Posts by Trevor_Pott

@Geoff Mackenzie

Your opinion is as valid as everyone else's, and frankly...they are issues I myself am not entirely comfortable with.

To be honest, while Spiceworks is awesome, the fact that after two solid weeks of research I could find nothing comparable from the open source community was deeply saddening. I have about 30 VMs on my test server at home with various combinations of open source packages that I tried to lash together to Get The Job Done, and while some combos could do it /with enough tinkering/...the level of effort required was more than i had available.

I prefer open source whoever possible, but I am generally software agnostic. I recognise the value open source provides, but I will not let my preference for the software license blind me to good, or at least usable software from other sources.

In this case, open source lost. Badly.

Frankly, the only thing close to doing what I wanted was Nagios, but Nagios doesn’t have much in the way of MANAGEMENT…just a lot of monitoring. If the same people behind Nagios decided to throw their unbelievably fantastic talents at creating a network management application that could back onto Nagios like Spiceworks…

…that would be bloody revolutionary. As far as I am concerned, the developers who work on Nagios absolutely walk on water; I have more respect for those folk than just about any other group of coders on the planet. Sadly, neither they nor anyone comparable in the open source community has cared about network management, (and specifically lights out management) enough to put something like Spiceworks or Microsoft’s SCCM together.

Maybe I should be grateful though. I’m halfway convinced that if the Nagios dev team turned their attentions to full-fat network management, they’d put half my profession out of a job virtually overnight.

So for now, despite my reservations…

Spiceworks.

@Fazal Majid

If you have the spare people with talent and time, this is a great idea. The only problem is that when you have to get 200 nodes sporting a dozen different operating systems hosting about 500 varies services across them...

...writing a script for everything isn't going to get done in two weeks. Not only that, but the TCO on script-based maintenance and monitoring is obscene. It takes a lot of time and effort to keep something like that up to date and troubleshot; perfect if you have a dedicated script admin. A nightmare if you are an already overloaded small group of sysadmins trying to reduce your workload.

In an ideal world, the approach you mention is by far preferable. Relying on something like Spiceworks of SCCM is relying on a third party company to develop modules or plug-ins for each device and service you offer, and you have to wait on this third party for bugfixes and patches. Wherever possible keep your development and code in-house.

The caveat of course is that you can only kept that development and code in house if you have staff dedicated to their eternal upkeep.

:(

I dislike the tradeoffs, but what can you do?

@dz-015

A windows license isn't that expensive, and even on fully Mac or Linux networks, it is certainly possible to toss a Windows VM somewhere running this software. Remember that you don't need a full Windows domain structure to run Spiceworks; you just need is as a host.

Given that no domain requirements exist, a copy of even XP hobo, (sorry XP home,) would probably work. OEM stickers for those can be had for under $100, which if you are looking for a tool to actually help you manage an entire network of computers is fairly cheap.

To be honest, given Spiceworks’ integration with things like Nagios, I found it was great for monitoring and managing both Linux and Mac systems.

That said, if anyone from Spiceworks ever reads this comment; I too would really like to be installing this on CentOS rather than Windows. RPM please!

Re: Article request

I want to know why I can't assemble an ARM-based PC. (Mini-ITX?) Maybe even a roll-your-own smartbook. With all the arm-friendly flavours of Linux out there, where's the DIY ARM community?

Politicians will have you know...

...that the series of tubes ends in portals.

IPKVM

IPKVM is good for my ESXi and Linux servers too. There are many things that can go wrong before the OS loads, and before that happens, all operating systems are equal.

Also: 18 watts on average. They run around 450 W idle and 750 W loaded. Idle would be much better if they had 80+ PSUs

@jake

I'm from the internet. It'll take more than a contrarian to get me down. I survived 50+ pages of utterly unbelievable trolling in a thread over at Ars, I think I got this covered. (For the record, I was having an absolute ball. I had had a miserable week, and spending a weekend counter-trolling the trolls in between bouts of housework was fabulously cathartic.)

I make my statement about "always contrarian" with some certainty. El Reg kindly provides me a list of your (unbelievably vast) number of posts, and even context for them. (The threads they were posted in.)

What I can say is that here, on El Reg, you are pretty damn near 100% contrarian. You are also one of El Reg’s most prolific commenters, behind Sarah Bee and only a very handful of others. As such you are a /fixture/ around here, and it has become fairly easy to predict not only what threads will attract your attention, but the general gist of what it is you are going to say. I should start an office pool; we can guess on relevant threads how many comments from the top you are, with bonus points for content accuracy.

Your history of commenting here on El Reg reveals someone who will with almost perfect predictability respond “black” to virtually any posted “white.” I get the playing devil’s advocate thing, I honestly do. I have been known to pick arguments arguing sides I don’t necessarily agree with just because the process of /debate/ with a worthy partner is of itself fun.

And while you have the odd post that is bright or at least not down…in general you spend your time berating others, or pointing out (perceived) flaws. Sometimes you make little humorous quips that are perhaps a little bit geared towards the more depressing end of the humour spectrum. Overall though, you are generally quite down.

Now, I don’t view this as trolling. You are something else altogether. You don’t seem to make comments in order to inflame people and drive ongoing debate, but seemingly for no reason except to be disagreeable. (Let it never be said though, that you will back away from any argument or debate if someone counters your posts.) I don’t even say it’s a bad thing; it’s your right to be as disagreeable as you want. In fact as a regular fixture around here it would probably be downright unnerving if you were to begin behaving in any other way. It would be like aManFromMars talking like a normal human. Or the Moderatrix posting love poetry. The regular commenttards could probably cope, but it would be pretty damned odd..

In any event, it’s an observation, not a criticism. We tend to bump heads a fair bit, but from your posting history, I can’t take that as anything personal. It’s just who you are. Or at least…it is who you choose to be online.

@Hugh

I can't speak for any blogger other than myself...

...but yeah, I want to be an actual journalist. In case you haven't read the comments much sir, I do quite love to write. Everyone is different. aManFromMars likes to craft perfectly obtuse, yet really insightful comments as an exercise in attempting to cause others to think more about pretty much everything. The commenter jake likes to comment even more than I do, but always deeply contrarian; he likes to /argue/. (Or he’s really just one of the biggest downers of all time. I haven’t decided.) The Moderatrix enjoys roaming around taking the piss out of absolutely everyone, but tends to do in a very one-off manner. She likes the short one-liners, humorous, but rarely gets drawn into a real argument about anything.

I think that one day (a ways off in the future I would bet,) it would be awesome to semi-retire to journalism. Maybe after I pay off my mortgage and don't have to rely on as much income to survive. Do all bloggers have similar dreams? I can’t possibly say. Most likely some of them think they already are journalists, some just want to tell the world about their feelings and thoughts. In this, I find that medium is actually making a difference; Twitter is doing a good job of sucking up those who don’t seem to aspire to serious journalism, but have a need to leave a little bit of themselves on the internet anyways.

The different between “want to be” a journalist and “a wannabe” is, IMHO, that someone who “wants to be” one recognises they aren’t, and strives to be better. The wannabe thinks he is one…and isn’t. We all love deluding ourselves into thinking we are greater and more important than we really are; perhaps there isn’t one among us who doesn’t fall prey to it.

So could you tar all bloggers with the same brush as one another? I don’t personally think so; however I still think the idea of _most_ bloggers being “wannabes” might sadly be valid…

Oh, and I realise that your post was largely in jest…but it caused an interesting pondering nonetheless, and figured it might be worth tossing back in the thread to see what others think.

@Ben

Ooooh. Good point. Also: did you just attempt some form of literary analysis on a Register comment? Doesn't that violate some rules somewhere? I admit, it's 3:33am here, and I have been up for a little over 30 hours*...but that seems wrong somehow.

*Seriously, moving terabytes of info from one drive to another on the same system while keeping the shares in place during the movie may not be difficult, but it sure as hell is boring. And it makes for a long night. Gogo disk upgrades.

@hugh

I suppose it would really depend on the blogger. I'm a "blogger," having both my personal blog (http://www.trevorpott.com) and the Desktop Management gig here on El Reg. Does that make me a journo? Hell no! Never went to school for it, and I am only just learning the ropes now. I tinker at the edges of journalism, trying to learn how to report actual news, get and perform interviews etc...but I am a blogger, not a journo.

What about Mary Jo Foley? (http://www.zdnet.com/blog/microsoft)That lady has a blog, but she is a first class journalist as well. She digs up a lot of dirt, and does a damned good job of reporting it. Or Michael Geist? (http://www.michaelgeist.ca/)

If Steve is saying that “Bloggers aren’t journalists,” then I think I largely agree. Most aren’t. If this is to be generally accepted however, we need a new term for the rare actual journalists whose medium of reporting is entirely online.

Regardless of Steve's beliefs on the matter, journo is about the quality of the craft, not the medium. Does that comment make me a fanatic? Or just bored enoguh to be disagreeable?

@EWI

Correct me if I am wrong, but 1) Sparkle also exists for Windows, and b) It is a third party offering, not somethign funded and supported by Apple Inc.

@Chemist

My experience mirrors your own. It wouldn't stop a determined attacker, but it is cheap, easy solution to keep most script kiddies at bay. The idea that your solution must be "perfect" is not one I subscribe to; defence in depth is about combining security ideas. Changing default ports is just the low hanging fruit.

@foo_bar_baz

Please see the conversation at the top of this thread it was mentioned that your approach has flaws. It references previous a previous thread where this idea was completely torn apart.

@Robert Carnegie

Disabling Autoplay /entirely/ is absolutely required for at least one of my usage scenarios.

Ready for something terrifying?

We have dedicated "client stations" at each of our locations whose sole purpose is to have customers walk in with CDs, DVDs, Flash keys or portable hard drives to submit information in a completely unsupervised area into our system. No, this can't be changed, and no we can't afford a nanny. We have to...TRUST OUR CUSTOMERS. (This has negative consequences.)

Our entire business relies on receiving dozens to hundreds of gigabytes of new information a day from our customers. While our client systems did periodically get pwned, it hasn't happened ONCE since we moved to Windows 7.

<3 properly done privilege escalation.

@Joe14

Please see the conversation at the top of this thread it was mentioned that your approach has flaws. It references previous a previous thread where this idea was completely torn apart.

@informavrette

I am sorry, but I have to completely disagree with you on this one. Microsoft has proven to be excellent at vetting corporations for inclusion in such ventures. Look at the WHQL driver program. If Microsoft were of half a mind to, they could build on the WHQL driver program and create a list of Microsoft-qualified patch suppliers.

These companies and developers would register with Microsoft, and the whole system could be driven via Microsoft Update.

Companies that don’t want to play ball don’t have to; but it would rapidly become a selling point for one type of software over another, especially in a business environment. Just as I am not going to deploy a piece of hardware without a WHQLed driver in a business environment, I wouldn’t deploy a non-Microsoft-certified application partner unless my back was right up against the wall.

This is what Microsoft *does.* This kind of ecosystem building is why they became what they are. You have a lot of talk about how Microsoft needs to innovate and do something actually useful and new, instead of just following Apple?

How about returning to their roots: business computing. Give me a business computing ecosystem I can TRUST; one that’s tested and vetted to work together by corporations with the kind of money and power that Microsoft and Adobe and all these corporations have. Get an industry group together, and a gigantic patch testing lab filled with people who’s job it is to do nothing all day but vet patches. Take the Apple iStore idea, and do it one better. Give me a platform I can install anything I want; but to which you also provide me a nicely managed, tightly knit walled garden that I can choose to opt in to.

You might not think it would work, but I think it’s worth a yearly subscription.

Apologies

CHANGING default ports are a must.

I really need to stop writing these things at 10pm, and proof-reading at 1am...

(I say as I know that I have an article due tonight, which I will once more be up late writing…) I will strive to do better!

Now that...

...sounds like an Anonymous Coward who has been in the SME trenches. Your assesment very much so mirrors my own experience.

@AC 23:05

"I think that a suitable stateful ``one way mirror'' type firewall will give you most of what you want and in fact will even work nearly the same way (same state table), but it can be a bit more efficient perhaps and is transparent for other network admins too. And that is largely a good thing."

Why? Why is the transparency of my network to other admins a good thing? It's advantageous to them, a security risk for me. Your reasoning makes no sense.

As to "well, you can put a stateful firewall at the edge and get all the protection you want," it's not a question of "the protection I want." It's the ease of that protection. I can personally maintain an IPV6 network in my sleep. I'm a trained systems administrator.

What about my parents? My Aunt and Uncle? What about that nice older couple who own the soup shop? To say “well, they just need to learn proper network security” is trash. Existing network security, (which is far easier and more forgiving than life under IPV6) is still far too complicated for these people.

But it’s okay because the nerds want it that way? IPV6 is beautiful on paper; but the actual details of implementation and ease of use were totally ignored, and it’s too late to go back now.

Unless we can add a layer (like NATPT) to IPV6 to make it more forgiving for people who understand less. Those who like IPV6 see the end-to-end model as the only important part: this is what they want to be forgiving, because they care about their pet applications, and making life easier for developers.

I look at it and say “the end-to-end model doesn’t matter; developers get PAID to deal with the fact that life sucks.” As far as I am concerned the only people who matter are the end users; whatever is settled on must be simple, easy to use, forgiving, and most of all EASY TO UNDERSTAND for them.

So far all I have ever seen from the anti-NAT crowd is “well someone will create a device that’s easy to use, and just as forgiving as NAT without any drawbacks whatsoever.”

I have yet to see one. Or even some beta software. Or anything really that makes me think IPV6 is going to be even AS EASY as IPV4 for these people. Let alone actually EASIER.

IN other words: show me the business case. One that benefits me, and my users.

Not some developers I don’t care about who are paid to deal with it anyways.

You want to make networks more complicated, you are putting money in my pocket; but you are taking it out of the pockets of my friends and family and small businesses that can’t afford it to do so, and for no good reason that I can see.

@AC

Keeping your stuff link local doesn't give it access to outside resources. I want access to those outside resources, but don't want people having access to my resources, or being able to track my internal machines. As far as I am concerned NATPT is ideal. What I lament is that because someone thought their preferred approach was better, the choice is removed from the rest of us. What harm to those people if NATPT on IPV6 were allowed to exist? There is enough address space they could choose to implement it, or not, as THEY saw fit. That people who prefer to limit the choices available should be given the “right” to tell the rest of us how to run things is what I lament.