I saw a ZFS benchmark comparing random read, write, read+write, and sequential read, write, and read+write of a 15k RPM RAID and 5400 RPM with 10x as much storage but just as many spindles for a fraction the price, and the 5400 RPM setup was faster once the 64GB of SSDs got warmed up.
HardenedBSD was forked with the explicit idea of testing new security ideas and seeing what works, then pushing the code upstream back to FreeBSD. *BSD is not like Linux distros where they rarely work together. A lot of security ideas require some major changes that would not be feasible as a simple branch.
If you can read the address space you can defeat ASLR
Ohh, you mean segfault when you read unallocated memory? Even if you could, are you planning to read all 8,589,934,592GiB of the address space? with O(n) scaling, assuming a crazy low 1 clock cycle per address, it would take you about 35 years to scan the entire 2^63 user virtual address space at 4ghz.
I am not saying ASLR is perfect, I'm just saying it's not nearly as simple as you make it out to be.
They have great documentation, especially compared to the competition, but there are some pieces that are lacking. There is a dedicated group that started in the past few years that is going over documenting the entirety of FreeBSD with people with great documentation skills and are also normalizing the formats to a new document format. Large undertaking.
Overhead is only about 5% with 1500mtu. Doubling your frame size won't do crap. SANs love larger frames so frames can be the same size as disk sectors, but they are special compared to normal internet data transfers.
Suburban densities are optimal. It costs most per customer to install fiber in a big city than a medium city. Tearing up concrete and drilling holes through large many story apartment buildings is much more labor intensive than drilling a hole into someone's basement.
Server farms can have hundreds of gigabits of bandwidth. Some server farms build near an IX where they can buy up 100Gb/s of dedicated bandwidth for $5k/month. Getting 1Gb/s to/from any metro area on Earth is not hard. You also seem to have some misconception that services need to send a sustained 1Gb/s. Most services only need to burst data. 1Gb/s for 1/100th of a second or so.
Same thing over here. People only think most servers can't handle it because their ISP's peering sucks. I get 1Gb/s from nearly all main servers, Eve Online paths, Windows Patches, Blizzard, YouTube, Netflix, Twitch, Steam. Even during the 8p-11p rush.
Of note - ALL current US ISPs offering RESIDENTIAL gigabit service do so on the oversell model, such that they CAN deliver UP TO 1Gbps to a customer
My Midwest USA ISP sells 1Gb/s residential, and they do not say "up to". Instead they guarantee that you will not get congestion on their network or to their transit provider. I have called in on 10ms ping increased and they have fixed the issues. They take congestion spuriously.
Taken from marketing
1 Gbps Symmetrical. It’s dedicated symmetrical fiber so speeds never go down or change.
Extremely large online backups
Web hosting
Webinar hosting
Cloud computing
Online gaming
Uninterrupted HD streaming (Netflix, YouTube, Hulu)
Taken from terms and conditions
No Unreasonable Discrimination
The Company does not unreasonably discriminate in its transmission of lawful traffic over the broadband Internet access services of its customers.
The Company does not block, impair, degrade or delay VoIP applications or services that compete with its voice services and those of its affiliates.
The Company does not block, impair, degrade, delay or otherwise inhibit access by its customers to lawful content, applications, services or non-harmful devices.
The Company does not impair free expression by actions such as slowing traffic from particular websites or blogs.
The Company does not use or demand “pay-for-priority” or similar arrangements that directly or indirectly favor some traffic over other traffic.
The Company does not prioritize its own content, application, services, or devices, or those of its affiliates.
The Company does not retain, store or provide customer traffic information, except as required by law under the Communications Assistance for Law Enforcement Act
I was reading some search about network congestion. They focused on speeds between 500Mb/s and 2.5Gb/s and all rates showed the exact same congestion characteristics.
They simulated 10s of thousands of flows with a typical peak hours distribution of the types of flows from realtime UDP to bulk TCP transfers.
1) Never more than 200 flows of packets in the buffer at any given time.
2) Never more than 30 flows had more than one packet in the buffer at any given time
Their conclusion was that keeping all flows completely isolated from each other, even if there are tens of thousands of flows in total, would only require tracking 200 flows at any given moment. A Fair Queue AQM like fq_CoDel can in theory scale to very high bandwidths. while fq_CoDel does up to Layer 4 isolation, trunk links could be changed to only do Layer 3 as to keep customers isolated from each other.
I don't see why a file download or upload should be done in seconds
Years sound fine to me. Why do we even need to communicate in the first place? The quicker the better, within reason. 1Gb/s is cheap, 10Gb is still expensive, but not for long. There's no reason we should have the fastest cheap networks.
You can configure F2B to do an action on a ban. A desirable action to is kill all existing firewall states for the offending IP address. This may take a brief moment, allowing more than 3 failed password attempts, but it will not take too long, reducing the window for failed attempts to only a few seconds at most after the 3rd failed attempts. More than likely it would be milliseconds.
The first step to security is making sure the instructions are coming from a trusted source. If you're not going to do any validation, then don't make your system publicly accessible. This isn't an issue of security being hard, its an issue of not even trying.
Re:GPL *perfectly* covers all needs. Flawed?!?
on
On Being Pro-GPL
·
· Score: 1
The point of GPL is not to keep GPL code GPL, but to make other code GPL as well. Like a virus, once tainted, you cannot go back. It does not give freedom, it takes freedom. It's like arguing the Robinhood was in the right. Not a perfect analogy because GPL doesn't really take anything, it just uses leverage to convince you to give up your freedoms.
591 chars, with up-to 3,891 bits of entropy. Estimate maximum size of the Universe, 10^113 cubic meters. Volume of a cubic Planck, 10^105 cubic meters. Cubic plancks in the Universe, 10^218. About 2^724. That many characters is enough address 2^3,167 Universes worth of cubic planck. Of course the Universe is mostly empty, but at would only be a few magnitude's difference, not enough to matter. On average, you would need to consume 2^3,166 Universes worth of energy to break that long of a password.
patient's come to you because you're the guy on at that time of day and they just walked it
Outside of the ER or a clinic, to see a doctor I need to setup an appointment, no walk-ins. Even then, I need to choose which doctor. I can't just schedule a time and get whichever doctor is around. Of course this is for consultation, check-ups, or a planned surgery. And I can't choose which anesthesiologist will be used during my surgery, but my consultation and surgery is performed by the same person.
You did say "most of the time", which clinics, ER, and non-surgeon doctors may set the average.
Slashdot Mirror
I saw a ZFS benchmark comparing random read, write, read+write, and sequential read, write, and read+write of a 15k RPM RAID and 5400 RPM with 10x as much storage but just as many spindles for a fraction the price, and the 5400 RPM setup was faster once the 64GB of SSDs got warmed up.
PC-BSD is just a thin wrapper of scripts, wizards, and some decent tools over FreeBSD. You can upgrade and downgrade to/from PC-BSD/FreeBSD.
Pollination is good
HardenedBSD was forked with the explicit idea of testing new security ideas and seeing what works, then pushing the code upstream back to FreeBSD. *BSD is not like Linux distros where they rarely work together. A lot of security ideas require some major changes that would not be feasible as a simple branch.
If you can read the address space you can defeat ASLR
Ohh, you mean segfault when you read unallocated memory? Even if you could, are you planning to read all 8,589,934,592GiB of the address space? with O(n) scaling, assuming a crazy low 1 clock cycle per address, it would take you about 35 years to scan the entire 2^63 user virtual address space at 4ghz.
I am not saying ASLR is perfect, I'm just saying it's not nearly as simple as you make it out to be.
OpenBSD has an entirely different kernel at this point. Their only major commonality is starting from the same OS a long time ago.
1993 - NetBSD forks 4.3BSD
1993 - FreeBSD forks 4.4BSD
1996 - OpenBSD forks NetBSD 1.0
As much as they still shared code, they have diverged over the past 20 years.
They have great documentation, especially compared to the competition, but there are some pieces that are lacking. There is a dedicated group that started in the past few years that is going over documenting the entirety of FreeBSD with people with great documentation skills and are also normalizing the formats to a new document format. Large undertaking.
The next step is to update documentation and submit updates to the patches they have already submitted upstream to FreeBSD
My cousin used ZFS+gluster for this multi-petabyte system.
ISPs tat can do transparent HTTPS proxying? Cool, they've broken HTTPS or hacked your computers.
Overhead is only about 5% with 1500mtu. Doubling your frame size won't do crap. SANs love larger frames so frames can be the same size as disk sectors, but they are special compared to normal internet data transfers.
Suburban densities are optimal. It costs most per customer to install fiber in a big city than a medium city. Tearing up concrete and drilling holes through large many story apartment buildings is much more labor intensive than drilling a hole into someone's basement.
Server farms can have hundreds of gigabits of bandwidth. Some server farms build near an IX where they can buy up 100Gb/s of dedicated bandwidth for $5k/month. Getting 1Gb/s to/from any metro area on Earth is not hard. You also seem to have some misconception that services need to send a sustained 1Gb/s. Most services only need to burst data. 1Gb/s for 1/100th of a second or so.
If I even set my system to use European YouTube servers, I still get full 1Gb speeds.
Same thing over here. People only think most servers can't handle it because their ISP's peering sucks. I get 1Gb/s from nearly all main servers, Eve Online paths, Windows Patches, Blizzard, YouTube, Netflix, Twitch, Steam. Even during the 8p-11p rush.
Within the $50-$150 price range?
Of note - ALL current US ISPs offering RESIDENTIAL gigabit service do so on the oversell model, such that they CAN deliver UP TO 1Gbps to a customer
My Midwest USA ISP sells 1Gb/s residential, and they do not say "up to". Instead they guarantee that you will not get congestion on their network or to their transit provider. I have called in on 10ms ping increased and they have fixed the issues. They take congestion spuriously.
Taken from marketing
1 Gbps Symmetrical. It’s dedicated symmetrical fiber so speeds never go down or change.
Extremely large online backups
Web hosting
Webinar hosting
Cloud computing
Online gaming
Uninterrupted HD streaming (Netflix, YouTube, Hulu)
Taken from terms and conditions
No Unreasonable Discrimination
The Company does not unreasonably discriminate in its transmission of lawful traffic over the broadband Internet access services of its customers.
The Company does not block, impair, degrade or delay VoIP applications or services that compete with its voice services and those of its affiliates.
The Company does not block, impair, degrade, delay or otherwise inhibit access by its customers to lawful content, applications, services or non-harmful devices.
The Company does not impair free expression by actions such as slowing traffic from particular websites or blogs.
The Company does not use or demand “pay-for-priority” or similar arrangements that directly or indirectly favor some traffic over other traffic.
The Company does not prioritize its own content, application, services, or devices, or those of its affiliates.
The Company does not retain, store or provide customer traffic information, except as required by law under the Communications Assistance for Law Enforcement Act
I was reading some search about network congestion. They focused on speeds between 500Mb/s and 2.5Gb/s and all rates showed the exact same congestion characteristics.
They simulated 10s of thousands of flows with a typical peak hours distribution of the types of flows from realtime UDP to bulk TCP transfers.
1) Never more than 200 flows of packets in the buffer at any given time. 2) Never more than 30 flows had more than one packet in the buffer at any given time
Their conclusion was that keeping all flows completely isolated from each other, even if there are tens of thousands of flows in total, would only require tracking 200 flows at any given moment. A Fair Queue AQM like fq_CoDel can in theory scale to very high bandwidths. while fq_CoDel does up to Layer 4 isolation, trunk links could be changed to only do Layer 3 as to keep customers isolated from each other.
I don't see why a file download or upload should be done in seconds
Years sound fine to me. Why do we even need to communicate in the first place? The quicker the better, within reason. 1Gb/s is cheap, 10Gb is still expensive, but not for long. There's no reason we should have the fastest cheap networks.
You can configure F2B to do an action on a ban. A desirable action to is kill all existing firewall states for the offending IP address. This may take a brief moment, allowing more than 3 failed password attempts, but it will not take too long, reducing the window for failed attempts to only a few seconds at most after the 3rd failed attempts. More than likely it would be milliseconds.
Sounds like you're saying if a first time mother never fed her child, it wasn't her fault, she was a first time mother.
The first step to security is making sure the instructions are coming from a trusted source. If you're not going to do any validation, then don't make your system publicly accessible. This isn't an issue of security being hard, its an issue of not even trying.
The point of GPL is not to keep GPL code GPL, but to make other code GPL as well. Like a virus, once tainted, you cannot go back. It does not give freedom, it takes freedom. It's like arguing the Robinhood was in the right. Not a perfect analogy because GPL doesn't really take anything, it just uses leverage to convince you to give up your freedoms.
591 chars, with up-to 3,891 bits of entropy. Estimate maximum size of the Universe, 10^113 cubic meters. Volume of a cubic Planck, 10^105 cubic meters. Cubic plancks in the Universe, 10^218. About 2^724. That many characters is enough address 2^3,167 Universes worth of cubic planck. Of course the Universe is mostly empty, but at would only be a few magnitude's difference, not enough to matter. On average, you would need to consume 2^3,166 Universes worth of energy to break that long of a password.
A bit overkill.
patient's come to you because you're the guy on at that time of day and they just walked it
Outside of the ER or a clinic, to see a doctor I need to setup an appointment, no walk-ins. Even then, I need to choose which doctor. I can't just schedule a time and get whichever doctor is around. Of course this is for consultation, check-ups, or a planned surgery. And I can't choose which anesthesiologist will be used during my surgery, but my consultation and surgery is performed by the same person.
You did say "most of the time", which clinics, ER, and non-surgeon doctors may set the average.
They must be parsed by humans, not computers looking at which dot you filled in.