He already uses the notion of trusted and untrusted networks, yet he makes no effort at all to prevent 1) spoofing 2) non-IP protocols 3) access from the untrusted network to his trusted network.
If you plan to take on others, make sure your own stuff is secure.
Why would he have to do that when not using VLANs? The parent said that corruption was occuring at normal full-sized packets in addition to 1496 bytes VLAN packets.
Another thing: It really helps if you have each disk on a dedicated channel. Never use 2 disks as master/slave on one IDE channel. I'd rather buy additional controller cards, even if it's just standard PCI.
The 'problem' with 4 disks is that you have (effectively) 3 data disks. Since most times you're doing a 'power-of-two' write (e.g. 16K or 32K), it's impossible to divide that power-of-two data by 3 and have a nice full-stripe write. That leaves you with doing partial writes all the time, and those are the ones that kill RAID 5 write performance.
In my case (NetBSD FFS) most writes are indeed 64K since I'm using a filesystem with a 64K block size. A whole stripe on my RAID is 64K as well (with 4 "data" components+1 parity component and 16K stripe size each), so a 64K write from the OS translates perfectly to 5*16K writes to the disk. This gives me over 107MB/s read speed and 71MB/s write speed from/to the raw device.
During testing I made a fatal error where, although the filesystem blocksize and stripe size matched, I had mistakenly offset the partition on the RAID by a number of blocks that was not a whole stripe. What then happened was that each 64K write didn't translate to 5*16K writes, but instead to 2* 4*16K reads (since each stripe is 64K and the 64K write from the OS overlapped 2 stripes partially), then parity recalculation of 128K data and then 2* 5*16K writes. This dropped the write speed to the mentioned 8MB/s.
I think the problem is equally bad if you try to write 2^n bytes of data to a prime number of data disks (3 or 5).
If you do it right, RAID5 write speed doesn't suck, not even with software RAID.
Why is everyone always using 4 drives or 8 drives with RAID5? Considering most writes consist of 2^n bytes, you always need 2^n+1 drives in order to not waste any speed, i.e. 3, 5 or 9 drives.
I am using a software RAID5 and the difference between optimal and non-optimal is 71MB/s vs. 8MB/s writes! Hardware controllers could overcome some of this with their buffer memory, but I still think you should be using the optimal number of drives there.
How the hell could this be modded insightful? The whole point of changing passwords is so that the compromise of one password doesn't lead to unlimited access or the compromise of future passwords.
If a password is so secure that it can't be guessed, then why change it? If it's so weak that it gets guessed monthly, changing just one digit doesn't do shit.
And if the system gets compromised, you reinstall and choose a totally different password.
Seriously, this must be the most stupid advice I've seen and it's currently +2, Insightful. Scary.
The newest Bittorrent clients can encrypt their traffic to make it look random. Together with a random port there should be no way to detect and thus affect the traffic.
Azureus can do it since 2.4.0.0 I think and uTorrent since 1.5.
like the guy that makes free software to control model trains. His proprietary competitor apparently lurked on his mailing list awhile, then ran off to patent a bunch of stuff discussed there, then sent a cease-and-desist order.
How can this possibly work? If that's not prior art, then what is?
...those who speak up against this incredibly stupid idea are just latent child porn users. Voila, more people you can potentially detain if you see fit.
You could also do it all yourself. Get this, a MiniPCI card, an antenna and a Compact-Flash card and off you go. It's basically a standard PC with CF as IDE and a custom BIOS redirected to console.
It's fanless and thus zero-noise and uses 7W. I love it.
Meanwhile Linux distros foolishly enable ipv6 by default, my hardware can't understand it, and I have to go through and disable all of it so I don't have to wait for applications to fall back to v4.
Pure FUD. IPv6 capability is not hardware-related at all.
If you don't have IPv6 connectivity, then don't set a default route. Applications using IPv6 first (as they should) will instantly fall back.
If the Linux distributions you tried indeed suck in that way, they are broken. Maybe try a BSD whose IPv6 stacks are mature, enabled by default and whose base applications all understand IPv6 out-of-the-box. No need to enable or fiddle with anything. If you have IPv6 connectivity, enable your tunnel or native PPPoE connection, set a default route and off you go.
If Slashdot bothered to get IPv6 connectivity, then yes.
I could do that for www.sixxs.net, www.kame.net and every host that already has IPv6 connectivity. So "we" are not getting anywhere with IPv6 because it doesn't work because the big sites don't bother because IPv6 isn't anywhere yet. Nice way to get nothing done ever.
If I send my buddies e-mail, most of the time everything is IPv6 only, including DNS lookups, although DNS transport over IPv6 isn't really common yet.
Some people are indeed sitting on IPv6 and wondering when the rest will follow.
For starters, routers need to be manually configured. Also, how would you give a server multiple addresses? Personally, I also don't like leaking my MAC addresses around to everyone, although there probably is no reasonable explanation for that.
But this is not how it works AFAICS. Since you can arbitrarily set IPv6 addresses on an interface, I don't think such a mechanism would even make sense. You can't rely on a format of the last bits of an address.
I'm not using autoconfig locally so I can't check with tcpdump. But right now I am definitely seeing ICMPv6 solicitation and advertisement messages flying around.
I was talking about communication on the network where you already have an address and want to know which MAC address another host on the same segment has. There is no ARP for that anymore.
This is not Windows, but NetBSD had IPv6 since 1999 and still has the most complete IPv6 stack. The included packet filter(s) handle IPv6 just as well as IPv4 and have done so for at least some years now.
And besides, I wouldn't connect Windows directly to the network in any case. It likes to trip over and salivate like a small child. Better use a real system to protect it.
Of course this is all theoretical because large chunks of the address space are "wasted" - no, scratch that, read "used" - to prevent fragmentation, i.e. end users always get a/48 network. The smallest subnet is/64 etc.
With IPv4 there are users who could have a/29 net or a/24. Two/29 users could be adjacent and have their first 3 octets of the address match. This complicates routing, because this simple example already doubles the routing table at the upstream router.
With IPv6 you take the first 48 bits and those always point to a unique end user. Any smaller subnet is going to be handled by this user's router, so routing tables just became a lot smaller, even if the addresses are four times as large.
This "anti-fragmentation" of course consumes chunks of address space without using every one of those addresses. Of course users could do with, for example,/104 networks in IPv6 and still have plenty of addresses. But it's specifically not done for the above reasons.
I don't see why every single device needs to be directly connected to the 'net.
Not seeing a need should not prevent us from providing the ability anyways. Noone says you have to connect everything directly.
I like NAT, I like maintaining just one firewall
One is totally unrelated to the other. Now you have NAT+packet filter, because NAT in itself is doing nothing for security. With IPv6 you only have the packet filter. So which is better? The simpler solution which provides the ability to directly connect multiple computers without paying hefty sums for address space or the more complex solution which provides no such thing?
Slashdot Mirror
If a variable is named *DIR, I'd expect it to contain an absolute or relative _complete_ path, so why the mix with
The variable is called $USER. And who's to say my home is in
If I'm building unprivileged, why su to install? I can surely write in my own home, so I can install as myself.
He already uses the notion of trusted and untrusted networks, yet he makes no effort at all to prevent 1) spoofing 2) non-IP protocols 3) access from the untrusted network to his trusted network.
If you plan to take on others, make sure your own stuff is secure.
Why would he have to do that when not using VLANs? The parent said that corruption was occuring at normal full-sized packets in addition to 1496 bytes VLAN packets.
5a. Even then don't click it.
Another thing: It really helps if you have each disk on a dedicated channel. Never use 2 disks as master/slave on one IDE channel. I'd rather buy additional controller cards, even if it's just standard PCI.
In my case (NetBSD FFS) most writes are indeed 64K since I'm using a filesystem with a 64K block size. A whole stripe on my RAID is 64K as well (with 4 "data" components+1 parity component and 16K stripe size each), so a 64K write from the OS translates perfectly to 5*16K writes to the disk. This gives me over 107MB/s read speed and 71MB/s write speed from/to the raw device.
During testing I made a fatal error where, although the filesystem blocksize and stripe size matched, I had mistakenly offset the partition on the RAID by a number of blocks that was not a whole stripe. What then happened was that each 64K write didn't translate to 5*16K writes, but instead to 2* 4*16K reads (since each stripe is 64K and the 64K write from the OS overlapped 2 stripes partially), then parity recalculation of 128K data and then 2* 5*16K writes. This dropped the write speed to the mentioned 8MB/s.
I think the problem is equally bad if you try to write 2^n bytes of data to a prime number of data disks (3 or 5).
If you do it right, RAID5 write speed doesn't suck, not even with software RAID.
Why is everyone always using 4 drives or 8 drives with RAID5? Considering most writes consist of 2^n bytes, you always need 2^n+1 drives in order to not waste any speed, i.e. 3, 5 or 9 drives.
I am using a software RAID5 and the difference between optimal and non-optimal is 71MB/s vs. 8MB/s writes! Hardware controllers could overcome some of this with their buffer memory, but I still think you should be using the optimal number of drives there.
How the hell could this be modded insightful? The whole point of changing passwords is so that the compromise of one password doesn't lead to unlimited access or the compromise of future passwords.
If a password is so secure that it can't be guessed, then why change it? If it's so weak that it gets guessed monthly, changing just one digit doesn't do shit.
And if the system gets compromised, you reinstall and choose a totally different password.
Seriously, this must be the most stupid advice I've seen and it's currently +2, Insightful. Scary.
"Copy over the disk image again"? Don't VMware's server products support snapshots and incremental disk writes which you could simply discard?
The conversation has been made public here.
Correction to that regex:
s#$#/#
The newest Bittorrent clients can encrypt their traffic to make it look random. Together with a random port there should be no way to detect and thus affect the traffic.
Azureus can do it since 2.4.0.0 I think and uTorrent since 1.5.
...those who speak up against this incredibly stupid idea are just latent child porn users. Voila, more people you can potentially detain if you see fit.
You could also do it all yourself. Get this, a MiniPCI card, an antenna and a Compact-Flash card and off you go. It's basically a standard PC with CF as IDE and a custom BIOS redirected to console.
It's fanless and thus zero-noise and uses 7W. I love it.
If you don't have IPv6 connectivity, then don't set a default route. Applications using IPv6 first (as they should) will instantly fall back.
If the Linux distributions you tried indeed suck in that way, they are broken. Maybe try a BSD whose IPv6 stacks are mature, enabled by default and whose base applications all understand IPv6 out-of-the-box. No need to enable or fiddle with anything. If you have IPv6 connectivity, enable your tunnel or native PPPoE connection, set a default route and off you go.
I could do that for www.sixxs.net, www.kame.net and every host that already has IPv6 connectivity. So "we" are not getting anywhere with IPv6 because it doesn't work because the big sites don't bother because IPv6 isn't anywhere yet. Nice way to get nothing done ever.
If I send my buddies e-mail, most of the time everything is IPv6 only, including DNS lookups, although DNS transport over IPv6 isn't really common yet.
Some people are indeed sitting on IPv6 and wondering when the rest will follow.
YMMD.
For starters, routers need to be manually configured. Also, how would you give a server multiple addresses? Personally, I also don't like leaking my MAC addresses around to everyone, although there probably is no reasonable explanation for that.
But this is not how it works AFAICS. Since you can arbitrarily set IPv6 addresses on an interface, I don't think such a mechanism would even make sense. You can't rely on a format of the last bits of an address.
I'm not using autoconfig locally so I can't check with tcpdump. But right now I am definitely seeing ICMPv6 solicitation and advertisement messages flying around.
Yes, but this is acquiring an address.
I was talking about communication on the network where you already have an address and want to know which MAC address another host on the same segment has. There is no ARP for that anymore.
This is not Windows, but NetBSD had IPv6 since 1999 and still has the most complete IPv6 stack. The included packet filter(s) handle IPv6 just as well as IPv4 and have done so for at least some years now.
And besides, I wouldn't connect Windows directly to the network in any case. It likes to trip over and salivate like a small child. Better use a real system to protect it.
Of course this is all theoretical because large chunks of the address space are "wasted" - no, scratch that, read "used" - to prevent fragmentation, i.e. end users always get a /48 network. The smallest subnet is /64 etc.
/29 net or a /24. Two /29 users could be adjacent and have their first 3 octets of the address match. This complicates routing, because this simple example already doubles the routing table at the upstream router.
/104 networks in IPv6 and still have plenty of addresses. But it's specifically not done for the above reasons.
With IPv4 there are users who could have a
With IPv6 you take the first 48 bits and those always point to a unique end user. Any smaller subnet is going to be handled by this user's router, so routing tables just became a lot smaller, even if the addresses are four times as large.
This "anti-fragmentation" of course consumes chunks of address space without using every one of those addresses. Of course users could do with, for example,
One is totally unrelated to the other. Now you have NAT+packet filter, because NAT in itself is doing nothing for security. With IPv6 you only have the packet filter. So which is better? The simpler solution which provides the ability to directly connect multiple computers without paying hefty sums for address space or the more complex solution which provides no such thing?