… BIG TIME

Why ?

1. Reliability: This thing takes IBM literally years to stabilise. I personally enjoying it myself, with my manager calling me “why the website is down ?”, and to find out that Websphere has fell down again for no clear reason. And we’re only using it for running our CMS for God’s sake (think Mambo, Drupal, PostNuke, etc) – it’s not something terribly sophisticated ! In fact, that CMS is actually developed in Tomcat ! So it’s not even using the full feature of J2EE offered by Websphere. Still, Websphere is having problems running this
2. Forced upgrade: It all started pleasantly – the IBM consultants ran the excellent presentation on Websphere, and the price was reasonable too. Fast forwards several months – we’re having reliability issues with it. We inquired IBM about this, and their reply was some sort of “well, we no longer support that old version (what !!), so if you want to get our support, you better upgrade it to the latest one”. Then we found out the nasty surprise of the upgrade cost…
3. Cost : Latest versions of Websphere are so expensive, once it was priced 8x (eight times) higher than the alternative solution based on Tomcat. Basically, picture yourself a big, bad, Sun server; with multiple UltraSPARC processors, and gigabytes of RAM. OK, basically, the Websphere license cost was enough to buy 2 of those. Do I still need to tell you which one got chosen by the project manager ?
4. Scalability: An analyst defended Websphere saying that it’s the right choice when you need scalability in a system. Sorry, but, scalability my a$$. Basically, despite given the best server in the system, Websphere consistently managed to still become the bottleneck of that system. I ran a set of load-tests a few months ago against a system, which include a Compaq DL380 and a big Sun server running Websphere. That Compaq DL380 runs 3 virtual servers (using VMware) , yet it’s load consistently hovered around 1%-2%. The Sun server (that runs Websphere) however, kept on falling over flat on its face, with 100% system load.
5. A bloated pig: I think by now you’ll understand already that Websphere is basically a massive bloated software, with low performance level compared against other similar software, despite attempts by (very expensive!) IBM consultants to tweak its performance.

It’s a massive bloat, it’s slow, it’s unreliable, and it’s priced to burn a seriously big hole in your wallet.

Stay as far away as possible from it.

UPDATE:

# There’s a reason why Microsoft picked Websphere in their effort to promote .Net against Java
# Finally IBM will revamp Websphere’s reliability and performance. Or is it possible that I’m rejoicing too soon ?

OpenBSD has been released for quite a while now. [ Here ] is a nice summary of it from Newsforge.com

My personal impressions of it are:

1. It’s number #1 OS if you’re concerned about security
2. There are so much work going into this OS – hardened against buffer-overflow attack (even built into its compiler), arguably the most common type of attack. Also impressive use of cryptography, and how the system is set up securely in general – no initial root login via ssh, chroot-ed daemons, etc.
3. OpenBSD team gives the best impression of a professional voluntary group. They set high standards, they set goals, and they meet them.
4. An OpenBSD server, however, can be really difficult to setup and maintain. This is more to our lack of familiarity to various security process, instead of the fault with OpenBSD itself. Still, it tend to deter newcomers.
5. Another problem is lack of newbie-friendly documentation. I tried to rectify that with [ this ], however note that I had to stop writing it when I changed my server before I can really sure that everything in there works.
6. Package management is a serious omission in OpenBSD. But I heard that such thing (some kind of portupgrade) is already availabe in the bleeding-edge version of it.
7. OpenBSD doesn’t yet comprehensively address the new rising threat – web-application security. Including mod_security in Apache by default could help to address this significantly

My own biggest issue with it is lack of effective package management solution (which is important when you want to spend as little time as possible administering your servers), so once this is addressed (in v3.7 I assume), then I think I’ll give this another go.

Despite various trolls and zealots that roams in Slashdot.org in any given time, it’s still quite a useful resources on many things.

In this case, I found a post that’s quite interesting and practically useful on RSI:
http://ask.slashdot.org/article.pl?sid=04/04/26/196232

Hope someone find this useful as well.

Note: My interest would be on security updates.

Just another reason to avoid Microsoft products – when you upgrade their product, you expect it to become better. But other things may happen instead :

1. It may wreck your computer
2. It may wreck other software in the computer
3. It may create new security holes

It’s even more ridiculous for the fact that you’re paying a LOT of money for it

If you’re concerned about security of your computer system, you’ll be better off with the open-source alternative – since they tend to be more frank about the bugs, patch them quickly, and patch them cleanly.

Karena backlog yang cukup banyak (1700 open calls !), minggu ini tim kami ditugaskan untuk membantu IT Helpdesk.

Kemarin mulai melihat-lihat seperti apa saja request yang ada. Ternyata, sebagian besar adalah masalah dengan Microsoft Word & Excel *hiks* – MS-Word crash, file yang tidak bisa dibuka, dst.

Duhhhh… kalau kami menggunakan StarOffice, maka saya tinggal mengkontak Sun dan membiarkan mereka yang mencoba mencari tahu solusinya. Tapi dengan Microsoft, budget kami sudah habis hanya untuk membeli lisensi software; sehingga walaupun kami memiliki ribuan lisensi MS-Office, tapi tidak ada support contract dengan Microsoft.

Kalau saja MS-Office adalah produk open-source, maka saya masih bisa bertanya kepada developernya, atau debug sendiri. Tapi, karena MS-Office adalah produk proprietary / tertutup; duh gimana caranya ya ? Kalau asal oprek-oprek saja, takutnya nanti malah jadi membuat masalahnya tambah parah.

Pantesan teman-teman di Helpdesk pada banyak yang stress :-O

I’m a big fan of old IBM keyboards. The one I’m currently using was manufactured in 1985.
OK, so what’s so special about them ?

Well, they’re tough for starter. Which is very important when you have kids 🙂

Second, they just feel GOOD. I’ve yet to find a modern keyboard with the responsive tactile feel of this oldie. It’s a joy to use.

Third, they just keep on working. As you may have noticed, the one I own is about 20 years old. And I can expect to be able to use it for YEARS to come.

Fourth, they’re dirt cheap. This one cost me only 1 poundsterling !

The downside ? Well, they’re quite hard to find 🙁 so if you’re lucky enough to found one – don’t let it go! Also they’re quite heavy; my friend joked that they’re created to be bulletproof.
And, some may find it a bit noisy, but to me the sound is very satisfying; like a classic typewriter. You just got to hear it for yourself.

Good luck to you in finding one.

Ada sebuah security hole yang baru ditemukan di phpBB yang sangat serius:
howdark.com exploit

Saya sudah coba exploit-nya, dan memang betul kita bisa eksekusi perintah di server ybs.
Karena howdark.com menyediakan contoh exploitnya yang bisa dengan mudah dijalankan, maka kelihatannya ini akan menyebabkan banyak server phpBB yang dijebol oleh script kiddies.

Jadi – SEGERA PATCH instalasi phpBB Anda !
(mudah kok, cuma edit 1 baris saja)

This past few weeks I have been messing around with OpenLDAP in the interest of using it on a role as a metadirectory – the master directory that “glue” all other directories (Active Directory, eDirectory, Lotus Notes directory, etc) together.

Among things I’ve learned so far:

• You can synch TO Active Directory using slapd/slurpd; but the tree on both directory MUST be identical.
  My config in slapd.conf :

  replica         uri=ldaps://10.100.299.199:389
                  binddn="cn=administrator,cn=users,dc=bcc,dc=test"
                  bindmethod=sasl saslmech=GSSAPI credentials=mypassword
  replogfile      /usr/local/openldap/var/replog-bcc-test
  

• A better way would be to setup another OpenLDAP server, and run slapd-ldap (back-ldap) there. It’ll act as the intermediary between the master OpenLDAP server, and Active Directory server.
  The big advantage with slapd-back is with it’s proxy & rewrite capability, the tree on both server does not have to be identical.
• An even better way would be to setup another OpenLDAP server, and run slapd-meta (back-meta) there. While back-ldap can only proxy for one directory, back-meta can proxy & rewrite (eg: act as a metadirectory) for multiple directory services at the same time

I do suspect though that back-meta would be a PITA to configure 🙂 but that’s the price we gotta pay for its power.

References:
slapd-ldap
slapd-meta

Ikhlasul Amal mengajak kita untuk saling berbagi pengetahuan di sebuah entry di blog-nya.

Saya kemudian menuliskan sebuah komentar, tapi ketika di-submit tidak muncul. Mungkin ada moderasi komentar, anyway saya akan dokumentasikan saja disini juga; dengan beberapa tambahan spt link ke cwRsync dll :

=======================
Saya kira ide http://planet.terasi.net sudah bagus.

Kita jadi bisa sharing pengetahuan kita dengan mudah. Saya sendiri posting ke agregat tsb via email (well, sebetulnya posting ke kategori teknoblogia di blog saya, yang kemudian “disedot” oleh planet), sehingga sangat memudahkan proses sharing knowledge-nya.

Lalu situs planet.terasi.net ini juga mudah di-index oleh search engine (barusan sudah saya submit ke http://google.com/addurl), sehingga kemudian mudah ditemukan oleh yang membutuhkan.

Sebetulnya, memang saat ini planet.terasi.net masih belum membatasi bahwa hanya topik IT yang boleh ditampilkan, jadi saya mulai dari saya sendiri dulu, mengikuti sebuah ide yang dilemparkan di forum teknologia.
Saya pikir bagus kalau bisa disediakan 2 agregat – satu menampilkan blog umum, dan satu lagi menampilkan blog khusus mengenai teknologi/IT.

Mengenai wget – hati-hati, IlmuKomputer.com sudah pernah diusir oleh berbagai webhoster mereka karena overquota bandwidth – salah satunya adalah karena pengguna wget / kegiatan me-mirror situs ini. Situs Isnet.org juga pernah mengalami masalah yang sama; terakhir terpaksa pindah dari webhosternya di Amerika dan sekarang dihosting di Indonesia.

Jadi kalau bisa memesan versi CD-nya, mungkin itu lebih baik. Dan untuk update rutin bisa menggunakan rsync yang hemat bandwidth.
(pengguna Windows bisa menggunakan software cwRsync, dll)

Mengenai menggugah masyarakat untuk menjadi kontributor – selama ini pengalaman saya masalahnya adalah waktu. Banyak kawan-kawan yang ingin berkontribusi, namun terbentur pada kendala waktu.
Jadi kalau proses kontribusi bisa dilakukan dalam waktu yang sesingkat-singkatnya dan nyaman, mungkin bisa lebih banyak yang berkontribusi.

Salah satunya mungkin adalah dengan menyediakan fasilitas blog yang bisa diisi via email. Bagi yang bisa memberi manfaat bagi komunitas IT Indonesia, saya bersedia menyediakan fasilitas ini secara cuma-cuma.
Beri saya sedikit informasi mengenai Anda / CV, dan apa yang ingin Anda bahas.
=======================

Sudah beberapa waktu ini saya mencari-cari solusi anti-spam untuk spammer yang mengiklankan produk-produk mereka di berbagai blog.

Sebetulnya sih saya sudah menemukan plugin Trencaspammer, yang menampilkan sebuah gambar yang menampilkan kode, dan mengharuskan komentator untuk menuliskan kode tersebut. Ini cara paling ampuh untuk mengalahkan blog spammer, dengan usaha minimal dari kita.

Tapi “teracuni” Priyadi yang mengutamakan accessibility (Trencaspammer misalnya akan memblokir pengguna Internet tuna netra), akhirnya saya memilih menggunakan Comment Preview.
Selain menyulitkan spammer (karena biasanya software spam mereka tidak mengantisipasi form komentar dengan fasilitas preview), ini sekaligus memungkinkan Anda untuk melihat bagaimana komentar Anda akan ditampilkan.
Jadi kalaupun spammer bisa mengatasi ini, saya tidak rugi karena masih mendapatkan fasilitas preview (dan kemudian tinggal memasang Trencaspammer)

IPcop v1.4 telah dirilis.
IPcop adalah firewall yang bisa di-install dengan mudah dan dalam waktu beberapa menit saja. Saya sendiri sudah menggunakan versi 1.3-nya selama bertahun-tahun, dan belum pernah mengalami masalah.

IPcop memang harus dipasang komputer tersendiri, tapi ini lebih bagus karena lebih aman. Beberapa firewall yang dijalankan di Windows ternyata bisa dimatikan oleh virus/hacker.
Lagipula, IPcop tidak membutuhkan komputer mewah – komputer 486 bekas dengan memory 12 MB sudah mencukupi.

Walaupun gratis, ternyata kemampuan IPcop tidak kalah dengan berbagai firewall komersil ! Administrasi via browser, VPN, traffic shaping/limiting, pemisahan network (red/internet, orange/dmz, green/LAN, blue/wireless), Intrusion detection, Proxy server, dll – lebih detailnya bisa dilihat misalnya [ disini ] dan [ disini ].

[ Situs IPcop ]

Persaingan antara para pengelola jasa email gratis semakin menggila saja. Kini telah muncul United Email Systems, yang menawarkan email gratis dengan berbagai fasilitas (anti-virus, anti-spam, dll) – dengan kapasitas 3 GB !

[ United Email Systems ]

Lots of goodies today in Slashdot:

Fedora Core 3 released

I must admit that I was very sceptical when FC1 was released – I’ve had bad experience with previous releases of RedHat, and I never liked RH as a distro.

Then I tried FC2, and fell in love with it straight away. Here’s what I found:

# Truly free (as in speech), open, community-backed distro. Reminds me of Debian.
# Distro that “Just Works” – even on high-end server hardware (which usually uses strange chipset/configuration)
# Good on desktop role, Excellent on server role.
# Sensible setup process, with ability to go into great details if necessary.
# Great momentum – a LOT of people are using Fedora.
# Great choice in software management – I’m using apt on FC2 servers as we speak; yum & up2date are also available.

The last one is particularly important, because I’ve had enough spending days managing software on many servers – I now demand apt (or similar facility) whenever I could to save my time on mundane things and actually enable me to do things that’s more interesting.

I expect FC3 to be even better than FC2, well I guess I’ll find that out soon enough.

A note – contrary to a comment on that post above, I don’t think that SElinux – as it is – will make FC3 suddenly very secure. Don’t get me wrong – any security enhancements should be most welcomed by any security-conscious administrators; but I just think that the commentator is getting hyped up on one thing, and he may miss other similarly important things.
For example, you need to understand how it works to get maximum benefit from it. Otherwise, you’ll fell into false sense of security.

Solaris 10 released

I have a mixed feeling about this. First, I agree that Solaris is an excellent OS. But, I somehow doubt that Sun is able to pull such a huge leap (from Solaris 9) in such a short time – ZFS alone is quite unbelievable, then they promised Linux-compatibility (while I have had problems as silly as applying patches created by GNU/patch using Solaris’ patch), revolutionary TCP/IP stack, etc.
So I think it’ll be ridden with quite a lot of bugs.

Also, open source Solaris ? Doubt it, most probably there’ll some limitations on its license. Probably we’ll see the detailed analysis of it in Groklaw soon.

A commentator in the post above said that he’s heard McNealy promised it (open-sourcing Solaris) himself on an interview. Sorry, but I have problem believing a guy who flipped in an instant and now sleep in the same bed with his previous biggest enemy.

However, if it comes out as true – open-source developers are in for a joyride. Various solid technologies on Solaris are then available for picking by them.

But personally I still won’t use Solaris 10 for production unless I got loads of money to spare to subscribe to its bugfix/patches service….

btw, as I said before, if you use open-source software on Solaris, I think you’ll be very interested on Blastwave.org

Salah satu hal yang disenangi oleh pengguna distro Gentoo adalah karena software-software yang terpasang sudah optimal untuk komputernya – karena di-compile / optimized untuk komputer tersebut

Ternyata Debian juga bisa…

apt-get build-dep package
apt-get –compile source package
dpkg -i package.deb

(kaget sendiri 😀 )

UbuntuLinux menyediakan CD Linux gratis sebagai bagian dalam promosi distronya yang baru ini.
Silahkan klik disini untuk mendapatkannya. Tapi jangan menunda-nunda, karena hanya tersedia sampai tanggal 12 November 2004.

Beberapa kelebihan Ubuntu Linux dari distro-distro lainnya:

1. Mudah digunakan
2. “Just works” – kompatibel dengan mayoritas komputer yang ada
3. Gratis
4. Stabil
5. Lebih kebal virus
6. Didukung oleh seorang jutawan Inggris dalam misinya untuk memasyarakatkan komputer & memanfaatkan teknologi untuk kesejahteraan masyarakat.
7. dll

[ Gratis: CD Ubuntu Linux ]

Bosan dengan Slashdot ? Bingung kemana mencari berita IT tambahan ? Coba buka Technocrat.net.

Sebagai insentif tambahan, Bruce Perens berjanji akan menyumbang US$1 ke FSF untuk setiap artikel yang diposting di Technocrat.net

Jadi tunggu apa lagi, bookmark Technocrat.net sekarang juga.

Ingin mencoba simulasi pesawat yang lain dari yang lain ? Membutuhkan flightsim yang bisa diutak-atik untuk riset ? Dll – FlightGear bisa Anda coba.

FlightGear adalah software simulator pesawat yang open-source dan disediakan gratis, tinggal Anda download saja.

Bagi periset bidang aviasi – karena FlighGear berlisensi open-source, maka juga bisa Anda modifikasi sesuai kebutuhan Anda !
Berbagai contohnya bisa dilihat disini.

Jika Anda pikir karena open-source maka pasti jelek, coba lihat dulu screenshot yang ada. Yang satu ini hanya bisa Anda nikmati jika card VGA Anda ada memory 64MB atau lebih.

Selamat menikmati, siapa tahu, FlightGear bisa menjadikan Anda pilot juga, seperti yang dialami oleh Matt.