Slashdot Mirror

Heh, from http://download.pureftpd.org/php-skein-hash/distinfo MD5 (php-skein-hash-0.8.tar.gz) = e6000c115a1594b4de4f1db86270399c

A PHP extension for the Skein hash is now available.

You can download it from:
http://download.pureftpd.org/php-skein-hash/

Check out libpuzzle : http://libpuzzle.pureftpd.org/project/libpuzzle

It's also designed to quickly find similar images, even out of millions of images. The documentation describes a possible indexation technique (as suggested in the original paper):
http://download.pureftpd.org/pub/pure-ftpd/misc/libpuzzle/doc/README

Images are stored as 544-bits signatures by default.

Check out libpuzzle : http://libpuzzle.pureftpd.org/project/libpuzzle

It's also designed to quickly find similar images, even out of millions of images. The documentation describes a possible indexation technique (as suggested in the original paper):
http://download.pureftpd.org/pub/pure-ftpd/misc/libpuzzle/doc/README

Images are stored as 544-bits signatures by default.

Actually the session system is very similar to PHP : session variables are stored in memory, so your load-balancer has to manage session/server affinity, and if you can't afford to lose your session data, you have to activate session replication an this is a PITA (both design- and performance-wise), anyway you should not rely on session data in the first place.

But this isn't all that similar. PHP Session variables are stored in any number of places - on disk, in memory, in a database, or in any user-defined manner, which leads to interesting possibilities such as ShareDance.

This gives you the ability to decouple session management from any specific server - your load balancer doesn't have to care one whit about sessions, making their use much more reliable and trustworthy. BTW, ShareDance scales VERY nicely, and for me, took about 20 minutes to install.

Usually, Java performance mostly depends on developper culture, quantity of black-box code, and the use of XML. I've seen really awesome performance achieved in Java.

Yes, you can avoid the painter's algorithm in Java, too. =) I didn't mean to pick on Java, but it's shared environment does cause issues when you try to get it to scale.

If each page needs around a hundred or more queries, your application was very badly designed.

You need to use caches, like Smarty, PEAR::Cache, AdoDB cache or Skycache.

I have some experience with administration of web sites with very high traffic. My previous experience was with p0rn sites (lots of sites, lots of concurrent accesses). My current job is at Skyrock / Skyblog, that serves about 25 million pages every day.

In both jobs, the infrastructure was extremely similar.

The entry point is one (or more) load balancer.
A load balancer will not only blindly allow you to have multiple backends. It will also accept client connections, buffer the request, get the data from already established (keepalive) sessions, buffer it, and transmit it though large chunks to the client. This, alone, really helps to reduce the number of Apache processes that are taking resources (especially memory) for nothing.

The load balancer can also do other things, like protecting the servers against some attacks, plotting the current workload of every backend, compress HTML pages, etc.

At my previous job, we were using Foundry Serverirons. Now, we are using Zeus ZXTM http://www.zeus.co.uk/ with great success. Although it's very expensive software, it's way cheaper than Foundries, way more configurable, way more user-friendly and we are very pleased with it so far. A single PC handle 300 Mb/s (Linux 2.6 is needed for epoll).

The load balancer can also be configured to send the requests to this or that server according to the request.

Thus, servers are dedicated to specific tasks.

We have a bunch of static servers for static HTML, CSS, images, etc. They run minimal Apache servers, designed for speed, with NPTL and the worker MPM. Non-forking servers like thttpd or lighttpd is also an option. The static servers are mainly old P3 machines, with only 512 Mb RAM.

Then, we have servers for PHP. The Apache they are running is huge (our web sites need a lot of modules), the hosts are dual 3 Ghz Xeon with 2 Gb RAM and there are some other specific tweaks.

Content differentiation is important. It's a waste to spawn huge Apache process to serve static stuff, just because the same host should also be able to serve PHP. Also, tuning (esp. NFS) is very different for static and dynamic content. And as a specialized server often serves the same files, caching is more efficient.

We run Gentoo Linux on all web servers, plus one DragonFlyBSD (mostly for testing).

The same content differentiation is made for SQL server. One SQL server serves one sort of thing, so that caching is efficient. Also don't forget that on x86, Linux and MySQL can hardly use more than 2 Gb of RAM. So with big tables, this is really annoying. We are switching SQL servers to Transtec Opteron-based servers for that.

On high traffic infrastructures, the I/O is often the bottleneck especially if you serve a lot of different content.

For our blog service, we had to buy a Storagetek disk array with 56 disks (fiber channel, 15k) in RAID 10. As NFS would introduce too much delay, we directly plugged two web servers to the controller of the disk array. These web servers are the NFS servers for the PHP servers, but they also directly serve the static content.

The access time of hard disk is really annoying. For shared data, but also for databases. We found that RAID 5 was way too slow (even with the high-end Storagetek/LSI controller) since we have about 1 write for 5 reads. So we had to switch everything to RAID 10. It really performs better, but it's obviously more expensive.

Another bottleneck was the share of PHP sessions between all load-balanced PHP server. We first used a MySQL/InnoDB-based solution, but it poorly scaled. That's why I had to write specific software : Sharedance http://sharedance.pureftpd.org/

In a high-traffic infrastructure, my hint would be to use many modest, but specialized servers over one huge mega-fast server that does everything. This is way more scalable. And easier to manage, even from a financial point of view. You can b

Yep, same thing happened to me. So, I just installed PureFTPd, partially because there is a pretty god (and free) management frontend out there for it.

One of these talking points is to license software developers and make them accountable for security breaches.

It seems to really prevent all possible security breaches, you need to prove that the program is correct first - I don't know of many entities that even try to prove their programs. I have heard of a few telecom infrastructure programs, but remember the big SS7 outage caused by one tech some years ago? The SS7 code is probably better "audited" than most code but would that outage have been construed as a "security breach"? - Yes, after the lawyers were done with it.

What about how quickly the world changes after a program is released? You use the best encryption technology of the day, you prove your programs correct, not just audit the code or use "good" software engineering/management methodologies. But you used DES (back in the day) or MD5 more recently, then MD5crack comes along or quantum computing and suddenly you are responsible for a "security breach" because of some exploit that didn't exist when you created the program.

That is nuts, who would want to sign up for that?

Besides DJB does anyone even have the balls to reward people for finding security problems? Or even advertise security as a feature? OpenBSD (yeah, I know its dead, blah, blah, blah), pureftpd, NSA Linux
I expect not many others, because people expect code to have security issues.

Since security is such a big concern now (and in the past), I would think that people who wanted to show off their programming prowess would be bragging about how secure their code is. But no one does, that I know of - why? because its just damn hard to be sure that the code is perfect - which is what is required to prevent all possible security problems. So where are all these people with the big security cahones going to come from?

Can a program be proven correct for all inputs?
If it isn't stateless then can each permutation of state and input be proven?
Are all the protocols used by the program verified?

The impossibility of preventing security breaches seem to make this kind of government action more likely. Burn the witches!! They hexed our computers, and were seen in the woods cavorting with unaudited code fragments!

Since I don't run an FTP server, I couldn't tell you for sure. I believe that ProFTP is supposed to be fairly capable. I also note that OpenBSD seems to lean toward PureFTP. Not sure what to make of that, but given the OpenBSD philosophy towards security, I'd say it's probably not a bad choice.

If they new what they were doing they would have been using Pure-FTPd.

Do you had tried PureFTPD? I'm newbie on Linux, and it was very easy to install and configure.

This FTPD focus on security: Unlike other popular FTP servers, the number of root exploits found since the very first released version is zero. (taken from its website)

Do you had tried PureFTPD? I'm newbie on Linux, and it was very easy to install and configure.

This FTPD focus on security: Unlike other popular FTP servers, the number of root exploits found since the very first released version is zero. (taken from its website)

Was overseas for several months, and no less than two weeks after I'd arrived at my home away from home, bugtraq had postings related to the wu-ftpd remote root vuln. Since I was on an insecure network (they were blocking port 22), I had to have a friend back home block the port on the router since he didn't know the root password on the ftp server.

However, pureftpd works great! ;)

Seems to me that the really nasty vulns lie in wait while you get yourself into the worst situation possible for handling it. :P

As a proof of concept, I rewrote FTPD in my favorite modern language; the source went from 24,000 lines to 3000 (including support code, like PAM_MD5 password encryption), took me only a weekend to write, and is 100% buffer overflow / format string / heap corruption free.

I realize that correctness comes before performance (except that shipping the product is Job 1), but performance remains an issue on real-world production servers connected to a fat pipe. Does the compiler for your favorite modern language support binary code optimizations that let your ftpd run as quickly as a popular C ftpd? Does it have a GC thread that might kick in and cause delays? Or did you just use bounds-checked C++ arrays and strings?

(Heck, why even use FTP anymore? HTTP/1.1 is lighter weight, doesn't need a separate connection for each file, and doesn't have a built-in way for spammers to build lists.)

If Forth is so great, why didn't you write your Pure FTP daemon in Forth instead of C?

Now, when someone will show how good he is in maths, I will tell him about that. Chances are that he'd never have heard about this discovery, and he will shut up.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Are Macintosh running Outlook also vulnerable to these shits ?

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Don't use password authentication with SSH / OpenSSH .
The beauty of *SSH is that you can use crypto keys for authentication. With ssh-keygen -tdsa , you create a pair of keys. id_dsa is the private one (keep it on your computer), and id_dsa.pub is the public one. You can copy the public one in ~/.ssh/authorized_keys2 on every server you are willing to access. The public key can be given to everyone, you can even put it in your signature so that people can grant you access to their machines if they want to.
When the public/private keys matches, you can log in. No need to enter any password. Simple. Fast. Easy. Really handy (especially with scp). And it's secure. Don't tell me "yeah but if your client computer gets rooted, the bad guy can grab your private key". First, LIDS can hide the private key. Then, you can add a passphrase if you want. Next, if your computer gets rooted, the bad guy can always install a keyboard sniffer.
Try DSA authentication. It rules. And it solves the problem of people chosing trivial passwords. Once you only use DSA authentication, you can disable password authentication in your sshd_config file.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Looks nice. However, I can't see the price. How much are they ?

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

...and even babies, check my OpenBSD baby .

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Mozilla, XMMS, Gimp, Compupic, Gphoto, Balsa, Freecell, ...
-- Pure FTP server - Upgrade your FTP server to something simple and secure.

People familiar with Windows or MacOS will be lost with Gnome, or any new user interface. Because they already know icons, locations, shortcuts, etc. Working on something different needs time.
My girlfriend never used computers before we met together. And on my computer, there's only OpenBSD, FreeBSD and Linux. I showed her how to log in, browse internet, paint, play music, print photos, etc. Her desktop has icons for main applications.
And she's not lost. She can use the computer without any help. With Linux, FreeBSD or OpenBSD.
The last week, she had to work on Word 2000 at her daily job. She was totally lost, found Windows slow and ugly, didn't understand why the word processor had so many complicated buttons and menus, etc.
So no interface is more intuitive than another. It's just a question of what you are more familiar with.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

1 Tb for $5000 is nice. Size is one thing, but the underlying software is another thing.
Netapp filers are expensive, but excellent because the filesystem (designed by former SGI employees, who designed XFS) rocks. It's fast, it's damn reliable, and the "snapshot" feature kicks ass. Also, their NFS implementation works flawlessly (and this is a *rare* thing) .
So SDSC has a nice project on the hardware part, but I wouldn't trust them for production servers.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

"Good stuff takes 10 years"
This guy must be talking about red wine, not software.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Almost everybody left Napster, and with the 99% blocking, I don't think Napster will ever be a popular service anew.
The court decision doesn't change anything. Instead of ordering Napster to close its doors, they have a green light, but they must block anything and lose all their visitors. The result is the same, only the form changes.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Web sites using Java applets are lousy. Most of the time, Java is only used for useless bloat like animated buttons or customized menus. It needs a lot of memory and CPU for this crap.
I'm using Opera on Linux, without Java support. And it's great. I really don't need a Java-enabled browser. Java is now old-fashionned, webmasters leaved it in favor of Flash. Flash achieves the same thing, but it's lightweight, less bug-prone and creating flash files doesn't require any programming knowledge.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

The article only states that Ximian and Microsoft just *talked* together. Nothing more. Microsoft didn't help the project in any way yet, and chances are that they'll never do.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

And what about Thinkgeek, also selling over-cafeinated mints and drinks ?

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

How long will postcards need to go to the earth ?
Will there be plenty of bandwidth ?

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Moby did a similar challenge some years ago. On an album, there was an accapella of "everytime you touch me". But the mixed song wasn't released. Moby asked people to do something with this accapella. Then, the "everytime you touch me" single was released, with Moby mixes and contributed winner mixes.
Also, a bunch of Moby fans worked on a compilation of remixes called "Thanks" (find my "emptiness" remix there) . Moby got a piece of that compilation, enjoyed it, and proposed his help (original samples) for "Thanks 2".

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Actually, "cd quality" means poor quality. Honestly, a CD has a flat sound. Every CD sounds the same. Unrealistic.
12" vinyl records have much dynamic. More punch. If you listen to classic music on vinyl, you hear every instrument as if it was really nearby you. You don't get that feeling with a CD. Because a CD has only 16 bits of dynamic, music is overcompressed. Quiet music doesn't give anything on a CD. And when parts of the music become louder, there's a small difference of amplitude, but it has nothing to do with what real musicians played originally. Vinyl reflects this in a far better way.
Things may change with SCD (24 bits, 96 khz) . But the CD is definitely something lame for audiophile experts (nothing to do with the original music), for electronic music (the music isn't very punchy compared to vinyl), and for DJ's (I really hate mixing on CD, and I can't imagine hip-hop DJ's with CDJs) .

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Unless the sampled song is free of author rights, sampling is subject to severe rules. You can't freely sample something and use it in your own songs unless the result substantially differs from the original sample.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

You're playing with words. Producing music costs a lot of time and money. With Napster/Gnutella/whatever P2P software, music makers get less money back. So you're *stealing* them.
Fortunately, vinyl presses are very expensive. So DJ's are still buying a lot of records.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Oficially, Napster is not supposed to be a system to share copyrighted songs. It's supposed to be a way for musicians to share their music. Free music.
And that idea is really great. It'd have been wonderful for music makers if the rules had been respected.
But it hasn't been the case. Napster is a tool for piracy. Only copyrighted materials here. And not only music from majors full of $$$, there's also a lot of songs from little labels as well. Without their agreement. That's bad.
People are crying because Napster is dying. But they don't even realize that they really *stole* commercial songs. This is shameful piracy. Blaming the judge or blaming Napster that only filters 99% is stupid. Blame yourself. Blame stupid users that violated the rules and turned something legal into a 100% illegal stuff.
Internet is nice to share opinions, to ask help, to work on free software and to share *free* stuff. Using it as a convenient way to share warez/commercial movies/commercial songs is a shame. People doing that should better shup up than yell "oh shit, someone wants to stop us from stealing commercial stuff. Fuck him, we will have to install another software to do the same thing, it will take 5 minutes of our precious time".

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

GRSecurity is a similar project. It's a big kernel patch that contains a lot of unofficial security enhancements for a linux kernel. Some unmaintained patches have been ported to latest kernels, other patches have been merged to work together, and some extra improvements have been added.
The most important things are PAX and Openwall to reduce stack smashing exploits, /proc restrictions, setuid capabilities drop, and LIDS.
I'm running GRSecurity since it was announced on Freshmeat on various loaded production servers. It works like a charm. I just found PAX somewhat slow, it's why I dropped it for Openwall.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

TO7 is a bad example, because you could purchase it with a real mechanical keyboard (the same thing applied to other Thomson computers. I had a MO5) .
It was also the case for most old 8-bit computers. ZX80/ZX81/Spectrum also had a flat keyboard, but you could also buy a mechanical keyboard.
Flat keyboards are error-prone. You can easily type a key twice, or mix characters if you press two keys by error. But when they require a zero force (or a low force), they are relaxing for the wrist. And damn quiet.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

It's always the same story : security through obscurity doesn't work. We already saw that with DeCSS.
When people need to close sources and algorithms of a crypto system, it's almost always because it's flacky. They don't trust their own algorithms. They don't want other people know how they are working, because they know the algorithms can easily be broken when you know their mechanics.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Actually, people are already paying for content like on-demand TV programs and Minitel.
People refuse to pay when something has been free for a while. It's mostly an internet-only problem. There have been tons of free resources on internet, so people don't want to pay. In their mind, Internet == free for use. If you change this, they will yell.
It's just like Napster and software piracy. People who got free music and free software will know that it's possible to get free commercial stuff. So they will try to get them for free forever, even if it's illegal and immature. You can have strong laws, add filters and crazy control systems. People won't play the game. They used to get something for free, they don't want to pay any more.
They would pay for something that has never been free. Going to a cinema isn't free. Going to a disco isn't free (well... sometimes it is, but you always drink something) . Having food on the table isn't free. A car isn't free. People accept it. People buy these stuff. It's why the traditionnal commerce works, while e-commerce is a joke.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Sorry, but what is Webvan ? I've never heard about it so far.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

OpenBSD has a very young female hacker

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Rootkits and exploit scripts often come with a little disclaimer : "for educational purpose only", "it's only a proof of concept", etc.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Yup, 4 Mb is 100% of the RAM my Atari Mega STE has. And 4 Mb is the maximum amount of RAM I can plug into it.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Je capte pas, pourquoi tu aurais le droit de faire ça avec des vinyls alors que c'est interdit pour des cd ?
-- Pure FTP server - Upgrade your FTP server to something simple and secure.

TPJ is an excellent publication for programmers. Not only for Perl programmers but for all programmers. There are very good algorithms and ideas to solve problems.
TPJ has only 2-3 pages of blah-blah and news of the world. The rest is 100% listings. These are solutions to real-world problems, with always good explanations from the author. It's also an excellent way to discover powerful Perl modules you never heard about before.
The only nasty thing about TPJ is when you live oversea. I live in France, and the paper edition of TPJ always comes to my mailbox 3 months late.
TPJ is that sort of magazine you don't throw away. You keep it, you archive all issues, because they are like an excellent up-to-date reference book.
I'd strongly suggest any programmer to subscribe TPJ. *But* you have to already know Perl to understand everything. TPJ isn't a good magazine for beginners. All articles assume that you already know all Perl basics (and some Perl intrinsics too) .

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

It's really funny to see how popular Loft Story has been. Celebrity #1 : Loana. Nobody hear about her before Loft Story, and she's far from being as cute as Nikkie.
I can hardly understand why Loft Story has been so popular on Google. Loft Story is only a french TV show, while Big Brother can be watched by far more people (english language) .
Anyway, Loft Story is over now. The game ended yesterday. Loana and Christophe won. We'll have to wait until 2002 to see Loft Story 2.
It was the first time something like Big Brother happened in France, and I have to say.... that I really loved it. As a proof, you can check my Loft Story for Unix client.
But I still can't figure out why Big Brother has been beaten in Google's audience.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Waahhh... les miennes n'ont jamais été acceptées, huhuh (c'est con, j'aurais bien aimé voir celle sur le problème des licenses liées à un auteur particulier, et ce qu'elles devenaient après sa mort) .

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Ahaha, ça roule. C'est rigolo de te retrouver sur ./
-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Everyone has stereo hardware, nowadays. And even prologic and 5+1 . And what's Ximian doing ? Trying to implement mono . It's already obsolete.

-- Pure FTP server - Upgrade your FTP server to something simple and secure.

Yup, but your brother is crazy :)
(Jedi)

-- Pure FTP server - Upgrade your FTP server to something simple and secure.