No need to erase the target on Windows. Use something like "Second Copy 7" (the alternative on Linux would be an rsync style tool).
You can even tell it to put changed/deleted files into another location, and to keep up to N-versions of changed files.
Combine that with Acronis True Image (or Norton Ghost, or even a Linux boot CD with the proper tools) to make an image of your operating system drive periodically.
- the staff to babysit the drive every night, and clean it regularly
- multiple tape drives, so you can deal with one dying, and you can do a restore without mucking about with the primary drive
- the deep pockets to sink $2k to $3k for each drive, plus all of the tapes you need to do a typical rotation (figure another few thousand)
- and you'll need to purchase a new, larger drive every few years, along with all new tapes
On the flip side, hard drive based storage is extremely attractive because:
- low cost to get started (2 drives and 2 external enclosures)
- no special hardware required to read it on any machine
- random access to your backup data, no 15-20 minute restore sessions (only to find out that you specified something incorrectly)
- easy to upgrade
Tape works well for high-volume applications where you're dealing with multiple tapes per day, have strict requirements, and you're working in the realm of hundreds of tapes or more. Basically, Fortune 500 sized businesses.
For smaller companies / organizations and individuals, tape makes a lot less sense.
Assuming that there's nothing else on on the USB bus that slows operations (such as an old version 1.1 device), you'll generally see 20-25 megabytes per second for sequential writes to modern disks.
Which is still about 8-10 hours to write 700GB worth of data to the disk.
Modern hard disks (750GB, 1TB, 7200rpm) can handle about 70-80 MB/s of sequential reads/writes now. eSATA does a better job of keeping up with this, but for the most part you can't hot-plug eSATA.
We would like to protect against accidental deletion of files, file corruption, or edits to a file that we have now reconsidered. This can be done with snapshotting. In source code, to reconsider and edit to a file is fairly common, and is the reason why most programming projects use revision control systems. Other options like nilfs or ZFS snapshots can also fill this goal. This goal is accomplished more easily if the backups area automatic and the backup device is live on the system.
The solution for this on a Linux box is FSVS paired with a Subversion backend repository.
Once you have the machine configured (ignoring directories like/tmp,/home, media folders, or other things that you really don't want versioned), every time you make a change to configuration files, you simply check in the changes:
# fsvs ci -m "blah blah blah"/path/to/filename
You could also script that to run at say 4am every morning to check-in things that you forgot to check-in.
It's a wonderful tool for tracking changes to/etc files. Or for figuring out what changed that might have broken something. Plus I can (with the proper permissions on the SVN repository) open up the repository and browse the history from another machine. Such as looking at changes from my laptop running TortoiseSVN and using the visual diff tool of TSVN.
19KB compressed over dial-up is somewhere in the range of 3.8 to 6.3 seconds.
That's a fair length of time. The usual design goal back in the dial-up days was to have your page load in 5 seconds or less. Which generally means the entire content needs to be in the 30-50KB range. So a 19KB library, even if that's the compressed size, adds a number of seconds to the first page visit.
(I define dial-up as anywhere from 30-50Kbps, or about 3000-5000 bytes per second.)
Personally, I browse with Javascript turned off, except for a few handfuls of sites that I absolutely have a need to use and won't work without Javascript turned on.
You can put PAR2 files on a video DVD, just PAR2 the files in the VIDEO_TS folder. The vast majority of DVD players will simply ignore the files with the PAR2 extension.
A lot of companies have been holding off an upgrade from Windows XP for years now, because Vista was such a dog's breakfast. So they had already planned on upgrading to whatever came after Vista if the early word was even slightly positive.
We specifically upgraded our old Win98/Win2k machines on an accelerated schedule in order to be done before WinXP could no longer be purchased. Which allowed us to completely avoid deploying Vista.
So far, it sounds like Win7 will be a decent successor to XP. So when we start replacing machines in 2010-2012, we'll likely be putting Win7 on them and not downgrading to XP.
For our small business, the upgrade cycle has always been a lot longer. Most machines made since ~2002 run XP just fine (1.5GHz CPU or faster, at least 512MB of RAM). Our newer, dual-core, 2GB RAM machines have an expected lifespan of at least 6 years and hopefully 9-12.
The pace of progress is definitely slowing down. What will kill machines now is hardware failure more so then obsolescence due to speed/performance.
On the upside, not having to buy new machines every 3-4 years will mean we can finally upgrade to new monitors. At least once the purse strings loosen back up towards the end of 2010.
Better support for 64bit and memory > 4GB is probably the key driver for us.
Right now, all of our machines were recently (3 year migration off of Win98) moved up to WinXP in advance of Vista and the sunset of XP. They're all dual-core, 1.8GHz or faster, 64bit machines, with 2GB RAM (upgradeable to 4GB). So we're sitting in a very good spot that allowed us to avoid the whole Vista debacle.
If I wanted, I could roll out Win7 to these machines and probably see good results. We won't, because we don't nee to spend that money. And we're also in a bit of batten down the hatches mode until at least 2010 due to the economy.
However, looking down the road, I can easily see us buying machines with 4GB or 8GB as standard starting in 2010/2011. Memory is extremely inexpensive now (at least for DDR2). WinXP will be getting extremely long in the tooth by then, so we'll need to put something more modern on the new machines.
So I figure in late-2010, or whenever SP1 hits, is when we might migrate existing systems to Win7. It will depend on how compelling it is and how well it runs on existing machines and whether it will simplify things to have everyone on the same platform.
Like most things, if you have to ask "who needs this?", the answer is not you.
The question is more "is this snakeoil" and "what attacks does it work against". In this particular case, the product does nothing to prevent key-logging attacks, and once the attacker has the password, your data is at their fingertips.
I would be much more interested to see an external product requiring the entry of a PIN before you could access the data. It would be a lot harder to hack the unit to intercept the PIN without the user noticing. (Keyboard sniffers are small and easily blend in with the PS/2 cable.)
Something in a 2.5" form factor, allowing you to insert any old 2.5" drive might be very useful.
I could have been happy using WordPerfect 5.1 for the rest of my life -- it did everything I need a word processor to do.
Hmmm, meanwhile the technical writers at a company I worked for back around 1990 liked to call it WordStupid.
(Granted, they were doing extremely complex documentation...)
I figure we'll upgrade off of Office 2003 sometime around 2011/2012...
Re:What are the best practices?
on
R.I.P. FTP
·
· Score: 1
Are there any recognized best practices for SSH public key distribution?
Typically, you don't distribute the key itself, but rather the fingerprint. The important thing is that the fingerprint needs to be distributed over a channel not compromised by an attacker. So via email, or posted on a bulletin board, or passed around in a memo, or posted on a message board, or website.
The methods for verifying a SSH host public key are the same as verifying a GPG/PGP public key. It's just that SSH hosts don't have that whole web of trust thing going that GPG/PGP keys have. So you might find best practices by searching for verification of GPG or PGP keys (such as key signing parties).
Store your credentials in a plain text file (one per site), with the contents encrypted as a PGP/GPG ASCII block. Easy to backup, you could even just print out the contents of the text file, or mail it to some other location.
The trade-off is that you have to keep your PGP/GPG key secure.
Personally, for the less sensitive sites, I give them a random 18-32 character password and let the browser simply store it. Although I still store the credentials in GPG encrypted text files.
Whatever you do, forget the built-in design of Oblivion and install Oscuro's Oblivion Overhaul, which makes the game feel a lot more traditional. High level bosses are no longer beatable at level 1, low level critters are no longer a threat at high levels.
Which makes a lot more sense then Bethesda's design. Unfortunately, it doesn't fix Shivering Isles. So you may wish to go do Shivering Isles content first.
If you dally, it now takes about 3 hours per level in the 20s and 30s. So figure *maybe* 150 hours of gameplay to get to 60. And possibly as low as 100 hours. So you're only looking at maybe a month to get to 60.
You can then cruise through the 60s in another 30-45 hours. Figure 2 more weeks.
And the 70s take about 5-7 hours per level. So there's another 50-70 hours.
So, within 3-4 months of starting from scratch, you're pretty much caught up with the existing players. At which point you have to figure out what you're going to do for the next 1-2 years in the game. Do you do battlegrounds, arena, raids, crafting, exploration, questing, achievements, socialize or roleplay?
Back prior to Burning Crusade, most people said that it took about 6 months to get to max level (60). So Blizzard has basically doubled the leveling speed to get to max level (80).
Hell, just take up Herbalism or Mining along with Skinning at the start and sell the raw materials at the AH. A pair of gathering professions will quickly bring in enough gold to play in comfort.
Heck, I'm falling into this cycle while waiting for patches. I'v done Uldar a few times, I know I'll never finish it. So now I'm bored and waiting for the next patch to come out and give those raids a try.
Ulduar is not that hard. Our casual, roleplay oriented, guild on Moonguard are steadily working our way through it. We beat General Vezax two weeks ago. It requires folks to pay attention, move when needed, and target the right things at the right time. By casual, I mean that most folks are only raiding for 3-8 hours per week.
Now at the start of 3.1, Ulduar-10 was stupid-hard. There were a lot of bad design decisions on mobs like Ignis, Iron Council, etc. that were definitely unbalanced. And the linear design of the dungeon with very few optional bosses makes for a long crawl that is difficult to clear unless you take 2 nights.
(Our best clear time for Naxx-10 was a shade under 4 hours. Which was nice because it made Naxx a lot more enjoyable when we weren't spending 2 nights in there.)
The hosts stuff is a load of crap too, the top parent doesn't seem to understand what the hosts file is for, it's certainly not designed to be used as a 650,000 entry blacklist, it's merely meant to contain a couple of hosts and even then only as a fix for broken DNS. Filtering of base hosts should not be done in the hosts file, that's a really bad hack for someone who simply does not understand how to build their own security layer to filter inbound/outbound connections but a hack with negative repercussions - the hosts file has to be accessed and 650,000 names have to be checked every time you access a host, that's going to slow down your DNS lookups massively.
Prior to the invention of DNS, hosts files were the only way to do name -> address lookups on a IP network. So hosts files quickly became rather large.
(We're just lucky they didn't add some concept of #include to the hosts file. That might have pushed the concept of DNS back another decade.)
The bigger possibility is that this module is just one of many included in the download. Which does not imply that this is the module that will fire off on a particular day.
And you get better headlines with "OMG End of the Internet" then "Oh, they downloaded a new update today".
Slashdot Mirror
On the Windows side, try Second Copy 7.
On the Linux side, rdiff-backup has a very simple syntax.
No need to erase the target on Windows. Use something like "Second Copy 7" (the alternative on Linux would be an rsync style tool).
You can even tell it to put changed/deleted files into another location, and to keep up to N-versions of changed files.
Combine that with Acronis True Image (or Norton Ghost, or even a Linux boot CD with the proper tools) to make an image of your operating system drive periodically.
Tape is considered undesirable if you don't have:
- the staff to babysit the drive every night, and clean it regularly
- multiple tape drives, so you can deal with one dying, and you can do a restore without mucking about with the primary drive
- the deep pockets to sink $2k to $3k for each drive, plus all of the tapes you need to do a typical rotation (figure another few thousand)
- and you'll need to purchase a new, larger drive every few years, along with all new tapes
On the flip side, hard drive based storage is extremely attractive because:
- low cost to get started (2 drives and 2 external enclosures)
- no special hardware required to read it on any machine
- random access to your backup data, no 15-20 minute restore sessions (only to find out that you specified something incorrectly)
- easy to upgrade
Tape works well for high-volume applications where you're dealing with multiple tapes per day, have strict requirements, and you're working in the realm of hundreds of tapes or more. Basically, Fortune 500 sized businesses.
For smaller companies / organizations and individuals, tape makes a lot less sense.
Assuming that there's nothing else on on the USB bus that slows operations (such as an old version 1.1 device), you'll generally see 20-25 megabytes per second for sequential writes to modern disks.
Which is still about 8-10 hours to write 700GB worth of data to the disk.
Modern hard disks (750GB, 1TB, 7200rpm) can handle about 70-80 MB/s of sequential reads/writes now. eSATA does a better job of keeping up with this, but for the most part you can't hot-plug eSATA.
We would like to protect against accidental deletion of files, file corruption, or edits to a file that we have now reconsidered. This can be done with snapshotting. In source code, to reconsider and edit to a file is fairly common, and is the reason why most programming projects use revision control systems. Other options like nilfs or ZFS snapshots can also fill this goal. This goal is accomplished more easily if the backups area automatic and the backup device is live on the system.
/tmp, /home, media folders, or other things that you really don't want versioned), every time you make a change to configuration files, you simply check in the changes:
/path/to/filename
/etc files. Or for figuring out what changed that might have broken something. Plus I can (with the proper permissions on the SVN repository) open up the repository and browse the history from another machine. Such as looking at changes from my laptop running TortoiseSVN and using the visual diff tool of TSVN.
The solution for this on a Linux box is FSVS paired with a Subversion backend repository.
Once you have the machine configured (ignoring directories like
# fsvs ci -m "blah blah blah"
You could also script that to run at say 4am every morning to check-in things that you forgot to check-in.
It's a wonderful tool for tracking changes to
And... a lot of times in written communication, I simply say "pgsql".
I do try to capitalize PostgreSQL in more formal communication / documentation, however.
19KB compressed over dial-up is somewhere in the range of 3.8 to 6.3 seconds.
That's a fair length of time. The usual design goal back in the dial-up days was to have your page load in 5 seconds or less. Which generally means the entire content needs to be in the 30-50KB range. So a 19KB library, even if that's the compressed size, adds a number of seconds to the first page visit.
(I define dial-up as anywhere from 30-50Kbps, or about 3000-5000 bytes per second.)
Personally, I browse with Javascript turned off, except for a few handfuls of sites that I absolutely have a need to use and won't work without Javascript turned on.
Though it's no help on DVDs
You can put PAR2 files on a video DVD, just PAR2 the files in the VIDEO_TS folder. The vast majority of DVD players will simply ignore the files with the PAR2 extension.
You can't exactly hop on your friend's XP box and run an X application from a remote server, unless he happens to have Exceed installed (for $$$).
Actually, you can. There do exist free X servers for Windows, see XMing.
For a true math joke, you would have done that as "multiply divide add subtract" (or "My dear aunt Sally") in order to get the precedence correct.
A lot of companies have been holding off an upgrade from Windows XP for years now, because Vista was such a dog's breakfast. So they had already planned on upgrading to whatever came after Vista if the early word was even slightly positive.
We specifically upgraded our old Win98/Win2k machines on an accelerated schedule in order to be done before WinXP could no longer be purchased. Which allowed us to completely avoid deploying Vista.
So far, it sounds like Win7 will be a decent successor to XP. So when we start replacing machines in 2010-2012, we'll likely be putting Win7 on them and not downgrading to XP.
For our small business, the upgrade cycle has always been a lot longer. Most machines made since ~2002 run XP just fine (1.5GHz CPU or faster, at least 512MB of RAM). Our newer, dual-core, 2GB RAM machines have an expected lifespan of at least 6 years and hopefully 9-12.
The pace of progress is definitely slowing down. What will kill machines now is hardware failure more so then obsolescence due to speed/performance.
On the upside, not having to buy new machines every 3-4 years will mean we can finally upgrade to new monitors. At least once the purse strings loosen back up towards the end of 2010.
Better support for 64bit and memory > 4GB is probably the key driver for us.
Right now, all of our machines were recently (3 year migration off of Win98) moved up to WinXP in advance of Vista and the sunset of XP. They're all dual-core, 1.8GHz or faster, 64bit machines, with 2GB RAM (upgradeable to 4GB). So we're sitting in a very good spot that allowed us to avoid the whole Vista debacle.
If I wanted, I could roll out Win7 to these machines and probably see good results. We won't, because we don't nee to spend that money. And we're also in a bit of batten down the hatches mode until at least 2010 due to the economy.
However, looking down the road, I can easily see us buying machines with 4GB or 8GB as standard starting in 2010/2011. Memory is extremely inexpensive now (at least for DDR2). WinXP will be getting extremely long in the tooth by then, so we'll need to put something more modern on the new machines.
So I figure in late-2010, or whenever SP1 hits, is when we might migrate existing systems to Win7. It will depend on how compelling it is and how well it runs on existing machines and whether it will simplify things to have everyone on the same platform.
Like most things, if you have to ask "who needs this?", the answer is not you.
The question is more "is this snakeoil" and "what attacks does it work against". In this particular case, the product does nothing to prevent key-logging attacks, and once the attacker has the password, your data is at their fingertips.
I would be much more interested to see an external product requiring the entry of a PIN before you could access the data. It would be a lot harder to hack the unit to intercept the PIN without the user noticing. (Keyboard sniffers are small and easily blend in with the PS/2 cable.)
Something in a 2.5" form factor, allowing you to insert any old 2.5" drive might be very useful.
I could have been happy using WordPerfect 5.1 for the rest of my life -- it did everything I need a word processor to do.
Hmmm, meanwhile the technical writers at a company I worked for back around 1990 liked to call it WordStupid.
(Granted, they were doing extremely complex documentation...)
I figure we'll upgrade off of Office 2003 sometime around 2011/2012...
Are there any recognized best practices for SSH public key distribution?
Typically, you don't distribute the key itself, but rather the fingerprint. The important thing is that the fingerprint needs to be distributed over a channel not compromised by an attacker. So via email, or posted on a bulletin board, or passed around in a memo, or posted on a message board, or website.
The methods for verifying a SSH host public key are the same as verifying a GPG/PGP public key. It's just that SSH hosts don't have that whole web of trust thing going that GPG/PGP keys have. So you might find best practices by searching for verification of GPG or PGP keys (such as key signing parties).
Well, third-party clients, Yes. But, why is that in 2009, Microsoft doesn't ship a client (or a server) that does SFTP with their OS?
"Those who don't understand unix are doomed to reinvent it, poorly." -- Henry Spencer
(Actually, as mentioned elsewhere, they do finally provide FTPS or SFTP in IIS7 on Win2008 server.)
Okay, the smart move for all of these websites.
Store your credentials in a plain text file (one per site), with the contents encrypted as a PGP/GPG ASCII block. Easy to backup, you could even just print out the contents of the text file, or mail it to some other location.
The trade-off is that you have to keep your PGP/GPG key secure.
Personally, for the less sensitive sites, I give them a random 18-32 character password and let the browser simply store it. Although I still store the credentials in GPG encrypted text files.
Whatever you do, forget the built-in design of Oblivion and install Oscuro's Oblivion Overhaul, which makes the game feel a lot more traditional. High level bosses are no longer beatable at level 1, low level critters are no longer a threat at high levels.
Which makes a lot more sense then Bethesda's design. Unfortunately, it doesn't fix Shivering Isles. So you may wish to go do Shivering Isles content first.
If you dally, it now takes about 3 hours per level in the 20s and 30s. So figure *maybe* 150 hours of gameplay to get to 60. And possibly as low as 100 hours. So you're only looking at maybe a month to get to 60.
You can then cruise through the 60s in another 30-45 hours. Figure 2 more weeks.
And the 70s take about 5-7 hours per level. So there's another 50-70 hours.
So, within 3-4 months of starting from scratch, you're pretty much caught up with the existing players. At which point you have to figure out what you're going to do for the next 1-2 years in the game. Do you do battlegrounds, arena, raids, crafting, exploration, questing, achievements, socialize or roleplay?
Back prior to Burning Crusade, most people said that it took about 6 months to get to max level (60). So Blizzard has basically doubled the leveling speed to get to max level (80).
Hell, just take up Herbalism or Mining along with Skinning at the start and sell the raw materials at the AH. A pair of gathering professions will quickly bring in enough gold to play in comfort.
I suspect it's server-specific.
You might find an easier time on a roleplay server like Moonguard. There's a larger portion of the player base who are no just rushing to 80.
Heck, I'm falling into this cycle while waiting for patches. I'v done Uldar a few times, I know I'll never finish it. So now I'm bored and waiting for the next patch to come out and give those raids a try.
Ulduar is not that hard. Our casual, roleplay oriented, guild on Moonguard are steadily working our way through it. We beat General Vezax two weeks ago. It requires folks to pay attention, move when needed, and target the right things at the right time. By casual, I mean that most folks are only raiding for 3-8 hours per week.
Now at the start of 3.1, Ulduar-10 was stupid-hard. There were a lot of bad design decisions on mobs like Ignis, Iron Council, etc. that were definitely unbalanced. And the linear design of the dungeon with very few optional bosses makes for a long crawl that is difficult to clear unless you take 2 nights.
(Our best clear time for Naxx-10 was a shade under 4 hours. Which was nice because it made Naxx a lot more enjoyable when we weren't spending 2 nights in there.)
The hosts stuff is a load of crap too, the top parent doesn't seem to understand what the hosts file is for, it's certainly not designed to be used as a 650,000 entry blacklist, it's merely meant to contain a couple of hosts and even then only as a fix for broken DNS. Filtering of base hosts should not be done in the hosts file, that's a really bad hack for someone who simply does not understand how to build their own security layer to filter inbound/outbound connections but a hack with negative repercussions - the hosts file has to be accessed and 650,000 names have to be checked every time you access a host, that's going to slow down your DNS lookups massively.
Prior to the invention of DNS, hosts files were the only way to do name -> address lookups on a IP network. So hosts files quickly became rather large.
(We're just lucky they didn't add some concept of #include to the hosts file. That might have pushed the concept of DNS back another decade.)
The bigger possibility is that this module is just one of many included in the download. Which does not imply that this is the module that will fire off on a particular day.
And you get better headlines with "OMG End of the Internet" then "Oh, they downloaded a new update today".