Dave Aiello wrote, "Recently, I've been writing about my effort to improve the administration of one of my company's servers. This server has an old version of the Netscape/iPlanet/SunOne Directory Server on it."

"Although the Directory Server supports a lot of best practices from a user administration standpoint (such as periodic password expiration), it's rather difficult to manage. Sometimes, active users' passwords silently expired because the directory server would not email them about impending expirations. Theoretically, the server is supposed to notify users of expirations in all cases, but for some reason, this feature didn't work for most of them."

"I decided that I wanted to correct this problem by writing my own Perl-based password expiration warning function. This turned out to be easier said than done in my configuration. Read on for more details...."

Continue reading "Simplifying Directory Administration with Net::LDAP is Sometimes Harder than It Looks" »

Posted by Dave Aiello at 11:44 AM | Permalink | Comments (0)

Dave Aiello wrote, "A little while ago, I was troubleshooting a glitch on one of the systems that I administer. I needed to reset an expired user's password, but the GUI front end to the LDAP server wouldn't work for some reason."

"In order to be able to go to bed, I had to figure out how to change the user's password with the LDAP command line tools. The system I am using has an ldapmodify, but no ldappasswd. Read on to see how I did it...."

Continue reading "How to Use Command Line LDAP Tools to Change a User's Password" »

Posted by Dave Aiello at 11:20 PM | Permalink | Comments (0)

Dave Aiello wrote, "I just picked up the second edition of
Linux Apache Web Server Administration by Charles Aulds. This is part of the Craig Hunt Linux Library and its a worthy companion to first edition. It basically updates the subject matter of the book so that it is appropriate for Apache 2.0, where the previous version focused on Apache 1.3. It also adds more content about SSL, and new content about management GUIs like Comanche and Webmin."

"It's important to note that the first edition of the book is still a better reference for Apache 1.3 than the new edition. A lot of low level changes have been made in Apache 2.0, and I personally found myself spinning my wheels when I tried to use the new edition while making configuration changes to an Apache 1.3 server."

"I'm setting out to add SSL functionality to an Apache server on my own today. If I'm successful, this will save my client considerable money over commercial alternatives like Apache Stronghold from Red Hat. If I'm successful, the $40 or $50 I spent on the second edition of this book will seem like peanuts."

Posted by Dave Aiello at 8:55 AM | Permalink | Comments (0)

Bloomberg.com published a story yesterday that said Yahoo! is considering replacing some Oracle database servers with MySQL. The article goes on to talk about MySQL and PostgreSQL, and how they are being used in an increasing number of enterprise applications as their performance and reliability improve. MySQL AB's CEO Marten Mikos compared databases in the market to naval ships: "Some navies need aircraft carriers, but you don't need many aircraft carriers in the world....The rest of the world can manage with frigates."

We are impressed with MySQL and we are working with it now. We hope to deploy some web-based applications based on it within the next few weeks.

Posted by Dave Aiello at 8:03 AM | Permalink | Comments (0)

CNET News.com reports that U.S. District Court Judge Florence-Marie Cooper granted a motion to allow a suit filed by the Electronic Freedom Foundation with one filed by SonicBlue against several TV networks and movie studios. These suits were apparently filed in response to a lawsuit that had been filed by the TV networks and movie studios, alleging that ReplayTV devices allow their users to violate copyright law by skipping commercials present in most television programming.

This is an interesting development because the judge was expected to deny the request to combine these lawsuits. In the ruling, the judge said that the question of whether the plaintiff's use of ReplayTV's features constitutes fair use will "figure prominently in both" actions. We suggest that these cases are worth following, because they may provide insight into whether television viewers' traditional rights to watch programming as they wish are being rolled back.

Posted by Dave Aiello at 10:57 PM | Permalink | Comments (0)

CNET News.com reports that Western Digital is now shipping a 200 Gigabyte 7200 RPM hard disk. These drives require a new version of the ATA interface and are expected to cost $399 at retail.

This is an interesting development if someone produces a RAID controller compatible with it. Imagine the network attached storage (NAT) possibilities if three or more of these drives are hooked up in a RAID 5 configuration.

Posted by Dave Aiello at 1:59 PM | Permalink | Comments (0)

CNET News.com reports that a new worm is targeting Microsoft SQL Server and can successfully take servers over that are not configured according to the installation instructions. According to the article, "If the software hasn't been patched with a fix released by Microsoft in late April and has no password on the administrator account, then the server is vulnerable."

Further research into the problem indicates that SQL Servers can be protected simply by ensuring that the administrative password has been changed from the factory default.

As is the case with many network worms, the biggest problem with this software will probably turn out to be a huge increase in network traffic, as successfully installed copies of the worm try to locate other vulnerable systems. It would be a good idea to review firewall rules to ensure that incoming traffic from the Internet to TCP port 1433 is blocked to all servers and workstations.

Posted by Dave Aiello at 7:51 AM | Permalink | Comments (0)

Today's New York Times Circuits column talks about the future of the Entertainment Server in America's Living Room. What's an entertainment server? It's the latest name for devices like TiVo and SonicBlue ReplayTV, although it may also be what evolves from the current Xbox and a few other devices that no one has yet.

All of the anticipated functionality already exists. What the article talks about is convergence of some or all of these functions into a single box: personal video recording, digital asset management, video game play. The article foresees the Entertainment Server as the second peripheral attached to the TV in the living room or family room. The first peripheral, of course, is the set-top box for cable or satellite TV.

Posted by Dave Aiello at 6:01 PM | Permalink | Comments (0)

The latest Ask Slashdot discusses tools for managing LDAP, also known as the Lightweight Directory Access Protocol. LDAP is the basis for many authentication services in the iPlanet, Novell, and Microsoft Active Directory realms.

Several posts suggest using a Java-based tool called LDAP Browser/Editor by Jarek Gawor. Looks like it's worth downloading and trying out, if you manage a directory.

Posted by Dave Aiello at 9:59 AM | Permalink | Comments (1)

In an article that really ought to interest people running small high tech companies, CIO Magazine profiles Lew Goldstein, sound supervisor at C5 Inc. in New York City. Goldstein built a 1.5 Terabyte storage area network from individual components for less than $35 thousand. Martin O'Donnell has been preaching this approach to server construction for several years now. It's time to take another look at this approach, in light of the economic realities that most of us are facing.

Posted by Dave Aiello at 6:50 AM | Permalink | Comments (0)

Following up on yesterday's article on changes in the application server market, we learned that Hewlett-Packard Middleware recently announced a "zero cost" J2EE-compliant version of its Hewlett-Packard Application Server. HP-AS is the next generation of the Bluestone Application Server, which HP got control of when it took over Bluestone Software in January 2001.

Prior to its acquisition by HP, Bluestone had a very good reputation locally. It had cut its teeth in the consulting services business and was known later as a pillar of New Jersey trade groups for technology companies and software development companies. The product now known as HP-AS was developed as a platform for implementing scalable web applications at their consulting division. It has always had a long feature set, but third-party developers sometimes criticized it for having weak documentation.

It will be interesting to see how HP has improved the product since they took over the company. And, now that they have a no cost version, it should be much easier to evaluate. In our experience, very few commercial application server vendors provide true J2EE compliance at the no cost price point, if they offer such a price point at all.

Posted by Dave Aiello at 7:27 AM | Permalink | Comments (0)

News.com is reporting that the Java application server market is becoming commoditized making life difficult for many enterprise software companies. The article states, "Now these software makers are finding it harder to eke out a profit, especially on their low-end application servers. Why? Because of a glut of me-too products, indistinguishable to buyers, along with brutal competition from very low-cost, or no-cost, alternatives."

Application servers have become critically important in Fortune 500 Web Development projects. Projects based on application servers like WebSphere or WebLogic are really expensive, although the bulk of the cost relates to the size of the development team and the complexity of the typical project where application servers are used.

The low-cost and no-cost alternatives include Tomcat, a part of the Jakarta project within the Apache Web Server project. Another project, which is less well-known, is JBoss an Open Source application server that aims at J2EE compliance.

Posted by Dave Aiello at 10:38 AM | Permalink | Comments (0)

Paul Boutin points out statistics in the latest Netcraft survey that indicate that IIS administrators are still not affectively securing their servers. Among other things, Boutin says: "...nearly half of all IIS servers still have a WebDAV configuration known to be vulnerable. Cross-site scripting is still unsecured on one in five machines, with many other long-known security holes still turning up on one in every five to ten sites pinged by Netcraft."

We didn't realize that Netcraft was scanning Web Sites for well known vulnerabilities. That, in itself, is interesting.

Posted by Dave Aiello at 1:03 PM | Permalink | Comments (0)

VMware recently announced the release of two new server-class virtual machine products.

The GSX server allows an administrator to create multiple virtual servers on a single large Linux-based server. This would clearly be useful for running Windows-specific server software without dedicating separate servers to it.

The ESX Server is the closest thing we have seen to IBM VM that has been deployed to a PC-style server using the Intel architecture. If this product were combined with clustering, we think it will represent the ultimate in high availability for service provider markets like large-scale Web farming and Application Service Providing.

Martin O'Donnell wonders how long it will take for people in the co-location business to realize the implications of these products? If processor speeds continue to improve and the Intel architecture continues to scale, we may find that the era of rackmounting dozens of small servers in a data center is coming to an end.

Posted by Dave Aiello at 10:59 PM | Permalink | Comments (0)

Sendmail is the most widely used Mail Transfer Agent (MTA) in the world. As such, it enjoys the advantage that most technical products with the largest market share in their niche share: a rich set of third party add-ons and accessories.

One of the most interesting Sendmail add-ons we've ever seen is PerlMx from ActiveState Tool Corporation. This product allows you to build sophisticated filering and performance monitoring tools into the back end of the Sendmail mail exchanger. The big advantage is that this can be done in Perl, not just in C, which used to be the only way to do it.

Continue reading "ActiveState Developing "Mail Filter Engine" for Sendmail" »

Posted by Dave Aiello at 9:46 AM | Permalink | Comments (0)

One of our clients has asked us to identify companies that will offer commercial and/or enterprise support for the Apache Web Server. Our initial research indicates that several obvious candidates only support Apache if it is being run on Linux. Our client wants to run it on Solaris.

The early results indicate that VA Linux Systems may have a program that meets the client's need. Another possibility is Covalent Technologies Apache1st Program.

We will provide more details if we successfully develop a short list. Hopefully, there will be more than one vendor from which to choose.

Posted by Dave Aiello at 8:29 PM | Permalink | Comments (0)

We don't know if anyone else noticed this, but CTDATA has determined that Netscape Enterprise Server 3.6x has been designated as Discontinued by iPlanet as of September 2000. NES 3.6x is the Web Server that CTDATA and a number of its corporate clients use most.

What does the status Discontinued mean to iPlanet? According to this page of status definitions, it means that not only are new releases not being worked on anymore, but also no technical support will be provided.

Continue reading "Netscape Enterprise Server 3.6 to be "Discontinued" in September" »

Posted by Dave Aiello at 5:15 AM | Permalink | Comments (0)

Joseph Garber's column in the August 7 issue of Forbes discusses on-line technology training. It highlights V-Lab, a unit of Mentor Technologies and an advertiser on Slashdot.

The opportunity to use a router lab with top-of-the-line Cisco hardware for approximately $65 per hour is an overwhelming incentive to give this a try if you need to upgrade your skills. This also seems like an ideal solution for companies that are planning to replace non-Cisco hardware and need to get their network folks up-to-speed quickly and cheaply.

Posted by Dave Aiello at 5:42 AM | Permalink | Comments (0)