If a server has a 500w power supply you are drawing 4amps of current.
500watts/120volts ~= 4amps/server
Now if you have 4 servers...
4amps/server * 4 = 16amps
Give a little extra to the UPS say 1-2amps for a total of 18amps, so yeah, I would say you are at 90%. Oops!
You should have a minimum of a 30amp circuit for EACH rack, or better yet, dual 30amp circuits, and a UPS for each rack.
$15k should have been able to cover all of that.
You also sound like you have serious heat issues, and as you probably know your silicon is going to break down a lot sooner than you thought.
First things first. Call an HVAC professional and get your cooling under control, ask for him an idea of what kind of circuits HE will need. Next, call an electrician and order more circuits.
While you are waiting for those guys to come, go buy some kick ass box fans and place them strategically to move cool air in, and hot air out. I have no idea what your physical security concerns are for the data center, but it sounds like you are going to need a door open.
In short, you have fucked up. Making cables all the same color or for particular purposes is nice, and it's damn cool looking, but at the end of the day, or at the end of the year, when shit needs to be moved or re-arranged or assumptions change, all of that goes to hell in a hand basket.
That's interesting that there are options that don't do anything. Off hand I could see some options still existing because there is some nasty code still out there with some bizarre compile options that were once applicable. Take what I say with a grain of salt, I personally don't know what options they would be, but maybe back in the day there was something silly like -liberal-for-loops. You know... to allow the people who like to do this:
for(ptr=passed_param;ptr!=NULL;ptr=ptr->next)
Who knows, but I am sure there is someone who still needs those wierd flags, even if they don't do anything anymore.
...troll. Work smarter not harder. Nyuck, nyuck, nyuck. Well, thank god your here to tell everyone how to code secure simple software.
Be advised that complex data dependent protocols are not trivial to code. Not only that, they are even harder to get to interoperate with other implementations of the same protocol. All the nasty little bug-a-boos show up that the protocol designers hadn't thought or even dreamed of.
I count OpenSSL as insecure software - we need a secure replacement.
So what's the plan? Toss out all the OpenSSL/GNUtls code and start over...but this time let's try something new... let's make it simple and secure?
What you don't seem to understand, is that people far smarter than you and I have already had these philosophical debates and do you know what they came up with?
No software is completely secure.
Prompt disclosure is important.
More eyes, code review, what have you is a good thing.
Plan for failure/breaches/etc.
Your measure of secure software is juvenile. It doesn't even provide an interesting definition of software security. Pointing at less than complete implementations of smtp and ftp makes your entire argument suspect. Also the "auditing secure software is easy" comment is another dead give away.
cost includes the cost to recover your ENTIRE NETWORK. once one machine is 0wn3D they all are - potentially - and you can't trust anything.
You can extrapolate that further. Assume you have financial data and that is compromised. That may be more costly (think class action lawsuit or such) than the cost to recover your systems. I was giving the lad the benefit of the doubt that he understands the various aspects of cost.
If you think back to the military analogy...it's not likely they are worried about the cost of rebuilding the walls...they are more likely worried about the lost nuclear weapon. Unless ofcourse you are in Soviet Russia...
You're going to get a lot of answers on how in the perfect world there will be DMZ this, several layers of routers that, firewalls in between them all, VPNs, NIDs,and a whole bunch of other things that may not be applicable.
The answer really depends on what you are protecting and whether or not the security required to protect it is worth the cost.
The only way application aware firewalls CHANGE the paradigm of network security models is for a certain class of protection. Usually that line of protection is or train of thought is "we would like something slightly better than nothing".
If you need protection more than that, it sounds like you already know what is best practice. That hasn't changed, and you are not wrong to suggest to your co-workers otherwise.
Think of it along the lines of what the military would do. Just because there is some new whiz bang motion tracking CCTV x10 ninja thing that shoots lazers. You better believe they are still going to have soldiers with rifles in watch towers, soldiers walking the perimeter, and 20ft of dead man zone and razor wire fences surrounding, along with the whiz bang consolidating gadget.
He already has the standard generally accepted rule of thumb answer... "Never!". What he wanted to know was, if these newer fancy schmancy firewalls are changing these rules, where it might be acceptable. The answer ofcourse is it depends...not go study up and give back the same answer he already knows to some professor or cert authority. Long and short of it, you have the wrong answer.
BSD style code swipes? They were blatant code swipes. He wrote the Emacs editor, and not just a few companies stole it, but they locked it up, and sold it with absolutely no credit to RMS or renumeration.
I think the pivotal event was his editor getting stolen and getting no credit. He needed to devise a way to cleverly allow what he wanted, but deny to others what they were doing.
As for the actual construct of the GPL, I believe he did consult with lawyers, who probably recommended he make a front such as the Free Software Federation and the like to give it teeth or something to stand on or point at.
Re:After 20+ years of buffer overflow exploits...
on
Remote Root Exploit In lsh
·
· Score: 4, Insightful
First things, first. C was meant to be a highly portable version of assembly. C successfully facilatated porting operating systems AND applications that used those operating systems.
People often think of C the wrong way, and that is often because languages considered "safe" borrow heavily from C syntax. If you have ever programmed in assembly/machine language, you know the programming bugs can do quite nasty and unexplained things (sometimes much worse than a buffer overflow). However, having coded in assembly one often becomes more rigorous with their coding, that same rigor is what is needed to carry over to C, and is what is lacking with some of the C coders of today.
Second, system software also often needs a low memory footprint. System developers often want to know where every little bit of memory went, and often find compiled code barely tolerable. Not everyone can afford the luxury of loading a perl, python, java, byte code interpretor du jour just to send and read data, manipulate strings, and do stuff with files.
System software is very different from operating systems, and calls for a different language.
Maybe you're right, problem is, many have tried almost all have failed to gain popularity for systems coding. Big problem for your argument and for developers who know, almost all of those different languages were first written in...drum roll...."C".
IANAL, but if you'll allow me to shoot from the hip for a bit, I'll take a shot at it...
1) Tortious interference with business relationships. The solicited the customers. They directly interfered with the business relationship by bringing the servers down by overzealous monitoring.
2) The outage was caused by the monitoring company. If just one customer leaves to another hosting company because of outages or what not, or if that customer lost business due to downtime. The damages are realizable.
Sounds like you've got an open and shut legal case to recoup those costs they're causing you to incur.
First things first. These are your servers. Your network. I am assuming you have the standard abuse clause in your TOS. You need a lawyer.
Unfortunately, you are in a bad situation. They apparently have more resources than you, because they can bring your setup to it's knees. Not saying it's right, not saying it's fair.
A lookup of your TLDs each second makes sense if you are Yahoo! or Google. Their web monitoring levels don't appear to be reasonable. You already know the technical answer.
Personally, I would be worried about them stealing your customers. I mean the argument is going to be simple from their side. They will simply say, "hey look, their stuff folded under 'normal' monitoring, we have a hosting company we can 'recommend'" or they will just have the hosting company call them up out of the blue and ask if they are "unhappy" with thier current service..."oh, it goes down a lot"..."they can't handle simple monitoring"..."gee, that's a shame"..."well, we've worked with that monitoring company before, and we have never had any problems, in fact we routinely get 5 9s"...etc
Honestly, talk to legal, explain the potential situation, and have them make contact with the monitoring company. A couple of tortious interference this, and cease and desist that, will put the monitoring company on it's toes and maybe get them to leave your customers alone, or possible play nice with your servers. Notify your customers yourself and explain that they are being investigated by your legal team, etc.
That Anthony Boyd...that young man was always a trouble maker. Never had any respect for authority. If he was here right now, he'd be in detention. He has no affliation with this school anymore, and is stealing the thunder from my pet project. Something has to be done about these rogue Internet sites. The principal and the board need to get a handle on this whole Internet thing. I'm sure he's violating some laws or even worse school policies...kids these days...
IANAL, but this is a slippery slope. If SCO is not playing by the rules for the GPL, their license is void. There is the monetary figure for damages...in the 10Q.
Any attorneys looking to make a little cash? Ambulance chase a linux developer. They've been wronged. Should be practically an open and shut case.
Your paranoia is showing. The same thing happens here in USAland when you outsource (or even when you bring in outside contractors to help with part of a project like requirement specifications.)
Yes. Except, there is a big ocean between you and the people you would have to go after. Can't walk down to the court house and file a lawsuit.
What do you do...call the state department, so they can giggle at you? Sue the local firm representing those workers (I'm sure the money is still in a US bank)? Mumble under your breath how you aren't going to be doing anymore business with Ravinder Notgonnaworkhere?
It's the wild west when you deal with overseas workforces. Companies get what they pay for.;)
I saw that same episode. Jesse, was also trying to make the case that the farmers would also eventually form cartels (kinda like RIAA or MPAA) and regulate their own prices (i.e. much higher) if they were on a free market.
If farmers were allowed to sell on a free/open market and were not subsidized (a think calling it welfare is a gross exaggeration). Two theories of what would happen are: One, 90% of the farm land would be sold and used for other purposes. Two, there would be a mass consolidation of who sells produce/wheat/etc.
I think times have changed and it's possible, both technology wise (better transport, more robust/hearty genetically engineered produce) and politically that more markets are available to our farmers. I have no idea about the economics of it (and consolidation and selling of land might still happen). I do remember that America has the potential to produce a hell of a lot of food. To the extent that when Hitler was carving up the world, he planned on using America as the "bread basket" for the world, and that was an unreasonable thing to consider.
So once the users are educated with a basic set of computing knowledge, and when only people that actually know what they are doing are using computers...what's going to happen to lovely tech support?
a) Tech support won't have to hear the customer's mouse tapping their monitor screen...
b) Customer will have already rebooted the computer 6 times....
c) Their will be a new breed of idiots, and it ups the bar for tech support workers.
Overall, the more things change...the more they stay the same...
Chances are slim to none that a software company would allow it's "shredded" source code to be publicly released.
You are right that SCO will not allow it's shredded source code to be publicly released. However, the reason would be because the MD5 hashes that matched could be traced back to specific lines in the kernel. I don't know why people don't get it...
SCO doesn't want the common code published or known until the court date.
I know it's irrational, I know it's silly. However, everyone expecting a "rational" response from an irrational company is foolish. I guess hope springs eternal, on both sides. SCO has bet the farm on this strategy, and they are not about to let the cat out of the bag. ESR seems to think they are just going to submit to this hair brained scheme, and produce a bunch of MD5 checksums.
If you take their point of view, this does nothing to protect their IP, it's just a thinly veiled way of tricking them into revealing the code they believe is in question.
I believe Berkeley and MIT still proudly use SICP in their teaching for a CS course or two.
As far as mapping that specific language to another language (say one that is in vogue), it sounds more like the role of a good programming language concepts/fundamentals class. In which case they should be teaching a student how to map any language to another.
Recursion is cool (and SICP is a lot of fun), except when it sucks ass or you need to do something real world that is optimized and may not have a gig of stack to solve a particular solution.
And, ofcourse, Knuth's TAOCP is the real Bible. I might grudgingly call TAOCP the old testament, and the SICP the new testament, but let's face it. Knuth has his shit together, when it comes to explaining CS.
Don't be silly. Mail clients may need outbound port 25 access as well, and that may not warrant the administrative overhead and cost of VPNs and SMTPS. If we let virus/worm writers and terrorists force our hand with regards to security policy...they win and that would be bad.
Slashdot Mirror
If a server has a 500w power supply you are drawing 4amps of current.
500watts/120volts ~= 4amps/server
Now if you have 4 servers...
4amps/server * 4 = 16amps
Give a little extra to the UPS say 1-2amps for a total of 18amps, so yeah, I would say you are at 90%. Oops!
You should have a minimum of a 30amp circuit for EACH rack, or better yet, dual 30amp circuits, and a UPS for each rack.
$15k should have been able to cover all of that.
You also sound like you have serious heat issues, and as you probably know your silicon is going to break down a lot sooner than you thought.
First things first. Call an HVAC professional and get your cooling under control, ask for him an idea of what kind of circuits HE will need. Next, call an electrician and order more circuits.
While you are waiting for those guys to come, go buy some kick ass box fans and place them strategically to move cool air in, and hot air out. I have no idea what your physical security concerns are for the data center, but it sounds like you are going to need a door open.
In short, you have fucked up. Making cables all the same color or for particular purposes is nice, and it's damn cool looking, but at the end of the day, or at the end of the year, when shit needs to be moved or re-arranged or assumptions change, all of that goes to hell in a hand basket.
Last time I checked, Knuth was still writing books. When did he die? Atleast as of August 29th, 2003 he appears to be still kicking Donald Knuth News
Regional accredidation is the real deal, accept no substitutes.
CHEA has a search engine for such things.
Who knows, but I am sure there is someone who still needs those wierd flags, even if they don't do anything anymore.
Be advised that complex data dependent protocols are not trivial to code. Not only that, they are even harder to get to interoperate with other implementations of the same protocol. All the nasty little bug-a-boos show up that the protocol designers hadn't thought or even dreamed of.So what's the plan? Toss out all the OpenSSL/GNUtls code and start over...but this time let's try something new... let's make it simple and secure?
What you don't seem to understand, is that people far smarter than you and I have already had these philosophical debates and do you know what they came up with?
No software is completely secure.
Prompt disclosure is important.
More eyes, code review, what have you is a good thing.
Plan for failure/breaches/etc.
Your measure of secure software is juvenile. It doesn't even provide an interesting definition of software security. Pointing at less than complete implementations of smtp and ftp makes your entire argument suspect. Also the "auditing secure software is easy" comment is another dead give away.
If you think back to the military analogy...it's not likely they are worried about the cost of rebuilding the walls...they are more likely worried about the lost nuclear weapon. Unless ofcourse you are in Soviet Russia...
You're going to get a lot of answers on how in the perfect world there will be DMZ this, several layers of routers that, firewalls in between them all, VPNs, NIDs,and a whole bunch of other things that may not be applicable.
The answer really depends on what you are protecting and whether or not the security required to protect it is worth the cost.
The only way application aware firewalls CHANGE the paradigm of network security models is for a certain class of protection. Usually that line of protection is or train of thought is "we would like something slightly better than nothing".
If you need protection more than that, it sounds like you already know what is best practice. That hasn't changed, and you are not wrong to suggest to your co-workers otherwise.
Think of it along the lines of what the military would do. Just because there is some new whiz bang motion tracking CCTV x10 ninja thing that shoots lazers. You better believe they are still going to have soldiers with rifles in watch towers, soldiers walking the perimeter, and 20ft of dead man zone and razor wire fences surrounding, along with the whiz bang consolidating gadget.
He already has the standard generally accepted rule of thumb answer... "Never!". What he wanted to know was, if these newer fancy schmancy firewalls are changing these rules, where it might be acceptable. The answer ofcourse is it depends...not go study up and give back the same answer he already knows to some professor or cert authority. Long and short of it, you have the wrong answer.
BSD style code swipes? They were blatant code swipes. He wrote the Emacs editor, and not just a few companies stole it, but they locked it up, and sold it with absolutely no credit to RMS or renumeration.
I think the pivotal event was his editor getting stolen and getting no credit. He needed to devise a way to cleverly allow what he wanted, but deny to others what they were doing.
As for the actual construct of the GPL, I believe he did consult with lawyers, who probably recommended he make a front such as the Free Software Federation and the like to give it teeth or something to stand on or point at.
People often think of C the wrong way, and that is often because languages considered "safe" borrow heavily from C syntax. If you have ever programmed in assembly/machine language, you know the programming bugs can do quite nasty and unexplained things (sometimes much worse than a buffer overflow). However, having coded in assembly one often becomes more rigorous with their coding, that same rigor is what is needed to carry over to C, and is what is lacking with some of the C coders of today.
Second, system software also often needs a low memory footprint. System developers often want to know where every little bit of memory went, and often find compiled code barely tolerable. Not everyone can afford the luxury of loading a perl, python, java, byte code interpretor du jour just to send and read data, manipulate strings, and do stuff with files.Maybe you're right, problem is, many have tried almost all have failed to gain popularity for systems coding. Big problem for your argument and for developers who know, almost all of those different languages were first written in...drum roll...."C".
IANAL, but if you'll allow me to shoot from the hip for a bit, I'll take a shot at it...
1) Tortious interference with business relationships. The solicited the customers. They directly interfered with the business relationship by bringing the servers down by overzealous monitoring.
2) The outage was caused by the monitoring company. If just one customer leaves to another hosting company because of outages or what not, or if that customer lost business due to downtime. The damages are realizable.
First things first. These are your servers. Your network. I am assuming you have the standard abuse clause in your TOS. You need a lawyer.
Unfortunately, you are in a bad situation. They apparently have more resources than you, because they can bring your setup to it's knees. Not saying it's right, not saying it's fair.
A lookup of your TLDs each second makes sense if you are Yahoo! or Google. Their web monitoring levels don't appear to be reasonable. You already know the technical answer.
Personally, I would be worried about them stealing your customers. I mean the argument is going to be simple from their side. They will simply say, "hey look, their stuff folded under 'normal' monitoring, we have a hosting company we can 'recommend'" or they will just have the hosting company call them up out of the blue and ask if they are "unhappy" with thier current service..."oh, it goes down a lot"..."they can't handle simple monitoring"..."gee, that's a shame"..."well, we've worked with that monitoring company before, and we have never had any problems, in fact we routinely get 5 9s"...etc
Honestly, talk to legal, explain the potential situation, and have them make contact with the monitoring company. A couple of tortious interference this, and cease and desist that, will put the monitoring company on it's toes and maybe get them to leave your customers alone, or possible play nice with your servers. Notify your customers yourself and explain that they are being investigated by your legal team, etc.
That Anthony Boyd...that young man was always a trouble maker. Never had any respect for authority. If he was here right now, he'd be in detention. He has no affliation with this school anymore, and is stealing the thunder from my pet project. Something has to be done about these rogue Internet sites. The principal and the board need to get a handle on this whole Internet thing. I'm sure he's violating some laws or even worse school policies...kids these days...
IANAL, but this is a slippery slope. If SCO is not playing by the rules for the GPL, their license is void. There is the monetary figure for damages...in the 10Q.
Any attorneys looking to make a little cash? Ambulance chase a linux developer. They've been wronged. Should be practically an open and shut case.
http://www.securityfocus.com/archive/1/337662/2003 -09-13/2003-09-19/0
What do you do...call the state department, so they can giggle at you? Sue the local firm representing those workers (I'm sure the money is still in a US bank)? Mumble under your breath how you aren't going to be doing anymore business with Ravinder Notgonnaworkhere?
It's the wild west when you deal with overseas workforces. Companies get what they pay for.
I saw that same episode. Jesse, was also trying to make the case that the farmers would also eventually form cartels (kinda like RIAA or MPAA) and regulate their own prices (i.e. much higher) if they were on a free market.
If farmers were allowed to sell on a free/open market and were not subsidized (a think calling it welfare is a gross exaggeration). Two theories of what would happen are: One, 90% of the farm land would be sold and used for other purposes. Two, there would be a mass consolidation of who sells produce/wheat/etc.
I think times have changed and it's possible, both technology wise (better transport, more robust/hearty genetically engineered produce) and politically that more markets are available to our farmers. I have no idea about the economics of it (and consolidation and selling of land might still happen). I do remember that America has the potential to produce a hell of a lot of food. To the extent that when Hitler was carving up the world, he planned on using America as the "bread basket" for the world, and that was an unreasonable thing to consider.
a) Tech support won't have to hear the customer's mouse tapping their monitor screen...
b) Customer will have already rebooted the computer 6 times....
c) Their will be a new breed of idiots, and it ups the bar for tech support workers.
Overall, the more things change...the more they stay the same...
Bravo! I like the cut of your gib.
BKT
I actually read my TAOCP books while I'm in the can, or when I am bored and want inspiration, and I am impatiently waiting for the 4th.
You are right that SCO will not allow it's shredded source code to be publicly released. However, the reason would be because the MD5 hashes that matched could be traced back to specific lines in the kernel. I don't know why people don't get it...
SCO doesn't want the common code published or known until the court date.
I know it's irrational, I know it's silly. However, everyone expecting a "rational" response from an irrational company is foolish. I guess hope springs eternal, on both sides. SCO has bet the farm on this strategy, and they are not about to let the cat out of the bag. ESR seems to think they are just going to submit to this hair brained scheme, and produce a bunch of MD5 checksums.
If you take their point of view, this does nothing to protect their IP, it's just a thinly veiled way of tricking them into revealing the code they believe is in question.
I believe Berkeley and MIT still proudly use SICP in their teaching for a CS course or two.
As far as mapping that specific language to another language (say one that is in vogue), it sounds more like the role of a good programming language concepts/fundamentals class. In which case they should be teaching a student how to map any language to another.
Recursion is cool (and SICP is a lot of fun), except when it sucks ass or you need to do something real world that is optimized and may not have a gig of stack to solve a particular solution.
And, ofcourse, Knuth's TAOCP is the real Bible. I might grudgingly call TAOCP the old testament, and the SICP the new testament, but let's face it. Knuth has his shit together, when it comes to explaining CS.
Don't be silly. Mail clients may need outbound port 25 access as well, and that may not warrant the administrative overhead and cost of VPNs and SMTPS. If we let virus/worm writers and terrorists force our hand with regards to security policy...they win and that would be bad.