Posted by: Iain Roberts
on March 21, 2004 02:36 AM
Thanks to everyone who commented on my article. Here are my responses.
"Sorry why are they mixed".
They are mixed because in large IT environments, that's the situation you get. Systems bought over many years, with different OSs, different versions, different apps. This is the real world of computing with large companies. Nothing wrong with your suggestions for a greenfield site, but that's not what the article is about.
"Why run a telnetd?"
I agree with your conclusions that serial connections are better; but may not always be possible (e.g. you need to lay down lots of new cables and there may be distance problems). As for saying that anyone who runs telnetd is mad : well, maybe, but again that ignores the reality of working in big companies where telnet has been around for years and change is difficult to push through. Phasing out telnet is not easy - and I speak as someone who has done it and knows just what the problems are. Life isn't as simple as you think sometimes!
"Might have missed the point here..."
Yes you have I'm afraid and so did the cryptonomicon article. The issue is not the technical solution : that's trivial. The issue is that no large organisation will allow you to push out changes in that way - it's seen as too risky and uncontrolled.
Typically, even if you have the infrastructure to push out patches on mass, you still have to do it in a controlled way with lots of different changes and it still takes a long time to achieve. That's the reality in all but the most homogenous of large scale environments. The technology is almost irrelevant. The business requirements, their perception of risk, the bureaucracy and internal politics is what it all comes down to. I'm sure anyone with experience of working in IT in large companies will confirm this.
Liked your other comments about PKI, SSH and telnet.
Cryptonomicon posting
As I've said, I feel that the central criticism of my article, on patching, and the overall negative opinion of my article is both wrong and wholly unjustified. However, the piece does have some good ideas which I did not include in my Newsforge piece so take a look for those.
Learn about Linux
Download Linux
Get Linux help
Response to comments
Posted by: Iain Roberts on March 21, 2004 02:36 AMThanks to everyone who commented on my article. Here are my responses.
"Sorry why are they mixed".
They are mixed because in large IT environments, that's the situation you get. Systems bought over many years, with different OSs, different versions, different apps. This is the real world of computing with large companies. Nothing wrong with your suggestions for a greenfield site, but that's not what the article is about.
"Why run a telnetd?"
I agree with your conclusions that serial connections are better; but may not always be possible (e.g. you need to lay down lots of new cables and there may be distance problems). As for saying that anyone who runs telnetd is mad : well, maybe, but again that ignores the reality of working in big companies where telnet has been around for years and change is difficult to push through. Phasing out telnet is not easy - and I speak as someone who has done it and knows just what the problems are. Life isn't as simple as you think sometimes!
"Might have missed the point here..."
Yes you have I'm afraid and so did the cryptonomicon article. The issue is not the technical solution : that's trivial. The issue is that no large organisation will allow you to push out changes in that way - it's seen as too risky and uncontrolled.
Typically, even if you have the infrastructure to push out patches on mass, you still have to do it in a controlled way with lots of different changes and it still takes a long time to achieve. That's the reality in all but the most homogenous of large scale environments. The technology is almost irrelevant. The business requirements, their perception of risk, the bureaucracy and internal politics is what it all comes down to. I'm sure anyone with experience of working in IT in large companies will confirm this.
Liked your other comments about PKI, SSH and telnet.
Cryptonomicon posting
As I've said, I feel that the central criticism of my article, on patching, and the overall negative opinion of my article is both wrong and wholly unjustified. However, the piece does have some good ideas which I did not include in my Newsforge piece so take a look for those.
#