-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Howard,

On 1/23/14, 9:05 PM, Howard W. Smith, Jr. wrote:
> On Wed, Jan 22, 2014 at 10:14 AM, Christopher Schultz < 
> ch...@christopherschultz.net> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>> 
>> Konstantin,
>> 
>> On 1/22/14, 9:03 AM, Konstantin Preißer wrote:
>>> Hi Jeffrey,
>>> 
>>>> -----Original Message----- From: Jeffrey Janner 
>>>> [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, January
>>>> 21, 2014 10:19 PM
>>> 
>>>> Eureka, I finally figured it out! It was a real eureka
>>>> moment, some remembrance burned its way up from my
>>>> subconscious and I had the answer. Ready guys?  Really
>>>> surprised no one mentioned it. It was Windows F-ing
>>>> Firewall!!!!!
>>> 
>>> Good to hear that you could find and solve the problem.
>>> 
>>> (Off topic:)
>>> 
>>>> I HATE WINDOWS!!!!!!
>>> 
>>> What I can't quite understand is, how one can "hate" Windows or
>>> its "F-ing" firewall, if they just do what they were configured
>>> to do...     ;-)
>>> 
>>> When setting up the Windows Firewall, I normally only create
>>> rules for specific (TCP) ports, not for specific executables,
>>> so that the firewall allows connections to a TCP port
>>> regardless of what the name or path of the executable is.
>> 
>> Actually, as surprising as it can sometimes be, I find that the 
>> Windows firewall is better than iptables *because* it /can/ do
>> things like this. You can make your system a bit safer.
>> 
>> For instance, if your server is compromised (yes, I know, once
>> you're owned, you're owned) and the attacker installs some
>> malware of some kind, that malware will not be able to bind to a
>> port or even make outgoing connections, even on "standard"
>> outgoing ports -- for instance HTTP.
>> 
>> Lots of malware connects to external C&C servers to give
>> instructions, and the Windows wirewall makes it easy to prevent
>> that from happening even when ports like 80 are used -- and
>> typically left wide-open on servers.
>> 
>> - -chris
>> 
> 
> +1 chris, and for these reasons/features (and more), I LOVE WINDOWS
> (SERVER 2008)!!! :)

It's firewall notwithstanding, Microsoft Windows is a really terrible
server OS. At least Powershell gave admins the capability to do things
without having to use a GUI for every damn thing, but there is just
too much BS in a Windows box for me to ever consider it for a server.

Add to that the fact that you have to pay insane license fees, though
you would also have to do that I suppose if you used SCO, AIX, etc.
Solaris, BSD, and Linux are all free and have entire ecosystems that
aren't dominated by the closed-source paradigm.

I hope things have changed, but everyone I ever knew that ran Windows
Server OSs in production had scheduled rolling-reboots of their
servers because things just tended to "work" when they did that.
Otherwise, stuff would fail with some regularity (like every 3 days).
It's not clear to be whether restarting the OS or restarting the
application did the trick -- as we all know, most Tomcat problems are
actually webapp problems. In all my time working with Linux servers,
I've never had to resort to such foolishness, nor has anyone else I
have known. I've had servers running for over a year without a reboot.
(They usually get a reboot for certain software upgrades, so
years-running servers don't really exist... or shouldn't).

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJS4dj8AAoJEBzwKT+lPKRYs5cP/0uXPMnj9IKZB0vZRYl0+sMc
/JL/SywwibmwMD4uenWg1vPDw+KTPfLCPlww74ctc0f/+OfWKOgIPuhxwg24Hcv5
K1Yk0437kBSvzQ3+Kitb8GXK0tVsmfyMYQfoJ4Hgc4ASBXb3PGzg4mR77/8RXQUp
P49oTk8LmAtklUo9J8wa0SL3WyLuC2tvAFonbAJgaMuJ3sRO+7WiBdKxyA+nF+T7
Mv5shFWjT6q7lv1XGlHWDbQ1A0KZa9hYwlMdyP4zdsw1VW7Sr/q+bvBVHnepiUbA
tw88IwlzwRRdMytCxeZiWggEESIbIw5lqiZ6jtaX7+1PxG0OkPAeP2FXjw+b1SmQ
pe5nfsmKIx+6d0SwDl/xzoWa84G4JysbkB4ERRpXYCqwfUKY2/RM3E0h41x2sD/s
/appqce7cXN3tRQNVg0tGCrXDKE5Fo/94uP1m4ZXHPm9h2Y8MgTKjoa8526UEvkQ
x7ZY0U/TG4wZb0qmOqyJLXwIRrWGLkH0bIv4vdT6/nDHrkw1HFnWVeBJa0JQxcd3
/fQuNIcgsqPiVK1Nethm5wDrprbU+oCHrCCIzu/X3mmRhPD/ttgDFZAf1GuBPss8
5qN5keX2Gdxvkhr3q6zBQqgd/HXNHIk7KXGPbEIeDgaXzWP2IiNiRwRfzQooyC8b
1vf12NVQjVnFI73VONOg
=9lOm
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to