This will make it more difficult to brute force crack.
No it won't. It will make it more difficult because brute force will be required to crack, after dictionary attacks are exhausted.
BTW, are we sure that the characters after 8 are simply ignored? They aren't hashed with the rest of the password? ie...
eightcharacter becoming a hash of... eightcha racter -------- ????????
Which would still effectively be a password of 256^8 strength (assuming all 8 bit characters can be used), but would render a simple dictionary attack useless for passwords over 8 chars. Of course, if this were the case, a dictionary cracker could be written to take this into consideration, allowing quick cracking of dictionary passwords even over 8 chars, falling back to brute force failing that.
However, my girlfriends 550MHz Celeron Thinkpad brute force cracks with L0phtcrack at 800,000 keys/second. If this were a yardstick, her notebook would take 731 thousand years at most to brute force crack a 256^8 password! So I'm not too worried yet. The NSA or a distributed attack no doubt could probably do it in no time though. ; ) But I doubt the NSA or a large group of people want to crack my passwords, though something larger than 8 chars would still be nice.
Sorry, I should have been more specific. I've moved to PPC on notebooks for stability, compared with current i8xx based notebooks. i8xx can make any OS come crashing into a heap, which is why I use Linux/OpenBSD/OSX over Windows/MacOS9 in the first place, so choosing unstable hardware is not my idea of fun.
My performance gripe about the i8xx chipsets is regarding the comparative performance between intel systems. I honestly wasn't trying to compare Intel performance to PPC, sorry.
However, here you can see the results of a G4 500MHz running about 3 times faster than a PIII 600MHz with one of Intels own benchmark libraries.
Sure, it's a Mac site. PC sites can tend to show intel favoured results and vice versa. I remember when Tom of Toms Hardware was touting that AGP PROVIDED NO BENEFITS OVER PCI for 3D video card performance. This was back when the performance ceiling of 3D games was limited by the PCI connection of the 3Dfx Voodoo2. That was when he was in bed with 3Dfx, once he got of of that bed and jumped into nVidia's bed and became an "official nVidia review site", his thoughts on AGP made a sudden and public 180 degree turn. He is a whore. I roughly graphed the performance of the Voodoo2 against texture sizes which showed the sudden drop as reliance was placed on the PCI bus, my Voodoo2 groupie friends scoffed at it until they saw a Matrox G200 running 3.5 times faster than the Voodoo2 with large textures in Quake2. So I agree that people should take benchmarks posted on web sites with a grain of salt if they are'nt genuine independent results.
Try both systems and stick with what you like most. After 12 years of x86, I sure have seen the light.
All storage mediums degrade over time. Our megnetic media HDD's will go bad eventually, normal aluminium CD's will go bad, even gold CD's will go bad eventually (the plastic). Of course magnetic tape will go bad quicker than HDD media (tape being exposed to air particles), and magnetic media will go bad much quicker than CD, but these recording methods and tapes would be designed to deliver these levels of quality for much more than "a few viewings".
The beauty of using digital on magnetic media is that the consequences of media going bad are not apparent until the digital signals fall below the noise floor. Which basically allows the media to be 100% perfect for it's intended purpose until that time.
The beauty of using digital for multimedia storage is that even if some data is lost, it might only result in visual or audible noise. Contrast this with the consequences of corrupt computer data. Of course, data corruption with multimedia could result in non playable media (with todays encoded formats) in one extreme or even no apparent visual or audible loss at all.
The thought of bad after a few viewings though, is ridiculous.
People won't have enough until their teenagers turn radioactive and sterile.
Cell phones emit non-ionizing radiation (and very low levels at that).
Standing in the sun for 1 minute is FAR more dangerous than spending your lifetime speaking on a cell phone. Cell phone radiation is non cancer causing.
There is TONS of evidence of ionizing radiation causing cancers, yet nil evidence for the same from non-ionizing radiation. So you can safely eat your microwaved food, speak on your mobile and cordless phones and use your WiFi cards.
Watching a CRT based display (capable of emitting small amounts of X rays) can be slightly dangerous, using a cell phone is not.
I can certainly see MS trying something like this. But as more and more companies move to more open designs, MS continues to keep closed and protect what it does.
So my question is, if MS does make a new internet protocol, who is going to use it? Will anyone be left who trusts them?
I'm searching for some numbers at the moment that might hopefully show how bad the problem is with a RAID0 setup. I guess the problem would be worse the smaller the chunk size.
As for a 2nd seperate network, yeah right, dream on. Where do you work, the CIA?
Huh!? Are you serious? I really want to know your position in this bank, because I am disgusted.
As I have stated elsewhere in this thread, the stock exchange I work for has at least 4 seperate physical networks.
Production: mission critical, it's why we exist and having it compromised would hurt a lot of people and a lot a heads would roll.
Development: This is Production V2.0beta. This needs to be seperated from Production for obvious reasons. Mistakes cost little here and much more people (as required) can have the access they need here to build the new Production system. This network is important in it's own right, it hosts what will some day be on the Production network. If a disgruntled worker put something nasty into this system, it might (slight chance) make it into the Production network when it gets cut over some day, so it needs to be secured as much as possible from people who don't need access to it.
Security (often called Surveilance): Any questions why this needs to be physically seperate, with access provided to only an elite few who associate as little as possible with the rest of the company, including Production sys admins?
Staff (sometimes called Office): A network for ordinary people who use systems on this network and Production systems with very low privs. Often they have seperate machines for work on the seperate Staff and Production networks. They are the interface between the mission critical Production systems and customers, who are also critical to the business.
Each network is extremely important and seperation of each to the maximum that allows the business to work is very much the norm in a company like a stock exchange or a bank.
CIA? How many networks do you rekon they have! They probably have entire departments, as far as staff and systems go, duplicated who watch each other!
Hell, fraud or vandalism of bank or stock exchange systems is something that would rank extremely highly as something the CIA would investigate. Their first contacts would be the guys from security, some of which probably once worked for the CIA!
If I need to access the trading systems here I just telnet in from my sparcstation (assuming I had a login), there is no ssh here FYI.
Sounds like to me you are big noting yourself. Sparcstation sounds cool eh?
You seem to have no clue about a banks network, either that or you work for the First Bank Of Afganistan.
OpenBSD firewall (486DX2 66, 8MB, 32MB CF disk) / FreeBSD 5.0-DP1 file/print (smb/afp), web proxy, time server / Apple Mac 68030 mail server in the making / Thinkpad and iBook clients running W2K and OS9/X.
Electricity cost was a big concern for me but Jeezuz dude!
decoydog's comment is (Score:5, Bloody Depressing).
I have been told by a few agents in Sydney, that each advertised position gets hundreds of applications, so they have email rules set up which just delete every application after a certain time (usually before lunch time).
So if you make it through that, you then have to make it through the people who are doing the manual culling... people who barely know what to cull.
It's a shame though, since ATA drives by themselves are so quick (sequentialy speaking), compared with SCSI.
It would be great to see future ATA standards get some SCSI features that would enable same channel RAID performance.
I have been wondering how RAID would perform over Firewire with multiple Firewire/ATA drives. Possibly a poor mans "SCSI400"? Capable of hotswapping and all.
This is disingenuous because few two-drive ATA RAID 0 systems are configured with both drives on the same channel. All ATA RAID solutions have at least two independent channels and it is the norm to put a single drive as master on each.
Thus my point?
That is exactly my point. Few ATA RAID designs use more than one drive per channel exactly because the time to switch between master and slave is so poor that performance is hurt so baddly.
Thus, ATA bus speed should never be considered "headroom" for extra performance gained through any RAID design, because it's not going to happen.
ATA bus speed should only be considered a top speed per device, if that device were capable.
Why would a disgruntled coder bother with packet sniffing?
Why? Why don't you think about it for a while.
Accountability. Disgruntled worker has God privs across a bunch of mission critical servers (critical to not only the business but to customers in a bank scenario). Servers are in a secure room with video surveilance and the syslog server and line printers are in another secure room which few people have access to or are even aware of all together.
Our poor disgruntled worker would be STUPID BEYOND BELIEF to fuck with any server or network gear in that environment with either his ugly head on video tape or his username plastered all over syslog printouts that he can't get to...
However, this lucky bastard has YOU as a boss and since you called the shots you said, "ah to hell with secure tools, we'll just keeping using the good old r* tools since we trust our staff and our network is behind a nice black firewall!".
So, our disgruntled worker is smarter than you, he sniffs some passwords of people he never liked and a few he now no longer likes...
Now those servers that have been dd if=/dev/zero of=/dev/sda have YOUR name printed on the syslog printouts instead of his.
Guess you've never worked in a big company have you?
So what position do you hold at this bank? Teller?
I work for a major Stock Exchange. We have seperate physical networks for staff, production, development and security.
The production servers are usually accessed via their serial console ports via console servers which are only connected to the security network. Few people have physical or logical access to that network and those servers. Baring that, ssh and scp is the norm where at all possible.
Thanks for letting me know the function of firewalls (my bread and butter).
However, I am merely pointing out, that plain text within a LAN is still very dangerous, especially within an org that has a lot to protect. It removes accountability from the staff because their usernames and passwords cannot be considered completely safe from other staff who may have similar privs.
OpenBSD , its just a toy to amuse Theo thats not really aiming at the high end market but rather just as a web server or other ISP type role.
How does removing insecure tools from an OS that focuses on security make that OS a toy? You can always put it back for Christs sake.
The fact is, that insecure tools are insecure on the internet and within corporate LANS.
What, am I the only one who wants to have a rack of these and a kvm switch built into his desk?
No.
PS, moderators? Why on Earth is this Score: 5 Funny? There is absolutely nothing funny about this! This is Score: 5 Insightful damnit!!!!
Hell, so they're 1U rack mount units. I think Apple is about to find out that a lot of people want these for their desktop just for the DDR RAM and 4 ATA controllers.
These would be awesome for multimedia work. I want 2x Dual units maxed out in DDR RAM with striped HDD's for both me and my girl's computer room and I'd also like a single CPU unit for our firewall/router running OpenBSD. Another dual unit running FreeBSD 5.0 for the mail/web proxy/file/print server....
The Seagate Cheetah X15-36LP does 60.5MB/s outer and 45MB/s inner, for a comparison of a 15k SCSI drive, with a 5.9mS access time.
but this is for a strictly linear transfer from platter to RAM and does not accomodate the +7ms AVERAGE seek time.
Is it not obvious that I am speaking purely about maximum sustained transfer rates? You can't get the maximum values if we're not talking about sequential transfers. But thanks for the pointer AC.
No one in their right mind would use one of the r* tools or telnet to access a box across the internet. However , for internal connections withing a large organisation they are *vital*.
Vital, as if there is no better alternative?
With the trend of outsourcing IT HR, bringing IN lots of potentially untrustworthy staff and putting OUT very clued up staff who are now very disgruntled, I would guess that previously already endangered LANS are now becoming even more threatened.
Staff on the way out will be sniffing and key logging their peers, bosses and the new contractors and the new contractors don't have much to loose either, being just another contractor.
Anyone who has worked in a large unix shop (I work in a multinational bank)
I know a very large multinational bank which uses OpenBSD on it's firewalls.
knows that rlogin and telnet are used all the time to access the various servers over the LAN and VPN,
So the fact that security is usually lacking somehow makes the use of plain text OK within a LAN environment?
If you look at the Read Max/Min/Avg values on page four they are almost the same. This should imply that the time to transfer the data is small compared to finding it on the disk. I think. Is that correct?
The numbers are the same because the limiting factor in the whole test is the drive itself. If it can't sustain a transfer rate higher than 66MB/s for example, then a performance difference between 66,100 or 133 could not possibly be measured since the drive is limiting the numbers to what IT is capable of and not what the different bus standards are capable of.
If you have a Ford that is capable of 100km/h, your top speed in a straight line is 100km/h, but will your Ford go faster on a road that allows 120km/h? The car is the limit here.
I can't imagine that John Q. Photoshop user cares about disk speed; cpu speed is probably more the issue for that.
Disk speed is a massive bottleneck if John Q. Photoshop user does not have enough RAM to hold his Photoshop sessions entirely.
If he is smart, he would have spent big on RAM, then CPU and then disk. If he is a serious Photoshop user, then he would have maxed out in every dept.
Photoshop eats RAM for breakfast and sporadically CPU cycles. A 2048x1024 true colour image with an 8 bit alpha channel, 5 layers and 10 undo levels will use approx 420MB in RAM, not including OS or application memory usage.
Yes, really. It was quite a shock at the time, but it's true, the 133Mhz unit ran rings around the standard 100Mhz box. What's more, it was 33% faster! Fancy that!
The point here though, is that ATA133 could not be demonstrated to be 33% quicker than ATA100 because the author does not understand bottleneck effects. Even though the ATA133 bus IS 33% quicker than ATA100. ; ) Not that it matters, yet.
Fastest ATA drive I have seen to date sustains about 49MB/s. Can you point me to the 60MB/s drive? I'm in the market for two at the moment.
You can put 2 drives on a channel, and you want a little head room, because you aren't usually using the bandwidth on the bus optimally.
Actually, two drives on one ATA bus often hurts performance due to ATA's terrible design. There is an unholy amount of time involved with switching between master and slave that severely hurts these setups.
If you have system files on a master and swap/data etc on a slave type setup, you might be doing yourself a disservice. If you are using some sort of RAID which includes two drives on the same ATA bus (striping, mirroring or part of a RAID5 or other more complex RAID) then the time taken to switch between master and slave is severely hurting performance.
That's also today's drives. I'm sure most people plan on keeping their computers a few years, and would like to be able to take advantage of a drive they add a year or two from now. It seems like 133 MB/s is a reasonable amount of bandwidth for today's drives, with a little room to grow.
It seems to me that drives are getting faster at about 15-20% per year. In about 4-5 years drives that are doing 130+MB/s will probably be only serial ATA or something with fibre optics.
Regardless, you are no doubt using a decent OS which caches your file systems well, in which case, system memory is where people should be putting their money.
I actually got a "faster" ATA100 hard drive (60 GB) that goes slower in real life than my old ATA66 20 GB hard drive.
What models are you comparing and did you set them up so that they were running at their best settings? I'm assuming you're using a free Unix and tweaking with hdparm? I would be shocked if the fastest 20GB drive is quicker than the slowest 60GB drives of today.
1) benchmarks don't always reflect real life
Actually, they usually do reflect very closely, small areas of real life performance. People just don't know how to interpret the results.
People don't tend to realise that this so called "real World performance" is actually made up of lots of extremely varying little performance bottlenecks which add up, but each of which can be measured.
2) speed doesn't really matter with hard drives since they're so fast anyway.
Huh? My PII-300 PC100 SDRAM transfers at about 800MB/s if I remember correctly, but a fast ATA HDD might transfer at 45MB/s on a 66, 100 or 133MB/s ATA bus. Disk media is slow as molasses compared with most of the rest of computer systems. Besides tape of course, which is a horse for a completely different course.
How many ATA drives out there actually get anywhere near 133MB/s sustained transfer rates from the media? Any even able to sustain half of that? Not that I've seen.
For ATA, it's hype.
Someone might argue that it is good for RAID, which would be true for SCSI. But RAID 0 for example with two drives on the same ATA bus gives terrible performance due to the time taken to switch between ATA master and slave drives. So it really comes down to what an ATA drive can sustain.
Sure it's nice to have the fast bus in place for the future, but by then, you've probably already upgraded to something much faster still.
Slashdot Mirror
This will make it more difficult to brute force crack.
No it won't. It will make it more difficult because brute force will be required to crack, after dictionary attacks are exhausted.
BTW, are we sure that the characters after 8 are simply ignored? They aren't hashed with the rest of the password? ie...
eightcharacter becoming a hash of...
eightcha
racter
--------
????????
Which would still effectively be a password of 256^8 strength (assuming all 8 bit characters can be used), but would render a simple dictionary attack useless for passwords over 8 chars. Of course, if this were the case, a dictionary cracker could be written to take this into consideration, allowing quick cracking of dictionary passwords even over 8 chars, falling back to brute force failing that.
However, my girlfriends 550MHz Celeron Thinkpad brute force cracks with L0phtcrack at 800,000 keys/second. If this were a yardstick, her notebook would take 731 thousand years at most to brute force crack a 256^8 password! So I'm not too worried yet. The NSA or a distributed attack no doubt could probably do it in no time though. ; ) But I doubt the NSA or a large group of people want to crack my passwords, though something larger than 8 chars would still be nice.
Sorry, I should have been more specific. I've moved to PPC on notebooks for stability, compared with current i8xx based notebooks. i8xx can make any OS come crashing into a heap, which is why I use Linux/OpenBSD/OSX over Windows/MacOS9 in the first place, so choosing unstable hardware is not my idea of fun.
My performance gripe about the i8xx chipsets is regarding the comparative performance between intel systems. I honestly wasn't trying to compare Intel performance to PPC, sorry.
However, here you can see the results of a G4 500MHz running about 3 times faster than a PIII 600MHz with one of Intels own benchmark libraries.
Sure, it's a Mac site. PC sites can tend to show intel favoured results and vice versa. I remember when Tom of Toms Hardware was touting that AGP PROVIDED NO BENEFITS OVER PCI for 3D video card performance. This was back when the performance ceiling of 3D games was limited by the PCI connection of the 3Dfx Voodoo2. That was when he was in bed with 3Dfx, once he got of of that bed and jumped into nVidia's bed and became an "official nVidia review site", his thoughts on AGP made a sudden and public 180 degree turn. He is a whore. I roughly graphed the performance of the Voodoo2 against texture sizes which showed the sudden drop as reliance was placed on the PCI bus, my Voodoo2 groupie friends scoffed at it until they saw a Matrox G200 running 3.5 times faster than the Voodoo2 with large textures in Quake2. So I agree that people should take benchmarks posted on web sites with a grain of salt if they are'nt genuine independent results.
Try both systems and stick with what you like most. After 12 years of x86, I sure have seen the light.
I think PPC IS the place to be for Linux.
I really hate newish x86 notebooks with their buggy, baddly performing i8xx chipsets.
I have moved to a Mac iBook after 12 years of x86 PC's and I am very happy to have done so.
Mac OSX is awesome, OpenBSD works well and although I have'nt tried them on ppc yet, Debian, Mandrake, Yellowdog, etc are options too.
Though after almost 5 years with Debian and OpenBSD on x86, I am happy to stay with OpenBSD servers and OSX desktops.
All storage mediums degrade over time. Our megnetic media HDD's will go bad eventually, normal aluminium CD's will go bad, even gold CD's will go bad eventually (the plastic). Of course magnetic tape will go bad quicker than HDD media (tape being exposed to air particles), and magnetic media will go bad much quicker than CD, but these recording methods and tapes would be designed to deliver these levels of quality for much more than "a few viewings".
The beauty of using digital on magnetic media is that the consequences of media going bad are not apparent until the digital signals fall below the noise floor. Which basically allows the media to be 100% perfect for it's intended purpose until that time.
The beauty of using digital for multimedia storage is that even if some data is lost, it might only result in visual or audible noise. Contrast this with the consequences of corrupt computer data. Of course, data corruption with multimedia could result in non playable media (with todays encoded formats) in one extreme or even no apparent visual or audible loss at all.
The thought of bad after a few viewings though, is ridiculous.
Sorry, I did find it funny though. ; )
People won't have enough until their teenagers turn radioactive and sterile.
Cell phones emit non-ionizing radiation (and very low levels at that).
Standing in the sun for 1 minute is FAR more dangerous than spending your lifetime speaking on a cell phone. Cell phone radiation is non cancer causing.
There is TONS of evidence of ionizing radiation causing cancers, yet nil evidence for the same from non-ionizing radiation. So you can safely eat your microwaved food, speak on your mobile and cordless phones and use your WiFi cards.
Watching a CRT based display (capable of emitting small amounts of X rays) can be slightly dangerous, using a cell phone is not.
I can certainly see MS trying something like this. But as more and more companies move to more open designs, MS continues to keep closed and protect what it does.
So my question is, if MS does make a new internet protocol, who is going to use it? Will anyone be left who trusts them?
Oh bugger, I thought it was MB and not Mb. Thanks for pointing that out.
t ml#ss2.1
The Software RAID howto for Linux briefly mentions the problem, but does not delve into the cause...
http://www.tldp.org/HOWTO/Software-RAID-HOWTO-2.h
I'm searching for some numbers at the moment that might hopefully show how bad the problem is with a RAID0 setup. I guess the problem would be worse the smaller the chunk size.
As for a 2nd seperate network, yeah right, dream on. Where do you work, the CIA?
Huh!? Are you serious? I really want to know your position in this bank, because I am disgusted.
As I have stated elsewhere in this thread, the stock exchange I work for has at least 4 seperate physical networks.
Production: mission critical, it's why we exist and having it compromised would hurt a lot of people and a lot a heads would roll.
Development: This is Production V2.0beta. This needs to be seperated from Production for obvious reasons. Mistakes cost little here and much more people (as required) can have the access they need here to build the new Production system. This network is important in it's own right, it hosts what will some day be on the Production network. If a disgruntled worker put something nasty into this system, it might (slight chance) make it into the Production network when it gets cut over some day, so it needs to be secured as much as possible from people who don't need access to it.
Security (often called Surveilance): Any questions why this needs to be physically seperate, with access provided to only an elite few who associate as little as possible with the rest of the company, including Production sys admins?
Staff (sometimes called Office): A network for ordinary people who use systems on this network and Production systems with very low privs. Often they have seperate machines for work on the seperate Staff and Production networks. They are the interface between the mission critical Production systems and customers, who are also critical to the business.
Each network is extremely important and seperation of each to the maximum that allows the business to work is very much the norm in a company like a stock exchange or a bank.
CIA? How many networks do you rekon they have! They probably have entire departments, as far as staff and systems go, duplicated who watch each other!
Hell, fraud or vandalism of bank or stock exchange systems is something that would rank extremely highly as something the CIA would investigate. Their first contacts would be the guys from security, some of which probably once worked for the CIA!
If I need to access the trading systems here I just telnet in from my sparcstation (assuming I had a login), there is no ssh here FYI.
Sounds like to me you are big noting yourself. Sparcstation sounds cool eh?
You seem to have no clue about a banks network, either that or you work for the First Bank Of Afganistan.
Jeez dude, I thought that my setup was fun.
OpenBSD firewall (486DX2 66, 8MB, 32MB CF disk) / FreeBSD 5.0-DP1 file/print (smb/afp), web proxy, time server / Apple Mac 68030 mail server in the making / Thinkpad and iBook clients running W2K and OS9/X.
Electricity cost was a big concern for me but Jeezuz dude!
decoydog's comment is (Score:5, Bloody Depressing).
I have been told by a few agents in Sydney, that each advertised position gets hundreds of applications, so they have email rules set up which just delete every application after a certain time (usually before lunch time).
So if you make it through that, you then have to make it through the people who are doing the manual culling... people who barely know what to cull.
It's a shame though, since ATA drives by themselves are so quick (sequentialy speaking), compared with SCSI.
It would be great to see future ATA standards get some SCSI features that would enable same channel RAID performance.
I have been wondering how RAID would perform over Firewire with multiple Firewire/ATA drives. Possibly a poor mans "SCSI400"? Capable of hotswapping and all.
This is disingenuous because few two-drive ATA RAID 0 systems are configured with both drives on the same channel. All ATA RAID solutions have at least two independent channels and it is the norm to put a single drive as master on each.
Thus my point?
That is exactly my point. Few ATA RAID designs use more than one drive per channel exactly because the time to switch between master and slave is so poor that performance is hurt so baddly.
Thus, ATA bus speed should never be considered "headroom" for extra performance gained through any RAID design, because it's not going to happen.
ATA bus speed should only be considered a top speed per device, if that device were capable.
The average user of FreeBSD does'nt really care about GUI speed.
My smb/afp/lpd/web proxy server runs FreeBSD. Suffice to say, it does not even have a video card, mouse or even keyboard for that matter.
However, does your video card require AGP extensions to opperate at full speed in XF86?
Why would a disgruntled coder bother with packet sniffing?
Why? Why don't you think about it for a while.
Accountability. Disgruntled worker has God privs across a bunch of mission critical servers (critical to not only the business but to customers in a bank scenario). Servers are in a secure room with video surveilance and the syslog server and line printers are in another secure room which few people have access to or are even aware of all together.
Our poor disgruntled worker would be STUPID BEYOND BELIEF to fuck with any server or network gear in that environment with either his ugly head on video tape or his username plastered all over syslog printouts that he can't get to...
However, this lucky bastard has YOU as a boss and since you called the shots you said, "ah to hell with secure tools, we'll just keeping using the good old r* tools since we trust our staff and our network is behind a nice black firewall!".
So, our disgruntled worker is smarter than you, he sniffs some passwords of people he never liked and a few he now no longer likes...
Now those servers that have been dd if=/dev/zero of=/dev/sda have YOUR name printed on the syslog printouts instead of his.
Guess you've never worked in a big company have you?
So what position do you hold at this bank? Teller?
I work for a major Stock Exchange. We have seperate physical networks for staff, production, development and security.
The production servers are usually accessed via their serial console ports via console servers which are only connected to the security network. Few people have physical or logical access to that network and those servers. Baring that, ssh and scp is the norm where at all possible.
Thanks for letting me know the function of firewalls (my bread and butter).
However, I am merely pointing out, that plain text within a LAN is still very dangerous, especially within an org that has a lot to protect. It removes accountability from the staff because their usernames and passwords cannot be considered completely safe from other staff who may have similar privs.
OpenBSD , its just a toy to amuse Theo thats not really aiming at the high end market but rather just as a web server or other ISP type role.
How does removing insecure tools from an OS that focuses on security make that OS a toy? You can always put it back for Christs sake.
The fact is, that insecure tools are insecure on the internet and within corporate LANS.
What, am I the only one who wants to have a rack of these and a kvm switch built into his desk?
No.
PS, moderators? Why on Earth is this Score: 5 Funny? There is absolutely nothing funny about this! This is Score: 5 Insightful damnit!!!!
Hell, so they're 1U rack mount units. I think Apple is about to find out that a lot of people want these for their desktop just for the DDR RAM and 4 ATA controllers.
These would be awesome for multimedia work. I want 2x Dual units maxed out in DDR RAM with striped HDD's for both me and my girl's computer room and I'd also like a single CPU unit for our firewall/router running OpenBSD. Another dual unit running FreeBSD 5.0 for the mail/web proxy/file/print server....
Oh man.
Reality check. PC100 SDRAM CPU to memory is about 200MB/s
t ml/ /www.savingxoom.com/ddrmemory1.html
No, you are in serious need of a reality check. My 512MB of PC100 SDRAM benchmarks as being around 800MB/s with memtest.
Here are a couple of web sites that agree with this also...
http://www.a1-electronics.co.uk/Memory/SDRAM.sh
http://www.pcmech.com/show/memory/154/
http:
Should I provide more?
Drives don't get better than perhaps 45MB/s for outer diameter of platter and more like 25MB/s for inner diameter,
Western Digital Caviar WD1200JB: 48.8MB/s outer, 29.2MB/s inner.
The Seagate Cheetah X15-36LP does 60.5MB/s outer and 45MB/s inner, for a comparison of a 15k SCSI drive, with a 5.9mS access time.
but this is for a strictly linear transfer from platter to RAM and does not accomodate the +7ms AVERAGE seek time.
Is it not obvious that I am speaking purely about maximum sustained transfer rates? You can't get the maximum values if we're not talking about sequential transfers. But thanks for the pointer AC.
No one in their right mind would use one of the r* tools or telnet to access a box across the internet. However , for internal connections withing a large organisation they are *vital*.
,
Vital, as if there is no better alternative?
With the trend of outsourcing IT HR, bringing IN lots of potentially untrustworthy staff and putting OUT very clued up staff who are now very disgruntled, I would guess that previously already endangered LANS are now becoming even more threatened.
Staff on the way out will be sniffing and key logging their peers, bosses and the new contractors and the new contractors don't have much to loose either, being just another contractor.
Anyone who has worked in a large unix shop (I work in a multinational bank)
I know a very large multinational bank which uses OpenBSD on it's firewalls.
knows that rlogin and telnet are used all the time to access the various servers over the LAN and VPN
So the fact that security is usually lacking somehow makes the use of plain text OK within a LAN environment?
Bye bye OpenBSD.
Bye bye DickHEAD.
If you look at the Read Max/Min/Avg values on page four they are almost the same. This should imply that the time to transfer the data is small compared to finding it on the disk. I think. Is that correct?
The numbers are the same because the limiting factor in the whole test is the drive itself. If it can't sustain a transfer rate higher than 66MB/s for example, then a performance difference between 66,100 or 133 could not possibly be measured since the drive is limiting the numbers to what IT is capable of and not what the different bus standards are capable of.
If you have a Ford that is capable of 100km/h, your top speed in a straight line is 100km/h, but will your Ford go faster on a road that allows 120km/h? The car is the limit here.
I can't imagine that John Q. Photoshop user cares about disk speed; cpu speed is probably more the issue for that.
Disk speed is a massive bottleneck if John Q. Photoshop user does not have enough RAM to hold his Photoshop sessions entirely.
If he is smart, he would have spent big on RAM, then CPU and then disk. If he is a serious Photoshop user, then he would have maxed out in every dept.
Photoshop eats RAM for breakfast and sporadically CPU cycles. A 2048x1024 true colour image with an 8 bit alpha channel, 5 layers and 10 undo levels will use approx 420MB in RAM, not including OS or application memory usage.
Yes, really. It was quite a shock at the time, but it's true, the 133Mhz unit ran rings around the standard 100Mhz box. What's more, it was 33% faster! Fancy that!
The point here though, is that ATA133 could not be demonstrated to be 33% quicker than ATA100 because the author does not understand bottleneck effects. Even though the ATA133 bus IS 33% quicker than ATA100. ; ) Not that it matters, yet.
Drives are getting into the 50 to 60 MB/s range.
Fastest ATA drive I have seen to date sustains about 49MB/s. Can you point me to the 60MB/s drive? I'm in the market for two at the moment.
You can put 2 drives on a channel, and you want a little head room, because you aren't usually using the bandwidth on the bus optimally.
Actually, two drives on one ATA bus often hurts performance due to ATA's terrible design. There is an unholy amount of time involved with switching between master and slave that severely hurts these setups.
If you have system files on a master and swap/data etc on a slave type setup, you might be doing yourself a disservice. If you are using some sort of RAID which includes two drives on the same ATA bus (striping, mirroring or part of a RAID5 or other more complex RAID) then the time taken to switch between master and slave is severely hurting performance.
That's also today's drives. I'm sure most people plan on keeping their computers a few years, and would like to be able to take advantage of a drive they add a year or two from now. It seems like 133 MB/s is a reasonable amount of bandwidth for today's drives, with a little room to grow.
It seems to me that drives are getting faster at about 15-20% per year. In about 4-5 years drives that are doing 130+MB/s will probably be only serial ATA or something with fibre optics.
Regardless, you are no doubt using a decent OS which caches your file systems well, in which case, system memory is where people should be putting their money.
I actually got a "faster" ATA100 hard drive (60 GB) that goes slower in real life than my old ATA66 20 GB hard drive.
What models are you comparing and did you set them up so that they were running at their best settings? I'm assuming you're using a free Unix and tweaking with hdparm? I would be shocked if the fastest 20GB drive is quicker than the slowest 60GB drives of today.
1) benchmarks don't always reflect real life
Actually, they usually do reflect very closely, small areas of real life performance. People just don't know how to interpret the results.
People don't tend to realise that this so called "real World performance" is actually made up of lots of extremely varying little performance bottlenecks which add up, but each of which can be measured.
2) speed doesn't really matter with hard drives since they're so fast anyway.
Huh? My PII-300 PC100 SDRAM transfers at about 800MB/s if I remember correctly, but a fast ATA HDD might transfer at 45MB/s on a 66, 100 or 133MB/s ATA bus. Disk media is slow as molasses compared with most of the rest of computer systems. Besides tape of course, which is a horse for a completely different course.
How many ATA drives out there actually get anywhere near 133MB/s sustained transfer rates from the media? Any even able to sustain half of that? Not that I've seen.
For ATA, it's hype.
Someone might argue that it is good for RAID, which would be true for SCSI. But RAID 0 for example with two drives on the same ATA bus gives terrible performance due to the time taken to switch between ATA master and slave drives. So it really comes down to what an ATA drive can sustain.
Sure it's nice to have the fast bus in place for the future, but by then, you've probably already upgraded to something much faster still.