-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Howard,
On 1/23/14, 9:05 PM, Howard W. Smith, Jr. wrote: > On Wed, Jan 22, 2014 at 10:14 AM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >> >> Konstantin, >> >> On 1/22/14, 9:03 AM, Konstantin Preißer wrote: >>> Hi Jeffrey, >>> >>>> -----Original Message----- From: Jeffrey Janner >>>> [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, January >>>> 21, 2014 10:19 PM >>> >>>> Eureka, I finally figured it out! It was a real eureka >>>> moment, some remembrance burned its way up from my >>>> subconscious and I had the answer. Ready guys? Really >>>> surprised no one mentioned it. It was Windows F-ing >>>> Firewall!!!!! >>> >>> Good to hear that you could find and solve the problem. >>> >>> (Off topic:) >>> >>>> I HATE WINDOWS!!!!!! >>> >>> What I can't quite understand is, how one can "hate" Windows or >>> its "F-ing" firewall, if they just do what they were configured >>> to do... ;-) >>> >>> When setting up the Windows Firewall, I normally only create >>> rules for specific (TCP) ports, not for specific executables, >>> so that the firewall allows connections to a TCP port >>> regardless of what the name or path of the executable is. >> >> Actually, as surprising as it can sometimes be, I find that the >> Windows firewall is better than iptables *because* it /can/ do >> things like this. You can make your system a bit safer. >> >> For instance, if your server is compromised (yes, I know, once >> you're owned, you're owned) and the attacker installs some >> malware of some kind, that malware will not be able to bind to a >> port or even make outgoing connections, even on "standard" >> outgoing ports -- for instance HTTP. >> >> Lots of malware connects to external C&C servers to give >> instructions, and the Windows wirewall makes it easy to prevent >> that from happening even when ports like 80 are used -- and >> typically left wide-open on servers. >> >> - -chris >> > > +1 chris, and for these reasons/features (and more), I LOVE WINDOWS > (SERVER 2008)!!! :) It's firewall notwithstanding, Microsoft Windows is a really terrible server OS. At least Powershell gave admins the capability to do things without having to use a GUI for every damn thing, but there is just too much BS in a Windows box for me to ever consider it for a server. Add to that the fact that you have to pay insane license fees, though you would also have to do that I suppose if you used SCO, AIX, etc. Solaris, BSD, and Linux are all free and have entire ecosystems that aren't dominated by the closed-source paradigm. I hope things have changed, but everyone I ever knew that ran Windows Server OSs in production had scheduled rolling-reboots of their servers because things just tended to "work" when they did that. Otherwise, stuff would fail with some regularity (like every 3 days). It's not clear to be whether restarting the OS or restarting the application did the trick -- as we all know, most Tomcat problems are actually webapp problems. In all my time working with Linux servers, I've never had to resort to such foolishness, nor has anyone else I have known. I've had servers running for over a year without a reboot. (They usually get a reboot for certain software upgrades, so years-running servers don't really exist... or shouldn't). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4dj8AAoJEBzwKT+lPKRYs5cP/0uXPMnj9IKZB0vZRYl0+sMc /JL/SywwibmwMD4uenWg1vPDw+KTPfLCPlww74ctc0f/+OfWKOgIPuhxwg24Hcv5 K1Yk0437kBSvzQ3+Kitb8GXK0tVsmfyMYQfoJ4Hgc4ASBXb3PGzg4mR77/8RXQUp P49oTk8LmAtklUo9J8wa0SL3WyLuC2tvAFonbAJgaMuJ3sRO+7WiBdKxyA+nF+T7 Mv5shFWjT6q7lv1XGlHWDbQ1A0KZa9hYwlMdyP4zdsw1VW7Sr/q+bvBVHnepiUbA tw88IwlzwRRdMytCxeZiWggEESIbIw5lqiZ6jtaX7+1PxG0OkPAeP2FXjw+b1SmQ pe5nfsmKIx+6d0SwDl/xzoWa84G4JysbkB4ERRpXYCqwfUKY2/RM3E0h41x2sD/s /appqce7cXN3tRQNVg0tGCrXDKE5Fo/94uP1m4ZXHPm9h2Y8MgTKjoa8526UEvkQ x7ZY0U/TG4wZb0qmOqyJLXwIRrWGLkH0bIv4vdT6/nDHrkw1HFnWVeBJa0JQxcd3 /fQuNIcgsqPiVK1Nethm5wDrprbU+oCHrCCIzu/X3mmRhPD/ttgDFZAf1GuBPss8 5qN5keX2Gdxvkhr3q6zBQqgd/HXNHIk7KXGPbEIeDgaXzWP2IiNiRwRfzQooyC8b 1vf12NVQjVnFI73VONOg =9lOm -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
