I wanted a version control system for years. Tried to set up CVS. Too complicated. Tried SVN. Too complicated - and apparently it requires running Apache, which it's thousands of configuration options, each of which have to be understood how it affects security. Besides, I'm already running Nginx, so why would I want Apache?
You don't need Apache at all.
svn+ssh is a lot easier to setup, especially if you already SSH into the server where you're storing the SVN repository.
Or there's the straight file:// method for times where the SVN repo is on the same file system.
Make sure the users belong to "svngroup" and they can now get to it with svn+ssh://username@hostname/var/svn/somerepositoryname.
And if you setup your ~/.ssh/config file properly and use specific keys with the command= option for talking to the SVN server you can simplify that URL down to: svn+ssh://hostname/somerepositoryname.
Yep, except when you're on windows. That would be the escape character in the commandline.
Friggin idiot who invented that stupid windows cli.
"Hmmm, yes, let's not use POSIX! How about we invent our own standard and make it really crappy, and let's only follow it half of the time!"
Hence the quote:
"Those who don't understand UNIX are condemned to reinvent it, poorly." -- Henry Spencer
Try using carat (^) in a recent SVN client. If you're in a working directory, it's a stand-in for the base repository URL. so svn+ssh://foo.bar.biz/svn/widget/trunk could be written as: ^/trunk
I would still love to be able to refer to any item in the repository as some UUID, random generated when the item is first added to the repository.
Then you could reorganize your folder structure in the SVN repo without breaking all of your svn:externals.
So instead of svn:externals pointing at ^/trunk/some/subdirectory, you could just point it at ^UUID:abcdef0123456789.
If the media cost was about 1/5 that of portable magnetic hard drives, then optical would still make sense. Then there's the issue that optical storage density has lagged horribly behind hard drive sizes.
BD-R is still something like $0.25/GB. Horribly expensive compared to little 2.5" external drives which are about $0.12 to $0.14 per GB. You don't have to divide your data up into little 25GB chunks or deal with switching disks 20x to store 500GB. Most machines have USB ports, not many machines have BD drives.
BD-R media would have to sell for $0.04/GB ($1/disk) in order to be competitive against current external drives. And they would need to drive prices down to $0.02/GB per disk within two years to stay competitive.
I generally store things on 2.5" drives, then make (2) backup copies onto larger (and cheaper) 3.5" drives using an external USB to SATA drive "toaster" (Thermaltake BlacX).
Or can somebody tell me if the cooling of the HDs is ok if they are stacked like in the picture?
It doesn't take much airflow at all to keep drives down around 35-40C. Even a light breeze can be enough to drop drive temperatures 5-10C. They're only 5-10W devices (for 3.5" drives) which means they're easy to cool in comparison to the 100-200W video cards or the 95-150W CPUs.
Which will never happen until Microsoft is forced to split out the OS division from the Office division from the hardware division, etc.
It would free up the various teams to improve their products, work on other operating systems, without having to toe the line of being incompatible with other systems on purpose - just to reinforce the monopoly in other markets.
Tape backups require care and feeding. Cleaning the tape drives, monitoring for bad tapes, running verify operations on the backups, rotating out old media on a regular basis, constantly bringing new media into the pool.
Only the bigger firms with the big IT budgets and people who can monitor the drives and backup process for at least 1-2 hours a day can pull that off.
Everyone else tries to do it on a half-hour a day with someone that is being paid minimum wage because they think you only need to swap tapes as requested and it will magically work. They don't do verify cycles, don't do test restores once a month, and nobody ever looks at the backup report to see if it ran.
Tape only makes sense once you cross the line where the cost of the media outstrips the cost of buying / servicing / maintaining multiple tape drives. Which is somewhere around the point where you purchase that 400th tape. Plus you need people who are technical enough to monitor the operations, deal with broken tapes, remember to clean the tape drives, etc. Makes a lot of sense in the big operations with multi-million IT budgets and a large technical staff.
For small/medium sized businesses, it's a heavy burden and they're far better suited with removable hard drives or attached external drives. Instead of being a big upfront cost, you can roll it out more slowly, buying a drive or two here, a drive or two there.
Ext2 is fine on Linux, but I haven't found any other OS with a halfway decent implementation, though. Sure, there are plenty of half-working implementations, but fsck on ext2 outside of linux? Forget it. UFS/FFS might have worked, but interoperability between implementations is pretty damn poor.
And besides, how would you have known, 20 years ago, that FAT and UFS would still be in-force? Maybe you thought some other OS was going to survive in the long-haul. Okay, well it didn't, nothing else knows the filesystem, and even if it ran on x86, your ancient OS doesn't have USB support, and is quirky enough it probably won't run on a modern PC... Hell, even tried to load Windows 95 on an K7 or better? Sure, there are patches, but only because Windows 95 survived.
Twenty years ago most file systems were proprietary and the implementations were all closed-source or wrapped up in NDAs.
Less of an issue these days, especially with the open-source file systems. Ext2/Ext3 are probably the safest bets at this point, maybe FAT/FAT32 (because it's such a simple file system and easily reverse engineered well enough that you can read the data).
And frankly, for long-term storage - you do not just put the data in a box and assume that it will be readable in 20 years. Every 3-5 years (tops) you need to be pulling those long-term archives, validating them, and possibly moving them to newer technology.
Is it something that I have to manually type in? Regularly? That protects real-world assets? Those passwords need to be reasonably easy to type and memorize. (Banks, work, primary email account, computer login.)
Is it for some random website on the internet, where I used an alias? Generate a random 8-24 character password using symbols / letters / numbers, then tell the browser to remember it. So what if I can't get into Slashdot for a few days / weeks while I dig up the password or go through a reset process?
(Alternately, store the password in a text file, encrypt the contents with GPG, and name the file after the site name. If my browser forgets the passwords for sites that I don't really care about, I can always go decrypt the text file. As a bonus, ASCII armored text is easily backed up. I can mail copies to myself, or print it out on a piece of paper and stuff it in a safe.)
Brute force attacks are easily thwarted. All you have to do is only allow a login attempt only once every second.
From a security standpoint - you must assume that:
- The attacker has your hash file
- They know the algorithm to generate the hash
- They know your salt method
- They have a lot more resources then you (10x-100x)
Depending on throttled login attempts only protects the actual passwords if the attacker does not have the hashes. So it's fine against opportunistic remote attacks, who are generally just rattling doorknobs as they walk down the hall (checking for common username/password combinations). Of course a lot of those attackers use botnets, with widely separated IP addresses across the globe, and each machine only tries once a minute on a different account/password pair.
Against the more focused attackers, you can't depend on throttling. Your password list is only a single successful SQL injection away from exposure. Or if you send hashes over the wire, a network sniff away from exposure.
Passwords being written down is not, by itself, a bad thing.
Passwords stuck to a keyboard or monitor? Bad.
Passwords buried in a notebook on a shelf? Definite grey area.
Passwords kept in your wallet on a nondescript piece of paper? Fairly decent. Most users manage to eventually memorize the password if it's one that they use every day, at which point they don't need the piece of paper.
(Password reset policies, however, play havoc with this because the users have to reset their passwords faster then they can learn the current one. Make them pick a strong password, have them put it on a slip of paper and keep it next to their money for a month, then don't expire that password for at least 6-12 months.)
Sorry, gotta ask: I've seen that "get off my lawn" so many times on slashdot, but never anywhere else - until recently I saw Clint do it in Gran Torino.
Is that where the expression was popularised?
No, it's been around for at least 20-30 years.
If you grew up in the suburbs/towns in the 70s/80s, a popular pastime was to make your lawn neatly trimmed, nice and green. Naturally, for the older folks, after spending all that time and effort - having a bunch of young hoodlums come tromping over your nicely manicured lawn would be a bit upsetting.
Especially since you were probably sitting out front on your favorite rocking chair enjoying a cool breeze.
But I can take an original 10 Mbps Ethernet device and plug it into a computer today, and it will work. That is not true of anything else on your list. (except software and/or protocols, but that does not count).
Which flavor of 10Mbps Ethernet? The old 10Base2 with the coaxial cabling? or the modern twisted-pair 10BaseT?
(And 10Base2 was around earlier then 10BaseT, by at least 2-3 years. We were using 10Base2 in 1987, 10BaseT wasn't until 1990-1992.)
Worse, coax 10Mbps was a shared medium with collisions out the wazoo. You were lucky if you got 2-3Mbps in a very busy segment due to the collisions and retransmissions.
Can you imagine spending even $5k for a computer now? Or $2k?
Yes - business grade laptops start at $2k and typically end up closer to $3k. Which usually means a 4 or 5 year warranty, hardware that works (because warranty support is expensive for the manufacturer), and hardware that will generally last 5-8 years.
Gaming desktops are generally $300 for the SSD drive (or a pair of 10k RPM drives), $150 for the motherboard, $150 for the case and PSU, $200 CPU, $200 video card, $100 RAM. Plus another $150 for the OS license and $150 for misc and sundry parts. Add a $200 monitor on there plus shipping fees and you are up around $2000 for a very good, but still moderately cost-efficient rig. Or you can settle for 20% less performance and do it for about $1200 in total.
Business desktops, OTOH, can generally be done for about $500 in hardware (maybe $450) plus OS / software licenses.
processors from 10 years ago were fast enough to surf the web, chat, and write documents
Only if you do one thing at a time, with nothing else running in the background, and you never switch between programs mid-task. And that includes never leaving a web page with Flash ads running.
Otherwise, I think that multi-core becoming cheap around 2006-2007 is the big change. A 1.5GHz single-core CPU is always going to feel sluggish because the CPU is constantly pegging at 100% busy, with no place to put the overflow work. Switch do a dual or quad core CPU, even at a slower clock rate (2 cores @ 800MHz) and responsiveness goes way up.
If my 1.5GHz laptop from 2003-2004 had been multi-core, I might still be using it. But the dual-core Thinkpad that I replaced it with in 2007 is just a whole lot more enjoyable to work with. And I suspect that I won't be upgrading again until 2012-2014.
(SSDs getting cheaper is going to be the next major shift. Once you get used to a system with an SSD, it's really hard to go back to using a 7200 or 5400 RPM hard drive as the primary disk.)
Eh - I've had my fill of 40mm fans. They're almost more of a panacea then an actual cooling solution. Minimum size is really 60-80mm. And good luck finding a 3.5" external USB case that provides that.
For down-and-dirty hooking up of SATA drives, look at the Thermaltake BlacX units. Drop the SATA drive in and turn it on. Just make sure you have some sort of fan to blow air over the drive as it sits there.
But if you're totally stuck on using external USB drives, just switch to the 2.5" sized units. Since laptop drives have never had active cooling, they tend to survive a bit better (and don't generate as much heat) then their larger 3.5" brethren. Biggest issue in the 2.5" size is power, which I think is mostly taken care of with USB3.
Apparently the disk pooling is done by Greyhole. It seems quite novel in that you get JBOD with user-selectable redundancy, a "JBOD concatenation storage pool" as the author calls it. I might finally have found a home for all those old IDE drives I have laying around!
Well, other then the fact that you'll be spending lots to hook up all those old IDE drives, plus the electricity to keep them spinning. And the heat, and the noise.
2TB 3.5" SATAs are only about $80.
Only use for older 3.5" IDE/SATA drives is *maybe* to stick them in an external USB case. And even then, only if they're over 200GB. Otherwise, may as well donate them and buy a little 2.5" 750GB USB3 drive. (By the time you find a 3.5" USB case that takes IDE drives and doesn't require some proprietary power connector / brick... those cases are rare.)
Other advantage of the external 2.5" drives, you can leave them unhooked until you need something off of them.
Apples just takes the concept and takes a lot of the black magic out of the system, then puts a useable UI on it.
Re:I wished it had quick download/uploads like CRT
on
PuTTY 0.61 Released
·
· Score: 1
Some things are easier to do on a GUI desktop with a mouse, such as diff tools. So unless you run an X server locally, or remote into the server, it's easier to bring the files down locally and work on them.
Slashdot Mirror
Which is why I prefer the Thinkpads where I can sacrifice the optical drive bay and put a 2.5" SATA drive in its place.
Fast SSD as the main drive, big slow magnetic drive in the optical bay for bulk storage.
And maybe a large-format SD card in the card-reader slot for a bit more storage.
I wanted a version control system for years. Tried to set up CVS. Too complicated. Tried SVN. Too complicated - and apparently it requires running Apache, which it's thousands of configuration options, each of which have to be understood how it affects security. Besides, I'm already running Nginx, so why would I want Apache?
/var/svn
You don't need Apache at all.
svn+ssh is a lot easier to setup, especially if you already SSH into the server where you're storing the SVN repository.
Or there's the straight file:// method for times where the SVN repo is on the same file system.
# cd
# svnadmin create somerepositoryname
# chgrp -R svngroup somerepositoryname
# chmod -R 770 somerepositoryname
# chmod -R g+s somerepositoryname/db
Make sure the users belong to "svngroup" and they can now get to it with svn+ssh://username@hostname/var/svn/somerepositoryname.
And if you setup your ~/.ssh/config file properly and use specific keys with the command= option for talking to the SVN server you can simplify that URL down to: svn+ssh://hostname/somerepositoryname.
Yep, except when you're on windows. That would be the escape character in the commandline. Friggin idiot who invented that stupid windows cli. "Hmmm, yes, let's not use POSIX! How about we invent our own standard and make it really crappy, and let's only follow it half of the time!"
Hence the quote:
"Those who don't understand UNIX are condemned to reinvent it, poorly." -- Henry Spencer
Try using carat (^) in a recent SVN client. If you're in a working directory, it's a stand-in for the base repository URL. so svn+ssh://foo.bar.biz/svn/widget/trunk could be written as: ^/trunk
I would still love to be able to refer to any item in the repository as some UUID, random generated when the item is first added to the repository.
Then you could reorganize your folder structure in the SVN repo without breaking all of your svn:externals.
So instead of svn:externals pointing at ^/trunk/some/subdirectory, you could just point it at ^UUID:abcdef0123456789.
Eh, as nice as the AA/AAA battery devices are - they fall down in the "thin" department, which makes a big difference.
I prefer my Sansa Fuze 8GB (with an 8GB expansion card), which is only 0.3" thick.
If the media cost was about 1/5 that of portable magnetic hard drives, then optical would still make sense. Then there's the issue that optical storage density has lagged horribly behind hard drive sizes.
BD-R is still something like $0.25/GB. Horribly expensive compared to little 2.5" external drives which are about $0.12 to $0.14 per GB. You don't have to divide your data up into little 25GB chunks or deal with switching disks 20x to store 500GB. Most machines have USB ports, not many machines have BD drives.
BD-R media would have to sell for $0.04/GB ($1/disk) in order to be competitive against current external drives. And they would need to drive prices down to $0.02/GB per disk within two years to stay competitive.
I generally store things on 2.5" drives, then make (2) backup copies onto larger (and cheaper) 3.5" drives using an external USB to SATA drive "toaster" (Thermaltake BlacX).
Or can somebody tell me if the cooling of the HDs is ok if they are stacked like in the picture?
It doesn't take much airflow at all to keep drives down around 35-40C. Even a light breeze can be enough to drop drive temperatures 5-10C. They're only 5-10W devices (for 3.5" drives) which means they're easy to cool in comparison to the 100-200W video cards or the 95-150W CPUs.
Which will never happen until Microsoft is forced to split out the OS division from the Office division from the hardware division, etc.
It would free up the various teams to improve their products, work on other operating systems, without having to toe the line of being incompatible with other systems on purpose - just to reinforce the monopoly in other markets.
I could have done it in one line using sed.
Cygwin.
Which would have let you skip directly to step 2 - "use sed".
Tape backups require care and feeding. Cleaning the tape drives, monitoring for bad tapes, running verify operations on the backups, rotating out old media on a regular basis, constantly bringing new media into the pool.
Only the bigger firms with the big IT budgets and people who can monitor the drives and backup process for at least 1-2 hours a day can pull that off.
Everyone else tries to do it on a half-hour a day with someone that is being paid minimum wage because they think you only need to swap tapes as requested and it will magically work. They don't do verify cycles, don't do test restores once a month, and nobody ever looks at the backup report to see if it ran.
Tape only makes sense once you cross the line where the cost of the media outstrips the cost of buying / servicing / maintaining multiple tape drives. Which is somewhere around the point where you purchase that 400th tape. Plus you need people who are technical enough to monitor the operations, deal with broken tapes, remember to clean the tape drives, etc. Makes a lot of sense in the big operations with multi-million IT budgets and a large technical staff.
For small/medium sized businesses, it's a heavy burden and they're far better suited with removable hard drives or attached external drives. Instead of being a big upfront cost, you can roll it out more slowly, buying a drive or two here, a drive or two there.
Ext2 is fine on Linux, but I haven't found any other OS with a halfway decent implementation, though. Sure, there are plenty of half-working implementations, but fsck on ext2 outside of linux? Forget it. UFS/FFS might have worked, but interoperability between implementations is pretty damn poor.
And besides, how would you have known, 20 years ago, that FAT and UFS would still be in-force? Maybe you thought some other OS was going to survive in the long-haul. Okay, well it didn't, nothing else knows the filesystem, and even if it ran on x86, your ancient OS doesn't have USB support, and is quirky enough it probably won't run on a modern PC... Hell, even tried to load Windows 95 on an K7 or better? Sure, there are patches, but only because Windows 95 survived.
Twenty years ago most file systems were proprietary and the implementations were all closed-source or wrapped up in NDAs.
Less of an issue these days, especially with the open-source file systems. Ext2/Ext3 are probably the safest bets at this point, maybe FAT/FAT32 (because it's such a simple file system and easily reverse engineered well enough that you can read the data).
And frankly, for long-term storage - you do not just put the data in a box and assume that it will be readable in 20 years. Every 3-5 years (tops) you need to be pulling those long-term archives, validating them, and possibly moving them to newer technology.
Classify your passwords:
Is it something that I have to manually type in? Regularly? That protects real-world assets? Those passwords need to be reasonably easy to type and memorize. (Banks, work, primary email account, computer login.)
Is it for some random website on the internet, where I used an alias? Generate a random 8-24 character password using symbols / letters / numbers, then tell the browser to remember it. So what if I can't get into Slashdot for a few days / weeks while I dig up the password or go through a reset process?
(Alternately, store the password in a text file, encrypt the contents with GPG, and name the file after the site name. If my browser forgets the passwords for sites that I don't really care about, I can always go decrypt the text file. As a bonus, ASCII armored text is easily backed up. I can mail copies to myself, or print it out on a piece of paper and stuff it in a safe.)
Brute force attacks are easily thwarted. All you have to do is only allow a login attempt only once every second.
From a security standpoint - you must assume that:
- The attacker has your hash file
- They know the algorithm to generate the hash
- They know your salt method
- They have a lot more resources then you (10x-100x)
Depending on throttled login attempts only protects the actual passwords if the attacker does not have the hashes. So it's fine against opportunistic remote attacks, who are generally just rattling doorknobs as they walk down the hall (checking for common username/password combinations). Of course a lot of those attackers use botnets, with widely separated IP addresses across the globe, and each machine only tries once a minute on a different account/password pair.
Against the more focused attackers, you can't depend on throttling. Your password list is only a single successful SQL injection away from exposure. Or if you send hashes over the wire, a network sniff away from exposure.
Passwords being written down is not, by itself, a bad thing.
Passwords stuck to a keyboard or monitor? Bad.
Passwords buried in a notebook on a shelf? Definite grey area.
Passwords kept in your wallet on a nondescript piece of paper? Fairly decent. Most users manage to eventually memorize the password if it's one that they use every day, at which point they don't need the piece of paper.
(Password reset policies, however, play havoc with this because the users have to reset their passwords faster then they can learn the current one. Make them pick a strong password, have them put it on a slip of paper and keep it next to their money for a month, then don't expire that password for at least 6-12 months.)
Sorry, gotta ask: I've seen that "get off my lawn" so many times on slashdot, but never anywhere else - until recently I saw Clint do it in Gran Torino. Is that where the expression was popularised?
No, it's been around for at least 20-30 years.
If you grew up in the suburbs/towns in the 70s/80s, a popular pastime was to make your lawn neatly trimmed, nice and green. Naturally, for the older folks, after spending all that time and effort - having a bunch of young hoodlums come tromping over your nicely manicured lawn would be a bit upsetting.
Especially since you were probably sitting out front on your favorite rocking chair enjoying a cool breeze.
But I can take an original 10 Mbps Ethernet device and plug it into a computer today, and it will work. That is not true of anything else on your list. (except software and/or protocols, but that does not count).
Which flavor of 10Mbps Ethernet? The old 10Base2 with the coaxial cabling? or the modern twisted-pair 10BaseT?
(And 10Base2 was around earlier then 10BaseT, by at least 2-3 years. We were using 10Base2 in 1987, 10BaseT wasn't until 1990-1992.)
Worse, coax 10Mbps was a shared medium with collisions out the wazoo. You were lucky if you got 2-3Mbps in a very busy segment due to the collisions and retransmissions.
Can you imagine spending even $5k for a computer now? Or $2k?
Yes - business grade laptops start at $2k and typically end up closer to $3k. Which usually means a 4 or 5 year warranty, hardware that works (because warranty support is expensive for the manufacturer), and hardware that will generally last 5-8 years.
Gaming desktops are generally $300 for the SSD drive (or a pair of 10k RPM drives), $150 for the motherboard, $150 for the case and PSU, $200 CPU, $200 video card, $100 RAM. Plus another $150 for the OS license and $150 for misc and sundry parts. Add a $200 monitor on there plus shipping fees and you are up around $2000 for a very good, but still moderately cost-efficient rig. Or you can settle for 20% less performance and do it for about $1200 in total.
Business desktops, OTOH, can generally be done for about $500 in hardware (maybe $450) plus OS / software licenses.
And what are you doing that actually requires that 3GHz?
Dwarf Fortress, once you get past 150-200 dwarves.
processors from 10 years ago were fast enough to surf the web, chat, and write documents
Only if you do one thing at a time, with nothing else running in the background, and you never switch between programs mid-task. And that includes never leaving a web page with Flash ads running.
Otherwise, I think that multi-core becoming cheap around 2006-2007 is the big change. A 1.5GHz single-core CPU is always going to feel sluggish because the CPU is constantly pegging at 100% busy, with no place to put the overflow work. Switch do a dual or quad core CPU, even at a slower clock rate (2 cores @ 800MHz) and responsiveness goes way up.
If my 1.5GHz laptop from 2003-2004 had been multi-core, I might still be using it. But the dual-core Thinkpad that I replaced it with in 2007 is just a whole lot more enjoyable to work with. And I suspect that I won't be upgrading again until 2012-2014.
(SSDs getting cheaper is going to be the next major shift. Once you get used to a system with an SSD, it's really hard to go back to using a 7200 or 5400 RPM hard drive as the primary disk.)
Eh - I've had my fill of 40mm fans. They're almost more of a panacea then an actual cooling solution. Minimum size is really 60-80mm. And good luck finding a 3.5" external USB case that provides that.
For down-and-dirty hooking up of SATA drives, look at the Thermaltake BlacX units. Drop the SATA drive in and turn it on. Just make sure you have some sort of fan to blow air over the drive as it sits there.
But if you're totally stuck on using external USB drives, just switch to the 2.5" sized units. Since laptop drives have never had active cooling, they tend to survive a bit better (and don't generate as much heat) then their larger 3.5" brethren. Biggest issue in the 2.5" size is power, which I think is mostly taken care of with USB3.
Apparently the disk pooling is done by Greyhole. It seems quite novel in that you get JBOD with user-selectable redundancy, a "JBOD concatenation storage pool" as the author calls it. I might finally have found a home for all those old IDE drives I have laying around!
Well, other then the fact that you'll be spending lots to hook up all those old IDE drives, plus the electricity to keep them spinning. And the heat, and the noise.
2TB 3.5" SATAs are only about $80.
Only use for older 3.5" IDE/SATA drives is *maybe* to stick them in an external USB case. And even then, only if they're over 200GB. Otherwise, may as well donate them and buy a little 2.5" 750GB USB3 drive. (By the time you find a 3.5" USB case that takes IDE drives and doesn't require some proprietary power connector / brick... those cases are rare.)
Other advantage of the external 2.5" drives, you can leave them unhooked until you need something off of them.
Rsync is basically just doing a copy.
And it's not hard to tell rsync to create a copy before it does the sync (Easy Automated Snapshot-Style Backups with Linux and Rsync).
Although personally, I prefer rdiff-backup.
Apples just takes the concept and takes a lot of the black magic out of the system, then puts a useable UI on it.
Some things are easier to do on a GUI desktop with a mouse, such as diff tools. So unless you run an X server locally, or remote into the server, it's easier to bring the files down locally and work on them.