Readers speak out:
March Letters to the Editor
March 1997
![[Next story]](/sunworldonline/icons/tb-next.gif){kind=icon}
![[Table of Contents]](/sunworldonline/icons/tb-toc.gif){kind=icon}
![[Search]](/sunworldonline/icons/tb-search.gif){kind=icon}
|
|
Readers speak out:
|
March 1997
|
 Mail this article to a friend |
Readers speak out:
|
|
Please tell me the difference between object code and source code and what 40, 56, and 128 bit refers to. Even if you can achieve high quality encryption, what about stray radiation (Tempest Hazard)?
Jerry Hodges
I maintain an FTP site for Solaris x86. It is a very active site, and
I thought I would suggest it be added to your page. At last count I had
about 250 programs compiled for the x86 archive. The site is updated
continually as I add programs for the x86 machines for the computer
science department at Duke University. We update packages based on
minor revisions, so the latest software is available, gcc-2.7.2.2 for
example. I also keep an HTML file for the packages at the site. The
URL is:
ftp://x86.cs.duke.edu/pub/solaris-x86/bins/index.html
The archive is located at:
ftp://x86.cs.duke.edu/pub/solaris-x86/bins/
Joe Shamblin
Systems Administrator
Department of Computer Science
Duke University
For Chuck Musciano:
You have done a great job on SunWorld! I enjoyed every article.
I work in custom Web hosting division of AT&T. I read books whenever I can, but short articles like these are best suited for me.
Sunitha Reddy
For Peter Galvin:
I am a Naval Reservist who is playing catchup/further self-education on Unix (and in particular Sun Solaris) (A)IS Security (the Navy appends an A at the front for "automated" [is there any other kind?]) in part through your column in SunWorld. By and large, I'm pleased with what I've read, and the way you put it: succinct and simple.
My question comes from a particular system that I have been tasked to help with (please forgive the dangling modifier!). Its architects allow local configuration changes (once planned for and tested locally) for security enhancements that are: 1) "non-intrusive;" and 2) "do not significantly affect the performance, function or approved functionalities of the system." My problem is that while the approved functionalities and functions for this system have been defined, the performance parameters and the idea of "significant affectation" of them has not been defined numerically or any other measurable way.
Reasonably, the configuration management approach spelled out for this system includes a paper analysis of the expected affects of changes before proposed changes can be tested. Since this system does not currently have any security auditing/tracking capability (except ASET and the audit command set) I would like to look into and consider other tools (especially network ones like tcp_wrapper, "intrusion detection alerting systems," router packet filtering, etc.). But I am having trouble finding any documentation on how such tools measurably affect/could affect a system they are installed on.
Are there books/manuals that I should be looking at for the various tools that you've mentioned in your articles? I've found out more about tcp_wrapper from InfoSeek searches than I could from the ftp site that I found with this program. Why don't security tools have more documentation on how they could affect performance (whether absolute, ratio measures, or formulae for figuring this out)?
Name and affiliation withheld upon request
Peter Galvin responds:
Most packages don't include analysis because the folks who wrote them
were either too busy or don't know how. It's a good point, though.
The best book for you is probably Practical Unix & Internet Security
from O'Reilly and Associates. Otherwise you'll need to get advice
from people who have implemented in terms of how invasive each tool
is and how it affects performance. But generally the performance
impact is low. Otherwise the tool wouldn't get used.
Peter
The guy who just found out that Solaris doesn't come with a compiler, after being a Sun sysadmin for five years, should have withheld his name by request. I certainly would assume that anyone who hasn't figured this out after both Solaris and reasonably easy-to-install Gnu compilers for Solaris being out for nearly FOUR YEARS is a little clue-impaired.
Stop perpetuating this tired old topic. People who whine about Solaris not having a C compiler are usually just cheapskates; they are likely to complain in the same breath about what a crime it is that support isn't free either. Besides, there are a lot more important things really wrong with Solaris that are more worthy of bitching about.
Wiley Sanders
In response to the complaint about the "unbundled" C compiler in Solaris, I'd like to point out that GCC, a free C, C++, and Objective-C compiler from GNU, is very popular in the Sun community for precisely this reason.
It is fairly simple to compile GCC yourself, although it is a bit of a chicken and egg situation, since you will need a C compiler (perhaps an older version of GCC, or you can always download a 30-day free trial of Sun's C compiler from their Web site first. ;-)
If you'd like a commercially supported version of GCC, contact Cygnus Solutions at http://www.cygnus.com. They do support Solaris, although I couldn't find any pricing information on their Web site.
Another option I highly recommend is the Summertime CD available from EIS Computer (http://www.eis.com) for Solaris/SPARC and Solaris x86. It includes precompiled binaries of hundreds of useful free programs, including GCC, Emacs, Mosaic, pine (an e-mail client), amanda (a tape backup program), etc. Although $69 might seem a bit expensive for what is essentially free software, I'm certain that it will cost at least twice as much to pay your Unix system administrator to sit around and compile even a few of these programs him/herself.
With all of these choices, I hope Mr. Holtz doesn't abandon Sun simply because he didn't know about GCC.
A good place to find precompiled binaries of GCC and other essential GNU software is SunSite -- visit http://sunsite.unc.edu/pub/solaris. Binaries for SPARC and x86 are in the SPARC and i86PC directories. Information on SunSites throughout the world (and a link to more locations for Solaris/SPARC freeware) is available at the SunSite home page http://www.sun.com/sunsite.
A 30-day trial copy of Sun's development software is available through the try-and-buy program at: http://www.sun.com/workshop/news/tryAndBuy.html.
Jake Hamby
Please tell Ken Sembach that he must set hardware flow control on to the serial device over which the modem runs. I don't know how to set this under the SPARC, however (I primarily use Linux on a PC). If he is getting ~5 BPS over what should be a 38400 BPS, then it is likely that the machine is performing software flow control.
Please tell Kevin Holtz that the wonderful folks at GNU have a wonderful compiler for Solaris, it is free, and it is good. I have used GNU's gcc & g++ for years, and find them superior to most vendors' offerings. Best of all, you can find binaries for Solaris (both x86 & SPARC) at your nearest GNU ftp mirror.
I am looking to do a simple port of my X & Motif application from Unix (AIX, SunOS, Solaris, Linux) to a PC running Windows. Are there any decent Motif distributions for Windows (95, NT, and/or 3.1)? I currently compile my application using gcc; it is my best bet under the PC to use DJGCC (a limited port of gcc to DOS), or can/should I be looking at something like Visual C++?
Dan Kirkpatrick
Thanks, Dan, for your responses to Kevin and Ken and participating in this dialogue. Maybe one of our other readers can help you as well.
--The Editors
It would be very helpful for Web surfers if online articles contained references to their date and where (and when) they were published in paper.
Given the rapid changes in technology, it's easy to get mislead by old articles. If the date is given, one can judge better which parts of the article are likely to still be valid.
Peter Roosen-Runge
Peter:
You are correct about the dates; we are currently working on that very issue. We have a "Last Updated" date at the bottom of each article and all news stories carry a dateline with the date. However, we are discussing the possibility of adding a "First Published" date as well, so stories that build over time will be able to provide a start date, as well as a current date, for changes. As for the "where" in your question, we do that already. Above the navigation bar to the right of the headline, we identify stories as news, features, or columns.
Do you, or any of our other readers, have any other suggestions on how we might handle dates? You are correct that the fluidity of the 'Net makes dating stories important, but even more important is finding the most efficient and effective way so that there is no confusion while we continue to provide useful information.
--The Editors
setuidFor Peter Galvin:
I am working in Sun Solaris 2.3 Version and doing system administration and security maintenance. I have a shell script to add/modify/delete/view Sun Unix user information. Now I am executing this script from root login. I want to give a access to one or more users to execute this script.
Please give me your suggestions to change the permissions (owner/group) of this shell script to make it executable by other users (Restricted).
Ramesh.B.Vasudevan
Sprint Healthcare Inc.
Peter Galvin responds
Ramesh:
The most simple way is to make the script owned by root and owner
set-uid. The program will then run as root. Unfortunately, there are
serious security holes in setuid-root shell scripts. If security is at
all a concern, don't make a setuid shell script. Instead, write the
equivalent in Perl and use the Perl tools to compile the program and
make is secure.
Peter
Just wanted to say that I don't often read SunWorld...but I just read your Unix 101 - Beginning vi article and it was great! I'm a (relatively) novice Unix sysadmin desperately trying to control 100 machines on my own...so, I'm grateful for the refresher stuff. Thanks.
Name and affiliation withheld on request
Readers:
Last month, Syed A Ali asked a question about XDM. Here is John Batzel's response.
For Syed A Ali:
You might want to check out the man pages for xinit, and the other X startup-related man pages.
One thing we do here to get the proper environment variables for the .xinitrc/.xsession scripts is to make sure they begin by specifying which interpreter they want to use. For instance, my .xinitrc begins with `#! /usr/bin/ksh', and following that declares the environment variables I need.
The man page for xinit includes the following block of text:
Sites that want to create a common startup environment could
simply create a default .xinitrc that references a site-wide
startup file:
#!/bin/sh
. /usr/local/lib/site.xinitrc
Which is what Syed A Ali asked about in the February issue of SunWorld.
John Batzel
For Rick Cook:
I'm looking for benchmark information that can help me make a sound decision on a hardware platform. Please let me know if you know where I can find it.
Paul Hayes
Rick Cook responds:
Paul:
This is a tough question, tougher than you might imagine. The
benchmark data itself is hard to come by. I'd suggest trying Sun's Web
site or some of the Solaris Web sites mentioned in the resource list of
the story, "Sun
injects Solaris X86 with new life as it makes its way to 64 bits"
(http://www.sunworld.com/swol-02-1997/swol-02-solarisX86.html)
However the real kicker is trying to convert that benchmark data into
something that is meaningful in your situation. Benchmarking is, to put it
kindly, an imprecise business and meaningful benchmarking is more art than
science.
I can suggest a couple of things to you, however. First, Solaris x86 is
going to outperform NT on any platform. That's partially because Solaris
is more developed than NT and partially because of the fundamental
differences between Unix and NT.
Second, a benchmark difference of as much as 20 percent isn't worth
worrying about. Both of these statements need a lot of qualification
to be exactly true, of course. For example, while Solaris x86 may be
faster than NT, applications may show the opposite effect, especially
desktop type applications that use a lot of graphics. Similarly, if the
benchmark in question happens to exactly reflect what you're going to
be doing with the computer, then a benchmark difference of
even five percent might be significant.
The ideal, if you can do it, is to narrow your choice to two or three
systems and then try them with your applications and your data to see what
happens. But that's not always practical.
There is one other factor I would suggest that deserves more weight than a 20
percent difference on benchmarks. That is the level of support you can
expect from the vendor and manufacturer. That is worth a lot in the real
world, and it's a factor that is almost never realistically accounted for in
reviews and such.
Good luck in your search.
Rick Cook
If you have technical problems with this magazine, contact webmaster@sunworld.com
URL: http://www.sunworld.com/swol-03-1997/swol-03-letters.html
Last modified:
|
|
|
|
|
|
![[(c) Copyright Web Publishing Inc., and IDG Communication company]](/sunworldonline/icons/b-copyright97.gif){kind=icon}
If you have technical problems with this magazine, contact webmaster@sunworld.com
URL: http://www.sunworld.com/swol-03-1997/swol-03-letters.html
Last modified: