Actually, I'm not sure the auto-update tool is very usefull at all in
production. For security reasons, we don't allow Orion write access to
itself.
If we configure our operating system to allow Orion to over write its own
code files, we create a serious security hole. A hacker may discover an
exploit in Orion that gets it to change its files and open a security hole.
If Orion can't write to itself, this can't happen. Configuring an app like
a web server to not have write access to itself is security measure number
1.
Jim
--On Sunday, October 22, 2000 12:09 PM +1000 Mike Cannon-Brookes
<[EMAIL PROTECTED]> wrote:
> Robert,
>
> I agree with some of your points, and I have a 'semi' solution that I've
> told Magnus about before.
>
> The autoupdate tool is brilliant, but too addictive. Sometimes I've
> updated to get fixes for bugs, only to get another version with a
> different annoying bug.
>
> If it had the option to autoupdate to the latest 'stable' version, or the
> latest 'rough edged' version, it would be perfect.
>
> eg java -jar autoupdate.jar -version=stable / development
>
> Oh, and to Al who says he can't see Orion because it's too inexpensive?
> Just tell the client it's $10k, bill 'em $10k and they'll love you for it
> - oh, and either pocket the $8.5k or donate it to the Orion guys, I'm
> sure they wouldn't knock you back ;)
>
> Mike
>
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED]]On Behalf Of Robert Krueger
>> Sent: Sunday, October 22, 2000 5:19 AM
>> To: Orion-Interest
>> Subject: RE: Orion in production
>>
>>
>>
>> At 07:46 21.10.00 , you wrote:
>> > I think that Orion far outshines products like EA Server, Web
>> Sphere, etc
>> > because
>> > of the functionality available - and you are right - the docs are just
>> > a little more pretty
>> > and their tech support is absurdly costly and much less informative
>> > than what is found on
>> > this list.
>>
>> <snip/>
>>
>> ok, sorry to somehow take the part of mr. bad guy here but I get the
>> feeling someone following this discussion IMHO doesn't really get
>> the right
>> impression. it's a little bit too black and white. first of all,
>> let me say
>> that after about a year of intensively using orion in development
>> and half
>> a year in production, I'm a generally very satisfied customer and I do
>> appreciate the completeness, standards conformance, speed, great logical
>> concept of orion. however, I think it's oversimplifying things to
>> say it's
>> just marketing that makes the big names so expensive (it's a significant
>> factor, though) and it's not a very good assessment to say that
>> orion beat
>> all competitors' asses if it weren't for the lack of good documentation.
>> there are some significant things that are a lot of work and
>> therefore very
>> expensive like QA and rigid testing with many, many hardware,
>> software, db,
>> vm combinations that a company the size of evermind simply cannot deliver
>> (have you looked at the number of platforms you can get websphere for?).
>> anyone who says that write once run anywhere really works 100% probably
>> hasn't been involved in too many real-world projects where certain
>> combinations of VMs and software just crash under certain load
>> conditions.
>> that's why e.g. weblogic is tested and certified for a particular
>> platform.
>> of course, part of this certification stuff is to keep the typical IT
>> manager happy but to say it's all bullshit is off-target and not very
>> professional IMO. when orion became officially stable (1.0) it still
>> contained many very serious bugs and I presume it wouldn't have been 1.0
>> time if it hadn't been for J1. the flexibility and development
>> speed of the
>> orion team takes it's toll in the number of fundamental bugs in
>> those very
>> features. with a few exceptions I doubt many of those would slip through
>> bea or ibm QA. I sometimes think it feels like an open source project but
>> without the source. a very loyal user community and very short release
>> cycles but still lots of rough edges.
>>
>> don't get me wrong. I'm a great fan of orion and I think for many
>> projects
>> it's an unbeatable tool with no serious competitors especially
>> considering
>> the price and I think magnus and karl are extremely good software
>> architects and true J2EE wizards but I think there are some more
>> things one
>> has to consider before making the kind of statements that have
>> been made in
>> this thread. at my company we share the experiences with a very efficent
>> development environment using orion together with jikes and ant
>> but we also
>> had our share of spending considerable amounts of time working around
>> serious bugs or waiting for fixes for showstoppers.
>>
>> to sum things up, IMO orion is a great deal and it completely meets (and
>> exceeds) the requirements many people have for an appserver but it does
>> have its rough edges (and that's not primarily the documentation
>> IMO). I'm
>> quite sure that those will fade away eventually but evermind
>> still has some
>> work to do in the areas QA, support and documentation.
>>
>> let's just hope they don't get bought out and manage to grow
>> quickly yet in
>> a controlled manner so they can continue developing a kick-ass server.
>>
>> just my 2c
>>
>> robert
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> (-) Robert Krüger
>> (-) SIGNAL 7 Gesellschaft für Informationstechnologie mbH
>> (-) Brüder-Knauß-Str. 79 - 64285 Darmstadt,
>> (-) Tel: 06151 665401, Fax: 06151 665373
>> (-) [EMAIL PROTECTED], www.signal7.de
>>
>>
>>
>
