Hi Folks
After discussing a small problem about ssh and cvs with Brett last night, it was suggested I post the problem here...
I am attempting to set up a cvs server behind a firewall using ssh for security. The port forwarding works and has been tested from the outside, as does cvs access. At the moment, I have set up a usr account for each person requiring write access to the cvs repository.. However, I do not want to allow remote users to have shell access on the cvs server. Is there a simple way I can disable shell accounts for selected users and still have ssh & cvs working with some degree of security ?
Regards, Paul.
Hi,
On 23 Sep 2004, at 00:34, Paul wrote:
Is there a simple way I can disable shell accounts for selected users and still have ssh & cvs working with some degree of security ?
No.
Use SVN instead - it's built with exactly this sort of use in mind, is more firewall-friendly, and is a significant improvement on CVS. There's no point going down the CVS route for new projects, unless you specifically need to.
A.
(don't reply to me, reply to the list ... this address is deliberately trashed)
On Thursday 23 Sep 2004 00:43, Andrew Savory wrote:
Hi,
On 23 Sep 2004, at 00:34, Paul wrote:
Is there a simple way I can disable shell accounts for selected users and still have ssh & cvs working with some degree of security ?
No.
Use SVN instead - it's built with exactly this sort of use in mind, is more firewall-friendly, and is a significant improvement on CVS. There's no point going down the CVS route for new projects, unless you specifically need to.
With respect, not a hope in hell of me using Subversion in the near future. The reason being is that it's only just hit 1.0 and there's no way I'm going to trust my code (my livelihood) to something so immature. I still recommend CVS to my clients for this reason.
Matt
Hi,
On 23 Sep 2004, at 01:01, Matt Parker wrote:
With respect, not a hope in hell of me using Subversion in the near future. The reason being is that it's only just hit 1.0 and there's no way I'm going to trust my code (my livelihood) to something so immature. I still recommend CVS to my clients for this reason.
So because CVS is old you prefer to use that? CVS has some well-documented limitations, which SVN is designed to overcome (including the requirement for shell access).
The assumption that something that has "only just hit 1.0" is immature is pretty daft, don't you think? Some huge software projects out there are stress-testing SVN in contexts that (I suspect, knowing nothing of your clients) are far larger than anything you'll come across, without problems.
Seriously, it's worth taking a look at it. Don't dismiss it out of hand without at least doing a feature comparison and a poll of other users' experiences. FWIW, I've been using it for many months on some -very- large projects, with no problems whatsoever.
Cheers,
A.
On Thu, Sep 23, 2004 at 01:01:55AM +0100, Matt Parker wrote:
On Thursday 23 Sep 2004 00:43, Andrew Savory wrote:
Hi,
On 23 Sep 2004, at 00:34, Paul wrote:
Is there a simple way I can disable shell accounts for selected users and still have ssh & cvs working with some degree of security ?
No.
Use SVN instead - it's built with exactly this sort of use in mind, is more firewall-friendly, and is a significant improvement on CVS. There's no point going down the CVS route for new projects, unless you specifically need to.
With respect, not a hope in hell of me using Subversion in the near future. The reason being is that it's only just hit 1.0 and there's no way I'm going to trust my code (my livelihood) to something so immature. I still recommend CVS to my clients for this reason.
With respect, you're a muppet :)
Subversion is yet to trash any data for me, and it's not as brain dead as CVS. CVS trashed repositories when ever it felt like it, or anyone commited in a slightly odd way, breathed on it wrong, or even just stroked the cat next door.
There's *NO* way that I'd use CVS to store my data through choice, and, infact, I don't. There's a heady evil mix between svn and tla for my projects.
Thanks,
On Thursday 23 Sep 2004 10:28, Brett Parker wrote:
On Thu, Sep 23, 2004 at 01:01:55AM +0100, Matt Parker wrote:
On Thursday 23 Sep 2004 00:43, Andrew Savory wrote:
Hi,
On 23 Sep 2004, at 00:34, Paul wrote:
Is there a simple way I can disable shell accounts for selected users and still have ssh & cvs working with some degree of security ?
No.
Use SVN instead - it's built with exactly this sort of use in mind, is more firewall-friendly, and is a significant improvement on CVS. There's no point going down the CVS route for new projects, unless you specifically need to.
With respect, not a hope in hell of me using Subversion in the near future. The reason being is that it's only just hit 1.0 and there's no way I'm going to trust my code (my livelihood) to something so immature. I still recommend CVS to my clients for this reason.
With respect, you're a muppet :)
Subversion is yet to trash any data for me, and it's not as brain dead as CVS. CVS trashed repositories when ever it felt like it, or anyone commited in a slightly odd way, breathed on it wrong, or even just stroked the cat next door.
There's *NO* way that I'd use CVS to store my data through choice, and, infact, I don't. There's a heady evil mix between svn and tla for my projects.
Thanks,
Subversion is NOT ready for enterprise level networks. I don't care what has happened to your data. I'd like to see you try and go into a large enterprise and convince the IT PHB that Subversion is ready to manage all their source code. Hint : It ain't going to happen, and he/she is likely to call you a muppet for suggesting it ;-)
Matt
On Thu, Sep 23, 2004 at 11:22:48AM +0100, Matt Parker wrote:
On Thursday 23 Sep 2004 10:28, Brett Parker wrote:
On Thu, Sep 23, 2004 at 01:01:55AM +0100, Matt Parker wrote:
On Thursday 23 Sep 2004 00:43, Andrew Savory wrote:
Hi,
On 23 Sep 2004, at 00:34, Paul wrote:
Is there a simple way I can disable shell accounts for selected users and still have ssh & cvs working with some degree of security ?
No.
Use SVN instead - it's built with exactly this sort of use in mind, is more firewall-friendly, and is a significant improvement on CVS. There's no point going down the CVS route for new projects, unless you specifically need to.
With respect, not a hope in hell of me using Subversion in the near future. The reason being is that it's only just hit 1.0 and there's no way I'm going to trust my code (my livelihood) to something so immature. I still recommend CVS to my clients for this reason.
With respect, you're a muppet :)
Subversion is yet to trash any data for me, and it's not as brain dead as CVS. CVS trashed repositories when ever it felt like it, or anyone commited in a slightly odd way, breathed on it wrong, or even just stroked the cat next door.
There's *NO* way that I'd use CVS to store my data through choice, and, infact, I don't. There's a heady evil mix between svn and tla for my projects.
Thanks,
Subversion is NOT ready for enterprise level networks. I don't care what has happened to your data. I'd like to see you try and go into a large enterprise and convince the IT PHB that Subversion is ready to manage all their source code. Hint : It ain't going to happen, and he/she is likely to call you a muppet for suggesting it ;-)
*HINT* - it *is* ready. *HINT* If the IT PHB has that little clue and doesn't even *TRY* new software before claiming that it's not ready then they *REALLY* shouldn't be in the job, should they. *AND* I would be very very very very suprised to find anyone that's run a serious cvs archive and *HASN'T* hit problem after problem after problem. Hell, just keeping CVS running for a large enterprise must be a job all in its own, probably for several people.
*HINT*: there are companies using svn, lots of them in fact. *HINT*: svn isn't the *ONLY* solution, there's also arch, which has been around for "quite some time" and aegis, which is solid as a rock, but has the user interface from hell...
Oh, and on your "point" about CVS... just how long did it take to get popular... *HINT*: not very... and *why* did it become popular? becuase it was simple to use... now why are people moving away from CVS? because of the troubles that it has with directories, the somewhat broken way it handles archives, and the incredible amount of effort involved in fixing it when it goes wrong (which it does. often. in interesting and cunning ways).
So, if this is your view now, take a look at svn, give it 6 months and everyone will be far far more susceptable to it. Use it now, though, or forever play catch up with the real world.
Thanks,
On Thursday 23 September 2004 12:02 pm, Brett Parker wrote:
HINT* - it *is* ready. *HINT* If the IT PHB has that little clue and doesn't even *TRY* new software before claiming that it's not ready then they *REALLY* shouldn't be in the job, should they. *AND* I would be very very very very suprised to find anyone that's run a serious cvs archive and *HASN'T* hit problem after problem after problem. Hell, just keeping CVS running for a large enterprise must be a job all in its own, probably for several people.
I am trying to keep out of the CVS-Subversion discussion for the simple reason that I have only had direct experience of one of these systems.
However
I (in a previous job) deployed several CVS archives (at a high point 6 simultaneous) for multi million £ projects, we had code that was ultimately so mission critical that the company would have vanished had it been lost or through an issue with the version control system access been denied for a reasonable amount of time.
I can't remember a single instance where a repository wasn't available to the developers for more than an hour.
Yes CVS was a pain in the backside sometimes, yes it is limited in some respects and yes we struggled so hard to find a half decent Windows client that one of our developers made his own http://www.tortoisecvs.org/
But ultimately for the company I worked for, CVS started a trend of Linux adoption that resulted in most of the companies core infrastructure running on it.
CVS has been used for several very large projects, I have no doubt that subversion is a better option today, and certainly given the task of providing a version control soultion I'd be mad to not even consider it.
But to say that it is impossible for a single person to maintain a reasonable size CVS repository is probably overstating your argument.
Hi,
On 23 Sep 2004, at 11:22, Matt Parker wrote:
Subversion is NOT ready for enterprise level networks. I don't care what has happened to your data. I'd like to see you try and go into a large enterprise and convince the IT PHB that Subversion is ready to manage all their source code. Hint : It ain't going to happen, and he/she is likely to call you a muppet for suggesting it ;-)
And the pointless mindless FUD award of the month goes to ...
I can name several enterprise-level organisations using SVN already. Except I can't because it would be a breach of confidentiality. I suspect your pitch to the PHBs must have been flawed if you've been unable to explain to them the quite obvious benefits of SVN over CVS.
From http://subversion.tigris.org/project_faq.html#stable :
"It's ready for prime-time production."
From http://subversion.tigris.org/propaganda.html : "I currently manage a group of about 20 developers for a Fortune 500 company. [...] The advantages we received from Subversion are immense."
"I work for a government contracting facility. [...] We've never lost any data, and our developers have found it to be a very intuitive tool. Subversion has been rock-solid in our environment, and very much complements our software engineering practices. I can't speak highly enough of it."
Take a look at http://svn.apache.org/repos/asf/ - commercial projects that are more demanding than the likes of Cocoon or Geronimo are going to be tough to find.
So please, take your troll elsewhere ;-)
A.
On Thursday 23 Sep 2004 12:12, Andrew Savory wrote:
Hi,
On 23 Sep 2004, at 11:22, Matt Parker wrote:
Subversion is NOT ready for enterprise level networks. I don't care what has happened to your data. I'd like to see you try and go into a large enterprise and convince the IT PHB that Subversion is ready to manage all their source code. Hint : It ain't going to happen, and he/she is likely to call you a muppet for suggesting it ;-)
And the pointless mindless FUD award of the month goes to ...
You see, this is the reason why Linux itself is only being slowly accepted into the mainstream. Mindless zealotry and sarcastic attitudes. You've got to realise that the people in control are VERY conservative when it comes to their IT infrastructure - mostly due to the fact that they don't understand it. This is the way of the world unfortunately and trying to change it too quickly is not the way to go about things.
Yes there will be a time for Subversion, but not yet. The last contract I worked on was for a very large international software company (who you will have heard of) who are only just discussing moving from Visual SourceSafe to CVS. Subversion was mentioned but was quickly dismissed because it "hadn't been around long enough" and wasn't "tried and tested".
Matt
Hi,
On 23 Sep 2004, at 12:30, Matt Parker wrote:
And the pointless mindless FUD award of the month goes to ...
You see, this is the reason why Linux itself is only being slowly accepted into the mainstream. Mindless zealotry and sarcastic attitudes.
I was simply responding to your complete failure to back up your sweeping statements with anything remotely resembling a fact or justification.
You've got to realise that the people in control are VERY conservative when it comes to their IT infrastructure - mostly due to the fact that they don't understand it. This is the way of the world unfortunately and trying to change it too quickly is not the way to go about things.
I appreciate all that (hey grandmother, come suck these eggs!). But the conservative PHBs should be delighted with how much safer SVN is in comparison to CVS. Granted, if they have CVS already there's less to justify as migrations are costly and time-consuming. If there's no source control it should be no contest.
Yes there will be a time for Subversion, but not yet. The last contract I worked on was for a very large international software company (who you will have heard of) who are only just discussing moving from Visual SourceSafe to CVS. Subversion was mentioned but was quickly dismissed because it "hadn't been around long enough" and wasn't "tried and tested".
It seems to me that the main reason that it's not time for subversion is because you don't think it is, rather than because big companies are struggling with the idea. If someone in a meeting with you dismissed SVN in favour of CVS, I would hope it would be your professional obligation to point out everything that is wrong with CVS and to explain the benefits SVN offers over it.
Have you actually tried SVN, by the way?
A.
On Thursday 23 Sep 2004 12:47, Andrew Savory wrote:
Have you actually tried SVN, by the way?
I admit you've got me there ;-) But that's because I have a large repository of my own source code in CVS, so the arguments I've given about other people switching also apply to me. CVS is managing my code exactly how I want it so I don't see any reason to change, never mind invest the time to do so.
I have, however, read the docs on Subversion and it hasn't interested me enough to even want to change, at least for my own work. I can't see the "killer reason" for changing.
Matt
Hi,
On 23 Sep 2004, at 12:52, Matt Parker wrote:
I have, however, read the docs on Subversion and it hasn't interested me enough to even want to change, at least for my own work. I can't see the "killer reason" for changing.
Neither did I.
But then I was forced to try it on a major publisher's development project, and since then it's been a question of "how soon can I migrate our own repositories" rather than "should we convert our own repositories".
If you work with a local CVS repository, the need is admittedly less urgent - but that's comparatively rare. Wherever you have two or more people collaborating with a server-based repository, SVN makes a -lot- of sense. And finally, control over directories! Seamless branching! Web integration for free! Webdav access to the repo! Non-login accounts! HTTP tunnelling!
It's all good. Try it, you might like it. What's the worst that can happen[1]? :-)
A.
[1] ... you find out your preferred tool doesn't have SVN integration. Time to kick the vendor / developer and tell them to get with the program, whilst brushing up on your 'leet command-line skills.
On Thu, Sep 23, 2004 at 01:00:13PM +0100, Andrew Savory wrote:
Hi,
On 23 Sep 2004, at 12:52, Matt Parker wrote:
I have, however, read the docs on Subversion and it hasn't interested me enough to even want to change, at least for my own work. I can't see the "killer reason" for changing.
Neither did I.
But then I was forced to try it on a major publisher's development project, and since then it's been a question of "how soon can I migrate our own repositories" rather than "should we convert our own repositories".
If you work with a local CVS repository, the need is admittedly less urgent - but that's comparatively rare. Wherever you have two or more people collaborating with a server-based repository, SVN makes a -lot- of sense. And finally, control over directories! Seamless branching! Web integration for free! Webdav access to the repo! Non-login accounts! HTTP tunnelling!
It's all good. Try it, you might like it. What's the worst that can happen[1]? :-)
A.
[1] ... you find out your preferred tool doesn't have SVN integration. Time to kick the vendor / developer and tell them to get with the program, whilst brushing up on your 'leet command-line skills.
JOOI, what tool do you use for development? (I still use the tools that I've been using for a few years now, vim and command line repository tools)
Thanks,
On Thursday 23 Sep 2004 13:00, Andrew Savory wrote:
It's all good. Try it, you might like it. What's the worst that can happen[1]? :-)
Oh, I'm quite willing to give it a go, and I probably will in the near future. That wasn't my main point though. My main point in this discussion is how do you convince an ignorant PHB managing a large IT department to try it as well?
And also, as you guessed, my main IDE doesn't have Subversion integration and it's an open-source IDE too. I could write a plugin myself I suppose, but I just haven't got the time to do something like that.
Matt
On 23 Sep 2004, at 13:13, Matt Parker wrote:
That wasn't my main point though. My main point in this discussion is how do you convince an ignorant PHB managing a large IT department to try it as well?
Depends on the context, but I find lower TCO, better security, and features that make life easier for your workforce are the ones that usually clinch it.
And also, as you guessed, my main IDE doesn't have Subversion integration and it's an open-source IDE too. I could write a plugin myself I suppose, but I just haven't got the time to do something like that.
Bitch at the developers - let them know there's demand for it.
A.
On Thu, Sep 23, 2004 at 12:52:41PM +0100, Matt Parker wrote:
On Thursday 23 Sep 2004 12:47, Andrew Savory wrote:
Have you actually tried SVN, by the way?
I admit you've got me there ;-) But that's because I have a large repository of my own source code in CVS, so the arguments I've given about other people switching also apply to me. CVS is managing my code exactly how I want it so I don't see any reason to change, never mind invest the time to do so.
I have, however, read the docs on Subversion and it hasn't interested me enough to even want to change, at least for my own work. I can't see the "killer reason" for changing.
Never wanted to remove a directory from the development tree then? or move it? Interesting...
Thanks,
On Thu, Sep 23, 2004 at 12:30:57PM +0100, Matt Parker wrote:
On Thursday 23 Sep 2004 12:12, Andrew Savory wrote:
Hi,
On 23 Sep 2004, at 11:22, Matt Parker wrote:
Subversion is NOT ready for enterprise level networks. I don't care what has happened to your data. I'd like to see you try and go into a large enterprise and convince the IT PHB that Subversion is ready to manage all their source code. Hint : It ain't going to happen, and he/she is likely to call you a muppet for suggesting it ;-)
And the pointless mindless FUD award of the month goes to ...
You see, this is the reason why Linux itself is only being slowly accepted into the mainstream. Mindless zealotry and sarcastic attitudes. You've got to realise that the people in control are VERY conservative when it comes to their IT infrastructure - mostly due to the fact that they don't understand it. This is the way of the world unfortunately and trying to change it too quickly is not the way to go about things.
Yes there will be a time for Subversion, but not yet. The last contract I worked on was for a very large international software company (who you will have heard of) who are only just discussing moving from Visual SourceSafe to CVS. Subversion was mentioned but was quickly dismissed because it "hadn't been around long enough" and wasn't "tried and tested".
They might as well stick with sourcesafe then, at least that mightn't fuck up the archive. As for linux only now becoming mainstream, what planet are you on? There's a whole *FUCKLOAD* of linux servers out there, far out numbering Microsoft or proprietary servers. And with the likes of IBM, HP, Novell, SGI and even Sun getting in on the act, I'd say that linux is damned mainstream, my dear boy.
If *your* classification of mainstream, however, is the somewhat limited scope of desktop machines, then I fear that you are missing out on a whole world of technology.
Even the desktop area is coming into line as more and more companies realise that windows is not a requirement, step by step, maybe firstly replacing Microsoft Office with OpenOffice.org, then discovering that that wasn't bad, then gradually stepping over to other Free Software, until they've a windows machine running nothing that isn't available in a nicer form under a Free operating system.
With Gnome 2.8 and KDE 3, the developers out there devoted to making life better, and the support and backing of some of the major players, linux is very much getting in to the desktop market.
Now if someone could only convince the hardware manufacturers to be more open with specifications, the world would be a lovely place.
Now, could you please go and search the interweb, and learn about what *is* happening in the real world, rather than the misconceptions that you have now?
(Oh, and as for "mindless zealotry", erm, you're the one saying cvs is king, and that nothing else is good enough... now... that to me says that you are a mindless zealot. As for the sarcasm, to some of us it comes naturally).
On Thursday 23 Sep 2004 12:48, Brett Parker wrote:
On Thu, Sep 23, 2004 at 12:30:57PM +0100, Matt Parker wrote:
On Thursday 23 Sep 2004 12:12, Andrew Savory wrote:
Hi,
On 23 Sep 2004, at 11:22, Matt Parker wrote:
Subversion is NOT ready for enterprise level networks. I don't care what has happened to your data. I'd like to see you try and go into a large enterprise and convince the IT PHB that Subversion is ready to manage all their source code. Hint : It ain't going to happen, and he/she is likely to call you a muppet for suggesting it ;-)
And the pointless mindless FUD award of the month goes to ...
You see, this is the reason why Linux itself is only being slowly accepted into the mainstream. Mindless zealotry and sarcastic attitudes. You've got to realise that the people in control are VERY conservative when it comes to their IT infrastructure - mostly due to the fact that they don't understand it. This is the way of the world unfortunately and trying to change it too quickly is not the way to go about things.
Yes there will be a time for Subversion, but not yet. The last contract I worked on was for a very large international software company (who you will have heard of) who are only just discussing moving from Visual SourceSafe to CVS. Subversion was mentioned but was quickly dismissed because it "hadn't been around long enough" and wasn't "tried and tested".
They might as well stick with sourcesafe then, at least that mightn't fuck up the archive. As for linux only now becoming mainstream, what planet are you on? There's a whole *FUCKLOAD* of linux servers out there, far out numbering Microsoft or proprietary servers. And with the likes of IBM, HP, Novell, SGI and even Sun getting in on the act, I'd say that linux is damned mainstream, my dear boy.
Oh come on, that's not what I'm talking about and you know it. I'm talking development environments not web-servers, desktops, mail servers or anything else. I'm not even talking about Linux servers necessarily (you do know that CVS and Subversion run on Windows machines as well as all the other *nix machines don't you?). You should also know that I've worked in precisely one company that had Linux on the desktop anywhere - apart from my own company - and that was only in R&D.
Until you've worked in the real world in development, I'll take what you're saying with a very large pinch of salt - and no, contributing to open-source software doesn't count - I'm talking about holding down a development role in a software company or contracting out to one.
Matt
On Thu, Sep 23, 2004 at 01:10:43PM +0100, Matt Parker wrote:
On Thursday 23 Sep 2004 12:48, Brett Parker wrote:
On Thu, Sep 23, 2004 at 12:30:57PM +0100, Matt Parker wrote:
On Thursday 23 Sep 2004 12:12, Andrew Savory wrote:
Hi,
On 23 Sep 2004, at 11:22, Matt Parker wrote:
Subversion is NOT ready for enterprise level networks. I don't care what has happened to your data. I'd like to see you try and go into a large enterprise and convince the IT PHB that Subversion is ready to manage all their source code. Hint : It ain't going to happen, and he/she is likely to call you a muppet for suggesting it ;-)
And the pointless mindless FUD award of the month goes to ...
You see, this is the reason why Linux itself is only being slowly accepted into the mainstream. Mindless zealotry and sarcastic attitudes. You've got to realise that the people in control are VERY conservative when it comes to their IT infrastructure - mostly due to the fact that they don't understand it. This is the way of the world unfortunately and trying to change it too quickly is not the way to go about things.
Yes there will be a time for Subversion, but not yet. The last contract I worked on was for a very large international software company (who you will have heard of) who are only just discussing moving from Visual SourceSafe to CVS. Subversion was mentioned but was quickly dismissed because it "hadn't been around long enough" and wasn't "tried and tested".
They might as well stick with sourcesafe then, at least that mightn't fuck up the archive. As for linux only now becoming mainstream, what planet are you on? There's a whole *FUCKLOAD* of linux servers out there, far out numbering Microsoft or proprietary servers. And with the likes of IBM, HP, Novell, SGI and even Sun getting in on the act, I'd say that linux is damned mainstream, my dear boy.
Oh come on, that's not what I'm talking about and you know it. I'm talking development environments not web-servers, desktops, mail servers or anything else. I'm not even talking about Linux servers necessarily (you do know that CVS and Subversion run on Windows machines as well as all the other *nix machines don't you?). You should also know that I've worked in precisely one company that had Linux on the desktop anywhere - apart from my own company - and that was only in R&D.
I'm currently working at a company that runs linux on the desktop... or at least on *MY* desktop. Yes, I do know that it can be bent to run on windows, but why do that when you can run it on a real server and use remote repositories if you're stuck on using windows as a development platform?
Until you've worked in the real world in development, I'll take what you're saying with a very large pinch of salt - and no, contributing to open-source software doesn't count - I'm talking about holding down a development role in a software company or contracting out to one.
Sorry, which real world is this? And, JOOI, in what possible way does open-source software not count? As open-source often has the *biggest* archive of all, and more developers than you could shake a very large stick at, show can you say that it doesn't count? I believe that you, sir, are in a fantasy land. Currently I am a web developer, and altough to you that may not seem to be "software" but given the dynamic nature of the interweb, and the varying degrees to which customers have expectations, and the fact that most of our development sites cost more than your average piece of software, and are tailored to the customers needs, I'd say that I'm fairly much *in* the real world, and getting rather bored of developers who appear not to know what's happening in the real world, and argue with anyone they possibly can that things are not ready for the mainstream when there's already a vast following of it.
Do we assume, then, that you are a "leet" coder, and that what you say is the gospel truth? Or shall we assume that you've just had bad experiences with PHBs? Better yet, should we assume that you have bad communication skills?
I shall now leave this thread, as I'm bored of so called "developers".
Thanks,
On Thursday 23 Sep 2004 13:33, Brett Parker wrote:
I'm currently working at a company that runs linux on the desktop... or at least on *MY* desktop. Yes, I do know that it can be bent to run on windows, but why do that when you can run it on a real server and use remote repositories if you're stuck on using windows as a development platform?
Well that's all that I needed to demonstrate to me where you're coming from. You're point of view is that Linux is the only *real* server available and that Linux runs quite happily on *your* machine.
You need to realise that this is by far and away not the common point of view out there in the commercial IT world. By accepting this fact is the only way things are going to change. It's like that wierd putty you could get in the 80s - if you applied soft pressure you could mould it easily, but if you hit it with a hammer it was hard as a rock.
BTW, at my company I have almost 100% Linux machines with just the one Mac. I run Windows in VMWare to check stuff out on there. I'm 100% a Linux advocate, but there are ways to go about getting it accepted, and ways that make people put up barriers to defend themselves against an onslaught of overly-technical and passionate language.
Matt
On Thu, Sep 23, 2004 at 01:58:10PM +0100, Matt Parker wrote:
On Thursday 23 Sep 2004 13:33, Brett Parker wrote:
I'm currently working at a company that runs linux on the desktop... or at least on *MY* desktop. Yes, I do know that it can be bent to run on windows, but why do that when you can run it on a real server and use remote repositories if you're stuck on using windows as a development platform?
Well that's all that I needed to demonstrate to me where you're coming from. You're point of view is that Linux is the only *real* server available and that Linux runs quite happily on *your* machine.
Incorrect, Linux is *not* the only real server platform available, windows, however, is *not* a server platform. The BSD family are all viable, commercial unix is viable, Mac OS X is even viable to some extent. All those have one thing in common though, they're designed from the ground up with multiple users in mind. (OK, so Mac OS X is a little fluffy on the multiple user front, but it's there, lurking in the background).
You need to realise that this is by far and away not the common point of view out there in the commercial IT world. By accepting this fact is the only way things are going to change. It's like that wierd putty you could get in the 80s - if you applied soft pressure you could mould it easily, but if you hit it with a hammer it was hard as a rock.
Weirdly, I've discovered that over the years, sometimes the *ONLY* way to communicate with some people (especially sales people) is to hit the over the head several times, as otherwise all the explaining happens on a daily basis, start gentle, then hit 'em when they're blatently not listening, or are very misinformed. Now, you see, the way you started this thread made it look like you were deliberately baiting, especially due to the nature of the posts on SVN when you, as you admitted early, but in a shroud that half masked it, that you hadn't actually even *USED* it. *HOW* can someone with no experience of a particular product manage to try to slate it as heavily as you seemed to be? It'd be like slagging off OS X without even trying it. Or saying that all beer was foul because you had one bad pint.
BTW, at my company I have almost 100% Linux machines with just the one Mac. I run Windows in VMWare to check stuff out on there. I'm 100% a Linux advocate, but there are ways to go about getting it accepted, and ways that make people put up barriers to defend themselves against an onslaught of overly-technical and passionate language.
The only reason we have windows about here is that, weirdly, being an ISP, occasionally we need to be able to access the products that we support. Being a small ISP means that we tend to actually *listen* to the customer, not sit and read a script. And, weirdly, we also try our hardest to support products that we haven't heard of.
I'm not a 100% linux advocate, I chose it because it fitted with the way I worked, and has done for a *long* time. Over the years my desktop has changed, I've been through most window managers, and have chosen the 2 that are most accessable for my uses. Then, my main uses are XTerms and a webbrowser, mutt is my e-mail client of choice, with thunderbird a close second.
As for it being accepted, given most mainstream IT magazines now appear to advertise at least linux servers, and the lines of Micro Mart have a weekly installment of "linux mart" (this can be interesting some weeks), it's not for me to get it accepted, my view is that people should *choose* the operating system that best works for them, be it Mac OS X, Linux, or even Windows. What I don't like are people saying "this doesn't work" or "this isn't stable enough" when they haven't even bloody used it.
Thanks,
On 2004-09-23 12:30:57 +0100 Matt Parker matt@mpcontracting.co.uk wrote:
You see, this is the reason why Linux itself is only being slowly accepted into the mainstream. Mindless zealotry and sarcastic attitudes. [...]
I agree, but I probably blame the "other group" to you.
Yes, some advocates are zealots and some of them can *deliver* very nasty sarcasm. Most of them seem to have thought about it (so it's not mindless) and it's not really a sarcastic attitude but just occasional sarcastic words.
On the other hand, most of the denials seem to have few clear reasons and none based on sound technical analysis: at best, there's empirical evidence for them. That seems more zealous to me. Many then assume that any advocates disagreeing with them must be idiots, which is the basis for what looks like sarcasm to most people.
Maybe some advocates don't deliver explanations in the way you would like, but I'm not sure you're really helping communication. To a subversion advocate (and you knew one was on this list before posting), a paragraph about judging it only by version number probably couldn't seem more like a troll if it were short with green hair and jumped out from under Troll Bridge screaming "I'm a troll! I'm a troll!"
On 2004-09-23 00:43:16 +0100 Andrew Savory lists@andrewsavory.com wrote:
Use SVN instead - it's built with exactly this sort of use in mind, is more firewall-friendly, and is a significant improvement on CVS.
It fixes a few of the many CVS bugs, but some other fixes aren't expected any time soon because they need serious architectural work.
Writing "more firewall-friendly" hides significant complexity: last I knew, SVN needed shell access (same problems as for CVS), svnserve (similar problems to pserver) or HTTP WebDAV. Most HTTP proxies don't seem to let WebDAV through unmolested, which is evil bad and wrong but still happens.
There's no point going down the CVS route for new projects, unless you specifically need to.
I'd agree with that, though. There are a lot of better candidates available now and some handy comparisons to help you pick the right one for your needs, like http://wiki.gnuarch.org/moin.cgi/SubVersionAndCvsComparison by Mingo.
On Thursday 23 Sep 2004 00:34, Paul wrote:
Hi Folks
After discussing a small problem about ssh and cvs with Brett last night, it was suggested I post the problem here...
I am attempting to set up a cvs server behind a firewall using ssh for security. The port forwarding works and has been tested from the outside, as does cvs access. At the moment, I have set up a usr account for each person requiring write access to the cvs repository.. However, I do not want to allow remote users to have shell access on the cvs server. Is there a simple way I can disable shell accounts for selected users and still have ssh & cvs working with some degree of security ?
Regards, Paul.
Yes!! If the user is only going to authenticate over SSH and not need shell access then it's possible by putting an invalid shell entry in /etc/passwd - I do this for my postgres account:-
postgres:x:502:502::/home/postgres:/bin/false
This way system authentication works but the user has no shell acess.
Matt
On 2004-09-23 00:34:35 +0100 Paul bdi-emc@ntlworld.com wrote:
[...] Is there a simple way I can disable shell accounts for selected users and still have ssh & cvs working with some degree of security ?
You could probably use methods from Joey Hess's "Anonymous CVS access via ssh" at http://www.kitenet.net/~joey/sshcvs/ or "Chrooted SSH CVS server HOW-TO" by Olivier Berger and Olivier Tharan at http://www.idealx.org/en/doc/chrooted-ssh-cvs-server/chrooted-ssh-cvs-server...
What degree of security that gives is an open question, in my opinion. You may find that GNU Arch is more suited to "bazaar" development, giving all developers a local revision control copy to use, without needed blessing of a central authority, which can be published to http, sftp or ftp spaces.
Thanks slef
I'll look at the chrooted methods as it looks to be the most viable option. the /bin/false trick won't work (has just been tried..) as cvs needs a shell to run some commands.. Whilst SVN may be an option for new projects, the current project already uses cvs. So in this respect, my hands are tied to a certain extent.
Regards, Paul.
On Thursday 23 September 2004 03:01, MJ Ray wrote:
You could probably use methods from Joey Hess's "Anonymous CVS access via ssh" at http://www.kitenet.net/~joey/sshcvs/ or "Chrooted SSH CVS server HOW-TO" by Olivier Berger and Olivier Tharan at http://www.idealx.org/en/doc/chrooted-ssh-cvs-server/chrooted-ssh-cvs-serve r.html
Yep, set the users login shell to be /bin/false. If they attempt to log into a shell, it'll dump them straight back at a login prompt
HTH
-
Andrew Savory -
Brett Parker -
Chris Glover -
Matt Parker -
MJ Ray -
Paul -
Wayne Stallwood