Practical Technology

for practical people.

August 4, 2010
by sjvn01
2 Comments

How to get Windows and Linux to cooperate on the network

“East is East, and West is West, and never the twain shall meet,” is a line from Rudyard Kipling’s The Ballad of East and West. It could also apply to Windows and Linux. If you don’t know what you’re doing, getting the two to meet on the network can seem like it’s almost impossible. Fortunately, it has gotten easier over time.

It’s not a job though for an average Linux administrator or a Windows Microsoft Certified Systems Engineer (MCSE) who’s still wet behind the ears. While parts of it, such as sharing files and printers across a network between Windows and Linux systems, are simple enough, bridging the gap between Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) requires some serious network engineering.

The first part, simply sharing files and printers, can be handled by using Samba as a server or as a client on Linux and Mac desktops. Samba is an open-source program that provides Server Message Block/Common Internet File System (SMB/CIFS) file services. With Samba, your Linux servers can act just like Windows file and printer servers to all your desktop clients. Whether your PCs run Windows 7, XP, Mac OS X, Snow Leopard, or Ubuntu, Samba can get the files to them whenever they need them without much fuss or muss.

But, once you start trying to manage logins and authentication between Linux and Windows systems with just AD or by combining LDAP and AD, things can get complicated. One way to handle this is just not to use AD at all. I know, I know, that’s heresy to Windows administrators. But, for small to medium business networks, an LDAP implementation such as OpenLDAP may be all you need for both Windows and Linux servers and desktops. If you need more, there are other network directories that can work for both operating systems that come with enterprise-level support such as Novell’s eDirectory.

More >

August 4, 2010
by sjvn01
0 comments

Going to IPv6 isn’t going to be easy

ecently, I’ve been writing a lot about IPv6, the next generation of the Internet Protocol that makes the Internet and most home and business networks go. Now, like it or lump it, we, starting with our businesses and mobile devices and eventually our home networks, are all going to have to move to IPv6.

That is going to be a major pain, especially for network administrators, but as I’ve been working more with IPv6 I’ve discovered other problems. A lot of network equipment out there can’t actually handle IPv6.

Oh, the vendors may say that it supports IPv6, but the truth is another matter. I’m not going to name names because I’ve been finding this during the course of upgrading my own network infrastructure to IPv6 instead of in a lab. If I had access to a real lab I could spend the time needed to make sure of my conclusions and explain exactly what’s happening.

What I can say though is that there’s a lot of hardware network incompatibilties out there. In the course of using both enterprise and SOHO (small office-home-office) equipment I found that even devices from the same vendor sometimes couldn’t connect using IPv6 with each other. This is not good.

More >

August 3, 2010
by sjvn01
2 Comments

OpenSolaris’ child, Illumos, goes forward without Oracle

Nexenta, an open-source organization that’s been trying to “combine the OpenSolaris kernel with the GNU/Debian user experience,” has announced a new open-source effort called Illumos. Nexenta proclaims this “is a 100% community-driven and -owned effort that aims to provide an alternative to a critical part of the OpenSolaris distribution, freeing it from dependence on Oracle’s good will.”

Oracle’s good will has been noticeably missing towards OpenSolaris. Oracle has essentially ignored OpenSolaris and paid no attention to the OpenSolaris Governing Board. Nexenta observed in their announcement that “Oracle has significantly reduced their support for OpenSolaris as a distribution.” But according to Simon Phipps, Sun’s former chief open-source officer and an Illumos supporter, this effort is not meant to be a fork of OpenSolaris,.

So if it’s not a fork, what is Illumos? In a webinar on August 3, 2010, Garrett D’Amore, the leader of the Illumos project, explained: “Illumos is a derivative, a child of OS/NET, which is Solaris/OpenSolaris’s foundation. The design is to make it 100% application binary interface (ABI)-compliant with OS/NET.” Garrett previously worked on Solaris for Sun and Oracle and is now the senior director of engineering at Nexenta.

While not an operating system distribution in and of itself, Illumos is meant to serve as the basis for distributions. According to D’Amore, it’s also “designed to solve the key problem of OpenSolaris: Not all of OpenSolaris is open source.” For example, the libc_i18n, which is a component needed to build a working C library is essential for C programming in OpenSolaris — and it’s closed source. In addition, the NFS (Network File System) lock mechanism, portions of the cryptography code and numerous critical device driver are not open source.

The bottom line is that, today, you can’t boot either OpenSolaris or Illumos without Oracle’s proprietary bits. D’Amore hopes to have that changed by year’s end.

More >

August 3, 2010
by sjvn01
0 comments

Ready or Not Your Network Is Moving to IPv6

Every few years there’s another panic about everyone running out of IP addresses. The terror that the Internet would simply run out of room is finally coming true. It’s not so much that computers are consuming the IP addresses; it’s all those smartphones, iPads, and other devices that require Internet access.

The Number Resource Organization (NRO), the organization that oversees the allocation of all Internet number resources, announced in January 2010 that less than 10% of available IPv4 addresses remain unallocated.

“It is vital that the Internet community take considered and determined action to ensure the global adoption of IPv6,” Axel Pawlik, chairman of the NRO, said in a statement. “The limited IPv4 addresses will not allow us enough resources to achieve the ambitions we all hold for global Internet access.”

IP addresses are allocated by the Internet Assigned Numbers Authority (IANA), which in turn is run by the Internet Corporation for Assigned Names and Numbers (ICANN). IANA distributes IP addresses to regional Internet registry (RIRs) who issue these addresses to ISPs and from the ISPs to you. “This is the time for the Internet community to act,” said Rod Beckstrom, ICANN’s president and CEO. “For the global Internet to grow and prosper without limitation, we need to encourage the rapid widespread adoption of the IPv6 protocol.”

When the Internet began (then called APRPANet), IPv4’s possible 32-bit 4.3 billion addresses looked like it would be more than enough. That was then. This is now.

More >

August 3, 2010
by sjvn01
0 comments

Falling through clouds

Everyone knows the big virtues of using cloud computing services: They’re cheap, you can scale them on demand, and they’re fault-tolerant. Everyone also thinks they know cloud computing’s vices: a variety of security and management concerns. What a lot of people have been missing, though, is that there’s another real problem with cloud computing: legal liability.

You see, the default contract from Amazon Web Services and the other major public cloud providers puts the onus for any privacy trouble that might develop on you, the customer, not them. So, say that 100,000 of your best customers’ records end up on WikiLeaks because your cloud provider’s security is breached. Who do you think is going to be legally and financially responsible for the leak and any damages it causes? You can probably guess, but I’ll tell you anyway: If you signed the standard cloud contract, you are. Never mind that it was the cloud provider’s security failure; you’re the one who will be stuck with the bills. Lucky you.

According to one report from SearchCloudComputing, Eli Lilly, the pharmaceutical giant, is fighting with Amazon over just these kinds of issues. Amazon’s Werner Vogels denied the story’s contention that Eli Lilly had walked away from AWS. “Eli Lilly is still very much a customer and has not dropped their use of AWS,” wrote Vogels. Be that as it may, not everyone is content with Amazon’s contract policies. Burton Group analyst Drue Reeves said at the Burton Group’s Catalyst conference, “We don’t feel like there’s enough transparency in Amazon. We would like to trust you [but need more information].”

More >

August 2, 2010
by sjvn01
0 comments

Of course Android can be hacked, so what else is new?

Where do people get this stupid idea that something, anything, is unhackable? They surely don’t get it from anyone who’s ever worked with security. We know anything can be hacked. Take, for example, this silly story entitled “‘Unhackable’ Android phone can be hacked’ from last week.

Uh, I hate to tell you this, but I don’t know of anyone reputable who ever claimed Android, Google’s Linux-based embedded operating system for phones, netbooks, and tablets, was unhackable. Sure, Android’s sandboxed security model is better than say the built-in by design insecurity you find in Windows, but so what? That doesn’t mean Android is perfectly safe. Nothing is.

More >