Plug-n-Play Server And Network 171
shyster writes: "The IMASS is a server for the technophobes. Built on a Linux OS, it autodetects network segments in less than 5 minutes, and sets up DHCP, DNS, FTP, Email, file sharing, firewall, NAT, internet access, dial-up, etc. almost automagically.
Pluses include a solid state drive for the OS, so the hard drive is only used for file storage and backup (seperate 120GB hard drive for backups.)
seems to be just what some of my clients need to finally convince them that Linux CAN be easier to use than Windows, and they can, for the most part, manage the network themselves! Check out a review from PCMagazine."
Security? (Score:5, Insightful)
(Remember, it was the automatic detection of network services (UPNP) that compromised WinXP..)
Re:Security? (Score:5, Funny)
You have a choice of automagically created passwords to enhance security. These are "password", "secret", "fred", "fido", "1234", and the ever-popular "******". So far, no senior manager has been able to hack in (to their own account).
Re:Security? (Score:2)
Like the Dilbert [dilbert.com] strip where Dilbert advises his boss to change the password to "******" to avoid having to explain why his keyboard puts the wrong characters on the screen when he types his password? And more importantly, what do you tell the same boss when he's upgraded to Windows XP and gets those natty blobs for his password "typo"? Typing "ALT+0183" (on the numeric keypad!) six times just doesn't seem like it's going to cut the mustard.
Re:Security? (Score:2, Interesting)
Re:Security? (Score:2)
-- Tao of my sleep-deprived brain
Re:Security? (Score:1)
Re:Security? (Score:1)
Re:Security? (Score:2)
Actually, yes!
Most people will not plug a card in. But it is not that unusual for people to probe random ip-addresses and infect you with trojans, or other forms of remote attacks. If you want to keep the server running, you'd better have some security there.
Remember that most servers aren't completely unsecured physically, they generally are inside some room in some building where most people don't just happen to walk by (and most of those passing by will be employees or people associated with the company in other ways, so they can for the most part be trusted to some degree). On the internet, the server is available to every person on the planet! So even if it isn't really secured physically, there is at least less chance of a physical than remote attack.
Compare a house in the city with a house on the countryside. Now, anyone can still get to the house on the country, but there will not be so many random bypassers, so the security is higher, even though it doesn't have better locks or alarm-systems.
Not just security... (Score:2)
Almost all QOS issues are going to be a problem here - resilience for example (two NICs and a modem are nice, but I can't see "redundant power supply" written anywhere; or how about hardware support for RAID, even just mirroring). Also customisation/optimisation - nice that it does this automatically, but how easy is it to overide the automatic configuration (not an issue for many of the people who are buying these, but it will really limit there usefullness in big low-tech companies where you need to tie in with your corp-wan.
More detailed specs would be reassuring, the current descriptions are far too minimalist.
Re:Not just security... (Score:2)
Redundant P/S would be nice. The data drive is an IDE backed up to another IDE, so IDE-RAID aside, true RAID isn't an option. But, being backed up to a hard drive (and the OS on solid state) does make for easy recovery's.
I'd assume, though it's not a given, that most settings are user-configurable.
Re:Security? (Score:2)
Exactly.
My thoughts on all those services, too, were along the lines of "Whoa, Nelly!"
Just because it is possible for Linux to simultaneously make available all these different standard services reliably and inexpensively doesn't mean it is a good idea to do it by default.
Such a Ginsu knife device would be great as long as it started out with low services by default (https), with some intuitive feedback to help the novices notice dangerous combinations of configurations.
Also, it wouldn't hurt to put it in tandem with a honeypot machine to help in the detection arena. Certainly if my house had that many different open doors I'd be very anxious.
Re:Security? (Score:2)
Well, i'd say it leaves room for quite some exploits. That's when the Plug'n'Play mode turns into Plug'n'Punish...
Re:Security? (Score:2)
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. [wirex.com]
Immunix: [immunix.org] Security Hardened Linux Distribution
Available for purchase [wirex.com]
Re:Security? (Score:2)
Blurb ahoy (Score:5, Funny)
> Hardened & ruggedized Linux based UNIX kernel
?
Could someone from marketing please tell me what that means?
Re:Blurb ahoy (Score:1)
Re:Blurb ahoy (Score:2)
Damn marketing department...we need a babelfish translator for the marketing drones.
Re:Blurb ahoy (Score:5, Funny)
I think I may have accidentely translated it from Marketing to Management though.
Re:Blurb ahoy (Score:2, Funny)
It means that during the last 10 years the Linux kernel has been improved by volunteers. The company in question has participated by writing the glossy paged marketing material.
Army Reference (Score:1)
It seems kinda silly to apply the terms to software, but that's the way it goes.
How it's hardened... (Score:4, Funny)
It was hardened by flaming it up to extremely high temperatures and then immediately thrown into cold water.
"Tempered UNIX Kernal" was too short of a phrase for marketing to use. It also sounds less aggressive
-------------
Re:Blurb ahoy (Score:5, Informative)
- Apparently it runs a "Hardened & ruggedized Linux based UNIX kernel"
That is indeed marketese. What we tried to tell them was we stripped the Linux OS (not the kernel) down to a system that fits (kernel Apache, perl, php, qmail, and all) in 12 megs on a flash disk, and so it's much more reliable and will keep doing basic tasks (like routing) even if the disk dies.Naturally, they thought an OS was the same as a kernel, and liked the word "ruggedized", and the rest is history...
Re:Blurb ahoy (Score:2)
Re:Blurb ahoy (Score:2)
Re:Blurb ahoy (Score:3, Funny)
It's a holistic-approach solution, which empowers you to proactively leverage your synergy, by thinking outside the box.
Amazing... (Score:1, Funny)
Read at the bottom ... (Score:4, Informative)
Systemax PC's use genuine Microsoft® Windows®
www.microsoft.com/piracy/howtotell
Re:Read at the bottom ... (Score:2, Insightful)
* Hardened & ruggedized Linux based UNIX kernel
* SMB & AppleShare IP compatible file services
* SMTP, POP3, & IMAP4 mail protocols supported
* WebMail support
[blah blah blah]
So either the general statement doesn't apply in this instance, or the servers also include a copy of NT's kernel for no particular reason.
By the way, how does one "harden and ruggedize" a Linux-based kernel? Expose it to gamma radiation? Take it to see really violent movies? Make it do push-ups?
More interestingly, how does one do this, and then sell it with a computer, without releasing the source? I'm having trouble telling whether this is a "real" computer or an embedded device.
Almost (Score:4, Insightful)
As we all know - that can be more annoying than not doing anything at all. Do what microsoft etc do - just miss out the almost.
It's not Plug and (mostly) Play is it?
Re:Almost (Score:5, Interesting)
I suspect it's more like this:
Try DHCP - if OK great, configure eth0 accordingly, if not, not a problem for now
Put eth0 into promiscuous mode
Capture some traffic
Look for where connections are being opened for port 53 (DNS), port 20/21 (FTP), 25 (SMTP)...
Look at the source IPs for local IP's / subnet
Look for where traffic off-net is being sent for the default gateway(s)
etc.
Fill in some blanks with the above
Present harvested info to the user and ask them to fill in any required unknowns, make corrections and confirm the final settings This kind of thing isn't new, and there are lots of other tricks to farm data, like sending forged packets to illicit a response with useful data. Where you tend to come unstuck in what you can achieve though is when you plug the thing into a switch. It's a bit more difficult to find what you want when you can't see it...
Re:Almost (Score:5, Interesting)
You would initially just see broadcast traffic, and that gives you some IP information to get started from. You could then send a continuous stream of forged packet to the switch pretending to be from MAC addresses you can see. Depending on the switch you may be able to force it to fail and start acting as a hub, or receive packets intended for the legitimate hosts you are faking.
It's a technique known as ARP spoofing, for which there are plenty of tools such as Dugsong's DSniff suite [monkey.org]. Get Ethereal [ethereal.com] as well, capture some packets and see what you can derive about the network - it should be quite a lot. Add a packet generator into the mix and, well, the sky's the limit really. I should also point out that you can very easily break the law with these tools; be careful what you do and where...
Re:Almost (Score:3, Insightful)
Besides isn't a statement like "when my IDS finds it. (And it WILL find it.)" akin to saying "Oracle is unbreakable" or "the Titanic is unsinkable"? Watch that trust level!
Re:Almost (Score:2)
Additionally, I wonder what happens if you have identical devices on the network, like another DHCP server. Does this unit turn off its DHCP server? Attempt to "take over" DHCP responsibilities (had this happen with a wireless access point once -- nasty results)?
Re:Almost (Score:2)
Of course, me and you (and most other /.ers) could build a similar system, using Linux, without too much difficulty. But the 20 person law firm I just set up with a Windows 2000 server could not. The reason they wanted Win2k? Because they felt that they could, if needed, administer it. Of course, I know that's bunk, and that the only administering they're going to be doing is changing tapes...or breaking something.
This IMASS would be great for small businesses that just need basic file and print sharing (what we used to use Netware for). As a bonus, it can do DNS, DHCP, dial-up, etc. Sure, a Pentium-133 with a FreeSCO disk will do similar, but a PHB can't set it up.
Good question on the DHCP server, though. I would think that the machine is configurable, both in the services it provides as well as in the options for those services. If you're using in a WAN/Remote type environment, then someone should know what they're doing and be able to configure it. If it's your only server in a small business environment, then it shouldn't need too much fussing, and you can cross your fingers and away we go.
Of course, on the downside, if this thing was ever heavily marketed, I could find myself un(der)employed. =)
Re:Almost (Score:2)
Re:Almost (Score:2)
I see your point, but you're wrong. (We have some lovely parting gifts for you, however.)
It's when the admin/operator doesn't know what the program is assuming or using for defaults that problems occur. You have to know the OS you administer, whether that be Linux, Windows, or BeOS. That means knowing what the defaults are (there's almost always a way to change it if you need to) and how to change them.
Windows is, source code modifications aside, almost as configurable as Linux. You just have to know how. Linux, for the most part, makes sure you know everything up front. Windows assumes that you don't know or don't care, but gives you ways to change it if you do. If you don't look for those ways, then it's your fault...not Windows'.
Re:Almost (Score:2)
Sorry, I know I'm not supposed to respond to trolls, but there seem to have been a number of credulous responses to this.
What Microsoft network products are these that configure themselves automagically? A DNS server that needs no configuration? An email server that simply needs to be installed? A dial-up client that never needs to have the username, password or ISP's telephone number set?
While a lot of these things can be done out of the box with Windows it's a bit of a stretch to say it's not done almost automagically.
Re:Almost (Score:2)
Well, I'm pretty sure you're going to have to provide some information. Such as ISP dial-up number, username/password combos for dial-in and POP accounts. Perhaps even shared drive structures, DNS zone info, DNS forwarders (if used), etc. There are some things I can't imagine that this thing could pick up by sniffing the network....Though, if it could, it would truly be wonderous....I could just use it as a replacment for sticky notes and my failing memory. =)
Toshiba tried it with Magnia SG20.. (Score:1)
imagine.. (Score:4, Interesting)
no, don't mod me down now! I really mean it!
So, what do you think could happen if you put more than one of those in a network.
do they recognize each other?
are they able to do some basic kind of load balancing (one does mail/ftp/NAT, the other one user homes/printer/etc)?
what if business grows bigger, so that you need more than one server?
I like such pseudo turnkey systems, but where is the scalability?
Re:imagine.. (Score:1)
They won't only recognize other fellow boxes, they'll start talking to each other over the network with a lot of incomprehensible, strange-sounding noises to make you think they're intelligent and have emotions.
Kinda like these toys. [furby.com]
</funny>
Re:imagine.. (Score:2)
Re:imagine.. (Score:1)
Don't you think that something this useful could be put in a better looking case than that $35 generic one it is in now? Think Cobalt (oops, Sun) Cube!
--Mike
Re:imagine.. (Score:2, Insightful)
Re:imagine.. (Score:2)
Re:imagine.. (Score:2)
Did you never see a business grow?
What if a starup company uses this server, and their human resources double? who is going to migrate this stuff?
Dammit you idiots, think before you post!
Thy shall not throw stone while sitting in glass house...
Re:imagine.. (Score:2)
The same can be said for a start up business not getting themselves a huge expensive sun box to do their work.. sure if they grow from 5 people to 500 people they'll need it, but at this point it's far more cost effective to get the cheaper solution, which this appears to be. Scalability works both ways.
And heck who knows, maybe these machines do recognize each other and do funky things, but I doubt it. This system IMHO is just another of the linux-based web appliances that were all the rage a year or two ago, and it just has some new auto-detect technology (which someone described how it could be (and based on my experience doing the same type of things, is) done. Bet marketing was overjoyed they could create a new paradigm shift in their action items
Re:imagine.. (Score:2)
Is it not in their budget then to hire a consulatant or full time admin? If not, then I submit that the start-up will have more trouble than migrating data.
Re:imagine.. (Score:2)
Nice price comparison (Score:4, Insightful)
Honestly, if you're going to have an IDE disk in the iMass, then clearly the "traditional" server you're comparing it to should also have an IDE disk. And what network of 2-150 users needs 25 mail servers? Clearly having a tape backup and a hard drive backup are vastly different in scope as well. They don't seem to be providing a way to keep the last year of daily backups on a shelf; or even the last week of backups plus the monthly.
They're just looking for the idiots who don't know what a CAL is or maybe once have seen the IBM linux commercials and look solely at the provided bottom-line.
Re:Nice price comparison (Score:1)
SysAdmin - 80k
IMass doesn't need one. It just works.
Re:Nice price comparison (Score:2)
The "25" that appears there is the number of _client_ licenses for Exchange that you have to buy to get a 30-users mailserver.
Re:Nice price comparison (Score:1)
I'm an idiot (Score:1)
Re:I'm an idiot (Score:2)
Client Access License.
Most commercial (application) servers are priced per so-many clients. These are measured in client access licenses. The most commonly encountered ones would be things like MS Exchange servers, but non-MS server software can use this model too.
Cheers,
Ian
Re:I'm an idiot (Score:1)
Re:I'm an idiot (Score:1)
Jaysyn
GOOGLE (Score:4, Informative)
Google is great. It's like a swiss army knife. Not only can you search for web pages, definitions, etc etc etc, you can even use it to correct your spelling
-
Re:Nice price comparison (Score:2)
I don't know that it's "traditional" to use Microsoft products, but it's certainly not unheard of.
Re:Nice price comparison (Score:2)
For $1200 I can buy a Compaq D500 Evo minitower with two 40 Gig IDE drives, 128Megs RAM and a 1.5Ghz P4. That's more than equivalent to the iMass hardware.
Now as far as software. The iMass comparison goes off showing full price of Win2k and Exchange. Great, but Microsoft's solution to the very problem iMass solves is Small Business Server.
If you go here:
http://www.microsoft.com/sbserver/howtobuy/defa
SBS 2000 comes with 5 CALs, purchase another 25 for around $1300. So we're at $2800 for that, plus $1200 for the desktop puts us at $4000 compared to $2700 for the iMass.
Even so I'd still go with an ML320 at least, and a tape backup solution. Yes, it's going to be more expensive, but I've been there done that, and I think it's worth it.
Re:Nice price comparison (Score:2)
I wouldn't fancy running 2K and Exchange on a PC with 128M RAM though. Win2K by itself is not much fun with 128M, let alone the rather porky Exchange server.
By comparison, a 128M system running QMail for 25 users is barely going to break a sweat.
Re:Nice price comparison (Score:2)
I don't understand this fascination with 128M, that's like so 1999!
Hard drive backup (Score:1)
PriceCompare [dartek.com]
How does this work out. No tape to put in the safe?
HP DDS- 4 tape backup $1200
Integrated hard drive backup (idb) Included
Re:Hard drive backup (Score:1)
Re:Hard drive backup (Score:1)
Re:Hard drive backup (Score:1)
It may be easier to get the data off of the HDD than a tape, but as far as how easy either is to steal, I'd say it's about even.
I always like backup to HDD then to tape. Intermediate backups to HDD provide a faster backup of the original data, allowing pretty much a full day to backup the backup HDD to tape before the next intermediate backup fires off.
Plus, you have greater redundancy, etc. It would be nice if this thing had the backup HDD and a tape drive.
Offsite (Score:2, Interesting)
You get what you pay for, of course. But I've worked with the intended technophobe market - they wouldn't know what they were missing until it was too late.
No network administration skills are needed ... (Score:3, Interesting)
Right. So they're all set up the same? Plug it in and let everyone in?
Sounds rather scary. I can understand Snap file servers etc..
But firewalls etc?
Chances are that to avoid things 'not working' everything is on, every port is open and everything works.
Uh, no (Score:5, Insightful)
Sorry, but this product does not demonstrate any such thing. Using any OS in this kind of device makes it an embedded OS and therefore invisible to the end user. If it's invisible then by definition it has no usability, good or otherwise.
I'm sure Linux was a good choice for the OS in this product, as it's cheap and infinitely configurable. But the OS's inherent ease of use to the customer is not on the list.
Re:Uh, no (Score:2, Insightful)
Re:Uh, no (Score:2)
While you could make an argument that it's an embedded OS [tech-gen.net], it'd be a stretch, since it runs the full Linux [tech-gen.net] kernel.
And, I don't see how invisible translates to no usability. It's configurable by Webmin (or similar), and most non network admins would like a low or no maintenance server.
Oh, and BTW, among Linux's many fine traits, I have never found an "inherent ease of use" among them.
You, admins are just scared of becoming redundant! (Score:2, Funny)
More details. (Score:1)
Re:More details. (Score:2, Informative)
Flexibility anyone ? (Score:1)
Do I have to wait for a vendor-supplied software update to upgrade to apache2 ? or what about PHP ?
Cant find where the Linux part of this is (Score:2)
The link on the article takes you to an Investor Realtion page, Of which the company that is distributing it is listed, no info there, anyone have any FTP info ?
Guess its time to pull the GPL clause to get my software via mail. BUT WHO THE HELL DO I SEND MY WRITTEN OFFER TO ?????
Re:Cant find where the Linux part of this is (Score:2)
*This* is what they would have used in ID4 (Score:5, Funny)
This is the sort of system they would have used in Independence Day 4 to autoconnect to the alien network and upload that virus. None of that stupid Apple crap
Kernel 2.2.19 (Score:5, Interesting)
2.2.19
And 128 meg ram ???
Re:Kernel 2.2.19 (Score:2)
128MB is a bit low, I'm a bit surprised by this given the price these days.
salaried admin || $3000 box? (Score:1)
Contract "IT consultants" setting these things up in small offices everywhere. When the boxen hiccup, nobody bothers to call the "IT" assh*le that set them up. Instead, call your ISP and piggyback their support policy to avoid a $40/hr support charge from your "consultant".
"Mrs./Mr. [RealEstate Agent|Travel Agent|Secretary|Accountant|Legal Assitant|Temp] your mail server is not working. I'm sorry, it is not our problem. Please call your contractor."
Repeat for 45 mins. Lather. Rinse. Repeat.
Re:salaried admin || $3000 box? (Score:4, Funny)
Better still, that classic question: "Is the internet down?"
Re:salaried admin || $3000 box? (Score:2)
I don't know where you live that you know of $40/hr network consultants, but that rate doesn't even get you someone to do a desktop memory upgrade here in Ohio. I know that wasn't your point though.
Any luck running linux on one? (Score:1)
It'd make a good linux b0x3n for the cheap.
Security is Paramount (Score:3, Insightful)
Now, make it even easier, by making something an even lesser peon (one with virtually no computer experience) can just plug in and let run without ANY suggestions of maintenance of the beast, and it starts to form a pretty massive DDoS system, if you ask me.
Re:Security is Paramount (Score:2)
Absolutely - I notice the absence of a virus-scanner of any sort being installed.
Not expensive to do these days, in fact LinuxJournal ran an article on a DIY SMTP virus scanner a few months back IIRC, and I'm sure that could be applied to HTTP etc etc...
Just plain hideous... (Score:2, Insightful)
An additional hard drive for doing backups?
Geez... What if the "backup" drive fails with the last six months of critical accounting data on it? Data-recovery services are -not- cheap, and the cost of having to employ one would likely exceed the cost of a good DLT or DAT tape system AND a disaster-recovery plan many times over.
IDE is bad enough (though I will freely admit to being a SCSI bigot). Using a drive with non-removable (and safely stashable) media for backup, on what will likely be a primary server, is darn near worse than no backup plan at all!
Re:Just plain hideous... (Score:3, Informative)
You can swap idb drives using the front drive tray, so you can replace the backup disk, push the backup button on the front panel, and you're set.
You can also swap the backup disk whenever you want. idb does incremental backups, so you can, say, have a backup done three times a day for a week, then swap the disk and put it in safe storage, then do another week on another disk, then swap them back. The incremental backups are smart, so week 3's backups will automatically be incremental versus week 1, even if week 2's backups were on disk 2. (In this case, week 2's first backup was not incremental, since week 1 isn't on the same disk.)
idb is _very_ cool stuff, trust me.
That said, tapes seem a bit more resilient. But you can't beat the speed or capacity (or nowadays, even price) of a disk.
This is hardly news... (Score:2, Funny)
newsqueak [newsqueak.com] - squeak squeak
Instant marketing (Score:2, Interesting)
Anyone else notice this banner ad [dartek.com] at the bottom of the IMASS page the article links to?
Either someone at the company submitted the story, or they have one of the most responsive marketing teams I've ever seen...
Re:Instant marketing (Score:4, Funny)
e-smith server - same thing (Score:2, Informative)
But There are LOTS of These Server Appliances ... (Score:2)
WireX [wirex.com] (my company) has been selling this kind of product [wirex.com] for a long time now. The WireX web-based management interface (as provisioned on Dell PowerApp servers) even won an "Emperor Class" award from Linux Magazine. And the WireX servers have the additional benefit of being protected with [linux-mag.com] Immunix [immunix.org] security, something which is especially needed by the kinds of users who choose "easy to use" server appliances.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. [wirex.com]
Immunix: [immunix.org] Security Hardened Linux Distribution
Available for purchase [wirex.com]
Re:Uh oh (Score:1)
This could actually be a simple task. It is currently unknown whether e + pi is in fact rational or irrational.
Re:Uh oh (Score:2)
Geek! :) Sorry...
Re:Uh oh (Score:2)
oh, bloody hell. nevermind.
moron admins (Score:2)
Remember code red and nimda? Both had patches released by Microsoft before they were out in the wild; all people had to do was install them.
Imagine that instead of being too lazy or dumb to keep up to date with patches, the admins just didn't know what a patch is, or how to apply one. I've seen several security patches from Linux vendors this month, and I don't keep up to date because I don't administer anything other than my home PC. This thing better have automatic download and install of patches.
Not to mention the idea of someone who has never seen your network deciding what the firewall should look like...
Re:Qmail licensing (Score:5, Informative)
Re:2.4 kernel (Score:5, Informative)
Last time I checked, I think it takes three mouse clicks to upgrade the entire OS, which fits in 12 megs on a 32-meg flash disk (so you can hold two copies, and old "known working" one and a new "test" version). iMASS downloads the new version from our web site, verifies its integrity, and installs it automatically.
Unfortunately you have to reboot to upgrade the kernel. If it doesn't work for any reason, next time you reboot you get the old, safe version back automatically.
Re:Slashdot does Infomercials now? (Score:2)