So true, and it looks like they didn't manage to do it in software. They claim to improve both durability AND performance; http://storage-news.com/2010/06/16/yet-another-ssd-breakthrough/ has a comparison of the quoted performance numbers for this drive, and they appear to be lower than quoted numbers for a competitor's MLC-based SSD.
That's why we have bloggers, right? Journalists are paid to copy-paste from press released, while bloggers derive their satisfaction from actually reading between the lines / further than the press release (that is, of course, generally speaking; there is at least some good investigative journalism left).
I just had a great example of this in my mailbox. A press release from a storage company announcing a new trade-in program; it's amazing how many websites just copy-pasted the cheerful announcement without mentioning they are facing a delisting from the NASDAQ or any other useful background info. Examples like this keep popping up, it makes you wonder about Murdoch's plans to charge for that "premium" content...
But given the every-increasing size of drives, moving to RAID-10 might be a good alternative; you'll need more disks to reach a certain desired array size, but rebuild times will be far lower because you don't need to do parity calculations. With RAID-1 and RAID-10, a 2TB drive can be completely rebuilt is less than 8 hours, depending on how busy it is; and you don't suffer the extreme performance penalty you get when using a RAID-5 array in degraded mode.
I can't seem to find anything on their website and/or in their data sheets that confirms the claim in the summary about "unlimited writes for 5 years"; just a 2 million hour MTBF. Can anyone point me to a statement from Pliant that confirms this?
Actually, they sued both the current "owners" of TPB *AND* the company that is planning to buy TPB (Global Gaming Factory). GGF did send lawyers to the court hearing, but they lost anyway; as soon as they take ownership of TPB, they have to install the same block for Dutch users, and will bet the same fine if they fail to do so. There's more info about this, including the complete ruling against GGF, in the first article linked.
Well actually, in this case, he seems to be having a better attitude; he's confirmed that there is a real issue, and even links to Dempsky's patch. So there appears to be some improvement here, which was one of the reasons I submitted this to slashdot!
Have a look at the article, there's a short summary about the qmail issue. In short, there was a security issue, but because it can only be exploited if qmail was assigned gigabytes of memory (the bug involved a 32-bit memory address), DJB didn't think it was an actual issue.
To quote: Nobody gives gigabytes of memory to each qmail-smtpd process, so there is no problem with qmailâ(TM)s assumption that allocated array lengths fit comfortably into 32 bits.
In other news, the first SHA-3 conference will be held in Belgium this week. The NIST hopes to be able to reduce the amount of contestants for the SHA-3 contest to a more manageable level by the end of that; for more info read on here.
According to the mac status page for Chromium, the browser currently fails 10% of the Webkit layout tests; work hasn't even started on building a user interface yet. So I think a release within six months is a bit optimistic.
If you'd like to get a preview of the Mac release, there are up-to-date builds available here so you don't have to compile it yourself.
Actually, they are still recommending the use of antivirus. Cnet quotes an Apple spokesperson saying:
The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.
Windows Vista is full of "protection", but I use antivirus on that as well. I love MacOS X, and I'm sure it's more secure, but there will be viruses and other malware on MacOS sooner or later.
By the way, isn't it ironic that Apple is still offering ClamXav for download on their own website?
Well you can use it anyway... There is a crossover version for both Mac and Linux, you can build your own version for both Mac and Linux, and there's a recent Mac build here. I'm sure there are lots of other builds available as well.
For those that are interested: there is no "official" mac build yet, but I regularly compile "TestShell", a simple testing application for MacOS that is used by Google engineers to test the Chrome rendering engine.
The latest version can be found here. It renders/. so it must be good, right?
A British court even ruled that Sealand was outside its jurisdiction in 1968; so according to international law, the "grandfathered in" approach might work. But since there are at most a dozen people on the platform, and no other country has recognized them, I bet the entire platform might just be used for target practice by several navy's if they are ever found to host terrorist websites...
I believe that's said near the end of the article:
"The court has now ruled in favor of Scarlet, staying the fine until the final ruling in this case which is expected about a year from now.
Let's all hope the final decision throws out Sabam's arguments; if ISP's are ruled to be responsible for the content passing through their network, that might signal the end of the internet as we know it...
Well, if you rob a bank the driver of your getaway car is likely to land in jail. The main argument in this case is that there are ways for the ISP to know the content transferred is illegal. The ISP says all solutions they tried were ineffective, thus countering this argument.
Incidentally, I think this is one of the main reasons many ISPs are no longer offering Usenet access; if they are offering their customers newsgroups with the name "alt.binaries.warez" it's hard to argue they don't realize it contains copyrighted material. With P2P transfers that argument is easier to make, especially if the software uses encryption.
When used with any authentication scheme that is *not* PSK-based, WPA is still pretty secure. VPN connections are perfectly fine as well, as long as you don't choose a simple guessable pre-shared key...
Minor correction: according to the article the failure rates nearly doubled. There were 1000 servers in a trailer; 500 with and 500 without AC. The ones with AC had a 2.45 percent failure rate, and the ones without 4.46 percent. That's an 80% increase, not 0.6%.
While it's pretty sad to hear that their security team is not allowed to speak, there are still two talks about Apple products left: Jesse Dâ(TM)Aguannoâ(TM)s talk about rootkits for OS X, and Petko D. Petkov who announced he might provide some details about a 0-day attack against Quicktime.
Slashdot Mirror
So true, and it looks like they didn't manage to do it in software. They claim to improve both durability AND performance; http://storage-news.com/2010/06/16/yet-another-ssd-breakthrough/ has a comparison of the quoted performance numbers for this drive, and they appear to be lower than quoted numbers for a competitor's MLC-based SSD.
That's why we have bloggers, right? Journalists are paid to copy-paste from press released, while bloggers derive their satisfaction from actually reading between the lines / further than the press release (that is, of course, generally speaking; there is at least some good investigative journalism left).
I just had a great example of this in my mailbox. A press release from a storage company announcing a new trade-in program; it's amazing how many websites just copy-pasted the cheerful announcement without mentioning they are facing a delisting from the NASDAQ or any other useful background info. Examples like this keep popping up, it makes you wonder about Murdoch's plans to charge for that "premium" content...
But given the every-increasing size of drives, moving to RAID-10 might be a good alternative; you'll need more disks to reach a certain desired array size, but rebuild times will be far lower because you don't need to do parity calculations. With RAID-1 and RAID-10, a 2TB drive can be completely rebuilt is less than 8 hours, depending on how busy it is; and you don't suffer the extreme performance penalty you get when using a RAID-5 array in degraded mode.
I can't seem to find anything on their website and/or in their data sheets that confirms the claim in the summary about "unlimited writes for 5 years"; just a 2 million hour MTBF. Can anyone point me to a statement from Pliant that confirms this?
Actually, they sued both the current "owners" of TPB *AND* the company that is planning to buy TPB (Global Gaming Factory). GGF did send lawyers to the court hearing, but they lost anyway; as soon as they take ownership of TPB, they have to install the same block for Dutch users, and will bet the same fine if they fail to do so. There's more info about this, including the complete ruling against GGF, in the first article linked.
Well actually, in this case, he seems to be having a better attitude; he's confirmed that there is a real issue, and even links to Dempsky's patch. So there appears to be some improvement here, which was one of the reasons I submitted this to slashdot!
To quote: Nobody gives gigabytes of memory to each qmail-smtpd process, so there is no problem with qmailâ(TM)s assumption that allocated array lengths fit comfortably into 32 bits.
In other news, the first SHA-3 conference will be held in Belgium this week. The NIST hopes to be able to reduce the amount of contestants for the SHA-3 contest to a more manageable level by the end of that; for more info read on here.
If you'd like to get a preview of the Mac release, there are up-to-date builds available here so you don't have to compile it yourself.
There are .dmg's of the current version at http://securityandthe.net/chrome/ if you want to give it a try. These are based on the current SVN tree.
The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.
Windows Vista is full of "protection", but I use antivirus on that as well. I love MacOS X, and I'm sure it's more secure, but there will be viruses and other malware on MacOS sooner or later.
By the way, isn't it ironic that Apple is still offering ClamXav for download on their own website?
Well you can use it anyway... There is a crossover version for both Mac and Linux, you can build your own version for both Mac and Linux, and there's a recent Mac build here. I'm sure there are lots of other builds available as well.
The latest version can be found here. It renders /. so it must be good, right?
A British court even ruled that Sealand was outside its jurisdiction in 1968; so according to international law, the "grandfathered in" approach might work. But since there are at most a dozen people on the platform, and no other country has recognized them, I bet the entire platform might just be used for target practice by several navy's if they are ever found to host terrorist websites...
"The court has now ruled in favor of Scarlet, staying the fine until the final ruling in this case which is expected about a year from now.
Let's all hope the final decision throws out Sabam's arguments; if ISP's are ruled to be responsible for the content passing through their network, that might signal the end of the internet as we know it...
Incidentally, I think this is one of the main reasons many ISPs are no longer offering Usenet access; if they are offering their customers newsgroups with the name "alt.binaries.warez" it's hard to argue they don't realize it contains copyrighted material. With P2P transfers that argument is easier to make, especially if the software uses encryption.
When used with any authentication scheme that is *not* PSK-based, WPA is still pretty secure. VPN connections are perfectly fine as well, as long as you don't choose a simple guessable pre-shared key...
Mea culpa, I just updated the article. I meant DES of course, 3DES is about 2^52 times more secure.
Sun is also running a comparable experiment with Belgacom and allows you to log in to a live interface to view stats on in- and outlet temperatures and more at http://wikis.sun.com/display/freeaircooling/Free+Air+Cooling+Proof+of+Concept For more details and analysis see http://www.datacenterknowledge.com/archives/2008/09/18/intel-servers-do-fine-with-outside-air/ or http://securityandthe.net/2008/09/18/intel-sees-the-future-of-datacenters-and-it-does-not-include-airconditioning/
DC Knowledge also has a nice video of this experiment at http://www.datacenterknowledge.com/archives/2008/09/18/video-intels-air-side-economization-test/
Actually, their earlier post about Bear Stearns was right on the mark. In this case they are way off, see the calculations here: http://securityandthe.net/2008/09/17/how-much-is-a-data-center-worth/
While it's pretty sad to hear that their security team is not allowed to speak, there are still two talks about Apple products left: Jesse Dâ(TM)Aguannoâ(TM)s talk about rootkits for OS X, and Petko D. Petkov who announced he might provide some details about a 0-day attack against Quicktime.