I've been given the task of joining two separate companies through the internet over an IPSEC VPN. I have been working with PPTP VPNs and have been very impressed with IPSEC. Luckily, I don't have to work with the Microsoft standard L2TP. IPSEC is difficult and elegant enough without having to see how Microsoft broke with standards.
I've tried working with Debian to get IPSEC. I started working under the testing branch (Sarge) because I knew it was close to release. Unfortunately, the Openswan and Freeswan modules are broken. I then tried the new 2.6 kernel ipsec with racoon and racoon-tools which worked amazingly well. The only problem was that shorewall couldn't deal with the new pseudo interfaces (not ipsec0) in the stable version. In order to work with the beta version (again scheduled for release soon), I would need to start installing more beta software into the kernel which I wasn't comfortable doing.
My next step was to try a new distribution for me called IPCOP. The newest stable version installed like a champ and it seems to have regular updates. I also liked the idea that the minimum would be installed for a firewall system. Under Debian, there is always a chance I will install something unnecessary and decrease the security by human error. Setting up the VPN tunnel was even easier under this distribution. (Not as easy as other systems, IPSEC really takes some new knowledge and thinking)
Unfortunately, I quickly ran into the limitations in IPCOP. I wanted to set up a pretty complex network-to-network connection that only allowed for specific traffic between a semi-secure network and the private network. I also wanted to include some static NAT solutions that would allow for our other multiple networks access to the new machines. This was able to be done under Shorewall but IPCOP has a certain design under it's Green (private network), Blue(wireless network), Orange(DMZ network), and Red (public internet). I could insert the VPN into the BLUE network but I couldn't communicate from Blue to Green which is by design. But the design does allow for Green to normally communicate with Blue except for VPN connections.
Now I am going to save the IPCOP settings to floppy and install Debian Woody. Since I can trust that if Openswan and Freeswan are in stable, then Debian Developers have made sure that all the pieces work together. I will miss using Webmin to set up Shorewall but I think this is the best solution.
Wednesday, January 5, 2005
Promotion
Well, I haven't posted in a while because I was promoted a month ago. The new job should have a lot of new exciting challenges that will test me to my current limits. I'm now going to work for the Radiology Department at the hospital. We are constantly using a lot of bandwidth over our WAN and we need to be able to allow specific access to business associates. Radiology seems like a very competitive industry with a lot of money flowing.
I have seen my first super-conductor and was not impressed. They encase the MRI scanner in plastic to hide the super-coolants that keep the magnet charged. Apparently, because of super-conductor properties, they only need to charge the electronic magnet once because the electrons don't dissipate like a regular appliance. There is a cost to maintaining the super-cooled magnet but as technology gets better, I would estimate those costs decreasing.
I would guess that a computer could be energized in much the same way if it was made out of super-conductors. That would decrease our costs for batteries and power.
I have seen my first super-conductor and was not impressed. They encase the MRI scanner in plastic to hide the super-coolants that keep the magnet charged. Apparently, because of super-conductor properties, they only need to charge the electronic magnet once because the electrons don't dissipate like a regular appliance. There is a cost to maintaining the super-cooled magnet but as technology gets better, I would estimate those costs decreasing.
I would guess that a computer could be energized in much the same way if it was made out of super-conductors. That would decrease our costs for batteries and power.
Tuesday, October 26, 2004
Why Linux? Why Debian?
Why Linux? Why Debian?
Here is a great article that fits nicely about why I choose Debian over other Linux distributions. My first attempt at linux was with Debian Potato. I was able to install the OS but I couldn't figure out how to get the graphics to work. I was able to login at the prompt but I didn't know what to do in Linux or why I'd want to work in Linux. It certainly didn't seem like it was a reason to switch from Windows.
I started with Debian because the Red Hat website said they wanted money for Linux and I didn't want to spend time downloading something that would have a type of shareware restriction. Debian was one of the only distro's that was free and they had a step by step guide for downloading and installing the OS. Of course, that didn't include an easy graphics installation.
My second distro was Mandrake. This installed a GUI interface without any problems. In fact it seemed modeled after Windows 2000 installations. I was able to finally see what Linux was all about. It had a few games installed but I had a hard time understanding what was so special about Linux. Why were so many people talking about it? I soon found problems with Mandrake. It was easily installed but I quickly broke it probably because of my inexperience with Linux. And I wasn't able to easily update the software because Mandrake also wanted to charge money for their software. It is possible that by spending money on either Red Hat or Mandrake, I would have increased my enjoyment of Linux but I wanted to test-drive Linux and see what all the fuss was about.
I gave up on Linux for 3-4 months. Sure, I had it installed as part of a dual-boot environment at home and as a seperate test computer at work but the software did very little for me. I was able to play a couple games that were fun (Lbreaker) but as far as productivity it hindered more than it helped.
After trying Debian again and toughing out the video driver issue, I was able to understand why Linux was doing so well. (I attempted to install a newer Xserver from the source, which worked but I found out later that all I had to do was work with testing) Linux/ Debian gave me hundreds of quality enterprise software that wasn't even available under Windows, let alone easily found amongst the proprietary crap. I was able to monitor network traffice with EtherApe, use MRTG to easily monitor traffic. I figured out that if I spent time understanding what all the 8,000 packages did, I would be able to learn how to better manage all types of computers.
After a while of being able to create test environments on Debian, I was required to go back to Windows exclusively. I learned quickly that there were some things that were easier to do on Debian that couldn't be done on Windows. I downloaded Cygwin and other Windows ports for GPL software and found that it was inevitably harder to keep software up-to-date than it was with Debian. Under Debian, I can 'apt-get upgrade' to have every software package installed from Debian upgraded without breaking my system.
Now I compare my Windows 2000 machine to Debian unstable and find Windows much more unstable. The Windows hard drive constantly needs hand holding because of fragementing. The Debian machine has never needed defragmentation, never and I have abused the Debian machine more. My computer quickly because a test machine that constantly gets software installed and uninstalled which works out fine under Debian but not under Windows. Granted Microsoft controls only a fraction of the packages installed on it whereas I am usually able to use Debian packages for 99% (unofficial packages like mplayer may take up to 5%), but under Debian the system works after it is installed.
Anyways, I probably won't convince anyone of which OS to use but hopefully I can encourage someone else to try out Debian and fight through the initial difficulties.
Here is a great article that fits nicely about why I choose Debian over other Linux distributions. My first attempt at linux was with Debian Potato. I was able to install the OS but I couldn't figure out how to get the graphics to work. I was able to login at the prompt but I didn't know what to do in Linux or why I'd want to work in Linux. It certainly didn't seem like it was a reason to switch from Windows.
I started with Debian because the Red Hat website said they wanted money for Linux and I didn't want to spend time downloading something that would have a type of shareware restriction. Debian was one of the only distro's that was free and they had a step by step guide for downloading and installing the OS. Of course, that didn't include an easy graphics installation.
My second distro was Mandrake. This installed a GUI interface without any problems. In fact it seemed modeled after Windows 2000 installations. I was able to finally see what Linux was all about. It had a few games installed but I had a hard time understanding what was so special about Linux. Why were so many people talking about it? I soon found problems with Mandrake. It was easily installed but I quickly broke it probably because of my inexperience with Linux. And I wasn't able to easily update the software because Mandrake also wanted to charge money for their software. It is possible that by spending money on either Red Hat or Mandrake, I would have increased my enjoyment of Linux but I wanted to test-drive Linux and see what all the fuss was about.
I gave up on Linux for 3-4 months. Sure, I had it installed as part of a dual-boot environment at home and as a seperate test computer at work but the software did very little for me. I was able to play a couple games that were fun (Lbreaker) but as far as productivity it hindered more than it helped.
After trying Debian again and toughing out the video driver issue, I was able to understand why Linux was doing so well. (I attempted to install a newer Xserver from the source, which worked but I found out later that all I had to do was work with testing) Linux/ Debian gave me hundreds of quality enterprise software that wasn't even available under Windows, let alone easily found amongst the proprietary crap. I was able to monitor network traffice with EtherApe, use MRTG to easily monitor traffic. I figured out that if I spent time understanding what all the 8,000 packages did, I would be able to learn how to better manage all types of computers.
After a while of being able to create test environments on Debian, I was required to go back to Windows exclusively. I learned quickly that there were some things that were easier to do on Debian that couldn't be done on Windows. I downloaded Cygwin and other Windows ports for GPL software and found that it was inevitably harder to keep software up-to-date than it was with Debian. Under Debian, I can 'apt-get upgrade' to have every software package installed from Debian upgraded without breaking my system.
Now I compare my Windows 2000 machine to Debian unstable and find Windows much more unstable. The Windows hard drive constantly needs hand holding because of fragementing. The Debian machine has never needed defragmentation, never and I have abused the Debian machine more. My computer quickly because a test machine that constantly gets software installed and uninstalled which works out fine under Debian but not under Windows. Granted Microsoft controls only a fraction of the packages installed on it whereas I am usually able to use Debian packages for 99% (unofficial packages like mplayer may take up to 5%), but under Debian the system works after it is installed.
Anyways, I probably won't convince anyone of which OS to use but hopefully I can encourage someone else to try out Debian and fight through the initial difficulties.
Friday, October 22, 2004
Microsoft's Security Problem
Microsoft's Security Problem
Here is a great article explaining the philosophy behind Microsoft versus Open Source philosophies. Microsoft is all about making money with software, which is fine but it doesn't produce great software. I believe Microsoft's greatest asset is finding the balance between having features that users want and having bugs in the software. Users are able to tolerate X number of program failures. Microsoft can always fix software bugs in the next update.
For the most part, people don't understand how software is supposed to work. When they click on a button and it doesn't do anything, they click on the button a second time. They expect a different result from the same input. It is very hard to teach a person how to get around specific software bugs by showing them a different way to do the same result.
Best quote:
The trick to creating software is that it is full of mistakes. It is the mistakes and resolution to those mistakes that drove me to find a different option in Open Source.
Here is a great article explaining the philosophy behind Microsoft versus Open Source philosophies. Microsoft is all about making money with software, which is fine but it doesn't produce great software. I believe Microsoft's greatest asset is finding the balance between having features that users want and having bugs in the software. Users are able to tolerate X number of program failures. Microsoft can always fix software bugs in the next update.
For the most part, people don't understand how software is supposed to work. When they click on a button and it doesn't do anything, they click on the button a second time. They expect a different result from the same input. It is very hard to teach a person how to get around specific software bugs by showing them a different way to do the same result.
Best quote:
a security flaw is just an exploitable bug...Security is not a feature you add to a product. It's not even a process, or a an attitude, or whatever else you thought I was going to say. No, security is an emotion. Computers don't have emotions, people do. Security, to a programmer writing code, is having confidence that his code is correct. To be correct, it must be shown to everyone, including to the bad guys.
The trick to creating software is that it is full of mistakes. It is the mistakes and resolution to those mistakes that drove me to find a different option in Open Source.
Thursday, October 21, 2004
BackupPC: Open Source Backup to disk
BackupPC: Open Source Backup to disk
I needed to find a network backup solution that would backup our 6 Windows 2000 servers without much of a budget. After looking at a host of Open Source options I finally found one that just worked, BackupPC. It is elegant in the way that it can save space on the hard drive by using Linux's hard linking. Basically, it only saves one file once and creates hard links whenever another computer uses the same matching MD5 sum. I experienced close to the same savings as listed on thier website.
I installed BackupPC on a test system and it worked like a champ. I was able to very easily see what files were locked from Windows. I am currently having some issues because one of my production database servers has a file over 4 GB which seems to be a Samba limitation.
Another good option was Bacula. Bacula was my first choice because it had a Windows native client and also had plenty of enterprise options for future expandability. I believe that it is more efficient to spend time early on learning about the more complex system and adapting it to a simple task than discovering that you need to impliment a new technology because the current techonology doesn't scale very well.
I needed to find a network backup solution that would backup our 6 Windows 2000 servers without much of a budget. After looking at a host of Open Source options I finally found one that just worked, BackupPC. It is elegant in the way that it can save space on the hard drive by using Linux's hard linking. Basically, it only saves one file once and creates hard links whenever another computer uses the same matching MD5 sum. I experienced close to the same savings as listed on thier website.
One example of disk use: 95 latops with each full backup averaging 3.6GB each, and each incremental averaging about 0.3GB. Storing three weekly full backups and six incremental backups per laptop is around 1200GB of raw data, but because of pooling and compression only 150GB is needed.
I installed BackupPC on a test system and it worked like a champ. I was able to very easily see what files were locked from Windows. I am currently having some issues because one of my production database servers has a file over 4 GB which seems to be a Samba limitation.
Another good option was Bacula. Bacula was my first choice because it had a Windows native client and also had plenty of enterprise options for future expandability. I believe that it is more efficient to spend time early on learning about the more complex system and adapting it to a simple task than discovering that you need to impliment a new technology because the current techonology doesn't scale very well.
Subscribe to:
Posts (Atom)