Windows Server 2003 R2 Coming

Windows Server 2003 R2 (the official name of the next ‘update’ of the server operating system). It’s currently at the R2 Beta 2 level, and only available to a private testing group, but according to this post (Julius Sinkevicius, Senior Product Manager in the Windows Server Group)it’ll be coming out on the main Windows Server page soon for everybody else to test soon. Some of the key features in R2:

  • Active Directory Federation Services
  • Rights Management Server
  • SharePoint Portal Services Version 2
  • File Server Migration Toolkit
  • Network File System (NFS) support
  • Services for Unix
  • Active Directory Application Mode (ADAM)
  • ‘Corral’ Storage Resource Management

There’s lot’s to look forward to there, but my favourite is the built-in SFU support which marks yet another noticeable change in the way Microsoft are approaching the Unix masses. First SFU was an expensive component, then it was a freee downloadable edition, and now it looks like it’s going to be a standard part of the server OS; a useful addition for an OS that wants to be used within, rather than instead of, alternatives.

Sun v40z Benchmarks Out

Note: This post was originally part of my LinuxWorld blog; now migrated here after my resignation.When I did the review of the Sun v40z, I said at the time that it was a fast machine, whether it was running Solaris or Linux. Now some more official benchmarks have come out, and it looks like the Sun v40z is an exceedingly fast little box. Some of these performance stats are amazing, most world beating for an x86 machine. I’m just glad I got to try one out. Even better, some of the stats you see use the new dual-core Opterons, giving you an 8-way SMP capable box in the same footprint as the old 4-way box. To quote from FP performance report:

On the compute intensive industry-standard SPEC CPU2000 benchmark, the Sun Fire V40z server has achieved SPECfp_rate2000 result of 138, setting a new world record for all 8-way x86-compatible systems, as of April 21, 2005. This record outshines the previous top score of 41.1, which was set by the Intel Xeon MP-based HP ProLiant DL740 server, by over 3x. The enhanced 4-socket server, equipped with the dual-core Opteron processors, demonstrates more than double the performance of the single-core 4-socket competitive servers outfitted with the newest Intel Xeon MP EM64T-capable family of processors. Specifically, Sun Fire V40z server tops the performance of HP ProLiant ML570 G3 and Dell PowerEdge 6850 servers (52.6 and 52.5 respectively) by over 2.5x on the floating point throughput test.

This fits in line with the press release announcing support for the dual-core Opteron support. OK, the stats are Solaris, not Linux, based, but this box is just as capable of running Linux (I tried Fedora Core 3 x64 without any issues for over a month). I can’t see any reason why Linux, Fedora or otherwise, couldn’t achieve similar results if given the opportunity. Now all I need to do is find the money to buy one…

Gentoo Part 2

OK, so it takes some time – this is old hardware – but I’m happy to say that the new mail server, running Gentoo on SPARC, is running perfectly.Note: This post was originally part of my LinuxWorld blog; now migrated here after my resignation.It’s been up now for almost 72 hours, and I’ve been filtering spam for the last 48 hours with only about 8 making it through (out of 190), compared to the 20-30 that would make it through on the old system.The config is simple, Constable (Gentoo on SPARC) accepts all the email through postfix, then I use Amavisd-new in combination with SpamAssassin amd ClamAV to capture everything. This re-injects to postfix, which then forwards it on to the real mail server, Gendarme (Solaris 8 x86). On this box I use Sendmail in combination with Cyrus and use sieve to do some additional filtering, which gets rid of about another 20 emails that get through by ensuring they were actually sent to me, contain the right headers, and a few other simple tests.Setting up a spam filterering machine is nothing new of source, but it’s nice to see that with Gentoo everything is very easy. A couple of emerge commands to install the various bits and I’m up and running. Well, on this old machine after a significant wait of course; it took the best part of two days to compule and install the OS and then the required software. But what is easy is that the dependencies are sorted out for you. For example, installing amavisd-new required quite a few packages, and even installing something seemingly straightforward like NFS required a couple of packages I didn’t already have.In comparison to the pain you can gave even installing the pre-packaged RPMs this is a dream. With Gentoo, you also get the ability to be a bit more specific about some of the options.There are some complaints though; the current mysql packages (on SPARC) are not new enough to run with some of the latest, standard versions. I can’t connect to my MySQL server, which is running on a Windows Server 2003 box because the security support doesn’t match; it’s a problem I’ve experienced before, but with Gentoo I really don’t want to spol the ability to update to the latest versions by running ’emerge world’.For the moment though, I’m happy. I should spend about half an hour less sorting through the spam.

Phishing – The Next Generation

Note: This post was originally part of my LinuxWorld blog; now migrated here after my resignation.In this piece over at New Scientist is the news that some of us have been expecting for a while – Phishing has moved on from simply redirecting people through spam emails, no hackers are going to do it by polluting the DNS namespace. If you haven’t already, make sure you’ve upgraded to the latest BIND (9.x) and then used the features like DNSSEC to ensure that the information is distributed about properly.

‘Full’ Review of Solaris 10

OK, I don’t particularly appreciate the multi-page reviews you get at some sites, but I think it’s a stretch to call 819 words a ‘full review’ of anything. Yet that is what we have here. It was even picked up by Slashdot as such, goin as far as to call it comprehensive. Unfortunately the main thrust of the article concentrates on the ‘it’s not linux’ camp, rather than actually looking at the details and specifics of the operating system that might make it useful. The length and coverage doesn’t even remotely make it a ‘full’ review, and comprehensive is a really bad adjective for the review. OK, I like Solaris, I’ve been using it for 14 years and my main mail and Intranet box runs on Solaris. But I also believe that irrespective of your affiliations and personal you should give a product the benefit of the doubt and give it as well rounded and subjective a review as possible.

Microsoft Virtual Server to Support Linux

If you subscribe to same sort of news sites I do you will have seen stories like Linux: coming soon to a Microsoft VM near you (Ars Technica), the original source piece at Techworld and the original Microsoft Press Release. Virtual Server 2005 already supports other operating systems. I’ve been running RHEL and FreeBSD on Virtual Server for almost two years (I had access to an early V1.0, before it was even official a beta product). But Microsoft has never supported these other operating systemsSo what does ‘support’ actually mean – it surely doesn’t mean that Microsoft will help you install the operating system, but it might help you create and tune the virtual server in which it can be installed. And when you have a problem with the virtual side of the operating system execution, you should be able to ask Microsoft to help. Most important of all, I suspect, is that if you are a big company using Microsoft Virtual Server for virtualization, then I suspect Microsoft will be more than happy to help you sort out your virtualization problems.

Optimization Tart

I’ve really agreed with the ‘if it ain’t broke, don’t fix’ line of thinking. I think there are a number of reasons for that, but the primary one is that my world and environment is constantly changing and therefore the chances of a component or situation remaining for long enough for me to use that statement just never occurs. To give an example, just this last week we decided to move a printer downstairs for Sharon so that she doesn’t have to keep running up and down stairs when printing things out. That simple move lead to a a whole sequence of events that culminate in my re-organizing parts of my desk, which now has less stuff on it, because I’ve moved it over to the tri-level printer table. This in turn has led me to re-organize the power strips under my desk (I managed to free no less than four sockets, and improve the untidiness of the cables). That just triggered a whole kettle of fish on the location of some paperwork and my active work folders and so it goes on. That’s just my work environment. This morning I’ve been planning ways of improving the IT here. There are a couple of things which aren’t quite working how I’d like. For example, the main mail server uses post-acceptance spam filtering – ie, it gets delivered and then filtered by a Perl script (which calls SA and ClamAV), but I can’t afford to shut the mail server down while I reconfigure. Meanwhile, I’m running on a reduced firewall until I can sit down and reconfigure ISA 2004. And at the back of my mind I’m aware that I need to reconfigure some of the other hardware to fit in with a few upcoming projects. Why am I an optimization tart? Well the last time I did any of this was just about the start of the year, and I did it when I installed the kit into the new house in September too. Even now, I’m thinking about what happens next and what projects will start in September and how that might affect the current configuration set-up. And there’s a list on a few pages of improvements, extensions and new features I want to add to the Intranet. Not to mention the fact that about half of the links on that Intranet don’t work properly anyway…

Gentoo on SPARC

Note: This post was originally part of my LinuxWorld blog; now migrated here after my resignation.I’ve tried a number of times to get gentoo to work, but somehow I could never get the final stages of the installation to complete properly and I’d invariably end up with a corrupt or simply not working sytem. Now Gentoo 2005.0 is out and I’ve managed to get everything working first time. I have to say I’m impressed. I’d always liked the idea of a system that was easier to upgrade and manage, and the emerge system on Gentoo is brilliant. It also means that I can choose my own optimizations and configurations for some of the options and build the binaries actually on the system they will be used on – a huge bonus for those of us with many different systems to manage. The whole thing is exceedingly slick and easy to use, and the ability to just type emerge emacs and have it compile everything it needs to is enough to give you goosebumps if for the last 20 years you’ve been doing those things by hand. It’s much better than RPMs. Gentoo downloads the source and builds it right there, including downloading any other required packages. No more downloading and installing RPMs to find what you want.

For CPAN users, think CPAN but for your whole machine.Now I’ve got the main box running Gentoo (on x86), I’m now looking at Gentoo for a new SMTP server (as part of the latest network optimization). That box will be based on a solid, but old, SPARCserver 10 with dual hypersparc CPUs. Getting Gentoo onto this box wasn’t going to be easy – I have a CD-ROM drive, but I know from past experience that it doesn’t like CD-Rs and that would make booting the OS interesting. However, there is a network boot image available and if there’s one thing that Sun desktop kit does well is boot over a network. You can use the basic information given in the HOWTO, with a few additional tips:

  1. The notes work on the basis of a Linux (preferably Gentoo) source, but I did mine fine on a Solaris 8 x86 box
  2. Make absolute sure that your links to the TFTP boot image are upper case. Suns don’t use lowercase when looking for a boot image
  3. It’ll take a while to load – it’s only just over 3MB, but it does take a while
  4. Remember that you will be in a somewhat minimized environment. Some of the tools that it says to use even in the instructions are simply not there. Don’t expect, for example, links2, ftp, any ssh clients (and sshd is available) or the mirrorselect tool. Most annoying though is no decent editor. You don’t need to do much in the early stages that can’t be handled through cat > myfile, but be warned.

That last point can make some operations tricky, but just the fact that it works at all is a testament to the dedication of those people over at Gentoo and elsewhere who made it happen. Once in, you can follow the instructions in the main installation guide. But make absolutely sure you have enough diskspace. My box has 1.8GB and it’s not quite enough by the time I’ve unpacked a fairly hefty portage and stage3 package. I’m now waiting for a 4.2GB disk to help out with the space issue. I will, of course update you with my progress.

Peer-Reviewed Microsoft Certification

With the first new certification class in a number of years, Microsoft is choosing a slightly different path. The Microsoft Certified Architect Program is designed to provide certification for top-level IT professionals who have experience to designing and deploying solutions that use both Microsoft and non-Microsoft products. Not only is the approach different, in that it’s not designed to test your experience in MS products, but the path to achieving certification is different. Rather than a series of exams there is a whole range of tests, interviews and examples of past work. The process is expected to take 12 months and will involve the person getting certified will be assigned a mentor who will guide – and guage – the candidates progress through the process. This also means that the individuals will be peer-reviewed. The reliance on exams along has – in many certification exams – created a situation whereby candidates can cheat simply by knowing the answers to the multiple choice questions. Have a good memory and you can pass the exams, whether or not you actually have the experience. I’ve met many people with a Microsoft certification who I simply wouldn’t trust to install a piece of software correctly, and I know many managers who completely ignore certifications from Microsoft and others because of similar experiences. This is not a reflection on the test itself, which I can assure you is highly complex, but relying purely on the answers to questions, rather than actual applied knowledge is always going to lead to problems. Thinking about our cars for example I wouldn’t expect to be given a driving licence simply by answering the questions in the theory test. Microsoft have done a lot to improve the situation in recent years, and hopefully this new certification process is an indication of further improvements in the way certifications are distributed.

Unraveling BIND 9.3

BIND 9.3 incorporates a huge number of changes intended to enhance the functionality and improve on the security of what is a critical component for both Internet and LAN users. A new article, over on ServerWatch.com, looks at some of the main features of the new release. Here’s a short excerpt from the article:

The Domain Name System (DNS) is a component of the Internet often taken for granted. Although knowledgeable users are aware that the Internet works off of IP addresses, the reality is that we all type in names rather than impossible-to-remember long numbers. The DNS is based on an open standard, and, thus, numerous choices are available for managing DNS information. The best known method by far is the open source Berkeley Internet Name Domain, more commonly referred to as BIND.BIND 9.3, the most recent release, has been available since September 2004. It features a number of key enhancements in terms of both security and the way it is supported. This article covers the main improvements in the release and discusses how to make the best use of these features.

Read on for the full article.