Comfort zones expand very slowly and with some level of pain. Most of the world avoids this adventure like the plague (sp). Speaking as a newbie (of the masses), I want the machine to: 1) Work (Linux) 2) Permit me to stay entrenched in newbie land (GUI, KDE or GNOME) for a while. 3) Let me do my word processing (Open Office) 4) Let me do my spread sheet etc. (Open Office) 5) Let me do my email. 6) Let me browse the web. 7) Provide solutions not problems. 8) Provide solutions not problems (duplicated on purpose) Speaking as one of the masses (which I hope not to be), if you hit me with a bunch of option (choices), you have broken rules 7 and 8. And, I probably won't want to play that game. I am totally convinced that only the OCD's and Geeks (or want-a-be Geeks - that's me) of the world value choices as much as Geeks do. They (the masses) want solutions, not problems. I am equally convinced that most of the world has no desire to be a Geek. Their loss. This is one of the reasons MS continues to receive their dollars. This is also one of the reasons the Geeks of the world continue to get paid. BTW, I consider being a Geek to be good. My $.02 worth YMMV George -----Original Message----- Date: Fri, 12 Sep 2003 01:19:53 -0700 (MST) From: "der.hans" Subject: Re: InstallFest decisions Am 11. Sep, 2003 schw=E4tzte Derek Neighbors so: > I don't think it implies that at all. I think it implies that we are > trying to help institute some semblance of a standard. The more I deal > with suits and getting them to adopt GNU/Linux. Sadly their number one > gripe is there is too much choice. We see choice as good. They see Yes, for most people lots of choice isn't necessarily that great. It's better that we have a somewhat unified setup for the general population. It will still be wildly customizable, but we can have a unified entry point for them. > choice as bad. I am not suggesting we eliminate choice. I am merely > suggesting for those folks who want "cookie cutter" we offer them that > and foster an environment that helps them live in that world. A key is to make sure that their cookie cutter world doesn't encroach upon our choice and that we have channels for them to graduate and move on to being able to change things if they want. > The point is we are doing the install, so the EXPERT part of Debian is > taken care of. I think that makes a WORLD of difference. Since we're doing the installs the greater concern should be their post-install experiences. > Part of me says this is an up hill fight with too broad of a group. > Perhaps AZOTO should be tackling this as they have a forum in which it > would be easier to make the decision and they would benefit the most > from such a move in their aid helping people adopt GNU/Linux. AZOTO will be tackling this issue :). ciao, der.hans --=20 # https://www.LuftHans.com/ http://www.AZOTO.org/ # "Science is like sex: sometimes something useful comes out, but # that is not the reason we are doing it." -- Richard Feynman --__--__-- Message: 6 Date: Fri, 12 Sep 2003 01:26:22 -0700 From: Rob Wultsch To: plug-discuss@lists.plug.phoenix.az.us Subject: Re: InstallFest decisions Reply-To: plug-discuss@lists.plug.phoenix.az.us There are no significant issues if you know what you are doing. Either a stable or unstable package will work. If apt-get install whatever does not work, then apt-get install -t unstable whatever will. For that matter someone could easily make a pure unstable knoppix disk rather easily. Just do an apt-get disrt-upgrade perhaps this would be the best solution? If someone will setup NAT on a machine that I am bringing in then I would be happy to be a knoppix installer. I know just over jack about networking. der.hans wrote: > Am 11. Sep, 2003 schwätzte Robert.Wultsch@asu.edu so: > > >>What about knoppix??? I am apt-get right now from a knoppix install. > > > I like Knoppix, but the update path doesn't seem to be there. I've only done > an hd-install once, though, so my experience is obviously limited for this. > > I think it needs to be there and I'm working on getting it there :). > > ciao, > > der.hans -- .-. =------------------------------ /v\ ----------------------------= Robert Wultsch // \\ robert.wultsch@asu.edu Linux User /( )\ AIM:sheepsleep7 Don't fear the penguins ^^-^^ (602)6927564 --__--__-- Message: 7 Date: Fri, 12 Sep 2003 02:10:30 -0700 (MST) From: "der.hans" To: plug-discuss@lists.plug.phoenix.az.us Subject: Re: 20 workstatiions for under $2000? Reply-To: plug-discuss@lists.plug.phoenix.az.us Am 11. Sep, 2003 schw=E4tzte Derek Neighbors so: > When talking LTSP I would avoid mentioning dollar amounts directly > because they can vary so much. Instead, I would mention machine > specifications. Too much space. Money catches people's eye. I like the idea of concentrating on specs, but this is a press release, not a technical document. > We really need someone to do (or to find) to do would be best. A case > study on LTSP here in Phoenix. That details out what the situation was > before. What it was after. What the cost was and what the savings were. Matt gave us some details for his LTSP install last year. Did he ever do a write up? We used his experience in the last InstallFest press release. ciao, der.hans --=20 # https://www.LuftHans.com/ http://www.AZOTO.org/ # "... the social skills of a cow on acid." - der.hans --__--__-- Message: 8 Date: Fri, 12 Sep 2003 03:11:45 -0700 (MST) From: "der.hans" To: plug-discuss@lists.plug.phoenix.az.us Subject: Re: InstallFest decisions Reply-To: plug-discuss@lists.plug.phoenix.az.us Am 11. Sep, 2003 schw=E4tzte Derek Neighbors so: > I will say this over and over and over until it sinks in the fricking > PLUG site url is horrendous to remember. For something like this it No it's not. We are PLUG in Phoenix in .az in the .us. plug.org? Which PLUG should get that? .pa.us LUG? Perth LUG ( that was on the GNUe irc channel this week )? Philly LUG? Pakistan LUG? PLUG is a good name, but it needs the regional markings to make it relevant= , IMO. > would be nice to have it at http://plug.whateverthellitis.us/InstallFest > and have links from the index to get there, but then offer > http://plugpresents.com to refresh right to that site. This way it's > easy to hand out to people you casually meet. http://PLUG.phoenix.az.us/ That's not difficult. I know you disagree, but I really think it's the better way to go for something that is and will stay regional. > This was nicely put. I know red hat got flamed for bluecurve (or > whatever it is called). However, it boils down to right now, too much > choice is noise and makes people confused. "Steering them down a path" > cuts the noise to signal ration and helps them adapt. It does not > remove the choice later if they so wish change things. Yes. I laud Red Hat for much of the work they've done. I also berate them for things like fvwm95. I think we need a good interface that is fairly standard for newbies, corporate environments, default installs, etc., but w= e should also put effort into making it the best defaults, which m$ does not have, especially in an environment with the capabilities that GNU/Linux offers. > I think choosing a distro is more important than a desktop. I see your point. I was thinking it's unlikely that we'll be able to agree on a default distro, so it's better to shoot for a default desktop. I'm not sure which is better. My goal is to reduce instabilities for newbies. ciao, der.hans --=20 # https://www.LuftHans.com/ http://www.AZOTO.org/ # I'm not anti-social, I'm pro-individual. - der.hans --__--__-- Message: 9 Date: Fri, 12 Sep 2003 06:27:58 -0700 From: George Toft To: plug-discuss@lists.plug.phoenix.az.us Subject: Re: Updating web server (apache) in a DMZ Reply-To: plug-discuss@lists.plug.phoenix.az.us elemint@cox.net wrote: > > What is the best way to update a web server securely in a DMZ? > > I think this could be done throught iptables/host.allow/hosts.deny to only allow a particular host to talk to that webserver. > > Does anyone have any insight on the best way to keep a webserver secure in a DMZ while still being able to easily update it? Would a staging server running apache be good as the allowed host, so on this staging server it would be tested one last time and then sent on to the live server? > > Would a recieve only cable be a good idea so the server on a seperate nic would have a cable where it could recieve only recieve the updated files and then implement them? > > Does anyone know a good place to buy or intructions on making a recieve only cable? > > > > Jim > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss Hi Jim, I'm cringing here. If you have to come up with interesting and novel solutions, the fundamental architecture is flawed. I would start there, fix the architecture. Difficult solutions are usually less secure as it is harder to find the flaws and the flaws are bigger. The staging server is an excellent idea and in use in almost every major company that deploys web content. One note, however - don't allow your staging server to be open to the Internet unless it is hardened and protected like a prod server. I know of several staging servers that have development passwords because most of the staff doesn't knows it's in the DMZ. My staging server is not in the DMZ. All testing is done internally. Any external agents that need to test do so via VPN. If it must be open to the Internet, try a maintenance network. A very useful method used to update DMZ content is via a maintenance network which uses a different IP range and a different NIC on the server: INTERNET---FW--+----------+--FW---OTHER LAN | | SERVER SERVER | | +----------+--FW---MAINT LAN Set up netfilter/netacls to limit traffic, drop stupid traffic, keep the traffic separated, no forwarding, etc. Configure SSH to listen on the maintenance network only. Updates will be a piece of cake though the maintenance network. Cheers, George Toft Computer Security AGD,llc www.agdllc.com 623-203-1760 --__--__-- Message: 10 Date: Fri, 12 Sep 2003 07:26:35 -0700 From: Derek Neighbors To: plug-discuss@lists.plug.phoenix.az.us Subject: Re: InstallFest decisions Reply-To: plug-discuss@lists.plug.phoenix.az.us -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob Wultsch wrote: | There are no significant issues if you know what you are doing. Either a | stable or unstable package will work. If | apt-get install whatever | does not work, then | apt-get install -t unstable whatever | will. Unless synaptic has the ability to do this, assume it can not be done. (I have never tried) This is because we can't be giving obscure command lines out to new users and expect them to feel warm and fuzzy. | For that matter someone could easily make a pure unstable knoppix disk | rather easily. Just do an | apt-get disrt-upgrade | perhaps this would be the best solution? I am not sure "unstable" is the best thing for a newbie. They should be able to run "stable" fairly well unless they have some new fangled hardware that isn't supported. - -Derek -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQE/YdeaHb99+vQX/88RAkEGAJ4oJr3kqLxW83tlj2HdxSXbYZo2awCggS4i 9a3gs9Pnr8g3H25uSIq6uog= =b1we -----END PGP SIGNATURE----- --__--__-- Message: 11 From: "Bruner, Andrew" To: "'plug-discuss@lists.plug.phoenix.az.us'" Subject: Samba goes to sleep Date: Fri, 12 Sep 2003 07:28:41 -0700 Reply-To: plug-discuss@lists.plug.phoenix.az.us I have a slight problem with my samba server (the latest samba .tar.gz on a Dell power edge 1640 and RH 7.2). Once I login and browse around etc., if I stop using the folders and come back say ten minutes later there is a 15 second lag before it lets me browse again. Once it's done "waking up" it works fine. There are only two users on this box right now. I've messed with socket options = TCP_NODELAY SO_KEEPALIVE=1 No difference. Anyone have any ideas? Thanks -Andrew --__--__-- Message: 12 Date: Fri, 12 Sep 2003 07:30:07 -0700 From: Derek Neighbors To: plug-discuss@lists.plug.phoenix.az.us Subject: Re: 20 workstatiions for under $2000? Reply-To: plug-discuss@lists.plug.phoenix.az.us -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 der.hans wrote: | Am 11. Sep, 2003 schwätzte Derek Neighbors so: | | |>When talking LTSP I would avoid mentioning dollar amounts directly |>because they can vary so much. Instead, I would mention machine |>specifications. | | | Too much space. Money catches people's eye. | I like the idea of concentrating on specs, but this is a press release, not | a technical document. I would be more general. I would wordsmith it as inexpensive hardware or much lower cost than similar solutions, etc. However, I would say I wouldn't make it a huge focus of this press release anyhow. We hit it pretty hard last time. It is more value to business users, an installfest is probably more aimed at attracting home users. |>We really need someone to do (or to find) to do would be best. A case |>study on LTSP here in Phoenix. That details out what the situation was |>before. What it was after. What the cost was and what the savings were. | | | Matt gave us some details for his LTSP install last year. Did he ever do a | write up? We used his experience in the last InstallFest press release. I don't think so. I was thinking the exact same thing. He had a really nice setup at the place he was at. - -Derek -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQE/YdhuHb99+vQX/88RAuy9AKCAhq5FP20wvM8A2tZQoe9Ei9UmDACeMW2F 0yyJHJZHJ2D8FomrPq7d5Ow= =4KII -----END PGP SIGNATURE----- --__--__-- Message: 13 Date: Fri, 12 Sep 2003 07:35:28 -0700 From: Derek Neighbors To: plug-discuss@lists.plug.phoenix.az.us Subject: Re: InstallFest decisions Reply-To: plug-discuss@lists.plug.phoenix.az.us -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 der.hans wrote: | http://PLUG.phoenix.az.us/ | | That's not difficult. I know you disagree, but I really think it's the | better way to go for something that is and will stay regional. The world I deal with tries to put www. infront of everything. They don't understand anything other than www.something.com. By having 3 dots and no www (or 4 dots and a www) you have completely blown their mind. I know what it is and half the time I can't get it right and have to go look. I am not saying that it is TECHNICALLY incorrect, as it is very correct. I am saying logistically it sucks. Maybe I will go grab http://www.azfreesoftware.org or something and just make it point to http://plug.phoenix.az.us which would solve my problem. | My goal is to reduce instabilities for newbies. Mine too. :) - -Derek -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQE/YdmwHb99+vQX/88RApRiAKCEsv8Yeirc4fm28GJUS4XJn9CFGwCgkz14 rrDuMlsdCmhsAOGV1cEq2NM= =VFpr -----END PGP SIGNATURE----- --__--__-- _______________________________________________ PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss End of PLUG-discuss Digest