I just built a new system with 2 Maxtor D740X diamondmax series drives with quiet drive tech.. (7200RPM, 60GB) Got them hooked up to the promise RAID controller on my motherboard, and they are VERY quiet.. In fact, these 2 drives plus a WD 80GB 7200RPM drive are quieter than the single Quantum 5400RPM drive I had in there before..:)
On a side note.. this system is built with an Antec case with 4 case fans + 2 power supply fans (all 6 of which are thermostatically controlled variable speed), and it's STILL quieter than my old system which just had the 2 power supply fans.
As people were jumping onto that new-fangled internet thing, I'm sure the bandwidth usage did double every 100 days (maybe less).. But that wouldn't be a fixed value, the increase would have slowed over time, as the market became saturated.
Get yourself a Game Doctor MD, and repair the scratched disk instead of replacing it.. This is of course assuming it's not the label side that's scratched.
Yes, but you need to have an existing bug to exploit in order to do that. Read my other post regarding how it could be done very securely.. Still not 100%, but the only way to have a completely secure machine is to unplug it, dig a hole, throw the machine in, cover it in 8 feet of concrete, and set up armed guards around the perimiter..;)
These are simple things to make, that don't require cooking skills, take less than 15 minutes prep time, and are cheap. We're talking about geeks here. While I'm waiting for the casserole to finish I can be busy recompiling sendmail or something.;)
I remember living off of raman, tuna casserole, and spaghetti for about a year when I first got married.. About all we could afford at the time.
Indeed, it's quote simple (yes, I see the sarcasm in your post). The point is that any of those 3 separately are kinda bland. The mixture of them all makes it MUCH better, and so makes for a very easy dinner..:)
A little more difficult than the soup.. but this one is actually my mother's recipe.
1 Box of Kraft Mac 'n Cheese
1 Can Campell's Cream of Mushroom soup
1 can of Starkist Tuna in spring water
1/4 cup butter
1/2 cup milk
Some crushed potato chips (ruffles work best)
Preheat oven to 350.
Boil and drain the noodles (do not rinse). Mix in the cheese powder, milk, butter, tuna, and soup with the noodles, and pour into a casserole dish. Sprinkle a layer of crushed potato chips on top.
Bake uncovered at 350 for 30-45 minutes.
Use more butter if you want it a little sweeter, and more milk if you want it creamier.
I thought about this more during lunch, and it's actually very simple.
Web server is on internet, and has only the system drive (the read-only drive) in it, and has no write access to anything but a log directory and tmp.
All administration of web server is done via the host connected to the "write" arm of the drive.
The web server has NO network services running on it except for the web server which is set up to run the client connections as "nobody" (so even if someone exploits a bug in the server, they don't get root access).
The only way to log into a shell on the web server would be via console or tty.
Have a cron job stop and start apache once an hour if you're really paranoid to keep someone from re-writing the memory (the crontab would of course be on the read-only filesystem).
Yes, bugs could still possibly be exploited (buffer-overflows mostly), but that's just not fixable. Major content would be VERY difficult to replace.
It just shows that I've set your status as "friend" on my end, because I find the posts I've read from you to be insightful and interesting.
If you click that little circle next to people's posts (it'll be grey if there's no relationship) then you can set the status for that user and it'll affect your moderation score modifiers.
I set people who are trolls or idiots to "foe", (they'll see an orange circle next to my posts, showing I find them to be a freak) and those who I find to be consistently interesting, I'll set to friend.
From what I've seen, I thought the 9700 series wasn't going to be available for several months, and that by then or soon after, nvidia should have their next-gen card out (if they can overcome the.13micron fabrication problem).
In any case, saying that ATI blows nVidia's GF4 away with the 9700 series card (when it's not even out yet) is like comparing a Pentium 4 3GHz processor to an AMD Athlon 2200 even though the 3GHz version isn't out yet...
It was a special offer as part of the pre-order promotion. I'm not sure if you can still get it or not, but here are the details. There was a link from nvidia to the pre-order page before they rolled them out.
When a new card comes out, check nvidia's website and see if they have a link to it if it's another pre-order type of thing...
I bought the GF4 Ti4600 from evga.com during the pre-order phase (and am very happy with it). The cool thing is evga's upgrade program.. Within 2 years I can trade it in for the latest/greatest card, and have the full amount I bought it for applied to the new card.:)
As I said previously, this is just another layer of complexity. A system can and should be locked down further of course.
Running arbitrary binary code is not as easy as simply reconfiguring a web server. It's a simple matter to remove/usr/sbin/umount (depending on the OS), since the machine does not need to cleanly unmount any filesystems.. You can also remove other binaries (such as format, telnet, ftp, kermit...), in effect disabling them (of course this is OS dependent, since some programs are merely links to the same binary, but check argv[0]). That makes it that much harder for the hacker to get files onto the system. Buffer overflows require an existing bug in a program if you don't have the ability to compile a program locally. Once again though, I'm NOT saying this is an ultimate solution. But I think it has a place.
FWIW, I've always argued with people who use firewalls and rely on them to secure their networks, as they give a false sense of security. I similarly think firewalls have their place, but I feel it's better to harden the individual hosts using TCP wrappers, encryption and authentication (such as with ssh or kerberos), shutting off unnecessary services, using non-privileged users for daemons where possible, using good logging and actually looking at the logs, and on and on...
There is always going to be the arms race between hackers and administrators. This is just one more weapon that can be used by the admins to make it harder on the hackers. And of course as several people have mentioned, it's a lot faster easier to simply reboot than to recover from a backup.
to get more data off quickly, spin faster the cdrom
Hey! Yoda is posting anonymously!!
Actually though, you could get a faster throughput as well if you read different parts of the data with the different heads. So while one head is busy reading the first half of a file, the second head reads the second half simultaneously. Thus, double (minus overhead) the transfer rate.
Access time may actually be faster or slower depending on how much overhead is involved and whether the drive actually tries to choose the closest head to the requested track.
I once ruined a craftsman rotary tool this way.. I stuck the CD on the spindle, spun it up to about 20K RPM, and and used a bit to take off the reflective backing. Ended up with so much conductive dust that it fried the motor of the tool.
Luckily sears took it back and replaced it for me (I didn't tell them what I'd done.. so don't rat me out!)
And no scripting languages? Even then, the hacker can just pre-compile a binary.
*sigh* Not if you disable the ability for the hacker to put files on the server in the first place.
With root, any access restrictions on the machine itself can easily be defeated. If the access restrictions are outside of the machine (e.g. firewall), an HTTP POST request is a completely legitimate request that can be used to upload files.
You'd have to have the ability to change the web servers config and/or content in order for it to be able to write a file during upload... The web server should run as a non-privileged user.
If you have root, you can unmount the partition that stores the config files and create a RAM disk with the same path but different
Not if you disable the umount command..;)
Seems like an expensive gimick to me. Besides, most security problems are caused by lazy/incompetent administrations -- if you have the time and knowledge to invest in stuff like this, you're unlikely to be successfuly hacked anyway.
Don't know what the cost of it is.. but if it makes it to the mainstream it shouldn't be much more than 2 regular scsi drives. However I'd agree with you that if you know what you're doing this is not likely necessary. But I can see a use for it in a site that is high-profile because if a bug is found in the web server, then someone may exploit it before you can fix it. It's just one more line of defense.
Real simple.. You don't have a compiler on the target machine and allow no file transfer services for incoming files. Your web server can easily be compiled with a hard-coded config file, and disallow the command-line switch.
Network partitions (nfs) can be given limited access. ie, they can be set up to allow writing only to files that are owned by a given user (so root cannot write to the base partition).
No, it's not the end-all-be-all solution, but it is a neat idea, and would add another layer of complexity that most script-kiddies would not easily get around.
Spam is a shotgun method of advertising.. You shoot 10 million copies of a message and hope that at least 100,000 people actuall visit the site in question, and if 10,000 actually buy something, the spam was a big success.
So, use a real 10-guage shotgun on the spammer, fire it 20 times, and hope that at least 0.1% of the buckshot hits their vital organs for it to be a success??
I actually installed spamassassin last week and it's caught over 200 messages in the past 4 days. Very effective!
Slashdot Mirror
So unappreciated...
On a side note.. this system is built with an Antec case with 4 case fans + 2 power supply fans (all 6 of which are thermostatically controlled variable speed), and it's STILL quieter than my old system which just had the 2 power supply fans.
As people were jumping onto that new-fangled internet thing, I'm sure the bandwidth usage did double every 100 days (maybe less).. But that wouldn't be a fixed value, the increase would have slowed over time, as the market became saturated.
Get yourself a Game Doctor MD, and repair the scratched disk instead of replacing it.. This is of course assuming it's not the label side that's scratched.
For the non-sysadmins out there:
Yes, but you need to have an existing bug to exploit in order to do that. Read my other post regarding how it could be done very securely.. Still not 100%, but the only way to have a completely secure machine is to unplug it, dig a hole, throw the machine in, cover it in 8 feet of concrete, and set up armed guards around the perimiter.. ;)
These are simple things to make, that don't require cooking skills, take less than 15 minutes prep time, and are cheap. We're talking about geeks here. While I'm waiting for the casserole to finish I can be busy recompiling sendmail or something. ;)
I remember living off of raman, tuna casserole, and spaghetti for about a year when I first got married.. About all we could afford at the time.
Indeed, it's quote simple (yes, I see the sarcasm in your post). The point is that any of those 3 separately are kinda bland. The mixture of them all makes it MUCH better, and so makes for a very easy dinner.. :)
1 Box of Kraft Mac 'n Cheese
1 Can Campell's Cream of Mushroom soup
1 can of Starkist Tuna in spring water
1/4 cup butter
1/2 cup milk
Some crushed potato chips (ruffles work best)
Preheat oven to 350. Boil and drain the noodles (do not rinse).
Mix in the cheese powder, milk, butter, tuna, and soup with the noodles, and pour into a casserole dish.
Sprinkle a layer of crushed potato chips on top. Bake uncovered at 350 for 30-45 minutes.
Use more butter if you want it a little sweeter, and more milk if you want it creamier.
Good job, sleep well. Most likely kill you in the morning...
1 Can of campell's Cream of Potato soup (with 1 can of milk)
1 Can Chunky Baked Potato w/bacon & chives
1 Can Baxter's Potato and Leek soup
Mix it all together, and slow-cook it for about 20 minutes (boil it for at least 5), add salt/pepper to taste!
Web server is on internet, and has only the system drive (the read-only drive) in it, and has no write access to anything but a log directory and tmp.
All administration of web server is done via the host connected to the "write" arm of the drive.
The web server has NO network services running on it except for the web server which is set up to run the client connections as "nobody" (so even if someone exploits a bug in the server, they don't get root access).
The only way to log into a shell on the web server would be via console or tty.
Have a cron job stop and start apache once an hour if you're really paranoid to keep someone from re-writing the memory (the crontab would of course be on the read-only filesystem).
Yes, bugs could still possibly be exploited (buffer-overflows mostly), but that's just not fixable. Major content would be VERY difficult to replace.
If you click that little circle next to people's posts (it'll be grey if there's no relationship) then you can set the status for that user and it'll affect your moderation score modifiers.
I set people who are trolls or idiots to "foe", (they'll see an orange circle next to my posts, showing I find them to be a freak) and those who I find to be consistently interesting, I'll set to friend.
In any case, saying that ATI blows nVidia's GF4 away with the 9700 series card (when it's not even out yet) is like comparing a Pentium 4 3GHz processor to an AMD Athlon 2200 even though the 3GHz version isn't out yet...
When a new card comes out, check nvidia's website and see if they have a link to it if it's another pre-order type of thing...
I bought the GF4 Ti4600 from evga.com during the pre-order phase (and am very happy with it). The cool thing is evga's upgrade program.. Within 2 years I can trade it in for the latest/greatest card, and have the full amount I bought it for applied to the new card. :)
That address is already in so many spam lists that it's not funny.. I don't hide my address from people, because eventually it gets out anyway.
Running arbitrary binary code is not as easy as simply reconfiguring a web server. It's a simple matter to remove /usr/sbin/umount (depending on the OS), since the machine does not need to cleanly unmount any filesystems.. You can also remove other binaries (such as format, telnet, ftp, kermit...), in effect disabling them (of course this is OS dependent, since some programs are merely links to the same binary, but check argv[0]). That makes it that much harder for the hacker to get files onto the system. Buffer overflows require an existing bug in a program if you don't have the ability to compile a program locally. Once again though, I'm NOT saying this is an ultimate solution. But I think it has a place.
FWIW, I've always argued with people who use firewalls and rely on them to secure their networks, as they give a false sense of security. I similarly think firewalls have their place, but I feel it's better to harden the individual hosts using TCP wrappers, encryption and authentication (such as with ssh or kerberos), shutting off unnecessary services, using non-privileged users for daemons where possible, using good logging and actually looking at the logs, and on and on...
There is always going to be the arms race between hackers and administrators. This is just one more weapon that can be used by the admins to make it harder on the hackers. And of course as several people have mentioned, it's a lot faster easier to simply reboot than to recover from a backup.
Actually though, you could get a faster throughput as well if you read different parts of the data with the different heads. So while one head is busy reading the first half of a file, the second head reads the second half simultaneously. Thus, double (minus overhead) the transfer rate.
Access time may actually be faster or slower depending on how much overhead is involved and whether the drive actually tries to choose the closest head to the requested track.
Luckily sears took it back and replaced it for me (I didn't tell them what I'd done.. so don't rat me out!)
Network partitions (nfs) can be given limited access. ie, they can be set up to allow writing only to files that are owned by a given user (so root cannot write to the base partition).
No, it's not the end-all-be-all solution, but it is a neat idea, and would add another layer of complexity that most script-kiddies would not easily get around.
So, use a real 10-guage shotgun on the spammer, fire it 20 times, and hope that at least 0.1% of the buckshot hits their vital organs for it to be a success??
I actually installed spamassassin last week and it's caught over 200 messages in the past 4 days. Very effective!