×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Consortium Roadmap Shows 100TB Hard Drives Possible By 2025

WuphonsReach Re:How about transfer rate and reliability? (178 comments)

In practice, SSDs have only 20-100x the IOPS of a similar number of spinning platter drives. Which is still a huge improvement, but not three orders of magnitude (1000x). The bigger advantage is that when you have more workers accessing the drive, latency performance doesn't dive off a cliff like it does with spinning platter drives. It instead degrades gracefully on the SSDs.

SSDs are definitely edging 15k SAS drives out of the market. SSDs do everything at 15k SAS drives can do, with at least an order of magnitude more IOPS/drive, for only about 2-4x the cost of the 15k SAS drive. And putting a writeback SSD cache in front of a spinning platter drive array is even more economical.

11 hours ago
top

How Intel and Micron May Finally Kill the Hard Disk Drive

WuphonsReach Re:What about long-term data integrity? (427 comments)

A powered-down SSD that has been written once should be able to retain data for ~10 years or so. Longer if kept in a cool place.

Nope. Most MLC SSDs will lose their data in about a year and the TLC SSDs in about 6 months of being powered off. (Don't confuse older flash media which was probably SLC with newer MLC/TLC media. Or which had larger feature sizes.)

As the size of the feature that stores your bits shrinks, so does the archival lifetime before something bad happens to one or more of the bits. That holds true for everything from tape, to hard drives, to CDs to flash drives.

yesterday
top

How Intel and Micron May Finally Kill the Hard Disk Drive

WuphonsReach Re:Empty article.. (427 comments)

Also incorrect assertion that drives don't go faster than 7200 (there are 15k drives, just they are pointless for most with SSD caching strategies available).

With Enterprise SSD drive prices hitting $1/GB (granted some are still $2-3/GB), the days of 15k RPM drives are definitely numbered. You get 50-100x the IOPS out of SSDs compared to the 15k RPM SAS drives. That means for a given level of IOPS that you need, you can use a lot fewer drives by switching to SSDs.

I'd argue that if you are short-stroking your 15k SAS drives to get increased IOPS out of the array, it's past time to switch to enterprise SSDs.

2 days ago
top

Sony Pictures Computer Sytems Shut Down After Ransomware Hack

WuphonsReach Re:How do WE fight this? (154 comments)

Using rdiff-backup, rsnapshot or rsync across the LAN via SSH in a "pull" configuration is the safest. The server pulls the files from the client PC. Alternately, you could do the above in a push configuration and limit where the origin PC can write to on the backup server. Even in a "push" configuration, I don't know of any malware currently capable of figuring out that there is an rdiff-backup script which stores data on a different server.

The server then sends files to tape / disk / offsite.

Basically - you need to have a centralized backup solution with multi-generation removable media.

For immediate restores, you pull the files back off the backup server. The next level after that is pulling files off of removable media which has been kept offsite or disconnected.

2 days ago
top

Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years

WuphonsReach Re:Microsoft Windows only (141 comments)

microsoft is one price and you get a server and tools and all the features

That's a good one, go ahead and pull my other leg while you're trying to spin that for Microsoft.

Microsoft licensing is a nightmare. Just look at the segments for the desktop operating system. Or try to figure out which version of MS Office you need and whether a volume license will save you money (and whether you'll be in compliance). The server-side is no different with the different restrictions on the different variants of Windows Server, SQL Server, etc.

(They're still a babe in the woods compared to some other vendors like Oracle, but they're trying to catch up.)

4 days ago
top

Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years

WuphonsReach Re:Microsoft Windows only (141 comments)

That meme "security through obscurity" only really applies in cases of improper reliance on "security via obscurity", once the secret is known - the system is insecure and anyone can access it.

Examples of this would be "hand rolled encryption algorithm that we hide in a black box", "secret handshakes", "back doors which are left unlocked".

4 days ago
top

BitTorrent Unveils Sync 2.0

WuphonsReach Re:FOSS solution available (60 comments)

I'd argue for Seafile as another option. It does what it says on the tin (file sharing / sync) and does it well.

about a week ago
top

Launching 2015: a New Certificate Authority To Encrypt the Entire Web

WuphonsReach Re:quick question (210 comments)

Short answer: no it's not possible to detect that with the current system

The slightly longer answer is either browser pinning of certificates, or better, DANE. With a system like DANE, it's much harder to impersonate large swathes of the domains like you can today.

about a week ago
top

Joey Hess Resigns From Debian

WuphonsReach Re:I will be changing to FreeBSD too (450 comments)

There's definitely going to be some teething pains. Which is why I'm not rolling out anything production on RHEL7 until 7.2 or 7.3 comes out next year.

But I am looking forward to having (1) log file to dig through instead of two dozen or more. And being able to easily pull that to a centralized log server (and pull is more secure then push). I'm also looking forward to not having to write monit / nagios scripts to restart services if other services restart.

about three weeks ago
top

Bounties vs. Extreme Internet Harassment

WuphonsReach Re:Longstanding Police Tactic (716 comments)

They don't need to be effective - the reason all the bigwigs get up there and smile is because it gets them re-elected. They can be shown to be tough on crime by supporting things like Crime Stoppers.

about three weeks ago
top

The Fight Over the EFF's Secure Messaging Scoreboard

WuphonsReach Re:OpenPGP (63 comments)

The problem with Perfect Forward Secrecy (PFS) in the case of GPG/PGP encrypted messages is that PFS requires two-way communication between the end-points at the start to securely transmit and agree on a ephemeral key for that session.

That's not practical in the case of sending an encrypted email/file to someone. There is no "session" to speak of. There's no two-way conversation at the start before the file/information is transmitted.

GPG/PGP is designed to defend against disclosure of data-at-rest (i.e. an email body sitting on someone's server or a file sitting on your hard drive). It just so happens that because it defends in the data-at-rest scenario that it can also help protect the contents in transit. It's very good at what it does, but trying to use it in a situation where you want PFS is a misapplication of the technology.

(So yeah... the EFF folks are idiots and are lumping together apples and oranges.)

about three weeks ago
top

Android 5.0 Makes SD Cards Great Again

WuphonsReach Re:Still a second class citizen (214 comments)

In general, if a device supports microSD cards of 64GB, they'll work fine past that point.

The original SD spec was limited in size. SDHC came out in 2006 and allowed for card capacity of up to 32GB. Most devices made in 2013 or earlier are SDHC with a 32GB limit (such as my Thinkpad T61p laptop and my Asus TF700T tablet). That means putting a 64GB card into a SDHC slot is a bad idea (it will probably corrupt the data once it tries to write past the 32GB mark).

SDXC was introduced three years later in 2009, and allows for cards up to 2TB in size. A lot of times, the manufacturers will only certify up to the size that was available when the device was released. So larger cards may very well work, up to the limits of the spec.

about three weeks ago
top

The Effect of Programming Language On Software Quality

WuphonsReach Re:I have just one word for you (217 comments)

A lot of Java boilerplate code (and not just getters/setters) can be gotten rid of with a bit of AspectJ (Spring Roo leverages this heavily). With good use of AspectJ, your java objects look like POJOs (plain old java objects) with all of the extra stuff added at compile-time by the .aj files.

about three weeks ago
top

New Atomic Clock Reaches the Boundaries of Timekeeping

WuphonsReach Re:Old saying (249 comments)

Best practice in the real world is four reference clocks or only one. With just three configured you run into the problem of ending up in the "just two clocks situation" more often then not. At which point, NTP is likely to oscillate between the two remaining good candidates (without the "prefer" keyword).

How you choose to configure NTP is a tricky art depending on how resilient you want to be and whether you have a local time source or need less then 5ms accuracy. For most situations (99% of servers), being within 500ms of the "internet time" is enough. Your goal is mostly to avoid the issue where the clock is off by tens of seconds or worse.

about three weeks ago
top

Ask Slashdot: How Useful Are DMARC and DKIM?

WuphonsReach Re:I send bulk email.. (139 comments)

I send bulk email for an opt-in list with mailman (opt in as in you have to walk in the store and physically write your email on our sign up sheet).

It's not opt-in unless you send out a verification email to the address on the sign-up sheet. You have zero guarantee that the person writing down that address has the permission of the person who receives mail at that address. That verification email should explain how you obtained the address and require action on the recipient's part in order to remain on the list. If you get no response or the recipient takes no action, you should throw away that record.

No, you're not allowed to do advertising in that initial mailing either. And those "asking permission" emails should go out sooner (within a week) rather then later (months+).

about three weeks ago
top

Ask Slashdot: How Useful Are DMARC and DKIM?

WuphonsReach Re:working as designed? (139 comments)

It breaks a few mailing (discussion, not advertising) list programs (such as my uni's one) if you send from a SPF protected address because the list server forwards it with you address in the from boxs. Other then that it works well.

Then that mailing list is poorly maintained. I belong to dozens of mailing lists on a domain with very restrictive SPF records and have never had issues.

If you allow the mailing list to forge your email address, then *everyone* can forge your email address. The better mailing list software no longer forges your email address on outbound mail.

about three weeks ago
top

Ask Slashdot: How Useful Are DMARC and DKIM?

WuphonsReach Re:working as designed? (139 comments)

SPF is all about preventing joe-jobs where someone sends out malicious email and uses your email address to do it.

With properly configured SPF records (with "-all"), you're telling all of the mail servers of the world (or the majority which support SPF) that if the email doesn't come from a select (and small) group of IP addresses that they should discard it. A message that fails SPF verification is a very bad thing in most spam software and will get a severe down-vote.

That being said, SPF is not anti-spam - it's anti-forgery. DKIM is also anti-forgery.

(Yes there are teething pains with putting SPF on your domain. But you don't have to use it. But if you can, you should.)

about three weeks ago
top

Will HP's $200 Stream 11 Make People Forget About Chromebooks?

WuphonsReach Re:No (232 comments)

My older Thinkpad T61p is around 6.0 lbs. We just got a T440s (which is Lenovo's thin version of the T440) and it's about 3.5 lbs. Macbook air units are 2.4-3.0 lbs.

(I was curious as to weights of various devices. And most of those figures don't include the weight of the charger.)

about three weeks ago
top

Debate Over Systemd Exposes the Two Factions Tugging At Modern-day Linux

WuphonsReach Re:Are you sure? (863 comments)

Eh, I'm looking forward to Systemd because it will be an improvement over init.d scripts. Especially when you have multiple services that depend on other services being up and running.

In today's world, you have to write some other non-standard script or use some other non-standard hack of the original init scripts to make sure that X starts before Y and that Z also gets notified that X restarted. That's a major pain point for anyone who doesn't depend solely on monolithic apps. Such as a mail server... (clamd, amavisd, postfix, dovecot, sogod all intertwined).

That being stated - there's no way I will roll out RHEL 7 or CentOS 7 until the 7.1 or 7.2 release (i.e. sometime in late 2015). I'm not convinced yet that systemd is fully baked yet. I have the same stance on btrfs, which is still a technology preview.

And binary logs are not a huge deal when it will make it far easier to find an event without having to look at a dozen different log files, each with a slightly different naming scheme or location. While the current log viewing tools are rudimentary, I expect that we'll see improved tools as people scratch the itches. The problem with binary logs is that people have really only dealt with Window's proprietary implementation (which is has been sucky for a decade-plus). There's no way to copy the log files off to a second server (if you can get the drives mounted) and the built-in log viewing tool is just horrible.

about a month ago
top

OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes

WuphonsReach Re:Drop owncloud (126 comments)

Try seafile - not saying they cover everything, but for file sync, it seems to work very well (and scales better then Owncloud when you have a few thousand files).

about a month ago

Submissions

Journals

WuphonsReach has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?