Re: [Discuss] Mothballing Synology NAS
Actually, QNAP is probably one of the worst storage system vendors. They offer little or no support. They sat on a silent corruption bug until they were out-ed by a blogger who went public after the company's refusal to acknowledge the bug: http://www.sbsfaq.com/?p=4277 I have personally had to deal with qnap as a back-end to a ZFS storage appliance and the customer kept getting corruption errors. (He actually did have a disk failure/replacement in his raid.) We showed him the bug report. That system is now "retired." Worse yet, they don't publish the systems affected by the bug, oh no! They only published the systems NOT affected by the bug leaving you to wonder whether or not you are affected. "Is that my system? Its close, but not exact." Those small closed systems aren't worth it. A moderate ECC RAM motherboard barebones system and good SATA disks will come in at about the same price, be faster, and be more reliable. Or pony up for a real storage system with support and service level agreements. > At least QNAP offer to one-click secure your installation with a Let's > Encrypt cert through their SSL management plugin - even though they sell > certs through the the same plugin/admin interface. > > (ed. note: TLS/SSL does not prevent Spectre / Meltdown - it's just an > indication that QNAP are not 'crap' vendors if you consider Let's Encrypt > free certs the 'right thing' to do.) > > Greg Rundlett > https://eQuality-Tech.com > https://freephile.org > > On Mon, Feb 5, 2018 at 3:07 PM, Greg Rundlett (freephile) < > g...@freephile.com> wrote: > >> I have a QNAP TS-231 (dual bay SMB NAS) https://static. >> myqnapcloud.com/device_model/53466f86d6b82f5cd5295b28?r=1517796001 >> >> QNAP offered this security advisory on Jan. 8th >> https://www.qnap.com/en-us/security-advisory/nas-201801-08 >> >> And have released firmware upgrades since then ( 2018/01/30 ) QTS >> 4.3.3.0448 Build 20180126 >> >> However, they don't mention anything in the release notes yet >> https://www.qnap.com/en/releasenotes/ so I'm unsure if it's "in there". >> >> They advise: >> >>- Do not install applications from unknown third-party sources. >>- Do not open or run unknown virtual machine (VM) images on your >>device. >>- Do not run unknown software in Container Station. >> >> >> > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Mothballing Synology NAS
This is common across the industry. EMC, Cisco, IBM, and others have said basically the same thing. I would dump synology because its crap, but not because of that. > The Meltdown and Spectre vulnerabilities were publicly disclosed 3 > January. > > Synology posted their own security advisory 5 days later on 8 January > listing these vulnerabilities as moderate "because these vulnerabilities > can only be exploited via local malicious programs." As if there were no > ways for "local malicious programs" to ever be installed or injected. > > As of 4 February, a month after the initial disclosure, Synology have > yet to release fixes for these vulnerabilities. > > I will be mothballing my Synology NAS box as soon as I get a replacement > for it up and running. I have the parts. I just need to assemble and > test them, install an OS, and move the drives. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Specific RedHat kernel: kernel-3.10.0-327.62.4.el7.src.rpm
I need a specific redhat kernel to patch an appliance that is out of support. Does anyone have it? kernel-3.10.0-327.62.4.el7.src.rpm ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] 3D Printers
I've had the 3D printer working for about a week now, I have to say its interesting. Some of my friends at work and I have been thinking about this.. Are they a fad or a technology with a big future? I'm still not sure. Yes, they can make a lot of things, but the pieces will never be cheaper than mass production. They will probably never have the "quality" of a molded plastic. Then there is "plastic," metal would be nice. So assuming plastic only.That has a wide range of application, so maybe that's enough? One thing I did print was a Raspberry PI project box. it only took 4% of a 1kg roll of filament. The filament was on sale at Microcenter for $14.99. The box cost about $0.60 in materials, and maybe 5~10 cents of electricity. It 10 hours to print. About 5 hours for the top and the bottom. I also printed a camera holder for the Raspberry PI camera, probably $0.05 worth of filament. So, it may make sense for people like me who like to build things. > I recently bought an ANet A8 3D printer for 163.99 (a week ago counting > shipping) > > www.gearbest.com/3d-printers-3d-printer-kits/pp_343643.html?currency=USDhttp://www.gearbest.com/3d-printers-3d-printer-kits/pp_343643.html?currency=USD=760163=CJLTpfywoNMCFduEswoddZsDaw=760163=CJLTpfywoNMCFduEswoddZsDaw > > I am currently printing stuff right now. Its kind of cool. I have a number > of thing I want to print, but it will take days to get them done. 3D > printing is not terribly fast. > > A co-worker of mine dismissed 3D printers as gimmicks and while I sort of > agree, I think the technology is interesting. Here is one issue that drove > home the issue for me. > > I was trying to set up a raspberry pi camera as a web cam. I was double > sided taping the camera to a box. Then I asked myself, "I bet > thingiverse.com" has a 3D cad of what I want, and, of course, they did!!.I > printed the camera mount. Easy. > > This technology is in its infancy. It has so much potential. Anyone else > have a 3D printer? > > > > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] KVM, virt-manager, and CentOS7
> On Thu, Feb 09, 2017 at 11:40:28AM -0500, ma...@mohawksoft.com wrote: >> Here's the problem with all this. >> >> 8 characters for a name. Yes, in a hypothetical sense you have >> 2.183401056×10^14 possible passwords if you use 8 ascii alpha/numeric >> characters with no punctuation characters, but the vast majority of that >> space are random strings not suitable for nicknames or meaningful >> identifiers. For instance, I can't see that any remaining meaningful >> permutations of "john smith" could possibly be left. How many email >> addresses do they assign a year? How many back-logged names did they >> create at first? > > Let's call it 26^8 or so: 208 billion. Actually, 62^8, [a-zA-Z0-9]{8} > > The real problem is the lack of human meaning and the fact that > names are usually longer than 8 characters. > > How many do they assign a year? Roughly a freshman class worth, > plus maybe a hundred more? So 1200ish. > > John Smith is out of luck. So is Elizabeth Jones. But still, they probably > have better options than "bb30...@binghamton.edu" -- the login I was > assigned so many years go, can still remember, and have absolutely no > use for. > > -dsr- > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] KVM, virt-manager, and CentOS7
Here's the problem with all this. 8 characters for a name. Yes, in a hypothetical sense you have 2.183401056×10^14 possible passwords if you use 8 ascii alpha/numeric characters with no punctuation characters, but the vast majority of that space are random strings not suitable for nicknames or meaningful identifiers. For instance, I can't see that any remaining meaningful permutations of "john smith" could possibly be left. How many email addresses do they assign a year? How many back-logged names did they create at first? When an alum dies, does their email address become available? > Dan Ritterwrites: > >> On Wed, Feb 08, 2017 at 10:24:54AM -0500, Derek Atkins wrote: >>> Eric Chadbourne writes: >>> >>> > Off topic, warl...@mit.edu, is the best email ever. >>> >>> Thanks. I've had it since 1989. >> >> MIT trivia: once you have a username, you can't change it. >> >> http://mitadmissions.org/blogs/entry/dont-screw-up-your-username > > Only mostly true. I know a handful of people who successfully changed > their usernames. It's rare, and only done in extreme circumstances. > But it *can* be done. > >> -dsr- > > -derek > > -- >Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory >Member, MIT Student Information Processing Board (SIPB) >URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH >warl...@mit.eduPGP key available > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] KVM, virt-manager, and CentOS7
Has anyone played with virt-manager and KVM on CentOS 7 lately? I was surprised by a lot of the things that were difficult or at least arcane in previous releases are fairly trivial now. For instance, a few years ago, bridged networking was a fairly poorly documented procedure of setting up a bridge, setting up the virtual lan, virtual adapters, etc. Now, its just a setting on the network adapter when you add it. I think I can easily step away from VMWare. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] NAS: encryption
From: John Abreau [mailto:abre...@gmail.com] Edward Ned Harvey (blu) b...@nedharvey.com writes: You seem to think there's an obstacle which isn't really real - Encryption is very cheap computationally, so cheap indeed it can be done by the disks themselves. Â On Tue, Jul 7, 2015 at 1:14 PM, Derek Atkins warl...@mit.edu wrote: I don't trust my disks to do the encryption, mostly because there's really no way to verify that it's doing it correctly, and the key management gets a lot harder. The way I read it, the message wasn't that you should trust the disk to do the encryption; it's that encryption has very low overhead today, and the reference to disk-based encryption was merely to illustrate that point. It seems silly not to trust the disk to do encryption, when you'd trust some software that you equally haven't decompiled and inspected. The difference is that with open source software, specifically the crypto library in openssl, because that's how people get FIPS certified, many people do audit the code. Maybe not you, but many, and the fact that we have so many CVE notices means that people are. Did *you* verify the crypto had no holes? That the random number generator had enough entropy? That the proper key length was used, and so on. No, you didn't, but many people have, and most importantly, have the ability to inspect this. The problem with internal drive encryption is getting any level of disclosure and accountability. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] NAS: encryption
On 7/8/2015 3:19 PM, Chuck Anderson wrote: Sorry, I call BS. My point was that having access to source code is a prerequisite. If you don't have access to the source code, it becomes MUCH harder to audit because you are limited in the techniques you can use, such as black box testing. If you have source code, you can read the code and try to understand what it is doing. This is why I say you don't have the qualifications. Access to the source code isn't worth nearly as much as you seem to think it is. There are classes of vulnerabilities like insecure compiler optimizations that are impossible to detect by examining the source code even when you do understand what the code is supposed to do. On the other hand, no-source techniques like black box testing work whether or not you have the source. This is why my answer to your next question is... And do you think we would know about those instances if the code/standards were closed? ... yes, we would. Everyone, step back and think about encryption. There are a lot of moving parts. Take for instance, the AES encryption algorithm. This is a known quantity and you can trust that it works when given any two independent implementations of it can encrypt/decrypt. That's just the beginning. The next step is your key value. Is your key sufficiently random to really get the benefits of the encryption? How do you know? Does your key generation use /dev/urandom, /dev/random, some neat hardware entropy generation? If your key is not sufficiently unpredictable, then no matter how good the encryption algorithm is, it will break if the attacker knows about your key vulnerability. Next, how safe is your private key? Why use brute force when the key can be had by bad programming? trusting that a closed system like encrypted hard disks is probably OK, but if you are paranoid, it isn't. We should all be paranoid. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
From: ma...@mohawksoft.com [mailto:ma...@mohawksoft.com] From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On Behalf Of ma...@mohawksoft.com says give ZFS whole disks, which is stupid. Mark, clearly you know nothing about ZFS. Think what you wish. Maybe I'm not explaining the problem You're explaining your thoughts well - it's just that you're saying a lot of things that demonstrate lack of understanding of ZFS. This is something you've said, but you haven't pointed to anything that is incorrect. I really hate when people bring a personal pejorative to a technical discussion. The problem I have had with ZFS and its supporters is that they don't accept their baby is is not perfect and I raised real issues that real users have, and sink to making it personal, so be it. Yes, if you put an SSD on the ZIL, you can improve performance, and there are a host of tricks you can use. If I have not stated it, I will state it now, ZFS has some features that make it a great system for a broad set of applications, but it does have issues related to performance and resource usage that make it unsuitable for some classes of applications and/or environments. To deny this would be *you* having a lack of understanding of ZFS or systems design. Normally I like to react to those kind of things in a helpful manner, but for 1, you're certainly writing the stuff much faster than I have time to react to, and for 2, based on a zillion similar things you've written here before, I believe you have some kind of personal bias that I don't understand, It isn't personal bias to debate the pros and cons of a system. I'm sorry if I offend people if I barbecue their sacred cows. ZFS is just a thing and for the class of systems and environments I deal with, some of its behaviors run against the design criteria of the rest of the system. A database-like system that manages its blocks and data integrity will generally show a degradation in performance on ZFS. some kind of personal resentment for zfs. I don't think anything I can say is going to change your mind about anything, so it would also be a waste of time for me to react to your zfs comments for your sake. (1) If someone could point me in the direction of documentation on how to get ZFS to update file or zvol blocks IN PLACE, i.e. without going through the ZIL, then cool, I would really find that helpful. (2) If someone could point me to a property of a ZFS pool to favor re-use of storage blocks rather than expanding the footprint of the zpool usage on the device, I would find that very helpful. Both these behaviors REALLY REALLY impact enterprise class systems. Saying you are doing it wrong is not an answer because #1 is a problem for highly performant data systems and #2 is a problem for IT in corporations that run SAN environments which use space-efficient (thin provisioned) volumes. I personally believe each tool is a tool, and has characteristics different from each other, and based on those characteristic differences, each tool is better for certain situations. But as I mentioned, there's *almost* no situation I can think of where I would choose lvm over zfs. First, on Linux, currently, ZFS does not cluster across multiple systems, so there's one instance. That means you can't create fully redundant applications on Linux using ZFS. That combined with my previous issues, really move ZFS out of the running for a host of enterprise class applications. I only want to tell people don't listen to what this guy says about zfs. Now, I seriously take offense too this. If I were to say, Edward Ned Harvey is an idiot, on the internet, that's bad because it cached and searchable on google for the rest of time. The ad-hominem attack is the lowest form of debate and a clear sign that the person using it has no real standing in the discussion. You do not know me and have no idea what I do or do not know about anything, and nothing I have written about ZFS is fundamentally incorrect at this point in time. You don't even bother to debate it, you just sink to using insults. Are you comfortable with that level of discourse? I dislike it. Saying You are wrong about XYZ, here's why means that you can be respectful and have a proper discussion. Saying I want to tell people don't listen to this guy is a personal attack. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
On 3/12/2015 8:46 AM, ma...@mohawksoft.com wrote: (1) If someone could point me in the direction of documentation on how to get ZFS to update file or zvol blocks IN PLACE, i.e. without going through the ZIL, then cool, I would really find that helpful. See, this is what Ned is on about. There are two things that you've written here that demonstrate a significant lack of understanding of ZFS. NO, I understand this, really I do. First is the ZIL. ZFS always has a ZIL. On a simple system the ZIL is on the data vdevs. In a high performance pool the ZIL is a dedicated low-latency device like a RAM-based SSD (optimally a mirrored pair). But regardless, there's always a ZIL. Exactly my point, by the way. I don't want ZIL for some applications. It isn't a misunderstanding, I've looked over the code intensely looking for some way to provide this functionality. Second is that you don't tell ZFS to update in place. That's not how one does things with ZFS. Yes, I know this. Disagreeing with the way ZFS implements storage is not the same as misunderstanding it. The ZFS way is to enable deduplication and compression. I *DID* point you at these and I explicitly called out deduplication as the solution to the rampant space gobbling problem that you described. You chose to brush all of it off as ZFS is stupid. No, it isn't. I think you misunderstood what I was saying about space utilization. Consider this: You are a large cloud hosting company. You have a SAN storage system from which you allocate thin provisioned virtual luns which you then present to ESX server virtual machines. You give each customer a 2T LUN on which to install their OS of choice. The customers are billed by the actual amount of storage they use. Using a conservative allocation of disk space and in-place modification, the hosted system doesn't grow on the LUN. This is good for two things: (1) It saves the customer money because they are not paying for storage they are not using. (2) It allows the hosting company to monitor and budget hardware infrastructure additions gradually. The problem with ZFS, is that it is very aggressive at growing the pool. It assumes there is no cost to using the whole disk. Once it writes to a block, that block is pulled out of the SAN and allocated to the LUN, you can't give it back in the SAN. The number of used blocks have not really changed on the LUN, only more free space has been allocated to it. Now the customer has to pay for that and the hosting company has to add more storage to their SAN. There is no way I have found to curtail this behavior and everyone just says ZFS wants to own the disks. That's not a solution to the problem. First, on Linux, currently, ZFS does not cluster across multiple systems, so there's one instance. That means you can't create fully redundant applications on Linux using ZFS. I don't know where you picked up this idea but it's very wrong. I've designed, deployed and managed fully redundant HA systems without cluster-aware file systems. Cluster-aware file systems are just of several solutions to the problem of shared storage. Fully redundant on linux, i.e. active-active. This is not supported on Linux as of 3/12/2015. We have an active-passive solution, but that is half way toward what we want to do. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
On 3/12/2015 12:14 PM, ma...@mohawksoft.com wrote: Exactly my point, by the way. I don't want ZIL for some applications. It isn't a misunderstanding, I've looked over the code intensely looking for some way to provide this functionality. I disbelieve. Globally disabling the ZIL was an unsupported tunable from Day 1 (it was used internally at Sun to isolate different parts of ZFS for performance analysis). ZIL synchronicity was implemented as a per-dataset option in 2010. So, what is it? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
On 3/12/2015 2:04 PM, ma...@mohawksoft.com wrote: sync only controls when data is written to the ZIL, not whether or not the ZIL is used at all. Incorrect on all counts. You can read Robert Milkowski's blog (Robert is the author of this piece of code) for further details. No, I'm not providing you with any more links. If you really care then you can search for it yourself. useless ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
On 3/12/2015 1:51 PM, ma...@mohawksoft.com wrote: So, what is it? Ahahahahaha. man zfs and read. You're looking for the sync option. sync only controls when data is written to the ZIL, not whether or not the ZIL is used at all. Try again. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
On 3/10/2015 11:09 PM, ma...@mohawksoft.com wrote: There are some very good reasons to NOT use ZFS, but this isn't the discussion I intended to start. Then all I will say on this subject at this time is that your problems with ZFS seem to fall under you're doing it wrong. ZFS best practices are thoroughly documented and those documents do address your complaints about ZFS. Yes, please, oh please, put some links that describe best practices that address my complaints as there are none that anyone I have ever known have been able to find. Yes, there are some that claim to fix these problems, but not really or completely dismiss the architecture of the application. Remember, a lot of very high quality, very high performance, applications are designed to run on very thin disk layers, i.e. LVM, RAID, etc. ZFS introduces I/O, latency, memory requirements, CPU utilization, and other resource requirements that are otherwise not desirable in a product. A high performance application which is bottle-necked by I/O and I/O latency, will run faster against a raw disk than it will against a zvol or file in a zfs pool. In re Linux LVM, well, it comes as no surprise to me that the thin provisioning mechanism feels like a bolted-on hack. LVM always felt unfinished to me compared to other offerings like AdvFS, VxVM, even the volume manager that IBM created to support JFS (IBM's tools and internal consistency made up for a lot of the shortcomings in AIX). I used LVM not because it was good but because it was the only volume manager that Linux had. These days I try to avoid using LVM for anything other than basic OS volumes. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
On 3/11/2015 1:13 PM, ma...@mohawksoft.com wrote: Yes, please, oh please, put some links that describe best practices that address my complaints as there are none that anyone I have ever known http://lmgtfy.com/?q=zfs+best+practices+memory http://lmgtfy.com/?q=zfs+best+practices+database http://lmgtfy.com/?q=zfs+best+practices+sparse+volumes Again, like I said, these do not address the problems. Specifically, the post about sparse volumes says nothing about how to keep a ZFS pool from growing out of control on a sparse presented to it from a SAN. It merely says give ZFS whole disks, which is stupid. The performance best practice show how to improve performance on ZFS, but not how to make the performance on ZFS equivalent to much thinner volume management. ZFS has a lot of good qualities for a number of applications, but it is just bad for a lot of other applications. Was that so hard? Yes, because it didn't have any usable information. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On Behalf Of ma...@mohawksoft.com says give ZFS whole disks, which is stupid. Mark, clearly you know nothing about ZFS. Think what you wish. Maybe I'm not explaining the problem Commercial SAN systems provide disks as LUNs over fibre channel or iSCSI. These LUNs are allocated from a pool of disks in a commercial storage system. Ideally, a number of servers would use storage from the SAN. Each of the servers or VMs will be presented with their disks. Now, EXT2, XFS and many other file systems keep their data allocation conservative, opting to re-use blocks in-place instead of using new blocks. The problem arises when you have something like a 100 VMs, each with a 2TB LUNs, running off a SAN with only 20TB of actual storage. Without ZFS, the systems only use space as they need it. 100VMs with 2TB of logical storage each, can easily come out of 20TB as long as block allocation is conservative. When you use ZFS the 100VMs will, far more quickly than actually needed, gobble up 2TB each and force 200TB physical storage even though most of the VMs have largely free space used by ZFS. This is representative of a *real* and actual problem seen in the field by a real customer. ZFS is not compatible with this strategy, and this strategy is common and not something the VERY LARGE customer is willing to change. Also, it's clear you have an axe to grind, which makes anything you say about it take it with a grain of salt. Believe what you will, I have posted nothing but real issues that myself and other people have had. I've personally used a lot of zfs, and a lot of lvm, and there is barely any situation that I would ever consider using lvm ever again. Agreed, ZFS does a lot of things right, unfortunately it does a lot of things incorrectly and renders itself as a sub-optimal for a class of applications, specifically ones which manage their own block cache and block I/O strategy. You can make ZFS faster, but in the configuration I describe, not as fast as a simpler volume management system. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Thin Provisioned LVM
As the storage wars continue, the debate of ZFS vs LVM continues. I have been dealing with ZFS heavily for about a year now and just don't see it as a viable file system for a lot of applications that would otherwise benefit from its feature set. Specifically thin provisioned volumes for virtual machines or iscsi luns. Yes, ZFS zvols do support thin provisioning and the API is basically correct. Unfortunately, the implementation of ZFS is too resource intensive for much hungrier applications. LVM is much more light weight and has better performance in applications that manage their own journalling and data integrity (like a database). LVM has recently gained thin provisioning of volumes, but its kind of broken. You create a thin pool as an LVM volume and then sub-allocate LVM volumes out of that. So, you have the volume group, the thin pool allocated out of the volume group, and the volumes allocated out of the thin pool. I am not sure if this even makes sense. It is conceptually no different than allocating a volume out of a volume group, putting a file system on it (ETX2, say) and then putting a sparse file on it. The EXT2 file system is performing the function of the thin pool code. I think its kind of bogus. Any opinions? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
On 3/10/2015 1:03 PM, ma...@mohawksoft.com wrote: intensive for much hungrier applications. LVM is much more light weight and has better performance in applications that manage their own journalling and data integrity (like a database). The important part of the above paragraph that was omitted was: the implementation of ZFS is too resource intensive for much hungrier applications If you're getting substantially better performance with LVM than with ZFS then you've done something wrong. ZFS done right is only a little worse than bare disk speeds assuming that you have enough physical RAM for I/O cache (or dedicated ZIL and L2ARC vdevs for heavy I/O loads) and enough CPU for raidz, compression and encryption if you are using these features. I didn't want to talk about ZFS, I wanted to talk about LVM, but here we go with ZFS. ZFS takes significant amounts of memory. If you have high memory demands for your application, you will be competing with ZFS and significantly increase the cost of your application. ZFS does not update your disk in-place, i.e. it is all copy-on-write. For a vast number of applications, this works pretty well, but for database class systems that manage their file blocks, this incurs extra disk I/O and impacts performance. ZFS is a nightmare for high-end commercial storage that present thin-provisioned LUNs. It is a classic strategy to present systems with a SAN LUN that grows as it is used. ZFS does not constrain itself, it grows until it takes all available space on the lun. Even if your ZFS pool shows that it is 99% empty, it will fully use the volume. There are some very good reasons to NOT use ZFS, but this isn't the discussion I intended to start. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Raspberry PI 2
Quad Core 900MHZ CPU 1 1G of RAM Solid state storage (SD Card) DC power supply A theoretical price of $35 (currently obtainable at $45) Seriously, how is this not an ideal platform for 99% of computer projects? Why isn't one embedded in every toaster in the world? I have used a PI(b+) ind its pretty damn good. A little slow and not a lot of RAM (700MHZ single core and 512M RAM), but you could use it as a general purpose computer. Maybe I'm old, but this much computing capability the size of a pack of playing cards for $35 in quantities of one, seems like a HUGE enabling technology for a new boom in hardware products. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Raspberry PI 2
On 2/22/2015 12:11 PM, ma...@mohawksoft.com wrote: Maybe I'm old, but this much computing capability the size of a pack of playing cards for $35 in quantities of one, seems like a HUGE enabling technology for a new boom in hardware products. You're right - you ARE old! ;-) I am, for sure, but I don't think the size/power/cost/support have been present until now. The hardware and software curves crossed about ten years ago, so it's logical that the hardware devices would get smaller and more specialized. The only thing I'm afraid of is that they're headed toward appliance status, where each strawberry Pi, Pecan Pi, etc. is limited to a single burned-in capability that can never be changed. I would much rather see a hackable PI future than a locked down android/ipad/xbox future. Bill, who is contemplating Caesar's bust on the shelf and wondering how many will get the reference. -- E. William Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Linux project - WX
On 2/10/2015 12:19 PM, Nuno Sucena Almeida wrote: As you mention, weather stations hardware is still a bit on the expensive side, so for now I make do with temperature+humidity DHT22 and the barometric pressure sensor BMP180. Kids these days with their sensors and their servers. When I did weather recording I used an alcohol thermometer, a hair-tension hygrometer, and a Goethe barometer, and I recorded measurements in a spiral-bound notebook with a pencil. :) As a point: weather != climate. You won't observe any kind of climate change with your back yard weather station. Not to be pedantic, sure he will, it will just take years to see the trends. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
This is a common problem and there are some common guidelines that allow you to run your program almost anywhere. Store your passwords in an external file. The passwords must be encrypted using at least 1024 bit encryption with some sort of salt. AES is probably your best bet. The file must be readable *only* by the administrator. Do NOT roll your own encryption, use openssl. Related to my previous database questions... Normally I think of a program as trusting itself, having some integrity, maybe not even having gaping bugs or security holes. But what if I the program I am writing is talking to another, such as Postgres? Postgres has the ability to do passwords, so do I just put a password in my program source? Set Postgres to only accept local connections, and hope for the best? Seems wrong. Do I try to put both in a chroot or something? My program already has to hope that its program files are secured by the hosting OS, but at least if it isn't opening up a network port it stays a rather contained problem. (I want multiple programs talking to the database, so no, I can't just link in Sqlite.) Seems a general problem of securing interprocess communications. Thoughts? Thanks, -kb, the Kent who knows that people Google for passwords, search github for passwords, and get a lot of juicy results. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Home server
For a desktop system, I'd go debian or ubuntu. For a server, I would seriously go CentOS. Hi all, I was thinking of making a home server that will backup my photos and documents, preferably one that is scheduled. Is there any particular distribution that is better than Ubuntu for this purpose. I have a pentium D, and 2 gb of memory to work with. Also, any other suggestions of how to go about this are welcome. Thanks, Rohan -- Only a Sith deals in absolutes - Obi Wan Kenobi ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] SQL discussion
On 1/13/2015 1:39 PM, ma...@mohawksoft.com wrote: SQL is a database interface language. It was designed specifically for use with relational tables. That is part of it, true, but not all of it. No, that's the entirety of it: SQL was developed specifically for use with relational data. Period. You can argue that it's not but if you're going to do that then I suggest taking it up with the guys at IBM who designed it. Yes, the language structure was designed to facilitate relational data. This is true, but that is the last yard so to speak. The original work included representing data such that it could be relational. How to represent types of data. Specifying the language and verbs on how to find it, how to add data to the system, etc. It wasn't JUST relational. --- It's difficult to implement queries against these kinds of data with SQL. Why? Because SQL is built on two dimensional algebra. Two dimensional math cannot easily encompass three or more dimensions. That's like saying you can't represent 3 dimensions on a piece of paper. It isn't true. The number of dimensions that are represented are defined by the number of axis used. Correct? The next question is how do you want to structure your data to represent 3 dimensions? 3D arrays? Tables? what? If you want 4 dimensions, just one more axis. Such queries are much more complex in SQL than their native equivalents and they are much slower as a direct consequence of this complexity. Why? With SQL you perform multiple queries and figure out how to combine the results. With a native multi-dimensional query you perform one query and receive one result. Why must you perform multiple queries? Its all how you choose to structure your data and how you choose to query it. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] SQL discussion
On 01/13/2015 08:08 AM, ma...@mohawksoft.com wrote: -kb, the Kent who stands by his right to dislike some things and like other things. Its funny, the like/dislike thing. I have never thought of it in this way. SQL is what it is, just another technology. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] SQL discussion
On 1/13/2015 8:08 AM, ma...@mohawksoft.com wrote: I'm a software engineer and I am constantly confounded by other engineer's trepidation/apprehension/dislike for the common database. SQL databases especially. This statement of yours is a lot of it. There ain't no such thing as a SQL database yet people like you who should know better talk and write like they're real things. Those who don't know better are lead down the path of equating SQL with 800 pound gorilla database systems. They look at NoSQL/NoREL databases as alternatives because they need neither the bulk nor the expense of big RDBMS. The rest of us just roll our eyes. Semantic arguments over canonically understood terms is not a good start. When one says a SQL database, everyone knows what is being discussed. The argument that follows such a rhetorical instrument is usually just as pointless. SQL is a database interface language. It was designed specifically for use with relational tables. That is part of it, true, but not all of it. SQL is very good at this but it can be used with pretty much any underlying database technology. As I've noted before, most non-relational database vendors provide SQL bindings for their systems. Yup, no argument. On the other foot, SQL is absolutely terrible for queries against unstructured and multi-dimensional data. LOL, *everything* else is just as bad. It's difficult to implement queries against these kinds of data with SQL. Why? Such queries are much more complex in SQL than their native equivalents and they are much slower as a direct consequence of this complexity. Why? Rhetorical nonsense. Assertions without explanations. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] SQL discussion
I'm a software engineer and I am constantly confounded by other engineer's trepidation/apprehension/dislike for the common database. SQL databases especially. OK, I got it, it is another technology to learn and it isn't like we don't have too much as it is, but SQL is really something pretty great. With all the no-sql offerings, SQL is the most widely used data access API in the world many times over. Why? Because it really does work, and it works pretty well. Think about this, SQL as a data access language is everywhere. It is in your web browser, it it is in you smart phone. (sqlite) Your bank uses it, your government uses it. Your doctors, lawyers, supermarkets, and trash collection companies use it. With sqlite, you can have from a tiny embedded database to a pretty big stand-alone database. With postgresql, you can go from a small database server to an absolutely HUGE data warehouse. Now, the no-sql technologies have a place, but I find much of what people want to use them for would be better done in a SQL system. Even the no-sql technologies are gaining SQL front ends, what's the point in that? How much of this is a reluctance to learn SQL? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] SQL discussion
On Tue, Jan 13, 2015 at 8:08 AM, ma...@mohawksoft.com wrote: How much of this is a reluctance to learn SQL? Also, why do people who don't want to learn SQL seem fine learning other data access languages? That's really not the question. SQL is a multi-vendor standard data access language that scales from very small to very large. If you were an engineer in charge of project that needed a data access paradigm, wouldn't you feel obliged to learn the standard systems available before you design? It is a crucial part of engineering to know the options available and be able to weigh the pros and cons and choose accordingly. The thing about databases is that they are mature technology. Oracle, Sybase (Micrsoft), PostgreSQL, sqlite, and others have been around for a very long time and all more or less benefit from a history of research and development into the data access theory. If you are trying to understand and improve performance, you can almost certainly find a research paper on it using your database of choice. The no-sql offerings as well as the roll-your-own seldom, if ever, make things easier or faster. I have written a few data/performance intensive systems: A commercial high speed text search engine, a commercial recommendations system, A high speed session manager for PHP as well as some other apps, and there are times when SQL just isn't the right tool, but it is the exception, not the rule. Even then, SQL was used on the search engine and recommendations engine to fill in the gaps between finding the data and presenting it to the next tier. Even the PHP session manager eventually had to be able to persist sessions to a SQL database. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] SQL discussion
On 01/13/2015 02:59 PM, ma...@mohawksoft.com wrote: Its funny, the like/dislike thing. I have never thought of it in this way. SQL is what it is, just another technology. Technology is full of aesthetic considerations! Macintosh vs. Windows, IOS vs. Android, emacs vs. vi, Pascal vs. C, AC vs. DC. There are plenty of technical discussions that can be had here. Yes, there are concrete technical differences, but Edison--a level headed man and very practical- Yes, Tesla was crazy, but Edison could hardly have been called practical or level headed. And YES! his hatred of a technology kept him from using the better tool. -hated alternating current. He was wrong. Yes, you are making my point. I think he was biased by aesthetic considerations. I think his brilliance was based on having really good instinct on what were good ideas and good approaches, and I guess that he couldn't always articulate why, but it served him well. Mostly. Edison was a bright guy (no pun intended), but his genius is up for debate. He was more a crafty business guy than huge inventor. He had lots of help. Technology is deeply traditional and full of irrational rituals and prejudices and and things of beauty and things of horrible ugliness. A lot of just another technology entrants fail because they can't get past all these squishy human judgments. -kb ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Turbotax
If you are like me, your taxes can get kind of complicated, especially if you do any consulting on the side. I have used turbotax for a very long time, but I hate corporate sleeze. If you have a complicated tax situation, your handy turbotax deluxe may no longer work for you. http://www.nytimes.com/2015/01/10/your-money/taxes/users-say-turbotax-deluxe-is-not-as-deluxe-as-previous-versions.html ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] No-SQL Database Recommendation?
On 1/11/2015 4:26 PM, ma...@mohawksoft.com wrote: This is absolutely wrong. A simple key/value table in SQL is perfectly fine. Why would anyone assert otherwise? The fact that you *can* use it as a relation is beside the point. As an aside... I don't mean key/value data. I mean N-dimensional data where N 2. Medical records are (can be) a relatively simple example of 3-dimensional data: they cover patient information over time. Sparse array databases were developed specifically because these kinds of data don't fit into tables. My assertion stands: trying to shoe-horn non-relational data into a relational database is foolish. As long as the relational refers to your database schema and not the underlying technology or access API, I can agree. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] No-SQL Database Recommendation?
On 01/10/2015 05:39 PM, ma...@mohawksoft.com wrote: There is this database religion thing that I don't get. Why at the specification phase do you say you would like a no-sql solution, the, ironically, enumerate a list of requirements that scream real database. I would like to find a no-SQL solution because I hate SQL, it is annoying. Worse, I have to program in one language for the bulk of my program, and then I have to embed code in a second language to talk to the database. Well, just so you recognize it, that's pretty bad engineering. Avoiding a particular technology because you hate it is a dubious starting position. There might be technical reasons to cite for why some no-SQL program is better than some SQL program, but in my case it is pure prejudice. A bit like my preferring Python over Perl: there might be technical arguments for why Python is better than Perl, but one I like Python better. I am even getting kind of good at it. The problem with this is that it isn't merely a language choice, it is a technical strategy. A good engineer would be able to articulate pros and cons of the various approaches. There are voluminous discussions of this topic, internal prejudice is a horrible reason to reject anything. Using a free database like PostgreSQL will EASILY handle what you want to do. Including finding the first few items in order really cheaply--without finding all possible items first? Okay, I'll look at PostgreSQL. If you use something like PostgreSQL and limit your selection to [N] items using, suprisingly, the limit keyword, it will come back after the Nth item was found. What's more exciting, assume you have a JSON, XML, or some other textual aggregation technique, you can construct an index out of the result of a parsing function!! i.e. if you have a data schema that has something like this: prodid100/prodid. You can use a function in your index and find data faster than any no-sql could hope too. Maybe there is a less painful way to use it from Python than I found last I looked. I have always had a soft spot for PostgreSQL over MySQL, and now that Oracle has taken over MySQL, even more so. As a side note, I understand your antipathy toward to SQL, but it is merely just anther data access grammar with individual vendor variation, no different than using different compression libraries. Thanks, -kb ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] No-SQL Database Recommendation?
On 1/10/2015 9:49 PM, ma...@mohawksoft.com wrote: This is so uninformed. There is *no* difference between a table with key/value in a sql database and a no-sql database. Almost every SQL database out there has, and has had for several years, JSON, XML, and other compound data types. Which are really just arbitrary data stored in table cells. That's not the same thing as complex matrices. These kinds of data don't fit well into relational databases. You can make them fit but then you're making them fit which indicates that a relational database is the wrong tool. Again, a relational database is a tool that is able to support a relational data model. That does not mean that it MUST be relational. C++ is able tp support an object oriented data model, but that does not mean you MUST use it as such. There are many reasons to use C++ as a better C. Similarly, the idea that you can join data tables in SQL does not mean you must. Almost all databases today have aggregation/parsing functions for JSON, XML, CSV, etc. on table data. Calling SQL databases the wrong tool because it has a huge arsenal of tools to examine and access data makes no sense. Ahh scale. What can you say about scale? Almost all people get it wrong if they have never done it, and if they have done it they know that any arbitrary technology is only a tool to build something that gets it right. Yep. And just so that this isn't a rag on relational databases, ALL databases have a point beyond which performance plummets. Where these points are for different technologies for given hardware and how the system performs under these conditions are factors that should be considered before choosing any technology. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] No-SQL Database Recommendation?
On 1/11/2015 2:08 PM, ma...@mohawksoft.com wrote: Again, a relational database is a tool that is able to support a relational data model. That does not mean that it MUST be relational. The definition of a relational database is a database that uses the relational model. If it uses a different model then it's something other than a relational database. SQL is nothing more than a grammar for compiling data access functions, nothing less. As a point: it's not a relational model. It's the relational model. ABSOLUTELY NOT. SQL is not a model. There are models build upon SQL, but there is no requirement that data in the database is relational. Calling SQL databases the wrong tool because it has a huge arsenal of tools to examine and access data makes no sense. I'm not calling relational databases the wrong tool for this reason. I'm calling them the wrong tool for data that don't fit the relational model. Trying to shoe-horn non-relational data into a relational database is foolish, plain and simple. This is absolutely wrong. A simple key/value table in SQL is perfectly fine. Why would anyone assert otherwise? The fact that you *can* use it as a relation is beside the point. As a point: SQL does not equal relational model or relational database. While the language was designed for use with relational databases, and while most relational databases use it exclusively, many (I don't have a list handy) non-relational databases have SQL bindings so you can use either native queries or SQL queries depending on your needs. Exactly, you are the one who brought up relational and the OP only mentioned SQL. In this discussion, relational is an empty strawman and does nothing for the discussion. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] No-SQL Database Recommendation?
There is this database religion thing that I don't get. Why at the specification phase do you say you would like a no-sql solution, the, ironically, enumerate a list of requirements that scream real database. First misconception: A relational database supports relational data in the same way that C++ supports object oriented programming, i.e. it completely optional. A good database like Oracle, DB2, and PostgreSQL have amazing durability and AMAZING indexing and data location tools. SQLite even has some very amazing tools. Dismissing them at the beginning makes no sense. Using a free database like PostgreSQL will EASILY handle what you want to do. I have been doing some Python programming recently and needed a database. I tried mongodb and it is pretty easy to use, but its performance is terrible--I think it is because I have funny needs. I was hoping of one of you could point me in a better direction. (Or tell me to quit looking and write my own.) Here are my needs: - Open source (GPL 2, MIT, etc.), easy to use from Python, to run on Linux, no need for relational stuff, don't want to have to embed another language (would prefer no SQL). - Multiuser, but only a dozen-ish clients, all on the same machine--or possibly on the local network. Don't care about big transactional systems that can replicate and operate when partitioned, etc. This is small stuff. Maybe as small as Raspberry Pi to maybe as big as cheapest available x86 system. - Durable mostly. If the machine were unplugged without warning I would expect to lose a little current data, but never corrupt the whole database. - Need to do bidirectional queries on one primary key: Time. My timeline is sparsely and irregularly populated. - My data items are small, likely an integer or three. - Queries are count-limited: so only spend time finding first N-items out of many, many more possible hits, where my requested count, N, is only dozens to hundreds out of a total set of hits that might otherwise be many millions. This is probably my most odd need, one that might be impossible to satisfy without writing this myself. - I will have locality behavior, so if a first query or insert near time-T takes 100-times longer normal, that's cool, providing subsequent transactions near time-T are fast. So first query is maybe approaching 1-second, but subsequent nearby queries are few milliseconds (and look nearly free compared to other Python slowness). - New data will typically appear in-order--but not always. New items might be added to the database bursting as fast as maybe a dozen per second (significant locality in that case), but with average rates maybe being lower. Data might be deleted in any order. Anyone have a favorite database the looks like this? Thanks, -kb ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] No-SQL Database Recommendation?
On 1/10/2015 5:39 PM, ma...@mohawksoft.com wrote: Using a free database like PostgreSQL will EASILY handle what you want to do. Indeed. There are only two technical reasons for rejecting relational databases out of hand. Neither of them are in the listed requirements. The first is that your data doesn't fit neatly into table rows. Hospital patient records are my go-to example. Relational databases suck at storing and retrieving this kind of data. Trying to make the data fit into tables anyway is a recipe for disaster. This is so uninformed. There is *no* difference between a table with key/value in a sql database and a no-sql database. Almost every SQL database out there has, and has had for several years, JSON, XML, and other compound data types. The second is that you need to scale beyond the capacity of the underlying hardware to handle relational queries. This means very large data sets and very complex queries. Relational database performance drops in proportion to data size and query complexity. Ahh scale. What can you say about scale? Almost all people get it wrong if they have never done it, and if they have done it they know that any arbitrary technology is only a tool to build something that gets it right. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Using sftp without a shell account
NSS is a lot of fun, there are a number of projects that allow you to create actual real users on a system that can be authenticated via any system you want. You can use openssh to create valid password hashes. You can use PAM to add authentication if you don't want to mimic /etc/shadow passwords. There are NSS projects to use sqlite, mssql, postgresql, and files in another directory, which, if not mistaken, can be nfs mounted. On 12/29/2014 3:16 PM, Derek Martin wrote: On Sun, Dec 28, 2014 at 08:58:13PM -0500, Bill Horne wrote: I'm setting up an LDAP-based server, which will be used for file transfers among other things. I'd like to allow LDAP users to access the machine via sftp, but I can't figure out how to do that without giving each user a local shell account, and I'm looking for advice. The long and short of it is you need to make sure that OpenSSH is using PAM, and that your PAM configuration is correct for doing LDAP lookups for account info and such. You also need to modify /etc/nsswitch.conf. I don't see an nsswitch.conf file on the machine. This page may or may not be useful: https://wiki.debian.org/LDAP/NSS I'll check it out, thanks. The LDAP users can access ftp without trouble, but not sftp. That is potentially interesting, but there are a wide variety of ftp servers, and configuring authentication for them varies as well. Without more details about how your system is configured, I expect it will be difficult to provide additional useful advice. It's a Mac Mini, with a generic OS X Yosemite installation, and OS X Server 4.1 installed. There are a couple of local users, which are just administrative accounts. Everyone else is a network user, entered in Open DIrectory but not in the local machine. I'm hoping that Open Directory is close enough to OpenLDAP that I can transfer knowledge. Thanks for your help! Bill ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Wireless devices, 2 Wireless Routers, local network. DD-WRT
Here's the scenario: I like to go camping and often times they provide wireless access, but the camp site is often pretty far away from the wireless access point. I have a long distance wireless-G router with a high gain antenna. I have a second wireless-N router. Both routers are running DD-WRT. I should be able to connect to the camp ground's wireless with the high gain antenna using the Wireless-G router with a DHCP assign IP address. I should then be able to NAT to my own local subnet and be able to connect the Wireless-N to my local subnet and provide access to phones, tablets, and laptops. If these were standard linux boxes, this would be fairly easy, but the standard tools don't seem available on DD-WRT's shell. Has anyone done this? Got a good link? (I have googled, but the examples I've found aren't quite right or don't really work.) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Wireless devices, 2 Wireless Routers, local network. DD-WRT
On 8/27/2014 8:38 AM, ma...@mohawksoft.com wrote: I should be able to connect to the camp ground's wireless with the high gain antenna using the Wireless-G router with a DHCP assign IP address. And here I thought camping meant getting away from things like this. As I was writing the post, I just KNEW someone would make a crack about camping and electronics. LOL But to address the question, you need two access points each with two wireless network interfaces. Configure AP1 wlan1 as a client to the site's network. Configure AP1 wlan0 as a Repeater Bridge endpoint. Configure AP2 wlan1 as a Repeater Bridge endpoint. Configure AP2 wlan0 as a normal access point for your devices. Yes, I know the basics. I could do it for two raw Linux boxes, but the facilities in DD-WRT seem a little lacking. I don't see how to NAT from the wireless port in the G router (the one with the antenna) to either the LAN or WAN ports. I also don't see how to make the DD-WRT to be a true access point. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why the dislike of X.509?
On 8/25/2014 3:55 PM, ma...@mohawksoft.com wrote: No security can withstand privileged access. True, but with PKI and escrow a single attack can silently compromise the entire domain in one go. *any* shared or distributed authority has the same issue. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why the dislike of X.509?
On 8/26/2014 10:37 AM, ma...@mohawksoft.com wrote: *any* shared or distributed authority has the same issue. Shared is not distributed. Which is why I used or between them. Shared means more than one entity has authority. Each entity is a point of compromise for the entire system. Or at least the systems that share the authority. Distributed means no single entity has authority; a quorum or a unanimous consensus is required. Compromise of one entity does not compromise the entire system. There is no such thing as a security system that has one entity, well, perhaps a stone or a brick. There is *always* at least one mechanism that protects and one mechanism that provides access. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why the dislike of X.509?
On 8/26/2014 1:01 PM, ma...@mohawksoft.com wrote: There is no such thing as a security system that has one entity, well, perhaps a stone or a brick. There is *always* at least one mechanism that protects and one mechanism that provides access. An example is a code signing key. In a shared system, many agents possess copies of this key. Each agent is an entity. Each of these entities is a single point of compromise. This is basically a strawman argument because while it could be done this way, no one in their right minds would do it this way. That does not typify what a shared system would look like. In a distributed system, the code signing key is split and distributed among several agents. Again, each agent is an entity. Since no one entity has the entire key the compromise of one entity cannot compromise the whole key and thus the whole system. But, the code signing is exactly the point. There is a key that signs the code and there is another key (cert or whatever) that verifies the code signing key. If multiple entities can sign the code with their own key, then clients must have copies of each cert to verify the signing key. Unless there is a 1:1 relationship between the signers and the signees (which would be pointless) any one of the clients must maintain all the key certs, in which case, any one system would compromise the whole. Does the explanation make sense? No, not really. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] vnc
The problem is security. If you allow SSH access to the open internet, you're more open to attack. With openvpn you can enable two-factor authentication and a lot more security. Then, sure, let a really trusted user open an SSH shell. It is inarguable that SSH and a VPN is far more secure than merely SSH or other access methods. On 8/25/2014 8:51 AM, ma...@mohawksoft.com wrote: SSH is a very BAD thing to open up to the free internet. BAD BAD BAD. Once in, you are in. Shell access is dangerous. Stop right there. We have been discussing securing VNC connections to X11 desktops running on virtual framebuffer devices. In other words: full shell access. Thus, none of your points are immediately relevant to the discussion at hand. They might be relevant to a discussion about access to private services other than shell access but that's a different discussion. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why the dislike of X.509?
You are talking about browser fuckary, not openvpn. Openvpn uses the hierarchical PKI of x509, but has no default trusted CAs. x509 is a pretty workable system (I refuse to call it good.) On Mon, Aug 25, 2014 at 1:22 PM, Richard Pieri richard.pi...@gmail.com wrote: It's not that I hate OpenVPN. It's that I hate key escrow systems. Hated them since the early 1990s. I hate them because they're single points of compromise for entire systems. I hate them because compromise is undetectable by users. It's not that X.509 file format is the problem per se, it's the browser Root CA infrastructure that has been built upon it, that is used by most non-browser SSL apps too. In the Public CA infrastructure, most any sub-CA cert signed by any cert traceable to any browser Root CA can issue a MITM cert to impersonate any specific FQDN or *.someone.TLD . If the system was fit for purpose, should the Hong Kong Postal Authority or the stolen/compromised CA key be able to issue *.BLU.org certs that are trusted? No. As is, would you know if they did? Not immediately, maybe never. Combine that with the weak nature of DNS and BGP security and any sufficiently advanced opponent -- either state-sponsored or organized-crime -- can beat SSL, at least against targeted or regional users. [ Add in how we like URL shorteners with cutely irrelevant 2L national TLDs like .LY .IE .US .CO .NU .TV that are property of governments that might be either amenable to official or corrupt requests, and it's only easier to divert traffic. ] Unpatched systems might still accept cancelled compromised-CA-key signed forgeries today. (The CRL won't save them, it can be blocked by an aggressive adversary with local or regional DNS/BGP poisoning ability, which is needed for most MITM anyway ! ) -- Bill Ricker bill.n1...@gmail.com https://www.linkedin.com/in/n1vux ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why the dislike of X.509?
On 8/25/2014 1:57 PM, John Abreau wrote: So the problem is that in order to connect to your company's VPN, you're forced to trust the syadmin who administers the company's VPN server, since he controls the company's centralized CA root for the VPN server? More generally, even if the sysadmin is trustworthy there is no way for me, the user, to know if someone else has obtained unauthorized access to the escrow. Which is to say, I'm expected to blindly trust that the system hasn't been compromised by bad actors without any proof at all that this is the case. This is by definition the problem with all security. Every type of security, from bank vaults, hotel rooms, to vpns sufferer from people who don't protect the master keys. The part I don't get is the claim that OpenVPN is vulnerable because the public infrastructure that OpenVPN DOES NOT USE is vulnerable. Like I wrote before, it's not the publicness of the CA; it's the centralness. Public or private, any CA is a single point of compromise for its entire domain. *Any* security infrastructure is a central point of compromise. That's the nature of security. You are left with either an unmanageable mess or forced to use or create some sort of infrastructure to manage it. ANY security system is vulnerable to bad actors that can gain access to sensitive data. With a CA on openvpn, merely regenerate your master key and push a new cert. When users can't connect, they have to re-validate and obtain a new key. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why the dislike of X.509?
On 8/25/2014 3:11 PM, ma...@mohawksoft.com wrote: *Any* security infrastructure is a central point of compromise. That's the nature of security. You are left with either an unmanageable mess or forced to use or create some sort of infrastructure to manage it. This is a gross misrepresentation. When you have a master key, theft of the master key compromises the entire system. When you don't have master keys, theft of a key only compromises the entity associated with that key. You can have a manageable system without relying on master keys or key escrow. Kerberos has been doing it for decades. Yes, but now the Kerberos system becomes your central point of vulnerability, the argument is unchanged. You still have a central locus vulnerable to attack. ANY security system is vulnerable to bad actors that can gain access to sensitive data. With a CA on openvpn, merely regenerate your master key and push a new cert. When users can't connect, they have to re-validate and obtain a new key. Merely. And how, pray tell, are YOU going to know if your private root certificate has been compromised when X.509 lacks a mechanism to detect root certificate compromises? If your system is compromised, you can be pretty sure that the attackers will be able to erase their tracks. This is the nature of cracking. The only way to be sure is to monitor access via an external logging system. No security can withstand privileged access. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why the dislike of X.509?
On Mon, Aug 25, 2014 at 2:20 PM, ma...@mohawksoft.com wrote: You are talking about browser fuckary, not openvpn. Openvpn uses the hierarchical PKI of x509, but has no default trusted CAs. That a VPN doesn't require or apparently use the installed 'default trusted CAs' doesn't necessarily mean it successfully ignores them. The openssl library knows nothing about trusted CAs in browsers. You can look at the source code. You can trace the execution with a debugger. If it uses the same SSL library as a browser -- on any platform -- that assertion has to be demonstrated to be true. I'm not sure I agree with your logic. There is no connection between openssl and the browsers trusted CAs, they are implemented in the browser code. openssl provides the means by which this is implemented but contains no implementation. I hope you're right. Hope is not good enough to a security auditor. Show me. Don't trust me, look at the code. I share Rich's concern about Key Escrow anytime, anywhere, and understand why VPN and/or PKI smells similar to him. I don't like the default browser keys either, but this isn't that issue. But If Rich is worried about a private corporate self-hosted OPEN-VPN implemented with self-signed local-root CA key acting as key escrow, well, that is irrelevant for VPN use-case WHEN (actually) PRIVATELY HOSTED. (Aside from my hypothetical inadvertent public root trust concern.) Yeah, you trust the Admin admin running it, who gen'd and self-signed their key and your key too, and the Corp that owns it. Your bits go to their server eventually when you VPN into them anyway, so why not? If Corp VPN and users exchange secret keys out of band instead of issuing clientserver private PKI x.509 certs out of band, the Corp is still in position to cough up everything. If the Corp node in the VPN is subverted or subpoenaed, the traffic can be gotten at point of egress from the tunnel by the corporate owner (or by subverted systems) even easier. VPN usecase does NOT protect users from VPN host. (Likewise with unsigned SSH RSA keys, either end-point can spill what's before or after the tunnel, and recipient Host can add bogus keys to allow Eve to log in as Alice, just as Root can make a second usernam/password with same numeric userid to read/write all your files, if there isn't second-factor auth. ) But Rich is right that with Commercial VPN providers (whether based on OpenVPN or proprietary stacks), yes, the moral equivalent of key escrow is a very real concern, whether X509 PKI or not, but X509 complicates matters. Need to find out in each case if the nuts-and-bolts allow the Provider to answer a subpoena/NSL to cough up keys or implement a MITM tap without help from each client Corp's admin, if their PKI gives them back door, or if it requires customer cooperation. VPNs as a service have a big trust issue. VPNs implemented locally are locally centralized. This provides a single locus within the Corp for an opponent to attack by hack or by legal pressure, but this Centralization doesn't intrinsically change the trust model. (unless you for some reason trust your local Root ops more than Corp Network Operations, which would be a problem of another sort). (and unless the product implemented locally uses a hardware Vendor CA chain instead of truly local keying, in which case it isn't reall local, see 'as a service' above !! ) Your bits travelling through employer are not totally protected and never will be, even if some courts say you have an expectation of privacy (for some purposes). Your bits travelling through a Partner's system who gives (sells) you VPN access into their systems for some mutual benefit aren't protected from them after they emerge from the tunnel either, so their having escrow-equivalent ability to recover/spoof/whatever your keying matter is pretty irrelevant. Both Employer and Partner entities will respond to Subpoena / NSL. Nobody should expect otherwise. (Which doesn't change that anything that smells like escrow smells 'off' to those who care about security that really works. From what Rich has said re dates, his allergy to escrow likely stems from the same controversy as mine. http://www.cryptomuseum.com/crypto/usa/clipper.htm http://en.wikipedia.org/wiki/Clipper_chip#Backlash X509 PKI is not normally considered an escrow regime in normal usage, but Rich is quite correct that central CAs or other registries have *abilities* that are hard to distinguish from Escrow - even if they never know your private key, they can at the very least forge another one with the same apparent identity, and so spoof you to others -- or spoof someone important to you. With a VPN or other Central registry that totally generates all keying matter (rather than signing public half of pub/priv key the client app creates), they may actually literally escrow too. But that would be wrong. Moving
Re: [Discuss] Why the dislike of X.509?
On Mon, Aug 25, 2014 at 4:04 PM, ma...@mohawksoft.com wrote: That a VPN doesn't require or apparently use the installed 'default trusted CAs' doesn't necessarily mean it successfully ignores them. The openssl library knows nothing about trusted CAs in browsers. You can look at the source code. Good. Let's take that as stipulated, openssl doesn't know about browser root key store. ( this leaves unasked, Does it know about OS key store on OSs that have such? I'll assume we stipulate that it doesn't. That requires each browser on that OS to hook the store, which someone might have optimized.) Did OpenVPN use openssl on all platforms ? Or does it #IFDEF a native binding anywhere? Did they cut-and-paste code from a browser proof-of-concept that will hoover up roots if loaded? Need to read the VPN code too to know there isn't a flaw. Or test it. Anything is possible, read Trusting Trust. That being said, the range of trust is auditing every single line of code from kernel to application including all the libraries on one end, and trusting everything out of the box at the other. I have personally audited openssh, openvpn, openssl, bash, and a number of PAM modules for security. The code you suspect might be in there is not. It isn't even very rational to think it is. I was looking for obvious exploits. The worst code base is openssl. It is the biggest hack-job in the industry. Nothing else even comes close. It is very difficult to trace code at the source level unless you have solid knowledge of the internals. The crypto portions of openssl are solid, the TLS is the hack. For security you need to weigh risk, cost, security, and trust. You can trace the execution with a debugger. That tells me what it does here and now, doesn't tell me what it does with hostile bad data until i make some hostile data. There will always be bugs and exploits. If it uses the same SSL library as a browser -- on any platform -- that assertion has to be demonstrated to be true. I'm not sure I agree with your logic. There is no connection between openssl and the browsers trusted CAs, they are implemented in the browser code. openssl provides the means by which this is implemented but contains no implementation. I'm not talking about openssl in isolation. I'm not yet even assuming OpenVPN (always) uses that lib. I'm not restricting myself to OpenVPN brand VPN since this thread restarted with X509 topic line. And any other brand VPNs do whatever they want. For extreme degree of trust, you need to know. All the way down. For a degree of trust on par with DNS, IPv4, BGP: what the heck, just use it. It is very expensive to that amount of auditing. If you need secure, delete the CA certs you don't like. I hope you're right. Hope is not good enough to a security auditor. Show me. Don't trust me, look at the code. Yes: 'show me' means reading the code. And the test cases. We've seen enough failures in Crypto implementation that i don't even 'Trust but Verify' with crypto. [ /Doveryai no Proveryai/ as Gorbachev taught us to say. It is funnier in the original Russian ! ] With crypto code, has to be Verify before any Trust. I will take as stipulated you've read the openssl code and that i'd see the same if i took the time. If you're certain from having read OpenVPN repo, we can also stipulate that OpenVPN never #IFDEF's a native lib and didn't cut*an*paste initialization code from a sample baby browser that reads OS roots if there are any. That kind of thing simply is not in there. People would SCREAM bloody murder. I am more concerned about the bad programming in openssl and carefully planted exploits in various products by bad actors. It isn't just open source, RSA had issues as well. Microsoft has their share as well. I share Rich's concern about Key Escrow anytime, anywhere, and understand why VPN and/or PKI smells similar to him. I don't like the default browser keys either, but this isn't that issue. You *should* be correct that default keys won't affect OpenVPN; as i said above, *If* you've read their code too, i'll happily stipulate for it you're correct. I hope it doesn't affect ${other}VPN either, but with closed source who knows ! IIRC there are VPNs and VDTs that use browsers to frame the session; they may well use browser SSL implementation. Good luck with that ! Rich's concern seems to be different, that any central store is less trustworthy than distributed/compartmentalized, in part due to damage limitation or lack thereof. That isn't specific to OpenVPN either. That's a usability vs security, choice-of-threat-weighting. In practicality, we'll do it anyway, but in pure security PoV, i see Rich's point. A central authority is probably more secure than a decentralized system. If you assume gaining privileged access to a system means you can compromise it. One system is easier to guard than many. A distributed system means a
Re: [Discuss] vnc
I would opt to use openvpn instead of an SSH tunnel. You have a better control over security and ease. On Sun, Aug 24, 2014 at 10:29:13AM -0400, Stephen Adler wrote: I'm installing red hat enterprise linux on a server at home and I'm tweaking the vnc service setup. I've followed the instructions in the system admin guide, but I'm not liking the final set up. Basically I've enabled vncserver for a user registered on the system. When I reboot, the system spawns off Xvnc for the user. When I run vncviewer, I issue my password and then I have a vnc window of the desktop of the user on the system. My problem with this is that the password I issue to open up the vncviewer window to access the desktop of the user is not part of the /etc/passwd file, but some clear text password file. There are warnings in the documentation about this. What I would like is to be able to somehow start an Xvnc session in which gdm is started, and then when I run vncviewer and issue the password, I'm placed into a gdm login screen, at which point I select my user and password and log in. This is the model of the old Xterminals of the 1990s. does anyone have any tips/tricks on how to set up Xvnc or a vncserver set up so that I get a gdm login screen instead of going directly into the user's desktop? So, the reason you're not supposed to do that -- or be happy with the way vnc comes out of the box -- is that vnc is unencrypted. Set Xvnc to not listen on anything except localhost. Then back that up with a firewall restriction -- really, you shouldn't have to, because you do default deny, right? Run an ssh tunnel to your server, LocalForward some port to the vnc port, and point your vncviewer at localhost:0. Now that you've got that working, you can do multiuser. Most of the info for that is here: http://linuxreviews.org/howtos/xvnc/ but the short version is, enable xdcmp listening to localhost for your display manager. -dsr- ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] vnc
I know you can do it as I did it about 10 years ago. Today, however, I would restrict access to an openvpn configured subnet. That was you can issue keys to people to whom you would allow access, and they can log in with they regular passwords. Hi All, I'm installing red hat enterprise linux on a server at home and I'm tweaking the vnc service setup. I've followed the instructions in the system admin guide, but I'm not liking the final set up. Basically I've enabled vncserver for a user registered on the system. When I reboot, the system spawns off Xvnc for the user. When I run vncviewer, I issue my password and then I have a vnc window of the desktop of the user on the system. My problem with this is that the password I issue to open up the vncviewer window to access the desktop of the user is not part of the /etc/passwd file, but some clear text password file. There are warnings in the documentation about this. What I would like is to be able to somehow start an Xvnc session in which gdm is started, and then when I run vncviewer and issue the password, I'm placed into a gdm login screen, at which point I select my user and password and log in. This is the model of the old Xterminals of the 1990s. does anyone have any tips/tricks on how to set up Xvnc or a vncserver set up so that I get a gdm login screen instead of going directly into the user's desktop? Thanks in advance. Steve. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Looking for WiFi router with certain characteristics
A couple notes. I NEVER, repeat, NEVER use stock software from the vendor of my wireless router. Sorry, I don't trust fill in company name here All my routers use DD-WRT. Once you make that jump, then you can just hop over to their website and look for compatible routers. The DD-WRT code has a LOT of features that the commercial routers do not provide, including SSH access. So, now that you can have the features that you want regardless of vendor, just find a router that is supported at a good price. Last year I found a DLink-N 615 router for $30. I bought two of them and put one at each end of the house. Apologies to Lewis Carroll. I'm afraid the following doesn't scan as well as his version: The time has come, my router said, to talk of many things. Of 802.11 ac and n and g and b, And why Cisco updates without permission. And the safety of ASUS settings. :-) It's long past time for me to replace my 802.11 g router with something more recent. But I have a few constraints that make it tricky to select the right router. So my question is, do any of you have experience with the ASUS RT-N66U or any other router that fits the constraints I describe below? While I'm interested in recommendations of what's worked well for you, I'd also appreciate warnings of what to stay away from. advTHANKSance for your help. My constraints are: 1. COVERAGE: The construction of the house the router will be installed in is problematic WRT getting signals through. It was built before drywall was in common use in the U.S. But rather than using wood lath, the plaster is held in place by lath. But it's not traditional wood lath. It's WIRE LATH. Also, the heating system is forced hot air, which means that there's SHEET-METAL DUCTWORK between all the ceilings and floors. So all the walls, floors, and ceilings have metal in them. With the old router, I had to replace one of the stick antennas with a directional antenna aimed toward the part of the house where coverage was weakest. But since 802.11 N and AC use MIMO, I believe that replacing one of the stick antennas with a directional antenna would screw up the interference pattern that MIMO depends on. I'm hoping that MIMO will solve the coverage problem that the directional antenna solved with the old router. Do any of you have any experience with routers in environments like this? If MIMO doesn't get me the coverage I need, what are my options? 2. N vs. AC: I have a 5 GHz cordless phone that I do not want to replace. It implements features that would be difficult to find a replacement for, and even if I could, replacing it would be quite expensive. So it was important for me to figure out whether this phone will interfere with an 802.11-AC router. It took several months of research, but eventually I determined that it definitely will interfere with over half of the 5 GHz WiFi channels used in the U.S. Since 802.11-AC only operates in the 5 GHz band, but 802.11-N operates in both the 2.4 GHz and 5 GHz bands, 802.11-N seems like a much better choice for my circumstances. Furthermore, most of the computers on my network don't support 802.11-AC, but are recent enough that I'm not likely to replace them anytime soon. So it makes sense to me to ignore 802.11-AC routers and only look at 802.11-N. Does this logic make sense to you? 3. SPEED: Of the 802.11-N offerings, the highest aggregate speed seems to be 450 Mbps in the 2.4 GHz band plus 450 Mbps in the 5 GHz band. This is commonly known as an N900 router. Given the potential interference from the 5 GHz cordless phone, I may not get the full 450 Mbps from the 5 GHz range, but a dual band N router seems the choice most likely to get me the fastest throughput possible for my circumstances. 4. PORTS: In addition to supporting WiFi, I also need the router to provide 4 LAN Ethernet ports in addition to the 1 WAN Ethernet port for connecting it to my cable modem. 5. WHAT ROUTERS CAN BE TRUSTED? CISCO: Given the above constraints, I was considering the Linksys (Cisco) EA4500, but when I Googled it, I quickly learned that about 2 years ago, Cisco/Linksys had pushed out their Cloud Connect firmware to all their routers without the router owners' permission, and in order for the owner to continue using his own router, he had no choice but to sign an agreement that allows Cisco to spy on his Internet use, allows Cisco to sell any data they collect, and allows Cisco to legally lock the router's owner out of his own router whenever they feel like it. http://boingboing.net/2012/07/03/cisco-locks-customers-out-of-t.html,
Re: [Discuss] php dev's code with warnings and notices
Web development is a ghetto or even, still, the wild wild west. A properly configured and developed web site with no warning would probably only serve static web pages. If you log nothing, you miss important errors and warnings, if you log more, you will get stupid errors and warnings. The real issue is the cause of the errors and warnings. Some are important, and some, simply are not. For what it is worth, as the new senior guy, ask why you shouldn't be worried by the errors. See if they are aware of them and understand what they are before you cast judgment. Hi All, I've recently been asked to work with a team of PHP developers on a pretty large and complex project. The code they have submitted works, but it has a bunch of warnings and notices in the logs. I personally think this is sloppy coding. My question is, how strong a stand should I take on this issue? I have the senior role but I am also the new guy. I feel that code should have no warnings or notices. But maybe this is not the norm? Maybe there exists situations where it can't be avoided that I don't realize. What do you think? Thanks, -- Eric Chadbourne ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] share keyboard/video/mouse with 2 desktops
I have used Synergy on Window, Linux, *and* mac at the same time. It has worked really well for me. What is the easiest way to share keyboard/video/mouse with 2 desktops (Linux Windows)? Has anyone used this synergy-project: http://synergy-project.org/download/ Thanks! John Malloy jomal...@gmail.com ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] share keyboard/video/mouse with 2 desktops
Imagine. A windows system with a monitor, a mac laptop. a Linux system with a monitor. Bouncing from keyboard and mouse is a PITA. Synergy allows you to connect the mouse and keyboard to one system and seamlessly move the mouse across all three monitors, and which ever monitor has the mouse, gets the keyboard. It feels like a single system from a keyboard/mouse point of view. Granted it is not as tight as it could be, but that would be WAY more work and be a far bigger project. Like, having windows straddle monitors would be way cool, but that would be work down to the driver level. What about a USB hub and hub switch -- wouldn't that work? In fact, wouldn't it also allow you to share a printer, backup drive, etc? On Tuesday, July 8, 2014 10:14 AM, ma...@mohawksoft.com ma...@mohawksoft.com wrote: I have used Synergy on Window, Linux, *and* mac at the same time. It has worked really well for me. What is the easiest way to share keyboard/video/mouse with 2 desktops (Linux Windows)? Has anyone used this synergy-project: http://synergy-project.org/download/ Thanks! John Malloy jomal...@gmail.com ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] share keyboard/video/mouse with 2 desktops
Ahh, so it isn't a KVM issue, per se' http://www.ikea.com/us/en/catalog/products/60245721/ On Tue, Jul 8, 2014 at 11:01 AM, ma...@mohawksoft.com wrote: Imagine. A windows system with a monitor, a mac laptop. a Linux system with a monitor. Bouncing from keyboard and mouse is a PITA. Synergy allows you to connect the mouse and keyboard to one system and seamlessly move the mouse across all three monitors, and which ever monitor has the mouse, gets the keyboard. My problem with this is that you need a desk big enough for three displays. If I'm going to have more then one display on my desk I would like to be able to sometimes have them all attached to a single system. With Synergy each display is still dedicated to a single system. The best possible system might be one that has a single keyboard/mouse and a bunch of displays (with physical monitor switching) which would allow me to on the fly map the physical video outputs from the individual systems in any way that I wanted onto the physical displays which are in front of me. All while still retaining Synergy's ability to let me slide my mouse (and my keyboard input as well) from system to system across the wall of displays. Synergy would have to know the current mapping of system video output to physical display to relay the input correctly. If there are programmatically controllable multiple input/output video switching devices this could be done. I suspect that the hardware required would be pricey though. Bill Bogstad ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] SELinux IPTables
My first rule of thumb is to not use IPTables until after everything is setup and running. Then start it and fix what breaks. My second rule of thumb is to not enable SELinux until after everything is setup and running. Then enable it and fix what breaks. You really really need a working base line before you enable these things because they can break services and applications in pretty unpredictable ways. Does anyone have any suggestions for Best Practices in configuring SELinux IPTables for a RedHat (RHEL6) server running Apache, PHP, and connecting to an Oracle DB (using OCI8)? Thanks! -- John Malloy jomal...@gmail.com ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Unsubscribe
Unsubscribe Regards, Michael Webb - IT Manager SDMC 10 Connector Road Andover, MA 02122 978-289-5408 NOTICE: This message is for the designated recipient only and may contain privileged or confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of this e-mail is prohibited I want to get on this bandwagon as well. NOTICE: I don't care WHAT you write on your email. You have NO LEGAL RIGHT TO ASSERT ANY RESTRICTIONS ON MY ACTIONS any more than mere copyright law, and more or less, anything I do with it, including posting it on a forum and making comments about it, fall clearly under Fair Use. Any additional restrictions YOU WISH TO PLACE ON ME MUST COME WITH MY CONSENT. I have entered into no contract with you, I have no obligation to you or your employer, and you have no right to claim that any of my actions regarding an email I received is prohibited. I will not contact anyone and I will not delete the original unless it I am compensated in some way. Your mere desire to have me do something is your problem. I hate these disclaimers and consider them ridiculous. I guess you can claim anything you want, like that great disclaimer that Major League Baseball puts up. Just because someone says something doesn't mean its true. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Reading Linux book
I wouldn't touch EXT[N] for anything but a system partition. XFS or JFS is almost a coin toss, but XFS seems like it is more active. Hi, First of all, thanks for your previous tips on the Linux box, it was very much appreciated.  I'm reading the different filesystems, when would you use XFS or JFS or ext4.  If I'm correct currently Linux uses ext4, am i right?  From the reading both XFS and JFS look like a great choice. Thanks, Aldo XFS This is a 64-bit, high-performance journaling   filesystem that provides fast recovery and can   handle large files efficiently. JFS This is a 64-bit journaling filesystem that is fast    and reliable. It is better equipped to handle power   failures and system crashes. ext4 The newest default filesystem for Linux distribu-    tions. It is backwards-compatible with the ext2 and    ext3 filesystems. Among ext4âs improvements over     ext3 are journaling, support of volumes of up to     one exbibyte (EiB) and files up to 16 tebibytes     (TiB) in size. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Howto Challenge
Coming off the tail of the pretty hard core Why Linux debate, anyone want to come up with a more constructive forum? I suggest a howto challenge. We field a number of how can I do xyz? and we construct a concise howto based on our platform of choice. This will accomplish far more than a debate, this will produce actual sable knowledge and take rhetorical arguments out of the equation. Then we all score the submissions. I propose we score them as: (1) Ease of implementation. (2) Cost of implementation. (3) Stability/Performance. Any takers? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Howto Challenge
ma...@mohawksoft.com wrote: I suggest a howto challenge. We field a number of how can I do xyz? and we construct a concise howto based on our platform of choice. This will I'm inclined to decline. The way I see it, your how can I do ${task}? contest isn't about solving problems; it's cherry picking problems to showcase favorites. I don't have a favorite. I have a box of tools and a bag of tricks. I wasn't thinking of choosing the tasks, I was thinking more solving actual problems people had. More like putting your expertise where your mouth is, sort of thing. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux? (back to original question)
From: ma...@mohawksoft.com [mailto:ma...@mohawksoft.com] And you're wrong about sparse files. All of the above support sparse files. Yes, with enough work, you can put a V8 in a motorcycle, but that is a strawman argument. The Mac file system HFS does not support sparse files For disk containers, such as *.dmg files, or truecrypt volumes, for virtual machines, vmdk, vdi, etc, for every purpose that I've ever encountered or imagined ... Whether the implementation is lazy provisioning, sparse disk image, dynamic allocation, sparse bundle, or sparse file is purely semantic. So go ahead and argue that HFS does not support sparse files. Just like ntfs doesn't have inodes, and ext doesn't have file ID's. Semantics. Not true at all. A sparse file is a file system construct that allows you to create a file that has holes in it. The various virtual machine management systems implement their own volume management for their VMs ad that is not available to other applications. This is a very important capability that is essential for most enterprise level software. You can create multiple TB sized files on a much smalled volume and grow as needed. So no, you went from Apple supports that, to it doesn't matter. You were wrong on the first count and are wrong on the second. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] In praise of X11 (Was Why use Linux)
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss- bounces+blu=nedharvey@blu.org] On Behalf Of ma...@mohawksoft.com OK, so, I can ssh to a linux box from another linux box, and run an X program and use it, transparently, as if it were any other application on my desktop. *sigh* Is this seriously a Linux is the best OS flame war? Very uninteresting. The honest truth is, every OS is better than every other OS, each in its own way. You've named the one positive feature of X11. The reason it's not included by default with windows or mac (but installable on both) is because in many other ways, it's antiquated and non-performant. They *actively* chose not to distribute it with the OS, and in the case of OSX, they formerly included it and later discontinued shipping it with the OS, because they're better off leaving it in the past. But still available as a separate download package for those who need it. I see a serious problem in the consumer UNIX marketplace. Because something is not new, it is seen as obsolete. I'm not sure I fully understand this. Maybe it is a technological deconstructionism, who knows? All competing technologies has pros and cons, and is almost never A is better than B. So that's why we have these discussions, because the answer is not obvious. A is better than B in some cases and B is better than A in others. You are left with Venn diagram from which you must choose the features you need that are outside the most common set. With X11, I see one downside, gaming and super fast rasterization. The networking of the GUI is something that is so cool that when you show Windows or Mac users what you really can do with it, it takes a minute to register. You can copy and paste from one application to another, no mater where they are running. I can run GUI applications on one machine and display on another, without having to import a whole desktop. The way the applications communicate with the server is very well designed and works very well. Is X11 complicated? Yes. Is X11 source code getting harder to read, yes it is getting very mature. That's the nature of software. I say this, NOTHING on the market comes close to what X11 does. So, by abandoning X11 in Apple, they have made a system that doesn't work well in a UNIX/X11 environment and they loose so much richness in capability. I actually think that this hurts the application environment as a whole. If Android and Apple were fully X11, can you imagine the interoperability you would have? How cool would that be to run any program in the cloud and display its X11 on the device of your choice? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux? (back to original question)
ma...@mohawksoft.com wrote: SSH does not do this on Mac easily. Yes, if you configure the bastardized X server that you can get for Mac, you might be able to get it to work, but not with all programs. XQuartz is genuine X.Org. There's nothing bastardized about it, and all X11 applications work over the SSH tunnel just like they do on Linux. The language mapping is typically difficult to get right and not all Mac programs will render to X11. Virtual Machines have changed the way we look at service environments. Doesn't change the fact that I've never needed to use QEMU on Macintosh and when I needed to make it work on Linux it was an abject failure. I find that amazing and I question your truthfulness at this point. I have been using QEMU and KVM for years for web services, software development, and everything. Hell I have a Windows XP VM for turbotax. Lots of people use QEMU/KVM. Its networking sack is just as good as the commercial VMware package. With virt-manager, it really is point and click. Its great. I have, many times and I see a whole lot of HFS+ does not support sparse files, use UFS and a lot of UFS is no longer supported. I don't believe you. Then you're deliberately missing the point. OS X does sparse file systems. Please provide me a link because I know people who need this on a mac. HPF does not support sparse files and UFS has not been available for a couple years now. So, my colleagues are doing work on a Linux VMs on their Macs because we have been unable to get sparse files to work on the Mac. Even Apple support claims you can't do this. Please supply a link, it would be helpful. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why NOT use Linux?
Ted Roche wrote: And if you're presenting a Pro/Con argument for Linux, clearly we've provided you with material for that, too. Why NOT use Linux? My top three: The state of desktops on Linux is terrible. Of the three leaders we have KDE which is a disaster, Unity which is a tablet UI desperately looking for hardware to run on, and Gnome which is trying to be the prettiest desktop around with just a single button that doesn't do anything. If you're looking for a desktop operating system then Linux is the last place to look. What's most unfortunate about this is that the *BSDs suffer just as much in this regard. This is a subjective comment. People at work have Macs, my wife has Windows and an iPad, and a friend has only an iPad. Seriously, I think the Linux GUI is easier to use. Sure, the Mac looks cleaner and Windows is more colorful (8 is a disaster), but I'm using Debian with Gnome and I really really like how easy it is to use. It lacks a bit of eye candy, sure, but it is clean and functional, and yes, not ugly. The state of file system backups is even worse. Linux has lacked native backup tools for its file systems since around 2002 leaving things like extended attributes and ALCs in the lurch. rsync has been hacked to be able to replicate extended attributes but that only works when going from like to like; you can't use it for tapes and optical storage. Its funny, backup seems easiest on Linux. The trick is not to use tape or traditional backups. You snapshot the LVM volume, and dedup the device to a backup. Its better than Apple's time machine and really fast. Dynamic device enumeration. Ever have a node refuse to boot because the kernel randomly changes which disk is sda with every boot? Ever have a node stop responding after a reboot because the kernel swapped the first and second Ethernet interfaces? I have, more times than I care to remember. Dynamic enumeration is a stupid, stupid way to do things. This has, in fact, not been an issue for almost 10 years. Both disk devices and ethernet devices are persistently configured based on unique criteria. Disk volumes use labels or UUID values and ethernet adapters are configured by MAC address. It the time it was a problem in Linux, it was also an issue on Windows, Mac, and some BSD variants. All these platforms fixed this issue. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux?
Somehow this starts sounding like a bad Tom Cruise movie :) bad Tom Cruise Movie is a tautology On Wed, Feb 12, 2014 at 9:02 AM, Bill Horne b...@horne.net wrote: On 2/12/2014 6:56 AM, js wrote: one thing you have not mentioned are any back doors put in proprietary operating systems by the orders of the US government. while it may not be relevant to many, it is relevant to some people [and i'm talking about whistle blowers or human rights activists instead of child porn merchants]. No offense, but I don't feel one is different from another. As soon as we start to say that /some/ speech is good and /some/ speech is not, we lose. After all, a photograph of a naked child lying dead in a ditch at My Lai could be interpreted as child porn - and Robert Mapplethorpe's photographs of partially naked children could be (and was) interpreted as having redeeming social merit. Porn, like beauty, is in the eye of the beholder, and the question is if we, as a society, should allow our government to examine what people /might/ say, before they say it. My $0.02. YMMV. Bill -- Bill Horne William Warren Consulting http://www.william-warren.com/ 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss -- ... Jack Whatever you do, work at it with all your heart... Colossians 3:23 If you are not part of the solution, you are part of the precipitate - Henry J. Tillman Anyone who has never made a mistake, has never tried anything new. - Albert Einstein You don't manage people; you manage things. You lead people. - Admiral Grace Hopper, USN a nanosecond is the time it takes electrons to propigate 11.8 inches - - http://youtu.be/JEpsKnWZrJ8 Life is complex: it has a real part and an imaginary part. - Martin Terma ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux?
The GPL has always denied some freedoms to developers, such as the right to exclusively make money from their work. Ahh, there in lies the lies that lairs lie about the GPL. The GPL does not deny any developer the right to make money from their work. Lies! It only denies a developer from using someone else's work as if it were their own. If I were to modify someone else's code, I should think I no right to modify it without permission. NOTHING forbids a developer making money from their own work. The GPL is only involved when a developer uses someone else's work as the basis for their own or as part of an aggregate product. The developer should not base their work on GPL code if they do not like the conditions by which they acquire it in the first place. I HATE this lie every time I see someone repeat it. Not liking someone else's license means you don't use their code. It does not forbid a developer from making money from their own work. The anti-TiVo clause in GPLv3 is an additional constraint, and the rarely seen Affero license further limits developers. (Basically, the Affero license is GPLv3 with the additional provision that if you make software available as a service you have to make the source code available, just as you would if you distributed source or binary code for use by others.) There are times when the rights of users and the rights of developers are in direct opposition, and it is impossible to make the situation better for one group without making it worse for the other. But the amount of good gained by one group can exceed the amount lost by the other, and all developers are also users so their losses on their own coding are counterbalanced by their gains from the work of others. Almost no code is the work of one person or even one company alone; any program of significance contains libraries and other code that come from others and is developed using tools created by others. On balance, free software makes the world a better place than it would be if all software were proprietary. More free software would make it even better. On Tue, Feb 11, 2014 at 4:45 PM, Richard Pieri richard.pi...@gmail.com wrote: John Abreau wrote: More precisely, RMS says that he makes no distinction between users and developers, because developers are also users. He argues that limiting freedom to only a subset of users is divisive and antithetical to the concept of freedom. That's what RMS says. The anti-Tivoization clause of the GPLv3 says something quite different. It exists specifically to deny developers some of their freedoms to use and develop software and hardware. Freedom only for developers is kind of like a democracy where only wealthy landowners are allowed to vote. As if freedom only for users is any better. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux?
Huge thanks to everyone that has thought about this and responded. This is a wealth of information. I am not a newcomer to RMS or FSF ideologies, I just wanted to make sure I didn't miss any key items that are relevant to a Drupal crowd or a newcomer to programming. Many Drupal people have entered Drupal through a non-traditional software development doorway and they do not have a background in software development - some are graphic designers and some are HTML and CSS experts, etc. that will probably learn some PHP due to their involvement in Drupal. I want to reach the people like myself - the non-programmer that understands most of why free software is important, but due to many reasons: lack of knowledge about GNU/Linux no retail linux stores no Linux helpdesk (it's a new era where help is in the forums and in your ' extended circles') low use of my local OS ( personally I just used it to get to my servers... which run Linux) not understanding how to run Linux locally (how easy it is and how user friendly) lack of accessibility to try Linux (didn't know about live cd etc..) Due to these reasons and a few more, I found it easier to just use Windows for years! These aren't really the answers to the question you asked. You asked why which has more of a philosophical feel to it. What you should have asked is the more direct question[s], Should I use Linux for Drupal and Do you have any suggestions? Mea Culpa. Michele Metts DrupalConnection.com - Social Networks - Websites for Entrepreneurs 617-877-1658 On Tue, Feb 11, 2014 at 5:43 PM, John Abreau abre...@gmail.com wrote: On Tue, Feb 11, 2014 at 4:45 PM, Richard Pieri richard.pi...@gmail.com wrote: John Abreau wrote: Freedom only for developers is kind of like a democracy where only wealthy landowners are allowed to vote. As if freedom only for users is any better. Developers are themselves users. Saying that freedom is only for users is the same as saying freedom is restricted only to everybody. The connotations of the word only in that sentence conflict with the fact that the group includes everybody, and thus using the word only in that sentence is .disingenuous. -- John Abreau / Executive Director, Boston Linux Unix Email: abre...@gmail.com / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux?
Yes, developers give away some rights if they develop under GPL, This is simply not true. If I develop my software and publish it under the GPL, I give away NONE of my freedoms. If I base my software on the work of others, then my work must align itself with the original project. Its very easy to ignore the work that comes before us. The GPL is nothing more than a mechanism for making sure that people stay honest. You write your code, you own it. If you take someone else's code, then you are building on their foundation and have to live with the constraints by which they made it available to you. Developers do not give up rights with the GPL, they simply are forced to decide. Developers decry the GPL because they don't want to use the license of they code that they use but have not written/own. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress?
I use Drupal. It is easy to start and there is a lot you can do. Thanks for reading this. I'm a member of the Big-8 Board, which decides what Usenet groups are created and deleted. We have both technical and non-technical members, and we've been using MediaWiki for the board's website (http://www.big-8.org/) until now, but we have to move the site to a new server which doesn't offer it. So, the question is What's the best compromise between ease-of-use, learning curve, and maintainability if we have to choose between Joomla, Drupal, or WordPress? The new site has 300 GB of disk and unlimited data transfers, but I don't have shell access, just an ftp upload account. I appreciate your help! Bill -- Bill Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Low level clustering software
ma...@mohawksoft.com wrote: I'm looking for stateless parallelization, state-full process distribution, and high-availability in as much as matters for re-submit for stateless and redundant data for state-full process distribution. Um. What kind of processing do you want to do? Because, honestly, you've thrown in so many buzzwords that it's impossible for me to tell what it is that you're really asking. I was trying to be vague enough so as not to give too much away (its a work question). OK, so, a little more detailed info: (1) Stateless parallelization, this is where we can take arbitrary chunks of processing and ship it out to an arbitrary machine. (2) state-full process distribution, this is a bit more complex. Think about a distributed database. You need to send [n] identical query commands to [n] databases and aggregate [n] streams into one based on some unified ordering scheme. Then using some algorithm for partitioning, send data to only one of the nodes (or two for redundancy) for storage. (3) In the case of #2, is there any internal facilities to manage replication or redundancy of data. All being said, I have done a bunch of this stuff using MPI as a platform. I wonder if there were more modern tools to do this sort of stuff. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Dev Ops - architecture (local not cloud)
Its hard to quantify what's going on here. Yes it is slow, and we can make guesses as to why, but without a whole system diagnostic it is hard to know. NFS: Network connectivity 100M, 1G, 10G? Sync? OS (Solaris, FreeBSD, [any bsd], Linux, etc.) File System NFS server daemon Describe the NFS server in detail, OS, NFS server, storage, etc. Client: Network connectivity 100M, 1G, 10G? Infrastructure: How many hops? Routers/firewall in between? NFS is not as fast as a local disk, but it should not be that slow. Performance comparison: svn checkout single repository on old infrastructure real5m44.100s user0m36.957s sys 0m14.757s svn checkout single repository on new infrastructure, but only using NFS for read (local working copy stored on local disk) real3m15.057s user1m18.195s sys 0m53.796s svn checkout same repository on new infrastructure, with writes stored on NFS volume real28m53.220s user1m45.713s sys 3m26.948s Greg Rundlett On Fri, Dec 6, 2013 at 8:35 AM, Greg Rundlett (freephile) g...@freephile.com wrote: We are replacing a monolithic software development IT infrastructure where source code control, development and compiling all take place on a single machine with something more manageable, scalable, redundant etc. The goal is to provide more enterprise features like manageability, scalability with failover and disaster recovery. Let's call these architectures System A and System B. System A is monolithic because everything is literally housed and managed on a single hardware platform. System B is modular and virtualized, but still running in a traditional IT environment (aka not in the cloud). The problem is that the new system does not come close to the old system in performance. I think it's pretty obvious why it's not performing: user home directories (where developers compile) should not be NFS mounted. [1] The source repositories themselves should also not be stored on a NAS. What does your (software development) IT infrastructure look like? One of the specific problems that prompted this re-architecture was disk space. Not the repository per se, but with 100+ developers each having one or more checkouts of the repos (home directories), we have maxed out a 4.5TB volume. More specifically, here is what we have: system A (old system) single host standard Unix user accounts svn server using file:/// RA protocol 4.5TB local disk storage (maxed out) NFS mounted NAS for tools - e.g. Windriver Linux for compiling our OS system B (new system) series of hosts managed by VMWare ESX 5.1 (version control host + build servers connected via 10GB link to EMC VNXe NAS for home directories and tools and source repos standard Unix user accounts controlled by NIS server (adds manageability across domain) svn server using http:/// RA protocol (adds repository access control and management) NFS mounted NAS for tools, the repositories, the home directories Notes: The repos we're dealing with are multiple large repositories eg. 2GB 43,203 files, 2,066 directories. We're dealing with 100+ users [1] http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.prftungd/doc/prftungd/misuses_nfs_perf.htm Greg Rundlett ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Dev Ops - architecture (local not cloud)
On Fri, Dec 6, 2013 at 11:16 AM, ma...@mohawksoft.com wrote: NFS is not as fast as a local disk, but it should not be that slow. I remember the first time I set up a NetApp fileserver,back in 1999. I expected that NFS would be slower than local disk, but I was hoping the performance would still be acceptable. We had one of the heaviest users run his overnight jobs both on his local workstation and on the NetApp NFS share to compare times, and we discovered that the NetApp's NFS share gave much *faster* throughput than his local disks. His local desktop was a high-end Sun Ultrasparc workstation with the RAM maxed out and with fast SAS disks, tuned for maximum performance, yet over a 100Mb Ethernet, the NetApp outperformed his workstation's local disks. That's impressive, especially over 100M ethernet. -- John Abreau / Executive Director, Boston Linux Unix Email: abre...@gmail.com / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] BLU's SEO (Martin Owens)
hi On 10/22/13 15:20 , Martin Owens wrote: Marking is about getting attention isn't this a bit simplistic? marketing also wants to persuade you to take some action. otherwise, self-immolation could qualify as marketing. Well, the term obtuse comes to mind. :-) Marketing is a term used to describe strategies for generating interest in your product. Nothing more or less. Now, there are some who will bend the boundaries of good and wholesome conduct to do so, but this is not required to be the case as part of the definition. If you have an operating that is free and open source and decide to take on the task of distribution and sell DVDs of this for $1.99, you will need to market your distribution system. Taking out an ad in a news paper or website that describes your service is considered marketing. You could be 100% truthful and everything. It is still marketing. If I plaster an ad with a picture of a cold glass orange juice, and write Fresh Orange Juice, tastes good and is good for you with natural vitamin C It is objectively truthful. No attempts at deception are made. Sure SOME people may not like Orange juice, but sufficient quantities of people like fresh cold orange juice that one can easily make the case that it is generally truthful. If I say, FOX News Fair and Balanced, I would be lying, unfortunately, that's marketing too. i think it's the techniques used for this persuasion that put people off toward marketing. or maybe it's the outright lies in some cases [not all] ... also, i wouldn't say marketing has anything to do with consesus; i was never consulted regarding my exposure to marketing 24/7. but now, maybe it's my turn to be too simplistic ... -- \js [http://or8.net/~johns/] : i am alive ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] BLU's SEO
Joseph Guarino wrote: With the greatest respect I have to disagree. Your current understanding of Marketing is biased to say the least. Marketing is the art/science of communicating value to customers. There is nothing [snrk] Marketing is neither art nor science. It's the process of selling things. Communicating value to customers is corpspeak for advertising. Marketing and advertising are very similar and there is a great deal of overlap, but there are important differences. It is marketing to say: Hey, we can use our product to cure cancer! That's a great market. It is advertising to say What color should the bikini be? Sometimes corpspeak is a good thing. It isn't always about deception, many times it is about communication. Some ideas have negative connotations, sometimes it is best to create a new word or phrase. It can be deceptive, sure, like all things, but it doesn't have to be. Corpspeak is fuzzy. It's ambiguous. It's used when you don't want to tell it straight and you don't want to lie outright. You may not be conscious of doing it. You may hold the best intentions. The fact remains: you used fuzzy, ambiguous jargon instead of plain English to try to sell me something. This demonstrates my statement: marketing is inherently unethical. Where you or I or anyone else draws a line for what is acceptable practice in marketing? That's an orthogonal issue. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] BLU's SEO (Martin Owens)
ma...@mohawksoft.com wrote: If I plaster an ad with a picture of a cold glass orange juice, and write Fresh Orange Juice, tastes good and is good for you with natural vitamin C It is objectively truthful. Except that it isn't objectively truthful. What you're not saying is that orange juice is *loaded* with sugar, about 24 grams of sugar in in an 8oz serving. That's almost as much sugar per ounce as Coca-Cola (26g/8oz) or Pepsi Cola (27g/8oz). Orange juice also has about 10% more calories per ounce as Coke and Pepsi. Fruit juice is as bad for you as Coke and Pepsi in large quantities. The sugar and acid are bad for your teeth and the calories are bad for your weight and general health. Excess vitamin C intake causes indigestion and diarrhea. That you see orange juice = healthy in spite of these facts is the result of some of the most successful marketing campaigns of the 1950s and 1960s. This is the real problem in this discussion, and probably on much larger fronts as well. All facts and truths come with caveats. There is no non-trivial thing that can be considered universally true or false. If one were to say Water is wet, a fundamental objective truth, it can be countered as steam is water and steam is not wet, and ice is water and ice is not wet. There are always conditions and states were things generally regarded as one thing can be considered another. On top of that, the canonical definition of water is H2O in its liquid form. So, depending on the context, the word water can make the statement 100% true or partially true based on how it is used and the intention of the person using it. Life is terribly imperfect and ambiguous. We have to accept that generalities are necessary for any meaningful conversation. If someone wants to argue and derail conversation, all they need to do is pick apart semantics until everyone gets fed up with the definition of is. Fresh orange juice, with pulp, is generally a more healthy alternative to coca cola. In excess, like anything, and it can be unhealthy. Sugar with balanced disaccharides (glucose and fructose in equal proportions) is not unhealthy (in fact necessary) in appropriate quantities. I can't speak to your DVD advertisement since I don't know the contents of this hypothetical example and therefore have nothing to analyze. As for Faux News? 'nuff said. :) -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] cell phone pics
They have done something with the USB connection and you need some FUSE base program to access the phone on a modern Android system. Its a pain. I use SSHDroid and use scp to get files on or off my phone or tablet i've got some pics on a samsung cell phone, but don't know how to access them. when i attach the cell phone, dmesg tells me: Oct 21 13:10:20 betelgeuse kernel: [95189.348094] usb 3-1: new full-speed USB device number 6 using uhci_hcd Oct 21 13:10:21 betelgeuse kernel: [95189.510152] usb 3-1: New USB device found, idVendor=04e8, idProduct=6640 Oct 21 13:10:21 betelgeuse kernel: [95189.510168] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 Oct 21 13:10:21 betelgeuse kernel: [95189.510179] usb 3-1: Product: SAMSUNG CDMA Technologies Oct 21 13:10:21 betelgeuse kernel: [95189.510189] usb 3-1: Manufacturer: SAMSUNG Electronics Bo.,Ltd. Oct 21 13:10:21 betelgeuse kernel: [95189.512814] cdc_acm 3-1:1.0: ttyACM0: USB ACM device Oct 21 13:10:21 betelgeuse kernel: [95189.523289] qcaux 3-1:1.2: qcaux converter detected Oct 21 13:10:21 betelgeuse kernel: [95189.523715] usb 3-1: qcaux converter now attached to ttyUSB0 Oct 21 13:10:21 betelgeuse mtp-probe: checking bus 3, device 6: /sys/devices/pci:00/:00:1d.1/usb3/3-1 Oct 21 13:10:21 betelgeuse mtp-probe: bus: 3, device: 6 was not an MTP device Oct 21 13:10:21 betelgeuse modem-manager[823]: info (ttyUSB0) opening serial port... Oct 21 13:10:21 betelgeuse modem-manager[823]: warn (ttyUSB0): port attributes not fully set Oct 21 13:10:21 betelgeuse modem-manager[823]: info (ttyACM0) opening serial port... Oct 21 13:10:24 betelgeuse modem-manager[823]: info (ttyACM0) closing serial port... Oct 21 13:10:24 betelgeuse modem-manager[823]: info (ttyACM0) serial port closed Oct 21 13:10:24 betelgeuse modem-manager[823]: info (Generic): CDMA modem /sys/devices/pci:00/:00:1d.1/usb3/3-1 claimed port ttyACM0 where do i go from here? (running ubuntu 12.04.) tia, ole dan j. daniel moylan 84 harvard ave brookline, ma 02446-6202 617-232-2360 (tel) j...@moylan.us www.moylan.us [avoid html waste.] ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] [OT RTFM]Quick SQL quesiton
I have been doing SQL for a *long* time, but I don't do it consistently enough to know the esoterica off the top of my head. There is a left join, a right join, and a full join. A full join returns null for empty elements from both sides. The left and right joins do what you'd expect. On Fri, Oct 4, 2013 at 12:25 PM, Tim Callaghan tmcallag...@gmail.comwrote: but, inner joins only produce matching records, and outer joins only give the compete set of records from one table or the other, not both. FULL OUTER JOIN? Gordon ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] our friend the nsa
I think we all agree that he *must* have been approached. The fact that he nodded his head yes bead said no is clear as to what happened. It should be clear that the fact that he was asked means a few things: (1) He has not said he did not put in a back door. (2) Others in the community were probably asked as well. (3) There are probably NSA agents involved in the Linux community covertly. (4) It is quite likely there are multiple backdoors in Linux. I wonder how much to make of this? quote NSA Backdoor Torvalds was also asked if he had ever been approached by the U.S. government to insert a backdoor into Linux. Torvalds responded no while shaking his head yes, as the audience broke into spontaneous laughter. /quote http://www.eweek.com/developer/linus-torvalds-talks-linux-development-at-linuxcon.html -- Eric Chadbourne 617.249.3377 http://themnemeproject.org/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] our friend the nsa
On 9/19/13 9:36 , Eric Chadbourne wrote: I wonder how much to make of this? think about open source for a moment. also, i do not think linus [or linux] can be subject to an NSA security letter as he is not a US citizen. He is on U.S. soil thus U.S. law applies to him. This is complete nonsense. Do you think that non-citizens are not subject to U.S. law in the U.S.? but it would be easy to fork any open source project and make the modifications you would like on it. *easy* is a relative term. -- \js [http://or8.net/~johns/] : i am alive ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] our friend the nsa
On Thu, Sep 19, 2013 at 01:33:25PM -0400, ma...@mohawksoft.com wrote: as i understand it, darwin is a fork of freebsd. It's not: http://en.wikipedia.org/wiki/Darwin_(operating_system)#History darwin is pretty dead. Apple stopped providing updates a long time ago. They didn't: http://opensource.apple.com/release/mac-os-x-1084/ Everybody's got an axe to grind... Not at all. Those are the GPL packages they are required to provide or parts that make sense for isvs. The darwin project, as a full OS as the basis of the Mac, is a parrot. -b -- a woman is like a tea bag; she never knows how strong she is until she's in hot water.eleanor roosevelt ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] our friend the nsa
On 9/19/13 11:46 , Richard Pieri wrote: Darwin, the Unix layer of OS X, is FreeBSD and the source code is very much publicly available. as i understand it, darwin is a fork of freebsd. apple has some non-open stuff in there too. darwin is pretty dead. Apple stopped providing updates a long time ago. -- \js [http://or8.net/~johns/] : i am alive ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Encrypt Everything?
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss- bounces+blu=nedharvey@blu.org] On Behalf Of Jerry Feldman The main issue is that assuming you encrypt all your outgoing emails, and most of your respondents encrypt email to you if someone with enough compute power wanted to decrypt your emails they can do it. And, essentially it comes down to the cost vs reward. So, the federal government has the resources but very few criminal enterprises would invest that much for us. enough compute power is basically a millenium of the entire energy output of our sun. If you're using strong encryption, which is a given. There isn't any implementation of weak encryption supported in email encryption anymore - only weak key management. Not even the government has the compute power to decrypt (in general) something you encrypted with a modern digital ID and S/MIME. (The lowest key strength startcom will accept is 2048 bit RSA, and they recommend 4096 bit). Yes, well that assumes a lot of things that I would have assumed a few months ago and no longer trust. Random number generators may be more predictable than we once thought, specifically if the NSA has artificially limited there effectiveness. We know SHA1 has been broken. We know that MD5 is long gone. We know that SHA2 may be close to being broken. Those are the most expensive methodologies. If as hinted by the Snowden info, the NSA has surreptitious weakened encryption systems you may have a far less encrypted data stream than you expect. For instance, most software engineers and even the more experienced ones, cryptography takes a lot of in brain ram knowledge to understand what's going on. It would be fairly strait forward to artificially limit the size and diversity of the shared secret generated in an SSL system to a known quantity of testable secrets that could never be detected by anyone's QA department. If the NSA had a list of known secrets, i.e. say 1,000,000 possible secrets out of 2^1024 then it would make quick work of any encrypted application as long as both sides have been modified. We trust that a lot of the software we use works as we expect it does. The Snowden story should make us question these trusts. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Software Development (OT?)
I have been developing software for a long time now. I'm finding it is getting very difficult. Not for the coding and designing, but for the process. I find that software development has become so process focused that actual architecture and code barely gets evaluated. I find it kind of depressing. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] how to contract correctly?
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss- bounces+blu=nedharvey@blu.org] On Behalf Of Eric Chadbourne Before you take a client, ask your accountant if you should do the 1099 or W2 with them. The answer should be either No, you don't do it at all, or Business 1099, where you do the 1099 using your business name and business EIN. The whole point is, maintain your LLC as a layer in between you and your client. You definitely need an accountant. Don't go W2! If you are an independent contractor, W2 defeats your tax advantages. A W2 means you are an employee. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] how to contract correctly?
Good morning most awesome BLUers. Question for you contractors. How do you bill your clients? About a month ago I resigned from my job, paid my bills a few months in advance, and have decided I want to and be an independent contractor. I have never done anything like this before. So far I have been very fortunate in picking up more business than I can handle just by talking with people and using craigslist. I've been charging by the hour though I notice clients seem to prefer charging by the project or milestone. What's the best way to go about billing folks? Increments of a certain dollar amount? How do you do it? A second concern is if my luck does not continue and I have to go several months without any clients. How do you stay busy? Do you partner with other contractors and share when you have to much work? Get a federal employment ID and open a bank account. Something like EC Enterprises. You'll need it. A lot of companies don't like to pay SSNs. Second, get a contract written that the entity to which you provide services must sign. Make sure it states something to the effect that although you provide professional services and take reasonable efforts to avoid copyright and/or patent infringement, there is no way you can be 100% certain that you have not inadvertently violated patents or infringed on copyright and that you can not be held liable. If you don't, you can get screwed pretty easily. Third, no contract is just a standard contract all contracts are written from a one sided perspective: screw you and protect them. Getting a contract is a negotiation and you can and should cross out clauses in the contract that you believe are unfair or unreasonable. Make sure it does not give them rights they sign away on the second step. You need to protect yourself. Walk away from business if you can't negotiate a reasonable situation. It only takes one nightmare customer ruin a good year or two of your life. Thanks, -- Eric Chadbourne ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Effort to repeal Mass Tax on Software Services
On Thu, Aug 15, 2013 at 1:27 PM, Greg Rundlett (freephile) g...@freephile.com wrote: Gordon, what is your response to this new legislation? I haven't heard arguments in support of it. I think most people, and virtually all people on this list, would view this tax as both unjust and counterproductive. It certainly damages the tech sector of the MA economy. Unjust is pretty rich, coming from a white guy complaining about taxes. There are much greater miscarriages of justice accepted without comment or complaint (and sometimes, even with approval!) on a daily basis by members of this list. In a world where we've accepted the idea of income tax, sales tax, and business-profit-tax (there's probably a better word for this), it seems a little farfetched to say that software services is the red line that taxes can't cross. There's a larger conversation to be had about taxation in general, the role of government, etc., but that's even farther off-topic. :--) While I largely agree with your take on the tax issue, I think the larger point is the autonomy and freedom to own your work. By making it very difficult to be independent, it directly affects my rights to own my work. I *own* a lot of code I wrote whilst I was contracting and was able to license that code to the client. I now work full time at a company and do not own my work. Gordon ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] encrypted basic cable
Daniel Barrett wrote: I found a similar no-set-top-box plan on FIOS for even less money, $10/month, switched, and never had a problem again. You're referring to a plan that only covers the retransmission of local broadcast stations (and probably public access stations), right? Are you using it with digital or analog tuners? At one time, and perhaps still currently, FIOS optical network terminals (ONTs) actually provided the basic channels as analog video. Something Comcast got rid of years ago. Given the architecture of Comcast's network, they had more incentive to do so, as it ate up shared bandwidth on their system. Now that the FCC has ruled that cable companies have no obligation to provide the basic tier as unencrypted digital, I wonder how long you'll be able to continue using this service without a converter box. (A converter box the FCC says you can be charged for, after 2 years.) This is why conventional cable companies are going away and being replaced by the likes of netflix and youtube. The cable companies are forcing people to rent equipment to watch conventional TV that is increasingly valueless. I mean, have you looked at prime time TV lately? There is nothing on that's really entertaining, the news is a joke, and there are so many commercials there is almost no actual show. I have basic cable and internet. If basic cable goes away, I'll buy an antenna. It will be cheaper and more flexible than their set-top box, and won't have any less content. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] On Btrfs raid and odd-count disks
Its funny, but I never considered an odd number of drives as viable for raid1. I guess its simple enough Dn + D(n+1 = N ? 0 : n+1), but doesn't feel right. Today I ran into a problem that I hadn't expected but I should have expected. Remember that Btrfs raid replicates file data and metadata, not disk blocks. If you have three disks in a raid1 configuration then any file written to one disk will have a replica written to another disk. If you have 3 times 500G disks then you have ~700G usable capacity. df reports this as 1.2T since it doesn't fully understand Btrfs. Mostly. Say you have 500G disks in a 3-disk raid set, and you've stored 150G of data. df will show 300G used and 1.1T free. That's 550G usable after dividing by half for mirroring. The largest file that you can write is still only 400G. This assumes even balancing of that 300G across all of the disks in the set. If that 300G is a single 150G file which is replicated across two disks in the set then the largest file that can be written is 350G -- the space available on those two disks. And if you do fill up one of the disks, such as by using dd like I did, then you will start getting file system full errors despite df showing plenty of usable space. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] cluster DNS servers
For the caching solution you don't need to cluster. For the service issue, I use mydns with PostgreSQL. So, using mydns to serve dns and using postgresql slow replication to keep them in sync. Hello all, Any suggestion for the cluster DNS servers? Thanks, Dave ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] [OT] Smart Phones
Mark Woodward ma...@mohawksoft.com wrote: I think I was the last human being above the age of 16 to get a smart phone. You're not the last. I still don't own one and perhaps never will. My days are already jam-packed with technology; the last thing I desire is to carry more technology around with me. #define LIFESTYLE_GENTLE_RANT 1 Other than GPS (which I have in my car), I have yet to encounter a single smartphone app that would make my life *happier*. This is not a troll so please don't respond with your dozen favorite apps. :-) My priorities are just different. Well, my reason for getting was a family vacation. I needed to be able to answer email. We are on a tight release schedule, but there is more... As I own it, I realize that it is actually less of a phone and more of a consolidation of various utilities. GPS for car, don't need it. Bike computer for bicycle, don't need it Laptop or tablet for quick email, don't need it Small notebook for shopping lists and contacts, don't need it. It isn't life changing in as much as that term means, but it does allow me to travel lighter. If I'm standing in a long, boring line waiting for something, I don't want to whip out a phone and surf the web or play a game. I'd rather think interesting thoughts, compose music in my head, read a book, or harangue the person responsible for the long delay. (I'd chat with the person next to me, but he's playing with his smartphone.) You can read a book on a smart phone. Work is insanely busy. So when I'm not at work, I like living slowly, cultivating patience. Enjoying a meal without the beep of a text message. I understand that others need to stay in contact with work 24x7. I've chosen not to live that way, and to accept whatever compromises come with that choice. (Even so, I'm having a successful career in the tech industry. It's a balancing act.) True most of the time, but any job with responsibilities has the occasional need to intrude on personal life. The only tough part is not having mobile access to my calendar. This means every so often, I make an appointment for a time that's already booked, so I have to phone later to change it. It's a small price to pay to stay unhooked. -- Dan Barrett dbarr...@blazemonger.com ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Death, and other cheery topics
On Thu, May 10, 2012 at 7:57 PM, Eric Chadbourne eric.chadbou...@gmail.com wrote: 2. The knowledge that when you die, there's no conceivable way your family could understand or operate this system, even if they are smart. I don't have a complex computing environment either. I just have a Windows laptop with a text file on the desktop titled Open If I Die. Every so often I go through and update it. Open if I die? Something to think of ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] ssl certs
Guys, I got sucked into buying an ssl certificate from godaddy for $12.99 a month which it turns out is for the first one and then it goes to $70/year after that. What's the cheapest ssl certificate I can get? Besides a self signed one. Thanks for the advice. A couple of years ago, my previous company got a godady cert, which worked fine and all, but not all the customer's browsers recognized it. We eventually had to pony up for a Network Solutions cert. The moral of the story: look at the ssl authorities your projected customers accept (based on age of the browsers and OS) and pick from one of those. If it is a web site, you sort of need to pay the cash. If it is just your stuff, roll an Inno Setup to install your cert on Windows. Seriously, I think the whole ssl authority model is fucked up, but that is a whole new level of discussion. Cheers. Steve. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] LVM vs File system file for KVM Virtual Machines?
Hopefully without getting into an augment about the pros and cons of LVM vs btrfs or zfs, does anyone want to discuss the pros and cons of LVM device for a virtual machine vs a file on a file system for a virtual machine? So, do you create a 30G file on a file system, like EXT3, jfs, or xfs and use that or do you create a 30G LVM device and use it directly? There are some benefits to using LVM and with the 3.x kernel, you could even use a thin provisioned device. Which do you suspect would be more resource efficient? Which do you think would have faster I/O? I've set up two systems, one on a jfs file system and one on an old style LVM partition. (Fully allocated). I don't see much of a difference. I suspect the LVM based system should be more efficient because it does not have to go through the intermediate file system layer to get to the device layer. Internally, the VM sees the LVM device as its own device. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] LVM vs File system file for KVM Virtual Machines?
Mark, Think about it this way: when using a file on the file system the VM has a whole extra layer of indirection that it has to go through, because it has to go through the FS layer in the VM, then the block layer in the VM, then the VM system storage layer, and then the FS layer in the host, then block layer in the host.. Whereas if it's just an LVM container then you can bypass the FS layer in the host completely. So I would always expect the direct LVM container to be faster and more resource efficient. I think that was my assumption to begin with. Great minds think alike! That being said, there is caching in the file system layer that we wouldn't get with LVM, but that may hinder more than help. There may be a little more I/O involved with a file because not only would the VM be managing the file system, the host would have to manage the meta-data for the file. Not too much, I don't think, because the file based vm would be more or less fixed in size. -derek On Thu, March 29, 2012 10:49 am, ma...@mohawksoft.com wrote: Hopefully without getting into an augment about the pros and cons of LVM vs btrfs or zfs, does anyone want to discuss the pros and cons of LVM device for a virtual machine vs a file on a file system for a virtual machine? So, do you create a 30G file on a file system, like EXT3, jfs, or xfs and use that or do you create a 30G LVM device and use it directly? There are some benefits to using LVM and with the 3.x kernel, you could even use a thin provisioned device. Which do you suspect would be more resource efficient? Which do you think would have faster I/O? I've set up two systems, one on a jfs file system and one on an old style LVM partition. (Fully allocated). I don't see much of a difference. I suspect the LVM based system should be more efficient because it does not have to go through the intermediate file system layer to get to the device layer. Internally, the VM sees the LVM device as its own device. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] I think my server is running out of something
I had a similar problem with an older machine. What is the power rating of your power supply? Quick overview of ground zero: Home-built server/firewall/mail server/web server/MythTV back end/makes coffee. Motherboard: Abit IP35 Pro with Intel Core2Duo E6750 @ 2.66GHz eth0 -- cablemodem eth1 -- intranet 6 sata ports on motherboard (JBOD, not RAID) 1 sata drive for root 4 sata drives for MythTV recordings 1 sata DVD-RW I decided to add another 1TB drive for MythTV recordings, so I bought a WD Caviar Black sata drive. I plug it into the 6th and last sata port and power back up, and the server won't boot. Unplug the new drive, and it boots. I got an idea of trying to disconnect the DVD-RW drive and plug the new drive back into sata port 6, and the server boots. Spooky. So once again I unhook the new drive, plug in the DVD-RW drive again, and it boots. Then I discovered that eth1 was dark. No signal, lights aren't lighting up. So my server can get to the internet, but the rest of the house was SOL. I reboot, and then eth1 works, but eth0 is dark, so I can get to my server from my other computers, but nothing can get out to the internet. I reboot AGAIN and finally both ethernet jacks are live. I backed away slowly thinking clean thoughts. Again, this is several reboots with no changes to hardware getting different results. Current status is that the system is back up with all the original hard drives working, and both ethernet ports working, but my brand spankin new hard drive is staring at me longingly waiting to be deployed. I have a theory that my server is running out of something (interrupts? DMAs?), and the luck of the draw is determining what devices get what they need. I can't think of another scenario where devices would randomly work or not at boot, and adding a device disables others. What do you think? What can I look at? What can I try? Thanks in advance. Side note: I stick labels on all my drives with the install date. Apparently some of my MythTV drives have been spinning almost continuously since 2007. That is impressive. And scary. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Next AMD FX-8120 update
I finally got my AMD FX-8120 8 core system and have migrated to it. My old system, an AMD Athlon Dual Core, 8G RAM is now powered off waiting for a new job. My initial problem was a bad motherboard and my biggest obstacle to migration was wife and family and the responsibilities there of. So, quick summary: AMD FX-8120 8 core CPU 16 Gig RAM 1TB Boot drive (new) 1.5TB Data drive (removed from previous machine) Ubuntu 12.04 My first impression was that it is not much faster than the old Dual Core Athlon when running a single task, but that turned out to be false. It does seem faster than the previous machine. I only have anecdotal information. Does anyone know of a good Linux benchmark? At work we have IBM servers using XEON Westmere processors, running similar clock speeds, the inexpensive AMD calculated SHA1 hashes faster than the XEON. I was surprised. The big win, of course, is multiple processes and threads. With the extra RAM, I am able to create good sized virtual machines with multiple CPUs. The processor itself is interesting. It isn't quite 8 true processors, but it isn't quite as useless as Intel's Hyperthreaded cores either. I will need to find time time to really test it. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Next AMD FX-8120 update
Here is an output from sysbench: FX-8120: markw@snoopy:~$ sysbench --test=cpu --cpu-max-prime=2 --num-threads=8 run sysbench 0.4.12: multi-threaded system evaluation benchmark Running the test with following options: Number of threads: 8 Doing CPU performance benchmark Threads started! Done. Maximum prime number checked in CPU test: 2 Test execution summary: total time: 3.2178s total number of events: 1 total time taken by event execution: 25.7120 per-request statistics: min: 2.23ms avg: 2.57ms max: 4.94ms approx. 95 percentile: 2.71ms Threads fairness: events (avg/stddev): 1250./1.87 execution time (avg/stddev): 3.2140/0.00 AMD Phenom(tm) II X4 925 Processor markw@huey:~$ sysbench --test=cpu --cpu-max-prime=2 --num-threads=4 run sysbench 0.4.10: multi-threaded system evaluation benchmark Running the test with following options: Number of threads: 4 Doing CPU performance benchmark Threads started! Done. Maximum prime number checked in CPU test: 2 Test execution summary: total time: 8.3527s total number of events: 1 total time taken by event execution: 33.4005 per-request statistics: min: 3.28ms avg: 3.34ms max: 10.62ms approx. 95 percentile: 3.35ms Threads fairness: events (avg/stddev): 2500./35.81 execution time (avg/stddev): 8.3501/0.00 I finally got my AMD FX-8120 8 core system and have migrated to it. My old system, an AMD Athlon Dual Core, 8G RAM is now powered off waiting for a new job. My initial problem was a bad motherboard and my biggest obstacle to migration was wife and family and the responsibilities there of. So, quick summary: AMD FX-8120 8 core CPU 16 Gig RAM 1TB Boot drive (new) 1.5TB Data drive (removed from previous machine) Ubuntu 12.04 My first impression was that it is not much faster than the old Dual Core Athlon when running a single task, but that turned out to be false. It does seem faster than the previous machine. I only have anecdotal information. Does anyone know of a good Linux benchmark? At work we have IBM servers using XEON Westmere processors, running similar clock speeds, the inexpensive AMD calculated SHA1 hashes faster than the XEON. I was surprised. The big win, of course, is multiple processes and threads. With the extra RAM, I am able to create good sized virtual machines with multiple CPUs. The processor itself is interesting. It isn't quite 8 true processors, but it isn't quite as useless as Intel's Hyperthreaded cores either. I will need to find time time to really test it. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Next AMD FX-8120 update
On 03/18/2012 12:02 PM, Richard Pieri wrote: What you will typically find is that if your threads are CPU bound then you will see better performance over the long term with HT disabled. The reason is that the phantom CPUs that HT provides need to share cache and memory bandwidth and there is some extra switching overhead. The upshot is that if you have 1 CPU with 2 HT threads and 4 CPU-bound jobs to run, the total time to run all 4 jobs will be less with HT disabled. As an aside for anyone running a Condor pool, disabling HT is recommended for this reason. On the other hand, if you are not CPU-bound across all of your threads, or in environments where concurrency is more important than throughput, then HT may be a win. AMD's Bulldozer architecture has less resource contention than Intel's HT implementations (less overhead) but two threads on 1 core still have to share some resources and you will usually see results similar to what I described. In Toronto they always turn off HT. I ran a quick test and found that the RiskWatch application runs better with no HT. There is certainly some benefit to HT under some circumstances. The problem isn't with hyperthreads per se' it is a problem with system schedulers not knowing the difference or how to use them. Hyperthreads are sort of a micro-NUMA environment. Sometimes, it is best to put a HT semi-core to sleep instead of using it because there is no appropriate job for it to run and running another job would affect its peer. One of the things I was concerned about the FX-8120 was the shared resources of the cores. So far it doesn't seem too bad. Even though core pairs share a numeric processor and some caching, they seem to schedule fairly well independently. So, like I said, they aren't truly full cores, but they don't seem similarly limited. -- Jerry Feldman g...@blu.org Boston Linux and Unix PGP key id:3BC1EB90 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Looking for a user space NFS implementation
For reasons beyond the scope of this message I am looking for a well supported user-space NFS implementation. The only somewhat viable one I have seen is unfs3, and it appears it hasn't been modified since 2009. Does anyone know of anything being actively developed? Additionally, does anyone know of a user space NFS server that will follow symlinks instead of presenting as symlinks? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss