have the community strings for Reliance Globalcom
Re: community strings for Reliance Globalcom
Not sure how up to date this is, but I believe this is what you are looking for: http://www.onesc.net/communities/as15412/ Cheers, Stefan Fouant JNCIE-SEC, JNCIE-SP, JNCIE-ER, JNCI Technical Trainer, Juniper Networks Follow us on Twitter @JuniperEducate Sent from my iPad On Jan 12, 2012, at 5:57 PM, Philip Lavine source_ro...@yahoo.com wrote: does anybody have the community strings for Reliance Globalcom
Re: Linux Centralized Administration
On Thu, Jan 12, 2012 at 3:02 PM, Paul Stewart p...@paulstewart.org wrote: Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? Something to think about before attempting to centrally manage, your systems actually have to be centrally manageable -- that doesn't happen automatically and requires extra work. The just run yum update strategy is only reliable when all packages on the system were installed from RPM and all software RPMs installed are properly maintained by the vendor using Yum. Some packages have updates that are distributed with Yum, but yum updating breaks the application, until a manual update procedure is completed. Sometimes an updated kernel won't boot. Sometimes, a third-party driver for RAID card X won't load in the patched kernel, and after a reboot, the OS never comes back up because it's sitting at a kernel panic message indicating no hard drive found. Cacti/OpenNMS are good examples -- after a yum update to a new version, you must manually invoke, a potentially dangerous installer program or web page has to be used, after a new update, config files, or database schema have to be edited or patched by hand; until you manually take some action to fix the config, the application is broken after update. As soon as you attempt to restart the application it will shutdown OK, but not come back up. Occassionally, there is a library update that breaks binary compatibility with existing applications, for example a certain update to net-snmp-libs in Centos 5.something. yum-updatesd surely doesn't know when auto-applying an update will cause an important service to suddenly break To centrally manage effectively, you basically need a homogenous environment with a configuration that is very close to stock config, so that effective testing is possible; homogenous meaning an identical list of installed packages and software all installed the same way on every system centrally managed as a group, identical SKUs for every hardware component in every installation configured identically, same hw revisions, etc. No extra applications or files floating around on a one-off server. So yum-updatesd would be a bad idea for production systems that have any third-party packages; even if YUM maintained.And even if YUM maintained, third party YUM repos may become neglected, or change into 404 errors, causing yum to break entirely. Often commercial third-party software used on CentOS systems will be distributed in another format, such as .tar.gz. Yum cannot do much with that; the third party package will likely get neglected and not updated. Often various applications you require may need versions of libraries or applications that are not yet available in RPM format,or they're part of Fedora instead. In any case, if you wind up rebuilding the RPM for CentOS using rpmbuild or installing from source, Yum update won't help you with those packages, and may break their dependencies later. That might just be a testament to how poor the available packaged software selections are in CentOS, that commonly needed packages aren't part of the distribution; and commonly outdated versions of libraries are present. But YUM-updatesd's usefulness certainly applies to less than 100% of systems. -- -JH
Re: Linux Centralized Administration
On 1/12/2012 4:43 PM, Jimmy Hess wrote: On Thu, Jan 12, 2012 at 3:02 PM, Paul Stewartp...@paulstewart.org wrote: Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? Something to think about before attempting to centrally manage, your systems actually have to be centrally manageable -- that doesn't happen automatically and requires extra work. this is why i never update. i would rather build a new image and deploy it to the thousands of servers than worry about updates. be it an openssh security notice, or new ntp configuration, for me it is easier to rebuild servers than update config files.
Re: Linux Centralized Administration
On 01/12/2012 03:51 PM, chaim.rie...@gmail.com wrote: On 1/12/2012 4:43 PM, Jimmy Hess wrote: On Thu, Jan 12, 2012 at 3:02 PM, Paul Stewartp...@paulstewart.org wrote: Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? Something to think about before attempting to centrally manage, your systems actually have to be centrally manageable -- that doesn't happen automatically and requires extra work. this is why i never update. i would rather build a new image and deploy it to the thousands of servers than worry about updates. be it an openssh security notice, or new ntp configuration, for me it is easier to rebuild servers than update config files. .. you never update? How frequently do you rebuild your entire server stack, weekly? Paul
Re: Linux Centralized Administration
On 01/12/2012 03:51 PM, chaim.rie...@gmail.com wrote: On 1/12/2012 4:43 PM, Jimmy Hess wrote: On Thu, Jan 12, 2012 at 3:02 PM, Paul Stewartp...@paulstewart.org wrote: Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? Something to think about before attempting to centrally manage, your systems actually have to be centrally manageable -- that doesn't happen automatically and requires extra work. this is why i never update. i would rather build a new image and deploy it to the thousands of servers than worry about updates. be it an openssh security notice, or new ntp configuration, for me it is easier to rebuild servers than update config files. For that matter, imaging is a bad way to go about handling this, you'd be better served by setting up something like Puppet or Chef and have them handle configuration management for you centrally, along with necessary software packages. Paul
Re: In search of uplink vendor
On Thu, Jan 12, 2012 at 01:56:38PM -0800, JC Dill wrote: On 12/01/12 12:18 PM, Jay Ashworth wrote: - Original Message - From: Network IP Dognetwork.ip...@gmail.com Isn't this Internet censorship? Repeat after me: It's not censorship unless it's imposed by a government. The wikipedia definition seems more accurate: http://en.wikipedia.org/wiki/Censorship *Censorship* is the suppression of speech or other public communication which may be considered objectionable, harmful, sensitive, or inconvenient to the general body of people as determined by a government, media outlet, or other controlling body. time to update the wikipedia entry then... think parents suppression of communication [] considered objectionable, harmful, sensitive or inconvenient wrt their children. the key is controlling body... be it ISP, Government, CorporateIT, your mom, or the school board. It might even be -YOU- (you do have control, right?) /bill