Yup, I happily fork my CC number over to anything that reasonably legit. Of course, my bank is nice enough to create a unique CC number with a charge limit on my request, so there's only so much they can steal.
Well, you'd still need keys on your laptop to get to the server. So now you have two places where your keys can be stolen and used to login everywhere you trust your keys.
For the case where you actually do need direct communication between two servers you probably want to do agent forwarding instead of having more keys in your authorized_keys. Remember that every single entry there is a point of failure, and any one of them getting compromised means that your account is likely to get owned.
Now there are special cases where having more keys is useful, but most of the time they just open up more vectors for someone to steal them and break into other computers.
Of course, even then, they are better than passwords, at least if they have proper passphrases. Not too uncommon to see lots of passphrase-less keys in home directories on multi-user servers though.
It is an unfortunately common case that people copy/create private ssh keys on servers to login (or scp) from those to another remote host. These keys are of course compromised.
Back-of-a-napkin simulation, one train every other minute out of each penn and grand central, 5k per train (long trains with people standing), about 24h. So not terrible, but would require both lots of planning, lots of resources (especially enough rolling stock to get people to where is safe and then return empty in time to not have gaps in the schedule), and great execution.
You could probably augment this by using the subway to get people out a bit and then having more places to change, depending a bit on where the bottlenecks are in the rail system. Also depends on how far they need to evacuate, are [some of] the endpoints of metro north good enough?
Highways might help if few enough use them, but the problem there is that capacity goes down significantly once overloaded. But in terms of a mass evacuation, it'd probably be best if the roads were kept reasonably clear for buses and evacuations for the elderly and sick that can't stand upright for an hour or two.
One of the many possibilities for choosing the local part of the network is using the MAC address of the network interface. There are several other choices available, like choosing one manually or generating a random one (you can in fact generate random ones rather frequently, see "privacy extensions").
Depending on your OS vendor, one of these will be the default behavior, but you don't have to do it that way if you don't like it.
If you are nitpicking, how about the fact that the team is not headed by Geim at all, but by Physics Professor Michael S. Fuhrer of the UMD Center for Nanophysics and Advanced Materials. The only mention of Geim is as one of the two recipients of the Nobel Prize in physics for their graphene work.
I agree, IRC is by far the best group communication tool for distributed teams.
I also use jabber for one distributed work project (the one where I've been spending most of my work time the last 3-4 years or so), but it is often troubled and seldom "just works" for all involved.
Voice, video, etc might be occasionally useful, but not the basis for working. Running most stuff that needs coordination through the group chat is not very distracting for others, yet gives them a chance to know what's going on in the team too. If it starts getting too much, there is always the option of private chats or a new channel to talk in.
If you're using self-signed certificates then you need to be in close enough touch with your users to reassure them about the browser warnings. If you have too many users for that to be practical then you shouldn't be using self-signed certificates. Otherwise, you're acting like my bank, who cold call me and then wonder why I won't answer their security questions - they know they're genuine, but they can't get it into their heads that the customer doesn't know, and shouldn't assume, that.
Note how you are saying "you shouldn't be using self-signed certificates". What this means for most places is "you should not support https". How is this more secure?
They are safer, because there is a set of conditions that unverified ssl will protect against (fully passive sniffing), and there is no attack against an unverified ssl session that doesn't apply to a plaintext session.
The whole point is that a self-signed certificate is in no way less secure than plaintext, unless the UI does stupid things telling the user it is secure. But browsers treat it the other way around where plaintext is fine but a self-signed certificate is a huge warning. Same thing with expired certificates, etc.
Now a proper way of handling that would be ssh-style remembering of keys, but that won't happen anytime soon. And thus, the web will be plaintext http "forever", unless possibly you could bootstrap self-signed certificates via dnssec, which might also work. The current situation is clearly not going to improve much.
But you do need big buffers to be able to do fast single tcp transfers! You need at least rtt * bandwidth in buffer in any place that has a faster uplink than downlink, like distribution switches for instance. And that's several megabytes, per port, in the today's gigabit ethernet world. Otherwise you're going to get bad to horrible throughput for high latency transfers.
Now, big buffers also need a decent buffer management (just trivial RED is orders of magnitudes better than "lets just fill the buffer up and then drop everything"), but going to small buffers isn't helping.
This is one of the hardest thing to get in a distribution switch, decently sized buffers. Most switches have horribly small buffers, or no documentation at all on sizes. Usually you have to go up to the chassis based ones to get something not horribly small. And if you want intelligent queue management so you can have both throughput and low interactive latency, well, I've heard Juniper makes one of those. Unfortunately at quite a bit higher price point than the cheap procurve/netgear stuff.
But, Ariane 5 (ATV version) already can put 21000 kg into LEO, at what seems to be competitive cost (one number I saw was just $180 million launch cost, but I'm not sure if that's for the ATV version, anyone with proper numbers?).
So, I don't get the why of this, other than making it half American to be a little bit easier for NASA to swallow politically than sending money to other than directly to ESA. Otherwise, this seems like a big development undertaking just to end up with the same capability that already exists in the Ariane 5.
In a modern server the fan speed (and power use) varies with the in-temperature. Saving 20kW on AC by running the room warmer doesn't help much if your computers increase the load from 200kW to 240kW just due to increased fan speed.
I see no mention of this in either Intel's or MS's experiments, even though it is the big reason our machine room is speced at max 18C intake air. Of course, we spend roughly 5kW to cool 240kW, so I can't really bring myself to think this is a big potential for improvement.
But both Ubuntu and Debian have central security mirrors for security updates, which are added by default.
For this it doesn't matter (much) if a regular package mirror doesn't have the latest openssh, the security mirror will have one with the security fix in.
Now, there could possibly be some cases where security fixes gets published as regular updates where a replay attack could be successful. If the story would load off the apparently slashdoted web server, I could see if they had seen such issues, etc.
Actually, a competent implementation of challenge-response tokens will make it rather hard to MITM you to get money out of your account. My (Swedish) bank not only require the token for logging in, but also to confirm new recipient account numbers and the total sum of transfers. This confirmation is based on the account number or the total, so I can verify it from the invoice (or other source). Of course, this requires me to check the "challenge" against the source information and not just trust the things written on the screen, but at least some of us take that care (and there are reminders on the page next to the numbers).
Now, they can steal my information and get logged in by careful spoofing, where they can make a mess out of things by transferring money between my own accounts, learning about my habits from history and probably get hold of my credit card number, but on the grand scheme of things it is probably easier to skim credit cards elsewhere. I don't really see how they'd manage to get money out of my account with this setup, even if they root the client or breaks the https, as long as the token is secure.
The thing is, in the final fantasy games I've played (including mentioned FFVII), you don't have to do all that stuff in order to finish the game. In fact, if you instead of following strategy guides pay attention to the game, you could have a good time but not find all those easter eggs.
When I played FFVII (back in 97, so my memory is a bit fuzzy, but I think it took me about 35 hours) I never even got the character Vincent, and this was not a problem to finishing the game. Sure, I might not have seen every single screen or heard every single scripted line of "conversation" or gotten every item in existance, but you don't have to. The final fantasy games are enjoyable without getting all the ultimate weapons, doing all the side quests, etc, etc.
I think it is rather a good sign of games to be so designed that there are elements to be found for those that enjoy racing and breeding chocobos, dodging lightning bolts, or whatever, but still be playable and enjoyable for those of us that don't want to do all that crap. I didn't read a strategy guide, I just played the game, making somewhat intelligent decisions of where to go based on the information given in the game and some exploring.
You know why he's spewing all that shit? The same reason as Bush, he gains domestic support for it. Just as Bush gets points for being "hard on terrorism", Ahmadinejad gets points for standing up against the west (or any other power that tells Iran what they "must do").
When it comes to the talk they both spew, Bush has to push hard on Iran to please his voters. And Ahmadinejad has to show that he won't back down when pushed, which in turn requires Bush to push even harder. One can only hope that there are other words exchanged, among others in power.
That said, I don't really know how this can be solved. Iran with nukes would be scary. But then, so is North Korea with nukes. And Pakistan & India with nukes. And Israel with nukes. We live in interesting times, lets just hope to live outside any major fallout. Well, beside hoping that the US remains the only nation to ever drop nukes on cities full of people
> Where do I get a 250-300 watt powersupply with 12 SATA power connectors?
You don't need to. All the current drives have molex power connectors too, right? If you are unsure, check the specs. Hitatchi's OEM data sheets are great in that regard, since they tell you everything.
Then get a bunch of molex Y-adaptors, they're really cheap. I haven't seen SATA power Ys yet, but hopefully that's just a matter of time.
Take a good look at the current requirements for the drives though. At 12 drives you're heading into the region where most PSUs won't supply enough current. The startup current for 12 current hitachi sata drives is 1.8*12=21.6A at 12V, and most PSUs are only rated at 12-18A.
Also, watch 5V too, the current draw at "max r/w"-load is 1.3A on both 5V and 12V (on those hitachi drives). Even beefy PSUs in the 600+W range most of the time only have 20-30A at 5V, even when they have 3x18A 12V. That's probably enough for 12 drives, but if you want to scale it up you can run into stability problems.
I know this, since I just put together a machine with 18 drives in it, and had lots of power trouble at first.
See, this isn't "my" selling point for a DSLR, rather that all compacts are horribly slow. Both in startup and autofocus/shutter lag. This and light-sensitivity are much more important to me than interchangable lenses, assuming the lens on the camera is good enough of course.
Now, this particular camera is a first generation of its kind and it does have some issues (most touched on in the article and the dpreview: awkward lcd placement, no closeups, crippled burst mode). But I could see myself buying this kind of camera in a few generations.
Having gotten used to the tilt-and-swivel lcd on my everyday compact, I find it very inconvenient to pick up a DSLR and having to use the viewfinder. Sure, for manual focus it makes some sense, but that is a special case I care much less about, compared to getting resonable shots from the hip or from an arms-length up above my head, or taking pictures from the ground without having to crawl on it to see where I'm aiming.
Yes, but Sun isn't actually going to be developing that line of processors anymore. The future for Sun's sparc-based computers are either the niagara design or the Fujitsu sparc64 design.
The sparc64 chips are faster than the ultrasparcs anyway, so someone just taking the now open sourced ultrasparc design and doing slight tweaks are not going to be able to compete with sun on performance, and they'd need huge volumes to compete on price/performance.
Re:Great for Electricity but...
on
Artificial Tornadoes
·
· Score: 5, Insightful
And every time someone comes up with the idea of electric cars, I usually see here the argument that there is no point, because "electricty is made by burning oil anyway"...
The fact that fossil fuels are being burnt to generate electricity should give you a hint that better ways to generate electricity is really needed.
Well, that or people getting happy about having a nuclear power plant in their back yard.
Here's a mirror, only has the highres content right now, since the torrent was way faster than the plain http download. But it will get there eventually too.
Feel free to hit that, we can handle the load.:) If you need to offload your servers, you can provide http redirects to that host, once we have the wmv properly downloaded too.
Well, other than beowulf, there is NPACI(sp?) Rocks and a few others like that. I don't have personal experience with those though, so I've probably missed alot. Then you have the turn-key ready cluster from a vendor type of ready clusters. There you pay IBM or Penguin Computing or whoever to do all this for you before startup, of course, then the maintenance is up to you.
By components I mean software, since hardware is basically just a bunch of servers (or desktops), with optionally faster than commodity network and some stuff like that. The optional parts depend on what kind of applications that you run.
The most important cluster components are a base operating system and a batch scheduler like torque or slurm. There are also communications libraries (MPI and friends) and optimised math routines (matrix calculations, FFTs, etc) for some application types.
Then we have the administrative side, where it isn't that specific to HPC clusters, but a general matter for anyone that is handling a large number of similar machines. You want to have an automatic installation method, not answer 25 questions on the console every time you need to reinstall or add a node. You want to have a convenient way of synchronising configuration and settings. You want a distributed shell to run one command on all/many/several nodes without lots of arrow up and command line editing.
This should be familiar to both cluster admins and admins of server farms or large deployments of desktops too. Automate repetitive tasks, choose tools that reduces the maintenance burden, etc.
Slashdot Mirror
Yup, I happily fork my CC number over to anything that reasonably legit. Of course, my bank is nice enough to create a unique CC number with a charge limit on my request, so there's only so much they can steal.
Well, you'd still need keys on your laptop to get to the server. So now you have two places where your keys can be stolen and used to login everywhere you trust your keys.
For the case where you actually do need direct communication between two servers you probably want to do agent forwarding instead of having more keys in your authorized_keys. Remember that every single entry there is a point of failure, and any one of them getting compromised means that your account is likely to get owned.
Now there are special cases where having more keys is useful, but most of the time they just open up more vectors for someone to steal them and break into other computers.
Of course, even then, they are better than passwords, at least if they have proper passphrases. Not too uncommon to see lots of passphrase-less keys in home directories on multi-user servers though.
It is an unfortunately common case that people copy/create private ssh keys on servers to login (or scp) from those to another remote host. These keys are of course compromised.
Back-of-a-napkin simulation, one train every other minute out of each penn and grand central, 5k per train (long trains with people standing), about 24h. So not terrible, but would require both lots of planning, lots of resources (especially enough rolling stock to get people to where is safe and then return empty in time to not have gaps in the schedule), and great execution.
You could probably augment this by using the subway to get people out a bit and then having more places to change, depending a bit on where the bottlenecks are in the rail system. Also depends on how far they need to evacuate, are [some of] the endpoints of metro north good enough?
Highways might help if few enough use them, but the problem there is that capacity goes down significantly once overloaded. But in terms of a mass evacuation, it'd probably be best if the roads were kept reasonably clear for buses and evacuations for the elderly and sick that can't stand upright for an hour or two.
Stop allowing password-based access. There is no way anyone is going to be able to guess a key by connecting and trying them.
There is no such requirement!
One of the many possibilities for choosing the local part of the network is using the MAC address of the network interface. There are several other choices available, like choosing one manually or generating a random one (you can in fact generate random ones rather frequently, see "privacy extensions").
Depending on your OS vendor, one of these will be the default behavior, but you don't have to do it that way if you don't like it.
If you are nitpicking, how about the fact that the team is not headed by Geim at all, but by Physics Professor Michael S. Fuhrer of the UMD Center for Nanophysics and Advanced Materials. The only mention of Geim is as one of the two recipients of the Nobel Prize in physics for their graphene work.
I agree, IRC is by far the best group communication tool for distributed teams.
I also use jabber for one distributed work project (the one where I've been spending most of my work time the last 3-4 years or so), but it is often troubled and seldom "just works" for all involved.
Voice, video, etc might be occasionally useful, but not the basis for working. Running most stuff that needs coordination through the group chat is not very distracting for others, yet gives them a chance to know what's going on in the team too. If it starts getting too much, there is always the option of private chats or a new channel to talk in.
IAAMMA[1]: Downloads go through a central bouncer that issues http-redirects to mirrors. The stats come from the bouncer.
1: I Am A Mozilla Mirror Admin :)
If you're using self-signed certificates then you need to be in close enough touch with your users to reassure them about the browser warnings. If you have too many users for that to be practical then you shouldn't be using self-signed certificates. Otherwise, you're acting like my bank, who cold call me and then wonder why I won't answer their security questions - they know they're genuine, but they can't get it into their heads that the customer doesn't know, and shouldn't assume, that.
Note how you are saying "you shouldn't be using self-signed certificates". What this means for most places is "you should not support https". How is this more secure?
They are safer, because there is a set of conditions that unverified ssl will protect against (fully passive sniffing), and there is no attack against an unverified ssl session that doesn't apply to a plaintext session.
The whole point is that a self-signed certificate is in no way less secure than plaintext, unless the UI does stupid things telling the user it is secure. But browsers treat it the other way around where plaintext is fine but a self-signed certificate is a huge warning. Same thing with expired certificates, etc.
Now a proper way of handling that would be ssh-style remembering of keys, but that won't happen anytime soon. And thus, the web will be plaintext http "forever", unless possibly you could bootstrap self-signed certificates via dnssec, which might also work. The current situation is clearly not going to improve much.
But you do need big buffers to be able to do fast single tcp transfers! You need at least rtt * bandwidth in buffer in any place that has a faster uplink than downlink, like distribution switches for instance. And that's several megabytes, per port, in the today's gigabit ethernet world. Otherwise you're going to get bad to horrible throughput for high latency transfers.
Now, big buffers also need a decent buffer management (just trivial RED is orders of magnitudes better than "lets just fill the buffer up and then drop everything"), but going to small buffers isn't helping.
This is one of the hardest thing to get in a distribution switch, decently sized buffers. Most switches have horribly small buffers, or no documentation at all on sizes. Usually you have to go up to the chassis based ones to get something not horribly small. And if you want intelligent queue management so you can have both throughput and low interactive latency, well, I've heard Juniper makes one of those. Unfortunately at quite a bit higher price point than the cheap procurve/netgear stuff.
But, Ariane 5 (ATV version) already can put 21000 kg into LEO, at what seems to be competitive cost (one number I saw was just $180 million launch cost, but I'm not sure if that's for the ATV version, anyone with proper numbers?).
So, I don't get the why of this, other than making it half American to be a little bit easier for NASA to swallow politically than sending money to other than directly to ESA. Otherwise, this seems like a big development undertaking just to end up with the same capability that already exists in the Ariane 5.
In a modern server the fan speed (and power use) varies with the in-temperature. Saving 20kW on AC by running the room warmer doesn't help much if your computers increase the load from 200kW to 240kW just due to increased fan speed.
I see no mention of this in either Intel's or MS's experiments, even though it is the big reason our machine room is speced at max 18C intake air. Of course, we spend roughly 5kW to cool 240kW, so I can't really bring myself to think this is a big potential for improvement.
But both Ubuntu and Debian have central security mirrors for security updates, which are added by default.
For this it doesn't matter (much) if a regular package mirror doesn't have the latest openssh, the security mirror will have one with the security fix in.
Now, there could possibly be some cases where security fixes gets published as regular updates where a replay attack could be successful. If the story would load off the apparently slashdoted web server, I could see if they had seen such issues, etc.
Perhaps you should try making everybody use mirrors?
Here's the list from the announcement:
Europe:
http://se.releases.ubuntu.com/7.04 (Sweden)
http://es.releases.ubuntu.com/7.04 (Spain)
http://nl.releases.ubuntu.com/7.04 (The Netherlands)
http://ftp.snt.utwente.nl/pub/linux/ubuntu/7.04 (The Netherlands)
http://ie.releases.ubuntu.com/7.04 (Ireland)
http://it.releases.ubuntu.com/7.04 (Italy)
http://pl.releases.ubuntu.com/7.04 (Poland)
http://de.releases.ubuntu.com/7.04 (Germany)
http://bg.releases.ubuntu.com/7.04 (Bulgaria)
Australia:
http://au.releases.ubuntu.com/7.04
Africa:
http://za.releases.ubuntu.com/7.04 (South Africa)
Rest of the world:
http://releases.ubuntu.com/7.04 (Great Britain)
Actually, a competent implementation of challenge-response tokens will make it rather hard to MITM you to get money out of your account. My (Swedish) bank not only require the token for logging in, but also to confirm new recipient account numbers and the total sum of transfers. This confirmation is based on the account number or the total, so I can verify it from the invoice (or other source). Of course, this requires me to check the "challenge" against the source information and not just trust the things written on the screen, but at least some of us take that care (and there are reminders on the page next to the numbers).
Now, they can steal my information and get logged in by careful spoofing, where they can make a mess out of things by transferring money between my own accounts, learning about my habits from history and probably get hold of my credit card number, but on the grand scheme of things it is probably easier to skim credit cards elsewhere. I don't really see how they'd manage to get money out of my account with this setup, even if they root the client or breaks the https, as long as the token is secure.
The thing is, in the final fantasy games I've played (including mentioned FFVII), you don't have to do all that stuff in order to finish the game. In fact, if you instead of following strategy guides pay attention to the game, you could have a good time but not find all those easter eggs.
When I played FFVII (back in 97, so my memory is a bit fuzzy, but I think it took me about 35 hours) I never even got the character Vincent, and this was not a problem to finishing the game. Sure, I might not have seen every single screen or heard every single scripted line of "conversation" or gotten every item in existance, but you don't have to. The final fantasy games are enjoyable without getting all the ultimate weapons, doing all the side quests, etc, etc.
I think it is rather a good sign of games to be so designed that there are elements to be found for those that enjoy racing and breeding chocobos, dodging lightning bolts, or whatever, but still be playable and enjoyable for those of us that don't want to do all that crap. I didn't read a strategy guide, I just played the game, making somewhat intelligent decisions of where to go based on the information given in the game and some exploring.
You know why he's spewing all that shit? The same reason as Bush, he gains domestic support for it. Just as Bush gets points for being "hard on terrorism", Ahmadinejad gets points for standing up against the west (or any other power that tells Iran what they "must do").
When it comes to the talk they both spew, Bush has to push hard on Iran to please his voters. And Ahmadinejad has to show that he won't back down when pushed, which in turn requires Bush to push even harder. One can only hope that there are other words exchanged, among others in power.
That said, I don't really know how this can be solved. Iran with nukes would be scary. But then, so is North Korea with nukes. And Pakistan & India with nukes. And Israel with nukes. We live in interesting times, lets just hope to live outside any major fallout. Well, beside hoping that the US remains the only nation to ever drop nukes on cities full of people
> Where do I get a 250-300 watt powersupply with 12 SATA power connectors?
You don't need to. All the current drives have molex power connectors too, right? If you are unsure, check the specs. Hitatchi's OEM data sheets are great in that regard, since they tell you everything.
Then get a bunch of molex Y-adaptors, they're really cheap. I haven't seen SATA power Ys yet, but hopefully that's just a matter of time.
Take a good look at the current requirements for the drives though. At 12 drives you're heading into the region where most PSUs won't supply enough current. The startup current for 12 current hitachi sata drives is 1.8*12=21.6A at 12V, and most PSUs are only rated at 12-18A.
Also, watch 5V too, the current draw at "max r/w"-load is 1.3A on both 5V and 12V (on those hitachi drives). Even beefy PSUs in the 600+W range most of the time only have 20-30A at 5V, even when they have 3x18A 12V. That's probably enough for 12 drives, but if you want to scale it up you can run into stability problems.
I know this, since I just put together a machine with 18 drives in it, and had lots of power trouble at first.
See, this isn't "my" selling point for a DSLR, rather that all compacts are horribly slow. Both in startup and autofocus/shutter lag. This and light-sensitivity are much more important to me than interchangable lenses, assuming the lens on the camera is good enough of course.
Now, this particular camera is a first generation of its kind and it does have some issues (most touched on in the article and the dpreview: awkward lcd placement, no closeups, crippled burst mode). But I could see myself buying this kind of camera in a few generations.
Having gotten used to the tilt-and-swivel lcd on my everyday compact, I find it very inconvenient to pick up a DSLR and having to use the viewfinder. Sure, for manual focus it makes some sense, but that is a special case I care much less about, compared to getting resonable shots from the hip or from an arms-length up above my head, or taking pictures from the ground without having to crawl on it to see where I'm aiming.
Yes, but Sun isn't actually going to be developing that line of processors anymore. The future for Sun's sparc-based computers are either the niagara design or the Fujitsu sparc64 design.
The sparc64 chips are faster than the ultrasparcs anyway, so someone just taking the now open sourced ultrasparc design and doing slight tweaks are not going to be able to compete with sun on performance, and they'd need huge volumes to compete on price/performance.
And every time someone comes up with the idea of electric cars, I usually see here the argument that there is no point, because "electricty is made by burning oil anyway"...
The fact that fossil fuels are being burnt to generate electricity should give you a hint that better ways to generate electricity is really needed.
Well, that or people getting happy about having a nuclear power plant in their back yard.
http://ftp.acc.umu.se/mirror/media/StarWreck-InTh
Feel free to hit that, we can handle the load.
By components I mean software, since hardware is basically just a bunch of servers (or desktops), with optionally faster than commodity network and some stuff like that. The optional parts depend on what kind of applications that you run.
The most important cluster components are a base operating system and a batch scheduler like torque or slurm. There are also communications libraries (MPI and friends) and optimised math routines (matrix calculations, FFTs, etc) for some application types.
Then we have the administrative side, where it isn't that specific to HPC clusters, but a general matter for anyone that is handling a large number of similar machines. You want to have an automatic installation method, not answer 25 questions on the console every time you need to reinstall or add a node. You want to have a convenient way of synchronising configuration and settings. You want a distributed shell to run one command on all/many/several nodes without lots of arrow up and command line editing.
This should be familiar to both cluster admins and admins of server farms or large deployments of desktops too. Automate repetitive tasks, choose tools that reduces the maintenance burden, etc.