Ir al contenido principal

Ralsina.Me — El sitio web de Roberto Alsina

Rant: The problem with expensive linux

I al­ways liked SuSE's Lin­ux dis­tros. They even used to mail me a box ev­ery now and then when there was code of mine in it. It al­ways seemed nice­ly done, and well in­te­grat­ed. Of course I on­ly used it as a work­sta­tion.

Re­cent­ly, I had the dis­plea­sure of in­stalling a SLES9-based serv­er for a clien­t.

I say dis­plea­sure, be­cause it was by far the worse ex­pe­ri­ence I had with any Lin­ux dis­tri­bu­tion ev­er. It was worse than the time I had to in­stall openl­dap on a P2 with gen­too that was con­nect­ed to the in­ter­net over a 56k di­alup and had on­ly 100MB of free disk space.

And that one was a scream­er!

What were the prob­lem­s?

Well, for starter­s, it was a pun­ish­ing throw­back to the times of pro­pri­etary soft­ware in­stal­la­tion.

I in­stall it. Ok.

I try to up­date it. Not Ok.

The prob­lem? You need to au­then­ti­cate to the servers in or­der to get the up­dates. And there is no user/­pass­word any­where in the box. You have a se­ri­al num­ber (in a word file in­side a CD, not on a stick­er), and no ex­pla­na­tion on how to go from one to the oth­er.

It turns out you have to call Sup­port to get the auth data, and that de­pend­ing on how you do it you get da­ta that lets you ac­cess to the nov­ell servers or the suse servers (and not the oth­er).

Then, af­ter we got that (48 hours on tech sup­port­), I start in­stalling the soft­ware I need.

The mis­sion of this serv­er is sim­ple. It's a mail for­ward­ing serv­er. It han­dles out­go­ing mail, and it stores in­com­ing mail for a few min­utes un­til a CRM soft­ware (in win­dows) grabs it via POP3.

I can do such a serv­er on Cen­tOS, De­bian, (hel­l, yes, even gen­too) in about 2 hours with­out count­ing in­stal­l+up­dates, in­clud­ing mi­gra­tion of old da­ta.

I in­stall post­fix and imapd (I think it's wu-imapd, which suck­s, BTW, but the al­ter­na­tive was cyrus, which was gross overkil­l).

It seems to work. But the CRM can't fetch the mail. Out­look can, though. What the hel­l?

Well, SuSE de­cid­ed to dis­able plain lo­gins for POP and IMAP over non-SSL con­nec­tion­s. And there is no way to en­able it.

Since that's the on­ly kind of con­nec­tion the CRM will do, it will not work.

Mind you, in this case, it is ab­so­lute­ly no se­cu­ri­ty risk what­sow­ev­er, since the mail serv­er and the CRM are seg­re­gat­ed from the user's net­work...

Ok, I will in­stall couri­er-imap, which is bet­ter any­way. But it's not on SLES9 CD­s, and the RPMs on the web are for ev­ery oth­er SuSE and not SLES9. So I had to build it my­self.

That is, of course, be­cause there is no free repos­i­to­ries for SLES9. You have what comes with it, or what you can build your­self. Any­thing else, you are SOL.

The same thing hap­pened for al­most ev­ery­thing I want­ed to in­stal­l. Ei­ther it was not there, or it was for some oth­er SuSE, so it was time to com­pile a RPM again.

It was like Gen­too, on­ly with­out the au­to­mat­i­cal de­pen­den­cies, and with no hope for fu­ture se­cu­ri­ty up­dates un­less I build them my­self.

At that point I was al­ready telling the cus­tomer that maybe I could just in­stall Open­SUSE, which was free and would not have these prob­lems (hel­l, I would even get ap­t4­suse and avoid the damn nov­ell server­s).

Of course that means they would be a few hun­dred dol­lars poor­er for no good rea­son.

But any­way, it took me rough­ly 3 ex­tra days to set this up, which made me ac­tu­al­ly lose mon­ey on the gig. ANd I lost the time in the most pa­thet­ic way, sit­ting in a cus­tomer's of­fice wait­ing for tech sup­port, watch­ing my mon­ey go away.

That had nev­er hap­pened to me be­fore. I must say I am pret­ty dis­ap­point­ed.

But what was the root of the prob­lems here?

  • There is no free SLES clone like Cen­­tOS

If there were, then there would be 3rd par­ty re­pos. The cus­tomer would still have bought SLES9 be­cause they are sup­port groupies, but my life would have been eas­i­er.

Of course, it would prob­a­bly cut in­to SLES sales, but hey, that is not my prob­lem, is it?

  • Nov­ell Ar­­gen­ti­­na tech sup­­port sucks for Lin­ux.

The guy on the phone lit­er­al­ly had no idea what I talked about when I asked about how to get in­to YOU to up­date the box.

But don't wor­ry Nov­el­l, I heard Red Hat Ar­genti­na's is quite bad too.

If you re­al­ly want SuSE, buy a reg­u­lar one, the ones with pub­lic FTP repos­i­to­ries, and avoid trou­ble. Or get Open­SUSE.

Me, I'm pret­ty bummed :-(

Norbert Andres / 2006-04-04 04:51:

Hi, I'm not surprised about experiences. Mine were pretty similar.

But I also experience performance problems from time to time, crashes and I need to reboot the server regularly. In addition no java application could be started - the X-Server would crash (on a fresh installation) - probably a problem with the ATI driver or something. After removing Freetype from X startup it worked - but no real help from SUSE. The SLES9 is just a pain, unreliable, sometimes slow, but support, upgrade issues. We are currently discussing other server software (Windows, Solaris, Red Hat AS).

paul vixie / 2006-04-04 04:53:

SLES is overpowered for what you're trying to do. If you'd've considered using CentOS then you'd've been perfectly happy with SuSE LINUX 10 or OpenSuSE. All of your licensing woes are due to using a distro that's designed to help with problems you aren't going to encounter.

As the other comment describes, the lack of cleartext password support is due to wu-imapd's correct implementation of IETF's rather bizarre protocol requirements. If Cyrus lets you do plaintext passwords on unencrypted streams, then they aren't following the RFC's. But wu-imapd does allow this a as a non-default configuration, which SLES really ought to let you edit with a GUI.

Michael Radziej / 2006-04-04 04:53:

Regarding your problem with the imap toolkit of the University of Washington, you can solve this by putting these lines into /etc/

I accept the risk

set disable-plaintext 0

And plaintext login will work.

You can find this information easily by grepping for "LOGIN" in /usr/share/doc/packages/imap. I found this not overly hard to find ...

But I acknowledge that it's hard to understand why they do not put packages like cyrus into their enterprise products. The Washington imap server has a lot of major drawbacks, like not supporting multiple imap connections for a single account.

Roberto Alsina / 2006-04-04 04:54:

Re: Paul Vixie

Well, it was not my choice of software, so it is probably right that it's overkill, but it's still what Novell sold them.

However, how can it be that setting up a simple server is too difficult using it? How could I later convince this people that it's right for a more complex scenario considering the problems we had and the totally lame support?

I don't think I could. I simply don't trust the company selling the product to give me any service, and the software that comes with it is pretty much the same as on every other distro, excepting YaST.

And YaST is ... intrusive. I felt I was using AIX again :-(

phone number lookup / 2011-12-03 22:42:

this is really interesting viewpoint on the subject i might add

employment background check / 2011-12-27 23:32:

Well, the write-up is truly the freshest on this laudable topic. 

Contents © 2000-2022 Roberto Alsina