COPY is great. At my company, we're building key parts of our system based on COPY. However, COPY isn't flexible enough for doing much beyond imports into a single table. Ie, if your source data is imported across a number of tables, then using COPY becomes a horrific pain because you have to manually handle things like sequences, foreign keys and join tables in data structures in code rather then letting the DB do it for you. It's great when you can use pg_dump or custom code to create your COPY data based on an existing DB, but it's a very different thing processing flat files and having to create COPY statements across 5-10 tables.
Using PREPARE/EXECUTE does help, but in my testing, I've found that updating indexes and checking FK's is more expensive then the INSERT itself. PG in my environment seems to be noticably slower updating indexes/checking FK's then MySQL as the number of records in the table increases. Again, you should always drop the indexes/FK's that you can when importing data (as long as it doesn't effect the relational integrity of the inserts), but you can't always drop all of them.
Like I said earlier, I've done some "interesting" things to get good performance out of PG (de-duping 8M+ records using in-memory data structures in code being one of them), but it's a lot more work (not to mention memory intensive) and frankly a PITA. 8 hours may seem like a long time, but for my needs it was acceptable. 28 hours wasn't, and so I had to spend time on optimizing things when I would of rather been working on other things.
The addition of the write-ahead log was a key factor in making PG consistently faster than MySQL.
Well then, it's not working very well for me now is it? I'm not saying that PG is always slower or faster then MySQL (PG is sure a lot faster rolling back a large failed transaction thanks to the WAL), but realize that there are times when MySQL is faster.
It's true that I don't know anything about your requirements, datasets, or schemas, but I do know the difference between good and bad engineering.
I suggest you go back to Engineering 101 where they teach you to first figure out the requirements before you start trying to engineer a solution... you'll find it works a lot better that way.
As soon as you can tell me how to configure MySQL/InnoDB to use a WAL or PostgreSQL 8 to not use one I'll be happy to do an "apples-to-apples" comparision. But we both know that neither is possible, so rather then telling me/the other poster we're doing things wrong, why not just admit that you don't know enough about our requirements, datasets or schemas to have formed an opinion based on fact?
He did it wrong? How would you know? You have zero information. We all should know by now that performance testing, especially when it comes to databases is very dependant on data, queries, hardware and various other variables which make generic tests (like TPC or any other published benchmark) pretty much worthless for understanding how a particular database will perform for anything but that specifc configuration.
I personally don't doubt that ShatteredDreams' found MySQL/InnoDB faster then PostgreSQL. I compared MySQL 4.1.12 vs PG 8.0.3 on the exact same hardware using the same data and scripts (basically switched out DBD::mysql for DBD::pg) and found MySQL was over 3x faster for inserts (8 hours vs 28 hours). Why? Because PG is more concerned with data integerity then performance compared to MySQL. I went onto #postgresql and asked about tuning for my environment/dataset and got a lot of help, but wasn't ever able to get any noticible improvement to PG's insert speed without resorting to dropping FK's and indexes or using the COPY command (which makes the whole thing pretty much pointless now doesn't it?).
As it turned out, with a LOT of creative thinking I was able to get the performance to something I could live with (frankly, it's really ugly, but it works and is very specific to our application so it prolly wouldn't be useful for 99.9% of the people out there) so we ended up going with PostgreSQL since it is more robust and has a better feature set (honestly I didn't expect to use triggers or stored proceedures, but they've come in handy a couple of times, especially since we have both Perl and Java code talking to the DB and we only have to impliment certain bits of logic only once).
Honestly, it would be really nice if the PG folks would allow DBA's to be able to do things like turn off WAL for those times when raw speed is more important that data integrity, but that doesn't seem to be a priority.
Hate replying to myself, but on my way into work this morning while listening to NPR radio, the number of previous SCOTUS judges with no prior judge experiance is 35. So this is hardly unheard of.
Of course, as some of you have pointed out, for a lawyer, what matters not are these cases where the laywer is paid for their work. Everyone (even rich companies) have the right to a solid defense. And in this case I actually agree with the decision- M$ should only be liable for data corruption that actually occured, not which might someday occur.
What does matter is what pro bono work she's done. This is where you find out what issues are important to her and gives better insight on how she would rule and write her opinions. Apparently she has been actively involved with trying to get other laywers to do pro bono work, so either she has a stack load of cases we can examine or she's a hypocrite.
Ok, first, let me say I don't have a vested interest either way... most days to work I "drive" a Ducati 748 which gets 40+mpg when I'm taking it easy and 30+ even when ridden hard on sport rides, has *amazing* accelleration and top speed (60mph in 1st, 90mph in 2nd, 120mph in 3rd and I've got 3 more gears so you do the math), and gets to take advantage of HOV lanes in CA (not to mention lane splitting when traffic is really bad). Admittially, isn't the most practical vehicle (only can carry two people or one person and a backpack worth of stuff), but as a commute vehicle is great, more fun then anything on four wheels and not to mention it's an Italian motorcyle and sexy as hell.
That said... 350ft/lbs of torque for the Prius? Are you smoking crack? Having driven a Prius (my boss has one) let me tell you that no way in hell does it have anything close to 100ft-lbs let alone 350ft-lbs of usable torque. Honestly, I've never seen the powercurve of a Prius (Toyota apparently doesn't think people who buy hybrids care too much about performance), but I can tell you it's got nothing on a BMW 330 (my other vehicle) let alone a Porsche. According to Edmunds.com, max torque is actually 82 ft-lbs @ 4200rpm and 0-60 times are 10+ seconds... nothing to write home about for a vehicle weighing nearly 3000lbs.
Frankly, I find it really amusing watching people argue over performance numbers for vehicles designed for efficiency rather then performance. If you want a sports car, then get a sports car. If you want to help the environment, then by all means get whatever floats your boat (bio-disel, CNC, solar, electric, hybrid, whatever). But don't delude yourself into thinking that your econobox is some kind of performance monster that has specs or the performance of a Porsche.
Based on the topic, this is probably as good as any to ask:
Does anyone know of an conduit and Palm app which will sync the OS X keychain to the Palm and allow me to view/edit/create keychain entries on my Palm?
Since Tiger supports syncing of the keychain over iSync to your.Mac account, the syncing is obviously possible... just not sure how open the Keychain database is.
And yes, I know about all the OS X/Palm apps which allow you to store passwords and view/edit them on the Mac/Palm, but I don't want TWO password databases. OS X Keychain already does everything I need and it's well supported in many OS X applications. No need to reinvent the wheel.
Because I don't use outlook. Getting Exchange to play nicely with fetchmail/mutt is a PITA. I've never been in an exchange environment where the admin ever was able to turn on SSL for IMAP (something like having to reinstall IIS and Exchange from scratch???). Not to mention, non-standards based calendaring.
The webUI is broken in Safari/Firefox.
Basically, you're a 2nd class citizen if your company uses Exchange and your not using Outlook/Windows.
It's a standards based (LDAP) mail/groupware app which supports standard SMTP/IMAP clients as well as Outlook/Palm clients (for an additional fee).
Seems competitively priced to Exchange and there's also a free pure OSS version available (although if you want offical support and a nice installer, you need to pay for it).
I haven't personally used it, but I've been looking at it as an Exchange alternative (I really really hate exchange) for the small company where I work.
1) Yes, I meant 'vacuum analyze'. Yeah, i've heard about something that does this for me, but gezus, I shouldn't have to worry about installing/configuring something else to get something as basic as this to happen automatically. Not to mention, I don't want this scheduled at certain times of the day, it should just "happen" as changes to the DB happen. Ie. it shouldn't be a batch job operation.
2) Yeah, I'm familar with phppgadmin. It sucks. It's ugly as sin and doesn't allow me to do ER diagrams like phpmyadmin does (which honestly isn't the easiest thing in the world, but hey it works). The interface isn't nearly as intutive as phpmyadmin and it seems like everything takes 3x as many clicks. For now, using vim is actually easier for my 40+ table DB.:(
3) Mostly, I find the docs on mysql.com better organized and easier to find what I'm looking for. Honestly, Pg is very well documented IMHO for being such a large application (OSS or otherwise). The one thing that could be improved IMHO was performance tuning which is well documented, but is still seems very much like voodoo.
4) I've optimized the hell out of the INSERT's under Pg. Tuning postgresql.conf, doing transactions, etc. After talking to the guru's on #postgresql, the best I could get my batch job to run was 28hours (yes I said *hours*). MySQL does it in 8 (still too long, but I could live with it for a while). Dropping my FK's and indexes and doing some really creative coding by loading large (1GB+) portions of my dataset into RAM I've got it down to about 2hours (of course, I can't run any queries during those 2 hours since there aren't any indexes).
Don't get me wrong, I like Pg. It's definately a lot more powerful then MySQL/InnoDB, I just wish it was easier to use and allowed DBA's to make decisions to be able to trade off performance for reliability (turning off WAL for example, being able to disable FK checks without having to drop/create them, etc).
Short story, mysql.com's interpretation of the GPL is frankly a lot more strict then mine or my reading of the FSF's FAQ on the GPL. If it wasn't for that, I'd still be using MySQL for my company's application since I'm more familar with it.
Anyways, PostgreSQL IMHO has some things going for it: - More features like triggers, stored procs, schemas, subselects, etc then the current stable version of MySQL supports. About the only thing I find myself using are subselects which are just a nice to have. - Attempts to be "safer" with your data via WAL, etc. Good for unreliable environments. - Tends to follow the SQL standards closer then MySQL - Is BSD licenced so you don't have to worry about licensing issues. - #postgresql on freenode is great. The people there are intelligent, knowledgeable and friendly if you're not an *sshole. They've helped me a lot.
The problems I have with PostgreSQL is that: - INSERT is very slow (about 3x slower compared to MySQL/InnoDB) for my dataset. The "answer" is to use the COPY command or disable your indexes/FK's which is f*cking lame since you loose all your relational integrity. I was willing to trade off performance for disaster prevention (system crash, power failure, etc) by disabling WAL, but you can't actually do that. - The OSS tools available aren't as good for postgres as they are for MySQL. I've yet to find anything as nice or complete as phpmyadmin for Pg or something that supports schema's for ER Diagrams. Frankly, I'm sick and tired of designing my DB in vim. - Having to run vacuum all the time to help the query optimizer figure things out. Why this doesn't happen automagically in the background without me having to worry about it is beyond me. - In general, I find the documentation on mysql.com superior to on postgresql.org, but #postgresql more then makes up for it.
Frankly, all the technical "problems" in MySQL or Pg can be worked around if you're willing to think out side of the box.
Background: I used to be a member of the product security response team for a large networking vendor. Among other things, I used to talk directly with security researchers who'd find vulnerabilities in our products as well as work directly with our developers to get them fixed. Hence, I have a pretty good idea of what really goes on.
Mary Ann makes some good points. Some (very few in my experiance) security researchers do make threats and unrealistic demands on vendors. Releasing a patch in our case often ment touching over 20 branches of code for various hardware platforms and customer special builds. Obviously, we not only have to research the issue, determine a fix which wouldn't cause other problems, apply the patch, but then QA them including appropriate regression tests.
All this takes months and may cause us to slip schedules (which may negatively impact revenue, but we do it anyways, because it's the right thing to do). Most people when I explained this too understood and as long as I kept them updated (every couple of weeks or so) were more then happy to wait- as long as I could report progress or showed how we were going to work around a problem.
But, Mary Ann is also failing to take responsibility for the failure of many vendors (including Oracle IMHO) to take security problems seriously. Some vendors take years to fix problems (Oracle recently took 700+ days to fix a single vulnerability that an outsider found and was nice enough to keep quiet about, David Lichfield last year canceled his Blackhat talk b/c Oracle didn't fix the problem in time). Obviously, there are those who are willing to bend over backwards to help out Oracle and other vendors, but it's a two way street. Vendors who get a bad reputation in the security community about not working with security researchers are then treated worse by the community.
Most of the security researchers who contact the vendor really try hard to do the right thing and are willing to bend over backwards to help out. Contrary to what Davidson says, it was my policy to ALWAYS give credit to the researcher if they found the issue before we had made a patch available, even if we had found it first. If the person was willing to give us a mailing address, also would also send them a small gift as a thank you for notifying us first rather then going straight to iDefense or full-disclosure. A little common sense and treating others as you would like to be treated goes a long way.
Of course there are those who do try to blackmail vendors. I had one guy in France demand we fly to Paris (from California) on under a week notice, wear certain clothes so he could spot us on a certain street corner with a written job offer for the world's lamest "vulnerability" or he'd go public. Obviously he had watched too many James Bond movies and we told him to fuck off. He ended up going public and we had to deal with it.
Personally, I think Mary Ann Davidsion just made her life more difficult. By painting such a negative picture of the security community she has only perpetuated the image that Oracle doesn't want to work with security researchers and that they're better off selling their bug to iDefense or 3Com. At least then they're guaranteed to get credit for their work.
I think it's far less of an issue of exposing "private" info about Eric Schmidt and much more of Google not like being painted in a bad light and teaching C|Net a lesson about "saying we may become evil".
Basically C|net said he's rich, married, lives with rich people, goes to rich people parties, is probably a Democrat and flys a plane! Who woulda thunk it? I would of guessed that the CEO of Google who's stock is currently only $295.731/share would of been some poor slob living in a halfway house and dreaming of one day of buying a Radio Flyer.
Schmidt has been in the public life for many many years now, and almost all of the info published was PUBLIC RECORD. Publicly available SEC documents would show how much money he made selling google stock and his salary, and it's trivial to find out not only where someone lives but how much they paid for their home since it's public record. Marriage certificates are also often a matter public record. Fly a plane? Your pilot license probably is public record too (like your driver license) which again would have your home address.
So basically the only thing that might be hard for the average joe to figure out was that he went to a $10,000/plate dinner for a presidential candiate who lost. Of course, there were probably 50 reporters covering that public event and reporting on it, and that's where google get's useful.
Very childish on Google's part. It's something I'd more expect from the Bush administration.
Yes, perforce is good (very good actually), but it's licenced per seat and while not as complicated as ClearCase isn't the easiest thing in the world to admin.
If you can setup Apache, I would strongly recommend looking at Subversion instead. Very easy to setup and maintain and has most of features of Perforce as well as a few that Perforce doesn't (like true rename/move support).
If you have the IRT, then place the jacketed wires between the dual cutter so that the end goes a little PAST the little stop. Squeeze down until you hear the first click, and spin the IRT around once or so. Pull. It won't be a super clean cut, but it will do just fine.
Now split the wires and order them (I always do T568A standards since that's what I was originally taught 10+ years ago when I was a desktop support monkey, but T568B is fine too.) Just don't be stupid and order the wires straight since you'll screw up the whole point of an UTP cable.
Anyways, once you have things ordered, clip off the ends of the wires so that everything is nice and even (which is why you strip off more then you're supposed to in the first step).
Put the RJ45 end on and crimp.
Anyways, YMMV... my.02.
-Aaron
P.S. I forgot to say how much I *hate* making cables. I'd rather be poked with a stick.
I'm employee #3 at a small startup. Since I'm the only one with an IT background (Unix, networking and security) I get to do all the IT work + the other work.... Lucky me. Here's what I did:
Our server is a Supermicro dual Xeon box w/ Adaptec SATA hardware raid controller doing RAID10 (4x250G drives) with a Quantum VS160 DLT drive for backups. Works great and was cheaper then Dell. Linux support is great as I'm sure Windows is if you want to go that route. If you go Linux, you should only consider XFS or ext3 since those are the only journaled, relatively stable FS with a version of dump. You'll need dump (or xfs_dump) to do incremental backups once your data is larger then a single tape and tar/star won't do anymore. (Note, XFS may be unstable under LVM2... before picking it, you should do some research, but ext3 seems rock solid so far.)
OS is CentOS 4.1. Has been very stable except for doing LVM2 snapshots.:( Apparently 2.6.x still hasn't worked out the bugs for LVM2 snapshots and you can get a hung kernel. LVM2 is still worth it since it allows you to resize partitions. Just don't put your root partition on it.
I've standardized on putting user accounts in OpenLDAP. Was somewhat a pain in the ass to setup, but now that it's working it's really worth it. Currently we have authenticating off of LDAP: - Unix accounts - SAMBA - Jabber - Bugzilla - Snipsnap (wiki) - Subversion (source control) - Apache (HTTP Authentication) - WebCal (calendaring)
Currently we outsource email, but once we bring that in, we'll do that too. Everyone loves having only ONE password which is ALWAYS in sync. Makes creating new user accounts a breeze too since there's only one database to manage.
Of course there's all the other tools like CruiseControl, Doxygen and ViewCVS which make the developers life easier. YMMV depending on your needs.
Run DHCP and DNS (I use ISC's dhcpd and bind9) and turn on dynamic updates of DNS via DHCP so you don't get in the trap of using/etc/hosts files. hosts files work fine when you're small, but don't scale at all and getting bind/dhcpd working is easy enough where you might as well do it from the start.
As for network wiring, get yourself a spool of Cat5e, some RJ45 connectors (make sure they're for solid cable, not stranded), a tester and an Ideal Rachet Telemaster. Yes you can get cheaper crimpers, but they suck and you'll hate yourself for trying to save $15.
I've standardized on Dlink DES-1026G switches. They're 24 port 10/100 with 2 Gig ports for your servers or stacking. Cost is under $200 if you look on Froogle. According to the specs, they're "real" switches with a decent backplane. I personally prefer managed swithes with VLAN's, but when you're a startup, $$$ matters.
For small companies, VoIP seems to be the way to go, but once you're around 50 people, going with a real PBX seems to be the cheaper option. Either way, expect relatively high startup costs associated with getting the related phones/etc installed and configured.
As for firewalls, well run what you know. Most firewall insecurity comes from miss-configurations, not flaws in the firewall itself. If you know how to harden a box and run iptables, I still wouldn't use that since there is a lot of effort involved. Just find some packaged firewall (OSS or COTS) which meets your needs.
Just remember to do things right the first time. It's better to put in some long hours initially to get things running well then fighting fires each week when problems start happening as you grow.
Very insightful and as a long time tivo user exactly how i feel. I just haven't pulled the trigger yet on dumping my tivo, but I keep thinking about it.
Well all I can say is that obviously some people must have some incentive to run an exit node, otherwise there would be no exit nodes (which is provably not the case).
Note: I run an exit node. Why? b/c:
1) I can 2) I like getting port scanned by IRC servers looking for open proxies when people exit and connect to IRC servers 3) It scratches an itch
Perhaps you should read "Should I run a client or a server?", which explains the benefits for running a server.
http://tor.freehaven.net/cvs/tor/doc/tor-doc.htm l
But basically, even just running a client is good since the more clients using tor (up to the capacity of the network) increases the anonymity of all users. Only time will tell if enough volunteers will run servers to keep up with demand.
Exit routers, which connect to other services (web, irc, etc) and middlemen routers which only pass encrypted packets.
Middlemen routers have no idea what the content of the data is since it's encrypted, hence it would be impossible to enforce that there. Exit routers can limit which IP/ports to allow connections to, but there's no application level intelligence to restrict based on mime-types or anything else like that.
Huh? The whole point behind tor is that you can't back-track a connection from an exit-node back to the originating host. All traffic between tor routers is encrypted and middle nodes can't see the actual clear text. That means:
Client --> A --> B --> C --> Server
Where A, B & C are tor routers, only C can see the clear text. Of course, if you're using SSL or SSH, then even C can't see the clear text.
Tor already provides the means for people to run a tor node as only a router (add the line: reject *:* in your torrc), not an exit node. Hence, your IP will never download kiddie porn or anything like that.
One interesting thing that tor provides for "hidden services" so you can publish/host content, but without giving up your location. The nice thing about this is that you can run any tcp service such as a web or irc server, not just static content.
Slashdot Mirror
COPY is great. At my company, we're building key parts of our system based on COPY. However, COPY isn't flexible enough for doing much beyond imports into a single table. Ie, if your source data is imported across a number of tables, then using COPY becomes a horrific pain because you have to manually handle things like sequences, foreign keys and join tables in data structures in code rather then letting the DB do it for you. It's great when you can use pg_dump or custom code to create your COPY data based on an existing DB, but it's a very different thing processing flat files and having to create COPY statements across 5-10 tables.
Using PREPARE/EXECUTE does help, but in my testing, I've found that updating indexes and checking FK's is more expensive then the INSERT itself. PG in my environment seems to be noticably slower updating indexes/checking FK's then MySQL as the number of records in the table increases. Again, you should always drop the indexes/FK's that you can when importing data (as long as it doesn't effect the relational integrity of the inserts), but you can't always drop all of them.
Like I said earlier, I've done some "interesting" things to get good performance out of PG (de-duping 8M+ records using in-memory data structures in code being one of them), but it's a lot more work (not to mention memory intensive) and frankly a PITA. 8 hours may seem like a long time, but for my needs it was acceptable. 28 hours wasn't, and so I had to spend time on optimizing things when I would of rather been working on other things.
YMMV.
The addition of the write-ahead log was a key factor in making PG consistently faster than MySQL.
Well then, it's not working very well for me now is it? I'm not saying that PG is always slower or faster then MySQL (PG is sure a lot faster rolling back a large failed transaction thanks to the WAL), but realize that there are times when MySQL is faster.
It's true that I don't know anything about your requirements, datasets, or schemas, but I do know the difference between good and bad engineering.
I suggest you go back to Engineering 101 where they teach you to first figure out the requirements before you start trying to engineer a solution... you'll find it works a lot better that way.
As soon as you can tell me how to configure MySQL/InnoDB to use a WAL or PostgreSQL 8 to not use one I'll be happy to do an "apples-to-apples" comparision. But we both know that neither is possible, so rather then telling me/the other poster we're doing things wrong, why not just admit that you don't know enough about our requirements, datasets or schemas to have formed an opinion based on fact?
He did it wrong? How would you know? You have zero information. We all should know by now that performance testing, especially when it comes to databases is very dependant on data, queries, hardware and various other variables which make generic tests (like TPC or any other published benchmark) pretty much worthless for understanding how a particular database will perform for anything but that specifc configuration.
I personally don't doubt that ShatteredDreams' found MySQL/InnoDB faster then PostgreSQL. I compared MySQL 4.1.12 vs PG 8.0.3 on the exact same hardware using the same data and scripts (basically switched out DBD::mysql for DBD::pg) and found MySQL was over 3x faster for inserts (8 hours vs 28 hours). Why? Because PG is more concerned with data integerity then performance compared to MySQL. I went onto #postgresql and asked about tuning for my environment/dataset and got a lot of help, but wasn't ever able to get any noticible improvement to PG's insert speed without resorting to dropping FK's and indexes or using the COPY command (which makes the whole thing pretty much pointless now doesn't it?).
As it turned out, with a LOT of creative thinking I was able to get the performance to something I could live with (frankly, it's really ugly, but it works and is very specific to our application so it prolly wouldn't be useful for 99.9% of the people out there) so we ended up going with PostgreSQL since it is more robust and has a better feature set (honestly I didn't expect to use triggers or stored proceedures, but they've come in handy a couple of times, especially since we have both Perl and Java code talking to the DB and we only have to impliment certain bits of logic only once).
Honestly, it would be really nice if the PG folks would allow DBA's to be able to do things like turn off WAL for those times when raw speed is more important that data integrity, but that doesn't seem to be a priority.
Hate replying to myself, but on my way into work this morning while listening to NPR radio, the number of previous SCOTUS judges with no prior judge experiance is 35. So this is hardly unheard of.
I'm amazed at the ignorance on slashdot. I've lost count of how many people have said, "How can she qualified for SOCTUS if she's never been a judge?"
The simple fact is that she would not be the first justice to never have sit on the bench before. Most recently Chief Justice Rehnquist was never a judge before he served http://en.wikipedia.org/wiki/William_Rehnquist. (Contrary to another poster, http://chnm.gmu.edu/courses/122/hill/marshall.htm Thurgood Marshall was a judge before he served.)
Of course, as some of you have pointed out, for a lawyer, what matters not are these cases where the laywer is paid for their work. Everyone (even rich companies) have the right to a solid defense. And in this case I actually agree with the decision- M$ should only be liable for data corruption that actually occured, not which might someday occur.
What does matter is what pro bono work she's done. This is where you find out what issues are important to her and gives better insight on how she would rule and write her opinions. Apparently she has been actively involved with trying to get other laywers to do pro bono work, so either she has a stack load of cases we can examine or she's a hypocrite.
Ok, first, let me say I don't have a vested interest either way... most days to work I "drive" a Ducati 748 which gets 40+mpg when I'm taking it easy and 30+ even when ridden hard on sport rides, has *amazing* accelleration and top speed (60mph in 1st, 90mph in 2nd, 120mph in 3rd and I've got 3 more gears so you do the math), and gets to take advantage of HOV lanes in CA (not to mention lane splitting when traffic is really bad). Admittially, isn't the most practical vehicle (only can carry two people or one person and a backpack worth of stuff), but as a commute vehicle is great, more fun then anything on four wheels and not to mention it's an Italian motorcyle and sexy as hell.
That said... 350ft/lbs of torque for the Prius? Are you smoking crack? Having driven a Prius (my boss has one) let me tell you that no way in hell does it have anything close to 100ft-lbs let alone 350ft-lbs of usable torque. Honestly, I've never seen the powercurve of a Prius (Toyota apparently doesn't think people who buy hybrids care too much about performance), but I can tell you it's got nothing on a BMW 330 (my other vehicle) let alone a Porsche. According to Edmunds.com, max torque is actually 82 ft-lbs @ 4200rpm and 0-60 times are 10+ seconds... nothing to write home about for a vehicle weighing nearly 3000lbs.
Frankly, I find it really amusing watching people argue over performance numbers for vehicles designed for efficiency rather then performance. If you want a sports car, then get a sports car. If you want to help the environment, then by all means get whatever floats your boat (bio-disel, CNC, solar, electric, hybrid, whatever). But don't delude yourself into thinking that your econobox is some kind of performance monster that has specs or the performance of a Porsche.
Based on the topic, this is probably as good as any to ask:
.Mac account, the syncing is obviously possible... just not sure how open the Keychain database is.
Does anyone know of an conduit and Palm app which will sync the OS X keychain to the Palm and allow me to view/edit/create keychain entries on my Palm?
Since Tiger supports syncing of the keychain over iSync to your
And yes, I know about all the OS X/Palm apps which allow you to store passwords and view/edit them on the Mac/Palm, but I don't want TWO password databases. OS X Keychain already does everything I need and it's well supported in many OS X applications. No need to reinvent the wheel.
-Aaron
Because I don't use outlook. Getting Exchange to play nicely with fetchmail/mutt is a PITA. I've never been in an exchange environment where the admin ever was able to turn on SSL for IMAP (something like having to reinstall IIS and Exchange from scratch???). Not to mention, non-standards based calendaring.
The webUI is broken in Safari/Firefox.
Basically, you're a 2nd class citizen if your company uses Exchange and your not using Outlook/Windows.
It's a standards based (LDAP) mail/groupware app which supports standard SMTP/IMAP clients as well as Outlook/Palm clients (for an additional fee).
Seems competitively priced to Exchange and there's also a free pure OSS version available (although if you want offical support and a nice installer, you need to pay for it).
http://www.openexchange.com/
I haven't personally used it, but I've been looking at it as an Exchange alternative (I really really hate exchange) for the small company where I work.
1) Yes, I meant 'vacuum analyze'. Yeah, i've heard about something that does this for me, but gezus, I shouldn't have to worry about installing/configuring something else to get something as basic as this to happen automatically. Not to mention, I don't want this scheduled at certain times of the day, it should just "happen" as changes to the DB happen. Ie. it shouldn't be a batch job operation.
:(
2) Yeah, I'm familar with phppgadmin. It sucks. It's ugly as sin and doesn't allow me to do ER diagrams like phpmyadmin does (which honestly isn't the easiest thing in the world, but hey it works). The interface isn't nearly as intutive as phpmyadmin and it seems like everything takes 3x as many clicks. For now, using vim is actually easier for my 40+ table DB.
3) Mostly, I find the docs on mysql.com better organized and easier to find what I'm looking for. Honestly, Pg is very well documented IMHO for being such a large application (OSS or otherwise). The one thing that could be improved IMHO was performance tuning which is well documented, but is still seems very much like voodoo.
4) I've optimized the hell out of the INSERT's under Pg. Tuning postgresql.conf, doing transactions, etc. After talking to the guru's on #postgresql, the best I could get my batch job to run was 28hours (yes I said *hours*). MySQL does it in 8 (still too long, but I could live with it for a while). Dropping my FK's and indexes and doing some really creative coding by loading large (1GB+) portions of my dataset into RAM I've got it down to about 2hours (of course, I can't run any queries during those 2 hours since there aren't any indexes).
Don't get me wrong, I like Pg. It's definately a lot more powerful then MySQL/InnoDB, I just wish it was easier to use and allowed DBA's to make decisions to be able to trade off performance for reliability (turning off WAL for example, being able to disable FK checks without having to drop/create them, etc).
Short story, mysql.com's interpretation of the GPL is frankly a lot more strict then mine or my reading of the FSF's FAQ on the GPL. If it wasn't for that, I'd still be using MySQL for my company's application since I'm more familar with it.
Anyways, PostgreSQL IMHO has some things going for it:
- More features like triggers, stored procs, schemas, subselects, etc then the current stable version of MySQL supports. About the only thing I find myself using are subselects which are just a nice to have.
- Attempts to be "safer" with your data via WAL, etc. Good for unreliable environments.
- Tends to follow the SQL standards closer then MySQL
- Is BSD licenced so you don't have to worry about licensing issues.
- #postgresql on freenode is great. The people there are intelligent, knowledgeable and friendly if you're not an *sshole. They've helped me a lot.
The problems I have with PostgreSQL is that:
- INSERT is very slow (about 3x slower compared to MySQL/InnoDB) for my dataset. The "answer" is to use the COPY command or disable your indexes/FK's which is f*cking lame since you loose all your relational integrity. I was willing to trade off performance for disaster prevention (system crash, power failure, etc) by disabling WAL, but you can't actually do that.
- The OSS tools available aren't as good for postgres as they are for MySQL. I've yet to find anything as nice or complete as phpmyadmin for Pg or something that supports schema's for ER Diagrams. Frankly, I'm sick and tired of designing my DB in vim.
- Having to run vacuum all the time to help the query optimizer figure things out. Why this doesn't happen automagically in the background without me having to worry about it is beyond me.
- In general, I find the documentation on mysql.com superior to on postgresql.org, but #postgresql more then makes up for it.
Frankly, all the technical "problems" in MySQL or Pg can be worked around if you're willing to think out side of the box.
Background: I used to be a member of the product security response team for a large networking vendor. Among other things, I used to talk directly with security researchers who'd find vulnerabilities in our products as well as work directly with our developers to get them fixed. Hence, I have a pretty good idea of what really goes on.
Mary Ann makes some good points. Some (very few in my experiance) security researchers do make threats and unrealistic demands on vendors. Releasing a patch in our case often ment touching over 20 branches of code for various hardware platforms and customer special builds. Obviously, we not only have to research the issue, determine a fix which wouldn't cause other problems, apply the patch, but then QA them including appropriate regression tests.
All this takes months and may cause us to slip schedules (which may negatively impact revenue, but we do it anyways, because it's the right thing to do). Most people when I explained this too understood and as long as I kept them updated (every couple of weeks or so) were more then happy to wait- as long as I could report progress or showed how we were going to work around a problem.
But, Mary Ann is also failing to take responsibility for the failure of many vendors (including Oracle IMHO) to take security problems seriously. Some vendors take years to fix problems (Oracle recently took 700+ days to fix a single vulnerability that an outsider found and was nice enough to keep quiet about, David Lichfield last year canceled his Blackhat talk b/c Oracle didn't fix the problem in time). Obviously, there are those who are willing to bend over backwards to help out Oracle and other vendors, but it's a two way street. Vendors who get a bad reputation in the security community about not working with security researchers are then treated worse by the community.
Most of the security researchers who contact the vendor really try hard to do the right thing and are willing to bend over backwards to help out. Contrary to what Davidson says, it was my policy to ALWAYS give credit to the researcher if they found the issue before we had made a patch available, even if we had found it first. If the person was willing to give us a mailing address, also would also send them a small gift as a thank you for notifying us first rather then going straight to iDefense or full-disclosure. A little common sense and treating others as you would like to be treated goes a long way.
Of course there are those who do try to blackmail vendors. I had one guy in France demand we fly to Paris (from California) on under a week notice, wear certain clothes so he could spot us on a certain street corner with a written job offer for the world's lamest "vulnerability" or he'd go public. Obviously he had watched too many James Bond movies and we told him to fuck off. He ended up going public and we had to deal with it.
Personally, I think Mary Ann Davidsion just made her life more difficult. By painting such a negative picture of the security community she has only perpetuated the image that Oracle doesn't want to work with security researchers and that they're better off selling their bug to iDefense or 3Com. At least then they're guaranteed to get credit for their work.
I think it's far less of an issue of exposing "private" info about Eric Schmidt and much more of Google not like being painted in a bad light and teaching C|Net a lesson about "saying we may become evil".
Basically C|net said he's rich, married, lives with rich people, goes to rich people parties, is probably a Democrat and flys a plane! Who woulda thunk it? I would of guessed that the CEO of Google who's stock is currently only $295.731/share would of been some poor slob living in a halfway house and dreaming of one day of buying a Radio Flyer.
Schmidt has been in the public life for many many years now, and almost all of the info published was PUBLIC RECORD. Publicly available SEC documents would show how much money he made selling google stock and his salary, and it's trivial to find out not only where someone lives but how much they paid for their home since it's public record. Marriage certificates are also often a matter public record. Fly a plane? Your pilot license probably is public record too (like your driver license) which again would have your home address.
So basically the only thing that might be hard for the average joe to figure out was that he went to a $10,000/plate dinner for a presidential candiate who lost. Of course, there were probably 50 reporters covering that public event and reporting on it, and that's where google get's useful.
Very childish on Google's part. It's something I'd more expect from the Bush administration.
Yes, perforce is good (very good actually), but it's licenced per seat and while not as complicated as ClearCase isn't the easiest thing in the world to admin.
If you can setup Apache, I would strongly recommend looking at Subversion instead. Very easy to setup and maintain and has most of features of Perforce as well as a few that Perforce doesn't (like true rename/move support).
-Aaron
If you have the IRT, then place the jacketed wires between the dual cutter so that the end goes a little PAST the little stop. Squeeze down until you hear the first click, and spin the IRT around once or so. Pull. It won't be a super clean cut, but it will do just fine.
.02.
Now split the wires and order them (I always do T568A standards since that's what I was originally taught 10+ years ago when I was a desktop support monkey, but T568B is fine too.) Just don't be stupid and order the wires straight since you'll screw up the whole point of an UTP cable.
Anyways, once you have things ordered, clip off the ends of the wires so that everything is nice and even (which is why you strip off more then you're supposed to in the first step).
Put the RJ45 end on and crimp.
Anyways, YMMV... my
-Aaron
P.S. I forgot to say how much I *hate* making cables. I'd rather be poked with a stick.
I'm employee #3 at a small startup. Since I'm the only one with an IT background (Unix, networking and security) I get to do all the IT work + the other work.... Lucky me. Here's what I did:
:( Apparently 2.6.x still hasn't worked out the bugs for LVM2 snapshots and you can get a hung kernel. LVM2 is still worth it since it allows you to resize partitions. Just don't put your root partition on it.
/etc/hosts files. hosts files work fine when you're small, but don't scale at all and getting bind/dhcpd working is easy enough where you might as well do it from the start.
Our server is a Supermicro dual Xeon box w/ Adaptec SATA hardware raid controller doing RAID10 (4x250G drives) with a Quantum VS160 DLT drive for backups. Works great and was cheaper then Dell. Linux support is great as I'm sure Windows is if you want to go that route. If you go Linux, you should only consider XFS or ext3 since those are the only journaled, relatively stable FS with a version of dump. You'll need dump (or xfs_dump) to do incremental backups once your data is larger then a single tape and tar/star won't do anymore. (Note, XFS may be unstable under LVM2... before picking it, you should do some research, but ext3 seems rock solid so far.)
OS is CentOS 4.1. Has been very stable except for doing LVM2 snapshots.
I've standardized on putting user accounts in OpenLDAP. Was somewhat a pain in the ass to setup, but now that it's working it's really worth it. Currently we have authenticating off of LDAP:
- Unix accounts
- SAMBA
- Jabber
- Bugzilla
- Snipsnap (wiki)
- Subversion (source control)
- Apache (HTTP Authentication)
- WebCal (calendaring)
Currently we outsource email, but once we bring that in, we'll do that too. Everyone loves having only ONE password which is ALWAYS in sync. Makes creating new user accounts a breeze too since there's only one database to manage.
Of course there's all the other tools like CruiseControl, Doxygen and ViewCVS which make the developers life easier. YMMV depending on your needs.
Run DHCP and DNS (I use ISC's dhcpd and bind9) and turn on dynamic updates of DNS via DHCP so you don't get in the trap of using
As for network wiring, get yourself a spool of Cat5e, some RJ45 connectors (make sure they're for solid cable, not stranded), a tester and an Ideal Rachet Telemaster. Yes you can get cheaper crimpers, but they suck and you'll hate yourself for trying to save $15.
I've standardized on Dlink DES-1026G switches. They're 24 port 10/100 with 2 Gig ports for your servers or stacking. Cost is under $200 if you look on Froogle. According to the specs, they're "real" switches with a decent backplane. I personally prefer managed swithes with VLAN's, but when you're a startup, $$$ matters.
For small companies, VoIP seems to be the way to go, but once you're around 50 people, going with a real PBX seems to be the cheaper option. Either way, expect relatively high startup costs associated with getting the related phones/etc installed and configured.
As for firewalls, well run what you know. Most firewall insecurity comes from miss-configurations, not flaws in the firewall itself. If you know how to harden a box and run iptables, I still wouldn't use that since there is a lot of effort involved. Just find some packaged firewall (OSS or COTS) which meets your needs.
Just remember to do things right the first time. It's better to put in some long hours initially to get things running well then fighting fires each week when problems start happening as you grow.
-Aaron
Very insightful and as a long time tivo user exactly how i feel. I just haven't pulled the trigger yet on dumping my tivo, but I keep thinking about it.
Well all I can say is that obviously some people must have some incentive to run an exit node, otherwise there would be no exit nodes (which is provably not the case).
Note: I run an exit node. Why? b/c:
1) I can
2) I like getting port scanned by IRC servers looking for open proxies when people exit and connect to IRC servers
3) It scratches an itch
Perhaps you should read "Should I run a client or a server?", which explains the benefits for running a server.
m l
http://tor.freehaven.net/cvs/tor/doc/tor-doc.ht
But basically, even just running a client is good since the more clients using tor (up to the capacity of the network) increases the anonymity of all users. Only time will tell if enough volunteers will run servers to keep up with demand.
Btw, that line should actually read:
:)
ExitPolicy reject *:*
But I'll assume most anyone reading the torrc would of figured that out on their own.
(Happy Nick?
There are two kinds of tor servers:
Exit routers, which connect to other services (web, irc, etc) and middlemen routers which only pass encrypted packets.
Middlemen routers have no idea what the content of the data is since it's encrypted, hence it would be impossible to enforce that there. Exit routers can limit which IP/ports to allow connections to, but there's no application level intelligence to restrict based on mime-types or anything else like that.
Huh? The whole point behind tor is that you can't back-track a connection from an exit-node back to the originating host. All traffic between tor routers is encrypted and middle nodes can't see the actual clear text. That means:
Client --> A --> B --> C --> Server
Where A, B & C are tor routers, only C can see the clear text. Of course, if you're using SSL or SSH, then even C can't see the clear text.
Tor already provides the means for people to run a tor node as only a router (add the line: reject *:* in your torrc), not an exit node. Hence, your IP will never download kiddie porn or anything like that.
One interesting thing that tor provides for "hidden services" so you can publish/host content, but without giving up your location. The nice thing about this is that you can run any tcp service such as a web or irc server, not just static content.