OK, I work in a similar environment - a little looser than yours ( we do trade paper processing for banks).
However, what was done in the article, is just a homegrown implementation of what NetApp is doing. You use the IDE Raid for nearline storage. Remember, doing backups takes time and bandwidth, databases slow their response when exporting, etc.
So, instead, take your snapshot of data at disk copy speeds, then use the IDE as a staging to tape. And it is a nearline storage for fast restores of you last snapshot.
All of this, is just a revisiting of the old concept of HSM.
Then maybe you need to explore another ISP. I was looking and saw the comments about using the ISP's timesource. Afterall, an ISP that is that tight on security, must be using an IDS, and therefore have all the internal servers sync'd so that you can follow the trails correctly.
What?!? An ISP who doesn't know about IDS, or using authenticated NTP to sync everything? Expecially their own routers to prevent sync problems?? Maybe they don't know what they are doing, and you do need to move to a more competent provider.
The Wicked Panda.sig? what sig? we don't need no bloody.sig!
Simple floppy based firewall, with GUI for those who want it. Easily configured, and rated highly by several publications. Logs via syslog to another system. Can do email and dns proxying if you need it. Doesn't do CDROM, but you can do flash memory.
Basically, a BSD derived firewall that was split from the tree a few years ago. They have an active development effort, and sell commercial products just for your situation. Commercial versions of Gnatbox are not cheap, but there is a good installed base, and a good mailing list that will help with stuff.
For the last couple of years I have worked in just such an environment. Our biggest push the last year has been standardization of the documentation - what is in there, how it is organized, common issues each system has (does one webserver have a rogue java that requires periodic restarts, etc.), and everything in a central SECURE location that all the admins can get to at need.
Prior to that, the system setups had to be standardized. The applications in thier own directories, running as non-root user (ie. under an/apps filesystem). Content in a standard place (ie./apps/content) and so on. Startup scripts, and all those other fun stuff standardized. Infrastructure, DNS and bastion hosts, all that fun stuff needs to be built.
So, first - a standardized (yes, there will be minor differences between systems) image for administration, second - documentation. For documentation, any admin should be able to pick up the documentation, and with as little effort as possible, do what is needed.
And last, the issue of rotation - Yes. On a bi-annual basis, move people's assignments. Secondary becomes primary, primary becomes secondary on another project, etc. With in a year or two, everybody should have had experience on multiple systems, and the one person knowing everything syndrome should be gone.
Here are two factors that need to be taken to account.
Screens!
From Hollywood.com: 3,161 theaters for SW2 and 3,615 theaters for Spidy.
Teens!
I went and finally saw both movies yesterday. The digital showing of SW2 was awesome, and sold out all day long. Spiderman was full, but not sold out.
The demographics were completely different. There was a huge number of teenage and younger girls in the Spiderman showing. Way beyond what you would expect for a comic that is normally a male audience. I would estimate half of the people seeing it were mothers and groups of 10-15yr old girls. It was weird being in the same theater.
SW was mostly older people, with a good mix of the sexes. Lots of dates.
My experience has been mixed. IDE drives, I had had older 20Gb drive that died early. I was staying away from IBM IDE drives, even before the GXP fiasco.
Now SCSI are another matter. IBM has never shipped me a dud SCSI drive. I use them at home exclusively, and the OEM version shipped by Sun is in a number of Sun systems and RAID units at work.
I work at a major ISP and hosting firm (the grand daddy of them), and when I started a couple of years ago, I had to learn all about Kerberos, since that is what they used for all their authentications.
Good points
Single password gives a key token allowing you onto servers that are in that realm (say, all of your web farm). It is a time limited ticket, so you don't have problems with people leaving windows open all the time. All traffic is encrypted, and there is a single point for password management.
Bad points
Single network location for athentication - if you can't reach the master KDC, or the backup, then you can't go anywhere. If your farm and network are global, this can be a bitch. You have a token stored on your system.
Why is the last bad? Well, we have a case where a developer was managing his own workstation, and not doing it securely. Someone cracked his box. The cracker could not get a ticket himself from the KDC, but whenever the developer got a ticket, the cracker could piggyback off of the valid ticket. He got access to a whole farm of BSD machines via the developer's valid Kerberos ticket.
We are currently looking at OpenSSH connecting to servers, who then have Kerberos'ized PAM, that then authenticate the user. A little bit better than klogin. In some areas we are strictly using key based SSH access, with keys disted at need.
Civ III has 6 unique characteristics for each Civilization - Expansionist, Militaristic, Commercial, Scientific, Religious, Industrial
Each of these attributes gives a starting bonus, and each civ starts with 2 of these. The starting 16 civs are on a chart on the civ3 website (http://www.civ3.com/devupdate_civspecific.cfm). Now my math says that with 6 characteristics, there should be possible 15 unique combos (and there are on the chart).
So, you can make more civs somehow (haven't figured out how, but there is supposed to be some type of editor), but they will just be cosmetic changes.
An interesting model of a micropayment web was posed by Marc Stiegler (sp?) in a book called Earthweb.
Now, a couple of things for this model are necessary, and he points them out at the end of the book (like universal secure encryption). Apparently he is a teacher or professor somewhere and teaches a class about the web.
Main points - Micropayments are universal
What that means - 1)You can charge people for recieving their mail - Spammers must pay you to send you mail - also, you can not like someone, and raise the acceptance rate from that person, so if they want to flame you it costs them bunches. 2)People charge for their content - the better content gets paid for. When doing searches for info, people can see the abstract and decide whether to pay or not. 3)Reporters (not the Drudge kind) create articles online, and people pay for their content.
Note: we may begin to see the last happen as fall out from the recent Supreme Court ruling on freelance copyright.
The book itself is only OK, but the concept and technology is interesting. Make your own judgements.
Obviously you haven't talked to Sun's engineers about webservers. An E450 will run rings around E3500/4500 with 8 procs. Why?? because the Sun's firmware/chipset is tuned just right for the E450.
Now, how many hits do you think a site like SciFi.com gets? Do you know what kind of hardware it is running on?? I do.
OK, a floppy only firewall is a Gantbox. (http://www.gnatbox.com)
This is a floppy only firewall. Very feature rich for how small it is. No, it doesn't do dynamic DNS, or provide a DHCP server, but:
it in on a single floppy (no hard drive, so you can reduce the moving parts)
you can get a limited (5 users) version for free
It runs on as little as a 486 with 8Mb of RAM
There is an active mailing list, which the company techs are on, and you can get useful support on the list.
Supports a third NIC for a DMZ to put public servers on.
Enough shilling, check out the page. I use it on a system for my gateway on RoadRunner. I am using an old pentium, and have got 1.12Mbit throughput, and have never seen more than 5% utilization.
Then GO THERE! A physical inspection of the facility is always useful. Inspect where your stuff would go and how secure it is. I don't want to think about how many outages we have had from a NOC monkey messing with wires at the patch panel.
Monitoring is always useful, and also check to see what kind of access you will have (better be 24x7).
People have already stated about power and cooling, but having been on the wrong end of this before - make sure they are redundant!!!! One generator dying and taking down a datacenter is unexcusable.
One thing I didn't see mentioned, is when are the maintenance windows for the infrastructure that you are sitting on. If they have to do a router firmware upgrade - they better do it in the middle of the night.
I read the Washington Post almost daily (get home delivery). But reading the paper takes time, and sometime the stories that are interesting are buried inside sections. Too many people today don't want to put the effort in to make time to read the paper. The TV is sound bites; trite, but easy to absorb (sit on the couch and veg while watching - or even run on a treadmill and watch.)
It might be interesting to read a study of demographics of the readership - education/wealth/occupation
Personally, I think education is a big factor - so maybe the papers have to have the initiative to help the schools in their area and grow a new generation of readers, or die.
Many papers (including the Post) have the problem of slanting coverage to match regional views, which isn't right, and puts some readers off. I get pissed at the slant the Post puts on some stuff. But the average person reads a paper and takes it at face value. Shoot, just reading the papers from Washington and Richmond, Va (~100 miles difference) give a whole different impression of what is going on.
-- The Wicked Panda :Of course these opinions are strictly mine, with no scientific basis (I would get paid for them if there were)
Dead? Maybe for the scripts kiddies
on
Is Usenet Dying?
·
· Score: 1
The problem with declaring it dead, is that the controllers are still using it. Just go to comp.dec.sys, or comp.unix.sun.admin and see useful posts, or ask questions of people who have answers.
A number of Universities use their news server to post class info. There are groups of individuals who do use the usenet for discussion like it was originally (see some of the groups in alt.books.`insert author here`)
I laugh at articles like this normally, but it gets me because newspapers are still read by people, and reporters are getting sensationalist to try and sell papers in an increasingly digital/TV world.
Uhh, maybe I didn't read the same exam you did. I didn't see anywhere where he was asking what _LAWS_ you would pass, nor did I see anything about political parties. Itsure seemed to me that the intent was, how would you solve the problems with the available technology.
I think too many people (yourself included) saw question #11 and assumed that was a hit on the political system of NK, not a question of what the person would do. Talk about a knee jerk response.
Slashdot Mirror
Maybe you can move numbers around.
However, for most of us who don't change our phones with the changing of the seasons, it just means it costs us more!
I thought the major problem was Lara wearing too many clothes. Man, talk about missing the target audience...
Tektite makes a whole line of LED flashlights and such. You might find something there.
OK, I work in a similar environment - a little looser than yours ( we do trade paper processing for banks).
However, what was done in the article, is just a homegrown implementation of what NetApp is doing. You use the IDE Raid for nearline storage. Remember, doing backups takes time and bandwidth, databases slow their response when exporting, etc.
So, instead, take your snapshot of data at disk copy speeds, then use the IDE as a staging to tape. And it is a nearline storage for fast restores of you last snapshot.
All of this, is just a revisiting of the old concept of HSM.
Then maybe you need to explore another ISP. I was looking and saw the comments about using the ISP's timesource. Afterall, an ISP that is that tight on security, must be using an IDS, and therefore have all the internal servers sync'd so that you can follow the trails correctly.
.sig? what sig? we don't need no bloody .sig!
What?!? An ISP who doesn't know about IDS, or using authenticated NTP to sync everything? Expecially their own routers to prevent sync problems?? Maybe they don't know what they are doing, and you do need to move to a more competent provider.
The Wicked Panda
http://www.gta.com
Simple floppy based firewall, with GUI for those who want it. Easily configured, and rated highly by several publications. Logs via syslog to another system. Can do email and dns proxying if you need it. Doesn't do CDROM, but you can do flash memory.
Basically, a BSD derived firewall that was split from the tree a few years ago. They have an active development effort, and sell commercial products just for your situation. Commercial versions of Gnatbox are not cheap, but there is a good installed base, and a good mailing list that will help with stuff.
For the last couple of years I have worked in just such an environment. Our biggest push the last year has been standardization of the documentation - what is in there, how it is organized, common issues each system has (does one webserver have a rogue java that requires periodic restarts, etc.), and everything in a central SECURE location that all the admins can get to at need.
/apps filesystem). Content in a standard place (ie. /apps/content) and so on. Startup scripts, and all those other fun stuff standardized. Infrastructure, DNS and bastion hosts, all that fun stuff needs to be built.
Prior to that, the system setups had to be standardized. The applications in thier own directories, running as non-root user (ie. under an
So, first - a standardized (yes, there will be minor differences between systems) image for administration, second - documentation. For documentation, any admin should be able to pick up the documentation, and with as little effort as possible, do what is needed.
And last, the issue of rotation - Yes. On a bi-annual basis, move people's assignments. Secondary becomes primary, primary becomes secondary on another project, etc. With in a year or two, everybody should have had experience on multiple systems, and the one person knowing everything syndrome should be gone.
Here are two factors that need to be taken to account.
Screens!
From Hollywood.com:
3,161 theaters for SW2 and 3,615 theaters for Spidy.
Teens!
I went and finally saw both movies yesterday. The digital showing of SW2 was awesome, and sold out all day long. Spiderman was full, but not sold out.
The demographics were completely different. There was a huge number of teenage and younger girls in the Spiderman showing. Way beyond what you would expect for a comic that is normally a male audience. I would estimate half of the people seeing it were mothers and groups of 10-15yr old girls. It was weird being in the same theater.
SW was mostly older people, with a good mix of the sexes. Lots of dates.
There - make of it what you will.
Now SCSI are another matter. IBM has never shipped me a dud SCSI drive. I use them at home exclusively, and the OEM version shipped by Sun is in a number of Sun systems and RAID units at work.
Just my 2 bytes.
Good points
Single password gives a key token allowing you onto servers that are in that realm (say, all of your web farm). It is a time limited ticket, so you don't have problems with people leaving windows open all the time. All traffic is encrypted, and there is a single point for password management.
Bad points
Single network location for athentication - if you can't reach the master KDC, or the backup, then you can't go anywhere. If your farm and network are global, this can be a bitch. You have a token stored on your system.
Why is the last bad? Well, we have a case where a developer was managing his own workstation, and not doing it securely. Someone cracked his box. The cracker could not get a ticket himself from the KDC, but whenever the developer got a ticket, the cracker could piggyback off of the valid ticket. He got access to a whole farm of BSD machines via the developer's valid Kerberos ticket. We are currently looking at OpenSSH connecting to servers, who then have Kerberos'ized PAM, that then authenticate the user. A little bit better than klogin. In some areas we are strictly using key based SSH access, with keys disted at need.
Just my 2 bits to the discussion.
Civ III has 6 unique characteristics for each Civilization - Expansionist, Militaristic, Commercial, Scientific, Religious, Industrial
Each of these attributes gives a starting bonus, and each civ starts with 2 of these. The starting 16 civs are on a chart on the civ3 website (http://www.civ3.com/devupdate_civspecific.cfm). Now my math says that with 6 characteristics, there should be possible 15 unique combos (and there are on the chart).
So, you can make more civs somehow (haven't figured out how, but there is supposed to be some type of editor), but they will just be cosmetic changes.
An interesting model of a micropayment web was posed by Marc Stiegler (sp?) in a book called Earthweb.
Now, a couple of things for this model are necessary, and he points them out at the end of the book (like universal secure encryption). Apparently he is a teacher or professor somewhere and teaches a class about the web.
Main points - Micropayments are universal
What that means -
1)You can charge people for recieving their mail - Spammers must pay you to send you mail - also, you can not like someone, and raise the acceptance rate from that person, so if they want to flame you it costs them bunches.
2)People charge for their content - the better content gets paid for. When doing searches for info, people can see the abstract and decide whether to pay or not.
3)Reporters (not the Drudge kind) create articles online, and people pay for their content.
Note: we may begin to see the last happen as fall out from the recent Supreme Court ruling on freelance copyright.
The book itself is only OK, but the concept and technology is interesting.
Make your own judgements.
Obviously you haven't talked to Sun's engineers about webservers. An E450 will run rings around E3500/4500 with 8 procs. Why?? because the Sun's firmware/chipset is tuned just right for the E450.
Now, how many hits do you think a site like SciFi.com gets? Do you know what kind of hardware it is running on?? I do.
OK, a floppy only firewall is a Gantbox. (http://www.gnatbox.com)
This is a floppy only firewall. Very feature rich for how small it is. No, it doesn't do dynamic DNS, or provide a DHCP server, but:
it in on a single floppy (no hard drive, so you can reduce the moving parts)
you can get a limited (5 users) version for free
It runs on as little as a 486 with 8Mb of RAM
There is an active mailing list, which the company techs are on, and you can get useful support on the list.
Supports a third NIC for a DMZ to put public servers on.
Enough shilling, check out the page. I use it on a system for my gateway on RoadRunner. I am using an old pentium, and have got 1.12Mbit throughput, and have never seen more than 5% utilization.
Then GO THERE! A physical inspection of the facility is always useful. Inspect where your stuff would go and how secure it is. I don't want to think about how many outages we have had from a NOC monkey messing with wires at the patch panel.
Monitoring is always useful, and also check to see what kind of access you will have (better be 24x7).
People have already stated about power and cooling, but having been on the wrong end of this before - make sure they are redundant!!!! One generator dying and taking down a datacenter is unexcusable.
One thing I didn't see mentioned, is when are the maintenance windows for the infrastructure that you are sitting on. If they have to do a router firmware upgrade - they better do it in the middle of the night.
OK, thats my $.02
I just got invited to join the stress test, and they are going gold. Good timing there.
I read the Washington Post almost daily (get home delivery). But reading the paper takes time, and sometime the stories that are interesting are buried inside sections. Too many people today don't want to put the effort in to make time to read the paper. The TV is sound bites; trite, but easy to absorb (sit on the couch and veg while watching - or even run on a treadmill and watch.)
It might be interesting to read a study of demographics of the readership - education/wealth/occupation
Personally, I think education is a big factor - so maybe the papers have to have the initiative to help the schools in their area and grow a new generation of readers, or die.
Many papers (including the Post) have the problem of slanting coverage to match regional views, which isn't right, and puts some readers off. I get pissed at the slant the Post puts on some stuff. But the average person reads a paper and takes it at face value. Shoot, just reading the papers from Washington and Richmond, Va (~100 miles difference) give a whole different impression of what is going on.
--
The Wicked Panda
:Of course these opinions are strictly mine, with no scientific basis (I would get paid for them if there were)
The problem with declaring it dead, is that the controllers are still using it. Just go to comp.dec.sys, or comp.unix.sun.admin and see useful posts, or ask questions of people who have answers.
A number of Universities use their news server to post class info. There are groups of individuals who do use the usenet for discussion like it was originally (see some of the groups in alt.books.`insert author here`)
I laugh at articles like this normally, but it gets me because newspapers are still read by people, and reporters are getting sensationalist to try and sell papers in an increasingly digital/TV world.
Uhh, maybe I didn't read the same exam you did. I didn't see anywhere where he was asking what _LAWS_ you would pass, nor did I see anything about political parties. Itsure seemed to me that the intent was, how would you solve the problems with the available technology.
I think too many people (yourself included) saw question #11 and assumed that was a hit on the political system of NK, not a question of what the person would do. Talk about a knee jerk response.