servers vs. workstations, was Re: just in case you missed it

der.hans plug-discuss@lists.PLUG.phoenix.az.us
Wed, 9 May 2001 23:51:05 -0700 (MST) 

Am 09. May, 2001 schwäzte Jeffrey Pyne so:

> On Wednesday 09 May 2001 10:28 am, der.hans wrote:
>
> > Security updates should be *free*, as in beer! I don't care who the
> > vendor is. Will sun ever go there? I doubt it :(.
>
> Not to pick hairs or split nits, but they are free (well, you do have to
> Agree to their license terms, so it does cost a couple minutes of your
> time to read thru the agreement).  Check out:

That ain't free. I want anon ftp, anon http access. Also, when at Mot I
inherited a few Suns and had to go through a lot of pain to get some of the
necessary security patches. Funny, we could get OS for free because we had
the hardware. License was irrelevant. To get some of the basic patches,
however, we had to be on a support agreement. I believe one of those was for
an rpc exploit. I'm not even sure solaris can boot w/o rpc :).

True, Sun isn't too bad. I was trying to not mention any dists and Sun is
the other OS company I'd had a less than optimal experience with :). Much of
what I'd needed was available for public download. It was only a few patches
that were hidden.

> http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-license&nav=p
> ub -patches

Thanks for the link. OK, anon, but with the click-through license to ignore.
Acceptable, and should be easy to automate grabbing the patches.

> Sun seems better to me (less bad, maybe?) than other companies as far as
> stuff like this goes.

They and SGI are the only ones I've had to deal with. SGI was pretty
painless. Not only were things available to anonymous users, but they were
the first ones to pop a mime type match into Netscape such that downloading
patches automagically opened the admintool to apply them.

I'm told it's a pain to get AIX patches from IBM and Mot. We got them from
the developers :).

> Hmmm, an enterprising Solaris admin could emulate this by whipping up
> a Perl script to go out to sunsolve.sun.com, grab the patch report for
> a given version of Solaris, parse it for the patchIDs of all of the
> Security-related patches, figure out which ones the system needs (don't
> need to update bind if it ain't running), cross-reference the patchIDs
> with the showrev -p output to see which patches are not installed or
> are down-rev, download the required patches and then send the Admin an
> email that says "Hey, slacker, there are patches to install.  Get to
> work!".  Wonder if someone has already done this.  Off to the Sun Managers
> archives....

I wrote something like a lobotomized version of that when I needed it. Very
sucky, but it helped me update my boxen.

If we got other *NIXen in it, this would be a great topic for AZSAGE. Too
bad they want to meet the same night as PLUG :(.

ciao,

der.hans
-- 
# der.hans@LuftHans.com home.pages.de/~lufthans/ www.Aligo.com
#  I'm not anti-social, I'm pro-individual. - der.hans