From garden-sender@net.bio.net Thu Jun 3 21:00:45 1993 Received: from net.bio.net by fido.wps.com (5.67/1.34) id AA05827; Thu, 3 Jun 93 21:00:37 -0700 Received: by net.bio.net (5.65/IG-2.0) id AA03207; Thu, 3 Jun 93 21:00:33 -0700 Received: from relay1.UU.NET by net.bio.net (5.65/IG-2.0) with SMTP id AA03174; Thu, 3 Jun 93 21:00:27 -0700 Received: from cygnus.com by relay1.UU.NET with SMTP (5.61/UUNET-internet-primary) id AB22755; Fri, 4 Jun 93 00:00:35 -0400 Received: from wired.com ([140.174.73.194]) by cygnus.com (4.1/SMI-4.1) id AA09747; Thu, 3 Jun 93 21:00:15 PDT Received: from qm.wired.com by wired.com (NX5.67c/NX3.0M) id AA10936; Thu, 3 Jun 93 20:52:55 -0700 Message-Id: <9306040352.AA10936@wired.com> Date: 3 Jun 1993 21:02:18 U From: "Will Kreth" Subject: Request for Proposals To: "The Little Garden" Status: OR Subject: Request for Proposals Request For Proposals (RFP) Wired magazine is now accepting proposals for a consultant to assist in creating an enhanced network architecture. The proposal should address methods of installation, as well as estimated build-time and costs involved. The proposal items may be bid upon either separately or collectively. Wired will be purchasing a UNIX machine to run the services on. Additionally, within six-months, Wired will move to either 56K leased-line (ADN) or ISDN connection to Toad Hall. Wired is a predominantly Mac-based site. At a minimum, these are the structures/services that we wish to implement: *Set-up of a mail-server. Installation of PoP. *Knowledge transfer of basic mail-server maintenance and modification processes to Wired's Online Director (currently, Will Kreth). The Online Director should have full-access to all scripts necessary to keep WIRED.COM up and running. No lock-outs or proprietary passwords. *Wired staff will be using tools such as NCSA Telnet, WAIS, WorldWideWeb, Gopher, Archie, Veronica, etc. Any special suggestions/considerations regarding reliable multi-user access to these tools over our Ethernet LAN should be included. *Adequate security safeguards from crackers. Any need for sub-contracting out any of the duties involved or necessary acquisition of non-"off-the-shelf" software/hardware should be expressed up-front in the bid. Our goal is to create a robust foundation for Wired's future Online Services division - as well as providing Wired's editorial department a reliable route the resources of the Internet. Additionally, we are also open to constructive suggestions for ways in which Wired can augment its current plans with other useful tools or services for the staff of Wired and Wired readers in general. Send proposals to all of the following addresses by June 15th: will@wired.com jane@wired.com louis@wired.com thanks in advance- --------------------------------------------------------- Will Kreth Online Director info@wired.com Wired Magazine 544 Second St. SFCA 94107 USA +1-415-904-0660 [vox] +1-415-904-0669 [fax] --------------------------------------------------------- From garden-sender@net.bio.net Fri Jun 4 21:24:38 1993 Received: from net.bio.net by fido.wps.com (5.67/1.34) id AA00511; Fri, 4 Jun 93 21:24:26 -0700 Received: by net.bio.net (5.65/IG-2.0) id AA18009; Fri, 4 Jun 93 21:24:12 -0700 Received: from relay1.UU.NET by net.bio.net (5.65/IG-2.0) with SMTP id AA18003; Fri, 4 Jun 93 21:24:10 -0700 Received: from cygnus.com by relay1.UU.NET with SMTP (5.61/UUNET-internet-primary) id AA22943; Sat, 5 Jun 93 00:24:27 -0400 Received: from wired.com ([140.174.73.194]) by cygnus.com (4.1/SMI-4.1) id AA02485; Fri, 4 Jun 93 21:24:07 PDT Received: from qm.wired.com by wired.com (NX5.67c/NX3.0M) id AA11915; Fri, 4 Jun 93 21:16:48 -0700 Message-Id: <9306050416.AA11915@wired.com> Date: 4 Jun 1993 21:25:41 U From: "Will Kreth" Subject: Revisions to Wired's RFP of To: "The Little Garden" Status: OR Subject: Revisions to Wired's RFP of 6/3/93 Revisions to Wired's RFP of 6/3/93 The award will be granted to the proposal with the most cost-effective, functionally sound and architecturally open (ie: truly extensible) features that will afford future growth for WIRED.COM. Wired will be purchasing the UNIX machine. This is not to be included in the bid. Wired's mention of future plans of installing either a 56k leased-line or ISDN link to Toad Hall appeared in the RFP for the purpose of alerting all who make proposals that any solutions should simply take this into account. We will be upgrading to one of these services _after_ the initial work is completed. Projected start-date is July 1, '93. ----------------------------------------------------------- Will Kreth Online Director info@wired.com Wired Magazine 544 Second St. SFCA 94107 USA +1-415-904-0660 [vox] +1-415-904-0669 [fax] ----------------------------------------------------------- From will@wired.com Thu Jun 24 18:00:20 1993 Received: from tlg-gw.wired.com by fido.wps.com (5.67/9999.1) id AA01932; Thu, 24 Jun 93 17:59:57 -0700 Received: from qm.wired.com by wired.com via SMTP (920330.SGI/911001.SGI) for tomj@wps.com id AA01731; Thu, 24 Jun 93 18:02:47 -0700 Message-Id: <9306250102.AA01731@wired.com> Date: 24 Jun 1993 18:01:05 U From: "Will Kreth" Subject: Re: revised proposal To: louis@wired.com, "Tom Jennings" Status: OR Reply to: RE>revised proposal We've got a UNIX capable external CD-ROM drive that we can borrow from the SGI, and a SCSI tape back-up for the Macs that we can also borrow. So, that should reduce the hardward costs a bit. -------------------------------------- Date: 6/24/93 5:55 PM To: Will Kreth From: Tom Jennings Received: by qm.wired.com with SMTP;24 Jun 1993 17:54:59 U Received: from fido.wps.com by wired.com via SMTP (920330.SGI/911001.SGI) for louis@qm.wired.com id AA01710; Thu, 24 Jun 93 17:53:56 -0700 Received: by fido.wps.com (5.67/9999.1) id AA01924; Thu, 24 Jun 93 17:50:42 -0700 From: tomj@wps.com (Tom Jennings) Message-Id: <9306250050.AA01924@wps.com> Subject: revised proposal To: louis_rossetto.get#u#wired@qm.wired.com, will_kreth.get#u#wired@qm.wired.com Date: Thu, 24 Jun 1993 17:50:40 -0700 (PDT) X-Mailer: ELM [version 2.4 PL21] Content-Type: text Content-Length: 10803 Proposal for WIRED internet interface/mail box Tom Jennings, tomj@wps.com voice 552-8156 revised 24 June 93 to: Louis Rossetto, louis@wired.com Will Kreth, will@wired.com This proposal covers specifying a computer for WIRED's own purchase (not resold through me), installation of the required basic software (Unix, etc) and customization to support WIRED's needs (below), and finally, documentation and complete "knowledge transfer" to WIRED employees so that WIRED can handle all routine maintanance and operation. What follows is an expansion of some detail, with prices, and a summary at the end. WIRED'S NEEDS: * A reliable link between the internet (via the little garden) and WIRED's internal network. * Adequate security to prevent cracking. (See note(1) below.) * A complete email (SMTP) setup with easily configurable aliases, mailing lists, etc. **** Interconnection to WIRED's existing LAN email software needs to be better defined; mainly I just don't know what it is. This proposal does NOT include time to port or interface to the existing mailer. It's probably not a Big Deal; we will just have to go over it separately. NOTES: (1) The specific services your provide (mail only, gopher, ftp, anonymous ftp, etc) directly affect the security setup. Fewer services, fewer hassles, fewer security holes, less setup work from me. I'll assume that you want gopher and anonymous ftp. I will also assume you want full anonymity for WIRED staff (eg. "editor@wired.com" can be pointed to any email address in an undetectable fashion.) Finger will be changed so that it will provide the user with a pre-determined text file, rather than a compromising security hole. HARDWARE: I realized your RFP specifically said not to spec hardware; however I take this to mean you want to avoid getting taken on twice-resold markups. The prices I quote below are "my cost" from Toptek (Taraval, San Francisco, 564-3500) and should be quite competitive. Toptek will exchange no-questions-asked on faulty hardware and have good support. While you should feel free to look at other hardware and prices, since the functions you want (email, gopher, etc) pretty much requires unix, and therefore affects the hardware, there is a strong interrelation between them. It looks like a 486-based pclone is the choice based upon both economics and performance. The following machine is more than adequate for your needs today (given above) allowing for expansion. If more resources are needed in a linear fashion, say disk or memory, they can be added to this box. If more functionality is needed, such as graphics, I'd strongly suggest obtaining another box tuned for this purpose; the mailbox machine should remain mostly user-free, as many people will be relying on it continuously and increasingly. Intel 80486, 50MHz 16 MB ram 540 mb SCSI disk Ethernet interface serial interface Adaptek SCSI adapter (the "good" adapter) VGA screen with white 14" monochrome adapter Keyboard, case, power supply, etc Total system cost: $2940 THIS DOES NOT INCLUDE: * SCSI tape backup system * SCSI CD-ROM drive (Tape system price: $~550) An adequate tape backup system is *required* for any reasonable system. If you don't have a SCSI tape of recent vintage (some older ones don't support modern SCSI commands, and other technical distractions) there are two choices -- get a new tape drive, or possibly hack the tape driver to accomodate the older drive. Likely it will work as-is. The CD-ROM drive is required only to read the unix distribution CD-ROM (I'm getting ahead of myself; see below). I have not priced CD-ROM drives with SCSI interfaces (1) hoping that you already have one and/or (2) the prices can be found from any issue of COMPUTER SHOPPER or equiv. I would strongly suggest 300 mb as the smallest usable disk; this would leave you 50 -- 100 mb disk space. 540 mb would leave you approx. 300 mb free. If later you needed much more (image libraries, whatever) you could add another disk drive internally. A 1.3 gb (1300 mb) drive costs about $1200 -- $1500 (seems to change daily :-). Adding this as a second drive is very feasable, for a total of ~1900 mb. While you could probably run adequately in 8 mb RAM, you will quickly outgrow it. This machine will be expandable to 32 mb RAM. 16 is "more than enough" for email, gopher, ftp, etc. Memory is about $40/mb today. Note that memory must be added in 2X increments; if you have 16 mb, you can add another 16 mb only, not 4 mb, etc. Lastly, a decent color monitor runs arund $400, while decent monochrone VGA about $150. There is no need for color on this machine, and will only invite extraneous use (see SOFTWARE, below). SYSTEM SOFTWARE I suggest BSDI (Berkeley unix 4.3 for the Intel x86 family). While 386BSD is "free", it is still hackish, and there is no support other than your local hacker (me :-). BSDI is reasonably priced, has good support and comes highly recommended from users that I know. Pricing is as follows: BSDI, complete will all sources: $995 BSDI, executables only: $495 Later upgrade, executables to sources: $600 Really, there's no great need for the sources here; in spite of current unix fashion, you want a turnkey box, free of extraneous hackery. While some specific things (such as drivers) might need recompilation, they can be dealt with easily and at no or very low cost one by one. Likely, none will be needed. BSDI comes on a CD-ROM, hence the need for the drive. It can also be obtained on 8mm or 1/4" tape. If you end up buying one of these, and don't have a CD-rom, this may be an option. Just fuel for the fire. I would suggest installing the "X" windowing package on this machine. While it loves to eat memory (hence the 16 mb suggested over 8 mb) the functionality is worth it. A major side effect of choosing a monochrome monitor over color is to discourage in-house fiddling on the pretty screen. This machine should be a boring, reliable workhorse. A monochrome bit-mapped "X" screen is more than adequate for maintenance and operation, but probably not snazzy enough to encourage the moving of various projects to, incrementally, over time... CUSTOMIZATION: Most of what I know you need, email setup, anonymous ftp, gopher, etc, can be done using very standard tools and very standard scripts and text files. I am quite a fanatic about using standard tools to do standard jobs, which avoids performance, documentation and relabiility problems, right from the start. ** The Internet/Little Garden link will be on this machine, hopefully using a Zyxel 1496-E modem. I will make this a reliable link with the following characteristics: * Link automatically reestablished in case of loss * The phone call is made from the Toad Hall end, to avoid the outgoing call business rate * Inability to establish link causes notification of selected people. ** While I will certainly document the details, and put commonly changed files like mailing-list list etc in places where they can be easily edited by Will, beyond this will require some basic Unix knowledge. ** There is an excellent "how to use" book on Unix written by O'Reilly & Associates. It assumes you are smart, know how to use some computer stuff, and covers basic unixisms but doesn't try to make a wizard out of you. Most of the security issues you have are not spectacular, and just require careful work. Some of the glaring holes such as the infamous "finger" command can be turned from liabilities into assets: for example, any 'finger' command to my host simply returns a canned text file, in which I put basic contact info, much like a business card. "For informatin on X, see Y..." etc. None of this "root idle for 10 minutes in directory /secrets" crap! Mail aliasing can be done with scripts to hide the aliased-to name, so that poking around in SMTP will not reveal the person under the post. Note that while it's reasonably straightforward to set up a secure system, maintaining it that way is the hard part. Changes made six months later need to adhere to the basic security guidelines set up originally. This is how most systems get screwed up. (Besides the obvious password problems.) ** Unix generates (and can be made to generate more) useful logging information; which if no one uses, is wasted, and possible problems will be missed until they turn into disasters. One solution I suggest which I use on my system is to daily email critical log files to the 'root' or whatever system-administrator user. It takes me almost no time (say 3 - 4 minutes) to read through the logs every day. Most errors are routine; some remote system down, so that an email message is deferred, etc. It turns a hated, put off and mind-numbing job into something you glance at in the "morning" to get started. ** I will also install the "TCPD wrapper" security device. This is a small program that is silently inserted "in front of" all outside-available services, and logs each access. For instance, I log all telnet, ftp and finger accesses. Sometimes I see surprising things. They add no overhead and consume no resources. I would suggest buying a bunch of the O'Reilly & Associates unix books. They run about $25 each. Since you'll have the damned box in your building you should have dox for it, even if you plan on using outside consultants for deep system work. MY LABOR: * Sit with WIRED staff and write down needs and specifications (2) * Install basic system software (6) * Standard customization (sic) of unix mail, etc (4) * Install and test reliable network modem link (6) * Additional customization: (6) * Added security wrapper * Clean, hidden aliasing * Setting up users * Documentation and familiarizing WIRED staff (4) with it's operation * 8 Hours of additional time in the month following (8) final acceptance. * Connection to existing email system not included so far. It may be a simple job, we just need to determine that. Assuming we end up working together, we need to predetermine how to handle contingencies. Tuning and such within the first month or so is likely; likely 8 hours is enough for this. Unless we work something else out, I propose that additional hours be billed at $35 per hour, two hour minimum unless otherwise arranged ahead of time. We can do this fixed-price or hourly. I estimate 36 hrs total work, including the additional 8 at the end. Here's my two offers: Fixed price: $1700 Hourly: $50/hour SUMMARY: HARDWARE: $2940 SYSTEM SOFTWARE: $495 Sales tacks: $291 ------- Total tangibles: $3726 LABOR: $1700 (fixed or estimate) ------- TOTAL: $5426 -- end -- Tom Jennings -- tomj@wps.com -- World Power Systems -- San Francisco, Calif.