Re: Long Uptime
On 8/11/05, Kent Stewart [EMAIL PROTECTED] wrote: On Thursday 11 August 2005 12:09 pm, Matt Kosht wrote: On 8/11/05, Peter Giessel [EMAIL PROTECTED] wrote: There are uptimes greater than 4 years listed here: http://uptime.netcraft.com/up/today/top.avg.html A Windows 2000 server with over 1000 days of uptime. Whoever hacked it must be doing a good job as sysadmin ;) Not possible for a good sysadmin. There have been numerous updates by Microsoft that require a reboot to finish the install. Anything over 2-3 months has a sysadmin that has not been adding their security fixes. You can keep a windows 2000 system secure without patching!: * Uninstall Outlook Express and IE ( http://www.litepc.com/ ), Install Firefox and Thunderbird. * Install Perl, Uninstall WSH. * Hardware (m0n0wall) and software (stealth mode, deny all (Kerio, ZoneAlarm, etc.)) firewalls. * Virus scanner. * Remove MS JVM, install Sun's. * MS Office replaced with OpenOffice (Don't install Outlook!!!). * Subscribe to CERT advisories list. I had a running average of 30-40 days between reboots, I think the highest was 90+ days, on my main do everything and anything desktop PC (it runs FreeBSD, 6-STABLE, now). Most of those reboots where installing new demo/alpha/beta software for QC/deployment/requirements testing, so this system was a software whore. I've never managed Win2K or Win2K3 servers, because I now use FreeBSD and Linux exclusively for that, but my WinNT4 boxes routinely had 100s of days uptime. Just make sure it has the latest service pack, follow the advice above, and check the advisory lists often to see if your at risk and ways to mitigate it. Also check out 98lite and 2000/XPlite, this software will, figuratively, strip windows down to the bare kernel if you want it to. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
On 20/08/2005, at 11:34 AM, Nikolas Britton wrote: You can keep a windows 2000 system secure without patching!: * Uninstall Outlook Express and IE ( http://www.litepc.com/ ), Install Firefox and Thunderbird. * Install Perl, Uninstall WSH. * Hardware (m0n0wall) and software (stealth mode, deny all (Kerio, ZoneAlarm, etc.)) firewalls. * Virus scanner. * Remove MS JVM, install Sun's. * MS Office replaced with OpenOffice (Don't install Outlook!!!). * Subscribe to CERT advisories list. I had a running average of 30-40 days between reboots, I think the highest was 90+ days, on my main do everything and anything desktop PC (it runs FreeBSD, 6-STABLE, now). Many updates are for core things that require reboots though.. As a desktop you can get away with it.. As a server I don't think I would take the risk.. Also, in my experience windows systems start running quite slow after about 3 days of heavy load due to memory leaks and the like, which isn't so noticeable with just a web server, but on databases it gets horrible.. When I used windows I pretty much rebooted every 3-5 days due to loss in performance.. I guess newer versions might have less leaks.. But it is just as likely they have more! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
On 8/19/05, Jerahmy Pocott [EMAIL PROTECTED] wrote: On 20/08/2005, at 11:34 AM, Nikolas Britton wrote: You can keep a windows 2000 system secure without patching!: * Uninstall Outlook Express and IE ( http://www.litepc.com/ ), Install Firefox and Thunderbird. * Install Perl, Uninstall WSH. * Hardware (m0n0wall) and software (stealth mode, deny all (Kerio, ZoneAlarm, etc.)) firewalls. * Virus scanner. * Remove MS JVM, install Sun's. * MS Office replaced with OpenOffice (Don't install Outlook!!!). * Subscribe to CERT advisories list. I had a running average of 30-40 days between reboots, I think the highest was 90+ days, on my main do everything and anything desktop PC (it runs FreeBSD, 6-STABLE, now). Many updates are for core things that require reboots though.. As a desktop you can get away with it.. As a server I don't think I would take the risk.. I'd have to sorta disagree with you, I think it breaks down more like this: 90% Outlook / Outlook Express, Internet Exploder, WSH (.vbs, .js etc.) etc. and their subsystems like the MS-HTML engine, ActiveX. 10% Others (core), like the RPC problem or what ever this new one is. You can forcefully remove everything in the 90% category with software like 2000/XPlite. On a properly firewalled windows system the main entry point for any type of exploit is outlook or IE. Unless theirs an RPC exploit like the one a wail back I don't patch are systems. Here is what I do when I deploy a new box: 1. Install SP4. 2. Windows update (if I remember to do it). 3. Install 2000Lite and Remove IE, outlook, and all that crap. 4. Install Firefox and Sun's JVM. (use Horde's IMP for email, Kronolith etc. for groupware) 6. Install firewall and anti-virus software. 7. OpenOffice 2 I spend MORE time fixing the crap that MS breaks (NO I DON'T WANT TO REINSTALL INTERNET EXPLODEDER YOU FSCKING AHOLES!!!, LEAVE MY PROGRAMS ALONE!!!) with their hotfixes and getting Adobe's Photoshop CS1/2 to work (10GB temp files using it's file browser, 30% CPU usage and 1GB ram with the program doing nothing in the background that I just started!!! WTF!) and getting PageMaker (POFS!!!) to work then I do with patching and all the crap. I don't have problems so I don't do it, and it's been that way for years. I'm forcing them (yes I have the control and authority to do it) to Mac and OS-X (or Linux when Adobe gets their fucking shit together and ports Photoshop, dammit! I hate lock in!!!, (Gimp is crap btw so don't even...) when they EOL Win2K completely. Win2K is the only Microsoft product we use do to my methodical planning and very strong anti-Microsoft policy. Every critial piece of software we run is cross platform. I'm going to switch careers, or go postal, if I have to keep dealing with the fuck tards at MS. sorry this turned into a MS, and Adobe, rant but it did had I had to blow off some steam. It's like I'm Sisyphus and MS is the rock... MS is like a cockroach. hmmm Maybe if I remove the firewalls,SP4, etc. I can blame it all on MS and get them to change to Mac's faster. I'll have to add that to my black opts. list. Anyways. Anyone here ever think of putting together BSDLinux, FreeBSD with a Linux kernel? I'll have to start a thread over on chat or something. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
Nice, I to have a machine that is not to far behind you, its been up for 1 year and 4 months. I use it to show potential customers the power and stability of the FreeBSD System. I dont ever recall any windows server staying up that long. =) -Pablo -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have a machine that is about to turn 700 days uptime, and I have no plans on rebooting it any time soon. I just wanted to see if there was any infomation from the machine that anybody wanted. [EMAIL PROTECTED] ~uname -a FreeBSD bart. 4.8-RELEASE FreeBSD 4.8-RELEASE #3: Fri Jul 18 17:09:10 CDT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/Bart i386 [EMAIL PROTECTED] ~uptime 10:38PM up 699 days, 3:51, 1 user, load averages: 0.41, 0.27, 0.23 - -- Bob Bomar [EMAIL PROTECTED] http://www.bomar.us/~bob -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+Xbn9Jm/aTrtdKoRApqhAJ9r+fOjSnZsqOVi3LwI7cCyexg6hQCghh3B TxRh6NquKm0dcBHgQB8GRis= =kgVa -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] - This mail sent through IMP: http://horde.org/imp/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
[EMAIL PROTECTED] wrote: Nice, I to have a machine that is not to far behind you, its been up for 1 year and 4 months. I use it to show potential customers the power and stability of the FreeBSD System. I dont ever recall any windows server staying up that long. =) -Pablo I could send you some mails that advertise creams that could help with that ;-) Apart from that, I must agree with Dave Horsfall - please provide an IP. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
On 8/11/05, lars [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Nice, I to have a machine that is not to far behind you, its been up for 1 year and 4 months. I use it to show potential customers the power and stability of the FreeBSD System. I dont ever recall any windows server staying up that long. =) -Pablo I could send you some mails that advertise creams that could help with that ;-) Apart from that, I must agree with Dave Horsfall - please provide an IP. Is there a critical patch that you believe those machines would need? Anything more serious than a potential denial of service attack? - Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
hehe don't try and show off your uptime, im sure there are some people around here who will make it their lifetime goal to halt your server! :-P (that doesnt include me, im a nice guy) -Ben Bob Johnson wrote: On 8/11/05, lars [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Nice, I to have a machine that is not to far behind you, its been up for 1 year and 4 months. I use it to show potential customers the power and stability of the FreeBSD System. I dont ever recall any windows server staying up that long. =) -Pablo I could send you some mails that advertise creams that could help with that ;-) Apart from that, I must agree with Dave Horsfall - please provide an IP. Is there a critical patch that you believe those machines would need? Anything more serious than a potential denial of service attack? - Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
On 8/11/05, Bob Johnson [EMAIL PROTECTED] wrote: On 8/11/05, lars [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Nice, I to have a machine that is not to far behind you, its been up for 1 year and 4 months. I use it to show potential customers the power and stability of the FreeBSD System. I dont ever recall any windows server staying up that long. =) -Pablo I could send you some mails that advertise creams that could help with that ;-) Apart from that, I must agree with Dave Horsfall - please provide an IP. Is there a critical patch that you believe those machines would need? Anything more serious than a potential denial of service attack? Indeed. If the machine is properly firewalled, what kind of attack other than DoS can break it? -- Dmitry Mityugov, St. Petersburg, Russia I ignore all messages with confidentiality statements We live less by imagination than despite it - Rockwell Kent, N by E ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
There are uptimes greater than 4 years listed here: http://uptime.netcraft.com/up/today/top.avg.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
On 8/11/05, Peter Giessel [EMAIL PROTECTED] wrote: There are uptimes greater than 4 years listed here: http://uptime.netcraft.com/up/today/top.avg.html A Windows 2000 server with over 1000 days of uptime. Whoever hacked it must be doing a good job as sysadmin ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
Dmitry Mityugov wrote: Apart from that, I must agree with Dave Horsfall - please provide an IP. Is there a critical patch that you believe those machines would need? Anything more serious than a potential denial of service attack? Yes, I recommend all patches. DOS is enough for me. Indeed. If the machine is properly firewalled, what kind of attack other than DoS can break it? All those on vulnerabilites that were fixed in patches after the last one applied. A firewall may or may not help you. If the attack is on a jail to which you allow access through your firewall, you've had it, e.g.. Or someone sends you a specially crafted file that exploits a vulnerability described in FreeBSD-SA-05:11.gzip and/or FreeBSD-SA-05:14.bzip2.asc. That's DOS, that kind of attack is serious enough for me to try to avoid. Or someone gains root privileges via the vulnerability described in FreeBSD-SA-05:16.zlib, FreeBSD-SA-05:17.devfs or FreeBSD-SA-05:18.zlib. I mean it's great FreeBSD can sustain such a long uptime. But, IMHO, it's nothing to brag about, since it simultaneously indicates missing patches, which I find worse. Planned downtime for maintenance is ok. Kind regards, lars. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
On Thursday 11 August 2005 12:09 pm, Matt Kosht wrote: On 8/11/05, Peter Giessel [EMAIL PROTECTED] wrote: There are uptimes greater than 4 years listed here: http://uptime.netcraft.com/up/today/top.avg.html A Windows 2000 server with over 1000 days of uptime. Whoever hacked it must be doing a good job as sysadmin ;) Not possible for a good sysadmin. There have been numerous updates by Microsoft that require a reboot to finish the install. Anything over 2-3 months has a sysadmin that has not been adding their security fixes. Kent -- Kent Stewart Richland, WA http://users.owt.com/kstewart/index.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
Dmitry Mityugov wrote: Apart from that, I must agree with Dave Horsfall - please provide an IP. Is there a critical patch that you believe those machines would need? Anything more serious than a potential denial of service attack? Yes, I recommend all patches. DOS is enough for me. Indeed. If the machine is properly firewalled, what kind of attack other than DoS can break it? All those on vulnerabilites that were fixed in patches after the last one applied. A firewall may or may not help you. If the attack is on a jail to which you allow access through your firewall, you've had it, e.g.. Or someone sends you a specially crafted file that exploits a vulnerability described in FreeBSD-SA-05:11.gzip and/or FreeBSD-SA-05:14.bzip2.asc. That's DOS, that kind of attack is serious enough for me to try to avoid. Or someone gains root privileges via the vulnerability described in FreeBSD-SA-05:16.zlib, FreeBSD-SA-05:17.devfs or FreeBSD-SA-05:18.zlib. I mean it's great FreeBSD can sustain such a long uptime. But, IMHO, it's nothing to brag about, since it simultaneously indicates missing patches, which I find worse. Missing patches?, Most people I know can apply patches with out rebooting a FreeBSD. Planned downtime for maintenance is ok. It is , but this is bragging rights were talking here. Kind regards, lars. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
[EMAIL PROTECTED] wrote: Missing patches?, Most people I know can apply patches with out rebooting a FreeBSD. FreeBSD-SA-05:19.ipsec FreeBSD-SA-05:17.devfs FreeBSD-SA-05:15.tcp FreeBSD-SA-05:13.ipfw FreeBSD-SA-05:09.htt [REVISED] FreeBSD-SA-05:08.kmem [REVISED] FreeBSD-SA-05:07.ldt FreeBSD-SA-05:06.iir FreeBSD-SA-05:04.ifconf etc. Recompile your kernel as described in URL:http://www.freebsd.org/handbook/kernelconfig.html and reboot the system. Planned downtime for maintenance is ok. It is , but this is bragging rights were talking here. Right. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
On Tue, 9 Aug 2005, Bob Bomar wrote: I have a machine that is about to turn 700 days uptime, and I have no plans on rebooting it any time soon. I just wanted to see if there was any infomation from the machine that anybody wanted. Well, I think there are enough people around with nnn days uptime (for nnn 500). I myself can think of a handfull of internal machines with such an uptime. In case you are interested in FreeBSD uptimes see for example: http://lists.freebsd.org/pipermail/freebsd-advocacy/2003-August/000225.html PS: In case this thread will continue please consider freebsd-chat or freebsd-advocacy. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Long Uptime
On Tue, 9 Aug 2005, Bob Bomar wrote: I have a machine that is about to turn 700 days uptime, and I have no plans on rebooting it any time soon. I just wanted to see if there was any infomation from the machine that anybody wanted. Its IP address would be a good start :-) Two years of patches not applied, eh? -- Dave ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]