Careful. I'm assuming that these will be clients or co-workers or similar. BE CAREFUL. You do not want to drop messages. What happens if a client's email is lost because it looks like spam (refers to money, etc). Better to tag it, and let the user decide.
Um, don't even bother. Either filter and drop the spam, or just let everything through. Having someone go through all the marked spam messages is just as wasteful as going through the unmarked ones. If you're that afraid of dropping something, consider this: People select-all *SPAM* delete. Why should that be part of their daily routine? Why waste the storage space and network bandwidth to make a human do what you can do on the mailserver?
I've gotten many requests to tag people's mail rather then deleting it. Within a month, they all say 'fuckit, just toss it.'
When you say, "I only accept mail from properly configured mailservers," what you're really saying is, "I only accept mail from mailservers that are configured in the way that I want them to be." There's no spec that says that mail servers shouldn't accept and relay mail. There's no spec that says mail servers must be resolveable by reverse DNS.
You're right, I just pulled this right out of my ass as well. Nobody would bother to draft a best-current-practices about spam. And besides, it's only a request for comments, nobody needs to follow it.
These are things that, while they may or may not be wise or even reasonable, you just made up arbitrarily. Which is counter-productive and harmful.
Ye gods. Yes, now following best practices is considered counter-productive and harmful. Are you SURE you're not a spammer or an idiot?
This isn't the wild west. You don't just pick an IP address out of your ass, and twiddle random bits in packets and say "Hi! I'm sending email you must accept it because I'm so COOL!". There's a number of things you have to do, and it's all about being a responsible member of the internet community. As times change, so do the accepted best practices. This is why we don't relay mail for anyone anymore, because it's considered rude to let thugs use your house as a base to rob others.
Oh, blow it out your ass. The whole "if you don't agree with me then you're either stupid or you have an agenda" thing is unbelievably childish. Accept, instead, that I'm simply a guy with a different opinion from yours.
No, you're someone who dosn't even respect his own position enough to commit his name to it. This just stinks of spammers, who hardly ever use their real name. The only reason I'm even replying is that you have some grasp of the english language, which most ACs do not.
Well, two things. First, spam doesn't drown anybody out. All emails get the exact same attention when you read them. And secondly: huh? You have a... unique interpretation of freedom of speech.
Not really. It's the difference between being allowed to talk to yourself in a closet and stand on common ground and tell other people what you believe. If we said "you can say anything you want, as long as nobody can hear you." how free is that? Either way, it's a side issue. The government isn't involved in this (yet).
Dude, why aren't you reading what I write? YES. Spam is a problem. It's just that blocking connections for reasons that are only circumstantially and tangentially related to spam is a WORSE problem. I really don't understand why you're not getting this. It's one thing for you to disagree with me. It's another thing entirely for you to completely misunderstand me. Get it?
I get what you're saying, it's just wrong. See, most spam comes from open relays or proxies. People who run those servers are directly contributing to spam. Why should I accept mail from a willing spammer accomplice? It's not THAT hard to lock down open relays. I've even got a box on my network that has to exist that has no anti-relay capabilities (UGH).... So I divert all inbound 25 traffic through a sendmail box first.
If someone isn't willing to do their part to keep email a viable medium for communications, I'm not willing to listen to them. Is it such a hard concept?
As for valid email from proxies/relays: No email should be coming out of a proxy server, open or otherwise. It's a hardware box, no mail queue, designed to cache webpages. Any email coming out of it is spam, period. For relays: While someone may be using the mailserver for legit mail, trust me. Once the spammers find it that box is so slammed with spam it crashes and takes out any real email that would be going through it.
By saying "fuckoff" to spammers, open relays, open proxies and general idiots...
You're also saying "fuckoff" to anybody who sends email that happens to go through one of the systems that you have painted with that absurdly broad brush.
Correct. I only accept mail from properly configured mailservers. The USPS dosn't pick up letters lying on the hood of my car and deliver them, they only take mail from approved mailboxes.
Obviously, they're part of the problem!
If you don't think spam is a problem, you're one of four things:
Too new to have your email harvested.
Someone with damm good email filtering.
An idiot.
A spammer.
Try carrying out a conversation where the person you are talking to is speaking at 1/5th the volume of the used-car salesman with a megaphone. Freedom of speech also means being able to listen to the person you want to and not have him drowned out.
And as problem/solution goes, the thousand odd people I provide email accounts for are quite happy with the improvement of the quality of their service. If you wish to try to tell them how wrong they are, feel free to buy an email list and spam them. They pay me to make sure that your attempts fail.
Yesterday was slow: 66637 connections rejected for being spam. Generally that's about 10-15 emails each (judging from the logs of the ones that did get in) By the same token, there were 15574 emails delivered successfully, quite a few of which were spam that got through the filter.
This means that over 81% of all email traffic going to me was spam. Still not a problem?
Perhaps you don't think spam is a problem. You, however, are wrong. When 80% of my incoming mail was spam, I'm spending 5 TIMES what I should be to deliver legitimate email. With that incredible volume, people's filters were failing and their inboxes were full of horsefucking herbal viagra peddlers. (Now with 95% more teen webcams!)
By saying "fuckoff" to spammers, open relays, open proxies and general idiots, my users can actually USE their email, and the mailserver can get the legit email out in a reasonable amount of time.
By the same token, the USPS is doing it's job by not accepting bombs in the mail. Despite "The mail must go through!" motto, some things don't qualify.
There are a LOT of places though that don't set these records, and filtering out these sites will drop a LOT of emails that actually might be valid.
Yes, but our point is that those servers are misconfigured. It's not MY job to configure YOUR mailserver properly. Mine works and will continue to work properly. If _YOUR_ mailserver can not get YOUR email out, who's problem is it?
I suppose I should quit using the open relay/open proxy blacklists as well, since someone might really send email from one of them. Right?
I won't go so far as to require the HELO/EHLO to match the reverse DNS, since there's thousands of legitmate scenarios where this might not be the case. Generally speaking, it's a firewalled mailserver and you're seeing the IP of the firewall. I DO require, however, that the forward lookup of the HELO matches the IP connecting to me.
People choose their ISP's for various reasons: price, quality of service, convenience. What kind of drangles they use on their gimlets should not be one of them.
Quite right! Who cares about standard things like DNS when you can just use WINS! Send packets to the broadcast address and hope the right machine responds.
Hell, people who want their ISP to support PPP or IPv4 are just being bitchy. Nobody needs more then IPX over SLIP anyway.
I personally run a mail server on my computer, and don't gateway mail it sends. That's the way email was designed to work, and still the way it works best. I think that's pretty legitimate. I get an immediate response when mail delivery fails, can set how long I want resends to be done, and don't have to remember to change my gateway when I move from home to college and back. I have no reason to run out and buy a domain -- I don't have any reason to present a domain to the world.
With all due respect, you're an idiot.
Requiring a reverse DNS record isn't forcing you to go out and buy a domain, just to bitch at your ISP to give you a valid reverse DNS. It can be in your domain, or in theirs, it just has to exist.
Any site sending me mail without reverse DNS gets a temporary failure error message. Further, any claimed 'From' address with a non-resolvable domain
(A or MX) such as 'adfgsadgh@asdkabm.com' gets bounced as well.
I've found many ISPs are lazy about adding reverse DNS records. I've also had a hell of a time getting them to delegate the zone to my server when they won't handle it themselves. Still, there's lots and lots of spam that's not showing up. And earthlink, AOL, roadrunner and yahoo! have valid reverse DNS records, so I only get the occasional complaint.
The number 1 roadblock to IPv6 adoption is ARIN.
ARIN, in their infinite wisdom, has decided that IPv4 "maintenence" costs wern't lucrative enough, so the fee schedule for IPv6 has changed accordingly.
Sorry, I don't have $2500 a year to throw around just to play with IPv6, and larger companies don't drop $20k on it. Hell, the biggest problem with routing-table inflation is the ass-backwards policies that give everyone 14 micro-allocations rather then one that fits them. I've had to throw 6 routes out into the global tables rather then one convienent one.
"IP Address space not considered property" Well, duh. If it were property you woulnd't have to keep PAYING them over and over.
Unless you luck out, it's unlikely that the appreciation will match the interest paid. Sure, you may buy for 100k and sell for 120k some years down the road, but you probably payed most of that 20k in interest by then anyways. Of course there's specific examples of it going extremely in either direction, but I think in the overall these factors are somewhat balanced.
<more bullshit>
Yea. You go! Fight the system! W00t!
For those of you with a few extra braincells and less interest in the Black UN Helicoptors and government mind control lasers crowd, you might be interested in noting that paying Rent is exactly the same as paying a mortgage... except someone else is getting the equity. And the tax break.
See, here's how the game works. I, filthy capitalist pig, am part of the scum that has "Old Money". I invest "Old Money" into a dirt-cheap cinderblock POS that I like to call "Arbor Palms, a Beautiful (gated) community." Then, I go find college students and lower-class people and entice them to come in and pay me to live there. The final result is: I turn a profit while at the same time writing off a portion of the loan repayment.
In order to maintain my positive cash flow, I then propagate the myth that low-interest debt like mortgages are Bad and a Tool of The Man on popular webboards. Now all these "smart" people see that "equity" is nothing but imaginary numbers, and spend the equivilant amount of cash on an apartment. Because, apartments become free if you lose your job, right? There's no late-payment penalties or evictions put on your credit report. Not like a house at all!
Hint, folks: Yes, it's expensive to move houses. It's also expensive to move apartments. Security deposits, pet deposits, utility disconnect/hookup plus the cost of moving all your stuff. With a house you do actually come out slightly ahead after a number of years, even AFTER paying comission on selling it.
The folks I bought the house from had two mortgages on it, owned for 13 years, and still exited with enough free cash to put in a pool on their new place. But, that didn't really happen because photon317 says that they lost all that in interest payments. Because, remember, his apartment is free!
There is no such thing as "security through obscurity and good coding". Closed-source programs that cannot be audited have a horrible track record of buffer overflows, unintended consequences to out-of-spec inputs, etc. So the only "security" is the fact that it's obscure. Personally, I'd trust open-source code more.
As for accessing over the internet, one can only hope they're using standard protocols like SSL to encrypt the data and certs to know you're talking to a bank and not a man-in-the-middle.
To demonstrate his complete stupidity, Hubert_Shrump writes:
as a temporary and ugly solution - why not just nice the jobs you don't want hogging the system?
Perhaps because the NICE level dosn't impact anything but CPU timeshare? So a nice 19 tar -czvf/tmp/totape.tgz/home will still thrash the hell out of your system.
The semantics are fairly trivial: This process is generating a lot of disk cache that's only being hit once, so let's bound how much memory it uses.
The reality is much trickier. It's not an intractable problem, though.
Not too long ago (early 2.4) mke2fs would completely devistate a system when the filesystem/ram ratio was above a certain point. (I'm thinking 8gig FS on a 128 meg box, but it's been a while)
Installs were DOG SLOW due to the massive dirty-writes going on. It's much much better now,
so hopefully the 2.5 VM dev cycle takes care of the read-once page problem.
You know, if you're looking for crucial legal advice, I really don't think you should be relying on Slashdot. "But, *your Honor*, 'autopr0n' on Slashdot *said* that it would be okay!"
Actually, this slashdotter has had to handle WAY too many of these. It's MY opinion that a trivially forgable email is NOT a proper notification as required by the DMCA. Autoreplying requesting documents by certified mail gets rid of most of the bozos, and has the added bonus of costing the bounty hunters another $500 in legal time to prepare the paperwork.
Also entertaining is pointing out the blatent and obvious fallacies in their email, and reminding them that it is an official document prepared under penalty of perjury. I've gotten DMCA notices about usenet postings on other ISPs due to it having an ao.net email address. (Cult of Scientology, generally)
Once you get rid of the bozos by requesting documents, you're left with probable legitimate claims... people with EBooks in their web folders, things like that. At that point we comply with the letter of the law with a chmod 600 and tell the subscriber to deal with it.
It's pragmatic. You protect most of your users from the bozos, and don't take an (expensive) corperate stand one way or the other on real copyright infringement cases.
why do raid 1 + 5 when you can just put more spares in the raid 5?
Because you can't add spares. Raid-5 error correction only expands the data to N+1. If you put in extra drives, they are "hot spares", not redundant. Disks are getting pretty cheesy lately (especially for someone "on a budget") and a multi-disk failure isn't unheard of.
"raid 6", whatever that is and whenever it becomes a common standard expands the data to N+X, so you have to have X+1 drive failures before losing data.
Also, raid 15 is a bad idea. Raid 51 has a LOT more redundancy (raid5 made up of individually raid1'd disks.) Your odds of losing the 4 drives needed to take it down are much less then if you use 15.
Re:First reactions.
on
RAMdisk RAID?
·
· Score: 5, Informative
Sayeth CounterZer0:
Sorry, but I don't think so.
RAM -> RAM across a network (assuming at LEAST 100mbit ethernet) will be FASTER than accessing a RAID of local disks. It's all memory to memory transfer at that point - no spin up, no seek time. The disk's may get close for a very long sequential write/read, where the multiple drives can actually come close to using the bandwitdh available via the RAID controller.
I, however, beg to differ.
harik@taz:~$ ping -s 1492 192.168.100.99
PING 192.168.100.99 (192.168.100.99) 1492(1520) bytes of data.
1500 bytes from 192.168.100.99: icmp_seq=1 ttl=64 time=2.80 ms
1500 bytes from 192.168.100.99: icmp_seq=2 ttl=64 time=2.77 ms
1500 bytes from 192.168.100.99: icmp_seq=3 ttl=64 time=2.77 ms
1500 bytes from 192.168.100.99: icmp_seq=4 ttl=64 time=2.77 ms
1500 bytes from 192.168.100.99: icmp_seq=5 ttl=64 time=2.77 ms
This is two machines sitting side by side on a seperate, completely unloaded switch. Don't just go by the 500ns ping time, you actually have to transfer data. You're talking at LEAST 3ms PER BLOCK... and thats with some insanely optimized
code.
Now, for video editing 99% of the effort is linear (unless you are horribly fragmented) so you're talking ONE 6ms seek ONCE then thousands upon thousands of linear reads.
Secondly, his "raid array" sucks if the performance is bad. I buy low end LSI Express 500s (Ultra 160 LVD) and they have stellar performance. For doing AV, this is my reccomendation:
Buy a multi-channel Ultra160 or Ultra320 SCSI Raid controller (160s are pretty cheap now that 320s are on the market) Load it up with 5 large drives. Set the stripe size to the maximum. Buy a cheaper IDE RAID and set it in mode 15 (Mirror two RAID5 arrays together, harder to lose data that way.)
Use the SCSI for your working set, and reformat it frequently (or at least delete all files) to defrag. Use RAID0, it's faster. Save your finished projects to the IDE raid, burn to DVD, DLT, whatever.
It will _STILL_ be cheaper then putting 2gig of RAM unto a pile of boxes, AND faster.
single-channel ultra-320 can hit you with up to 40 megaBYTES per second, all on a measly 5ms initial seek. (Remember, ALL the drives seek in parallel)
Putting drives on the second channel can whollup you with 80MB/second. You're talking around $1500 for the card, of course. But have you priced out a 1U server with 2gig ram lately?
Update #2: I was wrong with the TTL due to the traffic I was seeing. When the edge router melted under the ACL strain, it quit ARPing. When windows loses it's default gateway it sends brodcasts, TTL=1. Those are the packets I was analyzing when I concluded the worm was a dud.
Re-infecting a test box and watching it confirms: It begins sending and when it loses the ability it broadcasts over the LAN, hoping someone will pass it on.
In other news, looks like the last server hitting me has stopped. No traffic since 16:54 EST
So you contributed 3 servers to the global pool of zombie boxen, by sheer laziness? Thanks. The patch has been out for 6 months. I think the proper term is "fucktard".
Actually, sounds like he 'contributed' two the same way I did, by having a colocated customer. Sorry, but unless they're paying me for firewall services it's up to them, and I block on an as-needed basis.
One of the servers was under my control: a development box used by a programmer. Apparently he got the previous admin to forward the SQL ports through the firewall. Would explain the 'previous' part.
Ok, I take that back. One of the servers was sending TTL=1 packets, the rest were 128. Firewall still ate the traffic since it was a well-known amplifier echo attack.
Actually, this worm is non-spreading, AT ALL.
DEspite the millions of packets that were sent by the worm, not a single one got past the router. This isn't even due to firewalls, it's because they're being sent TTL=1.
Dammed if I know what it was supposed to be doing, but all it did was muck up the local ethernet segments of a few customers who had it. Dropped their port and the world is a ++happyplace.
I'm guessing the "goal" here was to shut down M$ based websites, since generally the DBserver + the webserver(s) would be in the same network segment, or if firewalled, would have a mapped IP on the local segment. Sucks to be them. 5 nameservers most likely went down due to variants of the worm. Not one of the 3 incidents I saw got a single packet out.
Mac OS X talks uses precompiled headers, I thought GCC was already using them.
... without reading the article in question.
Geoffrey Keating of
Apple Computer, Inc., with support from Red Hat, Inc., has contributed a precompiled header implementation that can dramatically speed up compilation of some projects.
Slashdot Mirror
I've gotten many requests to tag people's mail rather then deleting it. Within a month, they all say 'fuckit, just toss it.'
--Dan
This isn't the wild west. You don't just pick an IP address out of your ass, and twiddle random bits in packets and say "Hi! I'm sending email you must accept it because I'm so COOL!". There's a number of things you have to do, and it's all about being a responsible member of the internet community. As times change, so do the accepted best practices. This is why we don't relay mail for anyone anymore, because it's considered rude to let thugs use your house as a base to rob others.
No, you're someone who dosn't even respect his own position enough to commit his name to it. This just stinks of spammers, who hardly ever use their real name. The only reason I'm even replying is that you have some grasp of the english language, which most ACs do not. Not really. It's the difference between being allowed to talk to yourself in a closet and stand on common ground and tell other people what you believe. If we said "you can say anything you want, as long as nobody can hear you." how free is that? Either way, it's a side issue. The government isn't involved in this (yet).I get what you're saying, it's just wrong. See, most spam comes from open relays or proxies. People who run those servers are directly contributing to spam. Why should I accept mail from a willing spammer accomplice? It's not THAT hard to lock down open relays. I've even got a box on my network that has to exist that has no anti-relay capabilities (UGH).... So I divert all inbound 25 traffic through a sendmail box first.
If someone isn't willing to do their part to keep email a viable medium for communications, I'm not willing to listen to them. Is it such a hard concept?
As for valid email from proxies/relays: No email should be coming out of a proxy server, open or otherwise. It's a hardware box, no mail queue, designed to cache webpages. Any email coming out of it is spam, period. For relays: While someone may be using the mailserver for legit mail, trust me. Once the spammers find it that box is so slammed with spam it crashes and takes out any real email that would be going through it.
Obviously, they're part of the problem!
If you don't think spam is a problem, you're one of four things:
- Too new to have your email harvested.
- Someone with damm good email filtering.
- An idiot.
- A spammer.
Try carrying out a conversation where the person you are talking to is speaking at 1/5th the volume of the used-car salesman with a megaphone. Freedom of speech also means being able to listen to the person you want to and not have him drowned out.And as problem/solution goes, the thousand odd people I provide email accounts for are quite happy with the improvement of the quality of their service. If you wish to try to tell them how wrong they are, feel free to buy an email list and spam them. They pay me to make sure that your attempts fail.
Yesterday was slow: 66637 connections rejected for being spam. Generally that's about 10-15 emails each (judging from the logs of the ones that did get in) By the same token, there were 15574 emails delivered successfully, quite a few of which were spam that got through the filter.
This means that over 81% of all email traffic going to me was spam. Still not a problem?
--Dan
Perhaps you don't think spam is a problem. You, however, are wrong. When 80% of my incoming mail was spam, I'm spending 5 TIMES what I should be to deliver legitimate email. With that incredible volume, people's filters were failing and their inboxes were full of horsefucking herbal viagra peddlers. (Now with 95% more teen webcams!)
By saying "fuckoff" to spammers, open relays, open proxies and general idiots, my users can actually USE their email, and the mailserver can get the legit email out in a reasonable amount of time.
By the same token, the USPS is doing it's job by not accepting bombs in the mail. Despite "The mail must go through!" motto, some things don't qualify.
--Dan
I suppose I should quit using the open relay/open proxy blacklists as well, since someone might really send email from one of them. Right?
I won't go so far as to require the HELO/EHLO to match the reverse DNS, since there's thousands of legitmate scenarios where this might not be the case. Generally speaking, it's a firewalled mailserver and you're seeing the IP of the firewall. I DO require, however, that the forward lookup of the HELO matches the IP connecting to me.
--Dan
Hell, people who want their ISP to support PPP or IPv4 are just being bitchy. Nobody needs more then IPX over SLIP anyway.
--Dan
Requiring a reverse DNS record isn't forcing you to go out and buy a domain, just to bitch at your ISP to give you a valid reverse DNS. It can be in your domain, or in theirs, it just has to exist.
--Dan
I've found many ISPs are lazy about adding reverse DNS records. I've also had a hell of a time getting them to delegate the zone to my server when they won't handle it themselves. Still, there's lots and lots of spam that's not showing up. And earthlink, AOL, roadrunner and yahoo! have valid reverse DNS records, so I only get the occasional complaint.
--Dan
Sorry, I don't have $2500 a year to throw around just to play with IPv6, and larger companies don't drop $20k on it. Hell, the biggest problem with routing-table inflation is the ass-backwards policies that give everyone 14 micro-allocations rather then one that fits them. I've had to throw 6 routes out into the global tables rather then one convienent one.
"IP Address space not considered property" Well, duh. If it were property you woulnd't have to keep PAYING them over and over.
Yea. You go! Fight the system! W00t!
For those of you with a few extra braincells and less interest in the Black UN Helicoptors and government mind control lasers crowd, you might be interested in noting that paying Rent is exactly the same as paying a mortgage... except someone else is getting the equity. And the tax break.
See, here's how the game works. I, filthy capitalist pig, am part of the scum that has "Old Money". I invest "Old Money" into a dirt-cheap cinderblock POS that I like to call "Arbor Palms, a Beautiful (gated) community." Then, I go find college students and lower-class people and entice them to come in and pay me to live there. The final result is: I turn a profit while at the same time writing off a portion of the loan repayment.
In order to maintain my positive cash flow, I then propagate the myth that low-interest debt like mortgages are Bad and a Tool of The Man on popular webboards. Now all these "smart" people see that "equity" is nothing but imaginary numbers, and spend the equivilant amount of cash on an apartment. Because, apartments become free if you lose your job, right? There's no late-payment penalties or evictions put on your credit report. Not like a house at all!
Hint, folks: Yes, it's expensive to move houses. It's also expensive to move apartments. Security deposits, pet deposits, utility disconnect/hookup plus the cost of moving all your stuff. With a house you do actually come out slightly ahead after a number of years, even AFTER paying comission on selling it.
The folks I bought the house from had two mortgages on it, owned for 13 years, and still exited with enough free cash to put in a pool on their new place. But, that didn't really happen because photon317 says that they lost all that in interest payments. Because, remember, his apartment is free!
dumbass.
I note the article points out "March 26th, and a week or so aftewards" so slashdot's speedy headline service should read "Wow! You just missed..."
Now quit trolling. This is a task I delegate to part time college students, not $100k/year network admins.
As for accessing over the internet, one can only hope they're using standard protocols like SSL to encrypt the data and certs to know you're talking to a bank and not a man-in-the-middle.
--Dan
Perhaps because the NICE level dosn't impact anything but CPU timeshare? So a nice 19 tar -czvf /tmp/totape.tgz /home will still thrash the hell out of your system.
The semantics are fairly trivial: This process is generating a lot of disk cache that's only being hit once, so let's bound how much memory it uses.
The reality is much trickier. It's not an intractable problem, though.
Not too long ago (early 2.4) mke2fs would completely devistate a system when the filesystem/ram ratio was above a certain point. (I'm thinking 8gig FS on a 128 meg box, but it's been a while)
Installs were DOG SLOW due to the massive dirty-writes going on. It's much much better now, so hopefully the 2.5 VM dev cycle takes care of the read-once page problem.
--Dan
Actually, this slashdotter has had to handle WAY too many of these. It's MY opinion that a trivially forgable email is NOT a proper notification as required by the DMCA. Autoreplying requesting documents by certified mail gets rid of most of the bozos, and has the added bonus of costing the bounty hunters another $500 in legal time to prepare the paperwork.
Also entertaining is pointing out the blatent and obvious fallacies in their email, and reminding them that it is an official document prepared under penalty of perjury. I've gotten DMCA notices about usenet postings on other ISPs due to it having an ao.net email address. (Cult of Scientology, generally)
Once you get rid of the bozos by requesting documents, you're left with probable legitimate claims... people with EBooks in their web folders, things like that. At that point we comply with the letter of the law with a chmod 600 and tell the subscriber to deal with it.
It's pragmatic. You protect most of your users from the bozos, and don't take an (expensive) corperate stand one way or the other on real copyright infringement cases.
--Dan
Because you can't add spares. Raid-5 error correction only expands the data to N+1. If you put in extra drives, they are "hot spares", not redundant. Disks are getting pretty cheesy lately (especially for someone "on a budget") and a multi-disk failure isn't unheard of.
"raid 6", whatever that is and whenever it becomes a common standard expands the data to N+X, so you have to have X+1 drive failures before losing data.
Also, raid 15 is a bad idea. Raid 51 has a LOT more redundancy (raid5 made up of individually raid1'd disks.) Your odds of losing the 4 drives needed to take it down are much less then if you use 15.
I, however, beg to differ.
This is two machines sitting side by side on a seperate, completely unloaded switch. Don't just go by the 500ns ping time, you actually have to transfer data. You're talking at LEAST 3ms PER BLOCK... and thats with some insanely optimized code.Now, for video editing 99% of the effort is linear (unless you are horribly fragmented) so you're talking ONE 6ms seek ONCE then thousands upon thousands of linear reads.
Secondly, his "raid array" sucks if the performance is bad. I buy low end LSI Express 500s (Ultra 160 LVD) and they have stellar performance. For doing AV, this is my reccomendation:
Buy a multi-channel Ultra160 or Ultra320 SCSI Raid controller (160s are pretty cheap now that 320s are on the market) Load it up with 5 large drives. Set the stripe size to the maximum. Buy a cheaper IDE RAID and set it in mode 15 (Mirror two RAID5 arrays together, harder to lose data that way.)
Use the SCSI for your working set, and reformat it frequently (or at least delete all files) to defrag. Use RAID0, it's faster. Save your finished projects to the IDE raid, burn to DVD, DLT, whatever.
It will _STILL_ be cheaper then putting 2gig of RAM unto a pile of boxes, AND faster. single-channel ultra-320 can hit you with up to 40 megaBYTES per second, all on a measly 5ms initial seek. (Remember, ALL the drives seek in parallel) Putting drives on the second channel can whollup you with 80MB/second. You're talking around $1500 for the card, of course. But have you priced out a 1U server with 2gig ram lately?
Re-infecting a test box and watching it confirms: It begins sending and when it loses the ability it broadcasts over the LAN, hoping someone will pass it on.
In other news, looks like the last server hitting me has stopped. No traffic since 16:54 EST
One of the servers was under my control: a development box used by a programmer. Apparently he got the previous admin to forward the SQL ports through the firewall. Would explain the 'previous' part.
Ok, I take that back. One of the servers was sending TTL=1 packets, the rest were 128. Firewall still ate the traffic since it was a well-known amplifier echo attack.
Dammed if I know what it was supposed to be doing, but all it did was muck up the local ethernet segments of a few customers who had it. Dropped their port and the world is a ++happyplace.
I'm guessing the "goal" here was to shut down M$ based websites, since generally the DBserver + the webserver(s) would be in the same network segment, or if firewalled, would have a mapped IP on the local segment. Sucks to be them. 5 nameservers most likely went down due to variants of the worm. Not one of the 3 incidents I saw got a single packet out.