On 03/11/06, Alexander Lind <[EMAIL PROTECTED]> wrote:
>> what complexity? >> > > RAID, kiddo. > It's more complex. It is something else that can go wrong. > And...it DOES go wrong. Either believe me now, or wish you believed me > later. Your call. I spent a lot of time profiting from people who > ignored my advice. :)
<snip longer, more detailed argument> Please allow me to weigh in that Nick is absolutely and completely right. IMHO you (Alexander) also make some valid points, but they mostly are those that both Nick and you agree on. I have learnt what Nick was talking about the hard way. Some time age, I've inherited a RAID system that then caused me so much grief, and that despite me recognizing my own limits and my limited prior RAID exposure, despite due diligence and doing my homework, despite me testing things first and trying to be as circumspect as I possibly could, things did go majorly, horribly wrong. This wasn't an OpenBSD setup, so it could be seen as off-topic on this list, but if people are interested, I'd be happy to spell out to you just what is wrong with commonly found current RAID "technology". (Part of this actually does have a remote relevance to OpenBSD as it was a picture book example of just why Adaptec is the scourge of system administrators everywhere. All of you know this, of course, but doesn't it always feel great to be vindicated?) Repeat after me: "Complexity is the worst enemy of security. Secure systems should be cut to the bone and made as simple as possible. There is no substitute for simplicity." (Schneier) RAID is wonderful in theory. But it ain't so easy to escape bad RAID products. It can be difficult to avoid RAID pitfalls. RAID can be surprisingly hard to get right and unexpectedly easy to screw up. You'll remember Nick when a screwed up RAID setup bites you. regards, --ropers
