We had a guy who thought the best way to backup the datacenter years ago was to take 1 of the RAID1 drives out of every server, put them into a large padded/locked pelican case and store it offsite. We spent weeks begging him not to do this.
We lost about 30-40 Ultra320 SCSI disks in a year (riding in vans is not good for hard drives, who knew!) along with about 10 disk back planes in HP servers (from the drive swapping in and out).
I'm glad you had good luck. I would not trust customers data with what you've described. I'd put an encrypted copy on two tapes and store them at two different locations. To each his own I suppose.
It really depends if it's offsite. 100MB/s (800mb/s) is more WAN bandwidth than most organizations have (especially one's that find LTO4 to be cost prohibitive). I also disagree with your concerns over redundancy, which like you said, could be built into the application layer. It seems to work pretty well for Google. Don't build N+1 redundancy into every box just buy two boxes and put them in two different locations.
Basically we need cost and performance guidelines to really determine what is and what is not an effective solution for the original poster.
Are you doing disk to tape to tape or disk to tape and the disk to tape again? or disk to disk to tape/tape? are you using LTO4? Just curious, because that seems like a lot of data to backup to tape (twice! every night!)
You really think they don't use compromised hosts elsewhere to mount these attacks? Guess where the LEAST likely source address an attack from China would probably come from? Right. APNIC address space in China.
Boss's browser is configured to use Websense proxy (running on Linux actually, Websense Security Gateway). All traffic blocked at firewall, only Websense allowed out and only via destination port 80 and port 443 (and other specific allows for certains servers/apps to specific destination networks). Uncategorized sites are blocked in Websense. Cisco Botnet filtering installed on ASA's at the edge. Sourcefire IDS monitoring. Ironport e-mail gateways filtering spam. Trend anti-virus running on everything running Windows.
And most importantly - constant user training, re-training and reminders.
I'm sure I missed a few other security components I take for granted but that should be enough to cover it. I work for a medium sized health care company, nothing fancy.
From a technical perspective I think UAC was a huge step in the right direction. From a usability standpoint I think they really shot themselves in the foot. You're assuming the exact same people are saying both of these things, when that's obviously not the case. You create this abstract group of people ("linux fanbois") and then attribute every argument against Microsoft to them as if everyone is saying the exact same thing. They're not. It's a sweeping generalization.
I highly HIGHLY recommend a flash blocking add-on like FlashBlock for Firefox. There will be a play button where all the embeded flash videos would be and it won't load them until you click play. You can of course whitelist sites that you'd like to load all flash from. But now you don't have to have those 10 pages in tabs each with 2, 3 or more flash ads or graphics eating up CPU cycles.
There used to be a ramdrive.sys but turns out the OS is smarter than us when trying to use RAM as a cache.
Here's a reference to it in an article for troubleshooting memory problems: http://support.microsoft.com/kb/142546
The last article specifically said RAM was nearly exhausted and there was excessive paging to disk. No one cares if RAM is full or not, if it's unused it's wasted anyway. The concern is having 85% memory utilization and then paging memory out to the pagefile.
To cover 95% of the work done by your average programmer just go to a local university and see if you can audit a data structures class. This is assuming you're already competent in general.
100mb/s yes, 300mb/s becomes a little trickier. We can support DOCSIS 3.0 (capable of 150mb/s) using a lot of the current cable infrastructure. To get to 300mb/s requires a new physical cable plant, be it fiber optic or something else - you need new wires in the ground (or wireless). That's not a small undertaking by any means. The growth curve will not be linear with respect to broadband speeds because of the infrastructure.
What we're going to do is have companies like Verizon and Google run fiber to every home. We're going to have companies like Verizon Wireless, AT&T and Clear deploy WiMax coast to coast. These things take time. The US is huge. In major metro areas we already have speeds comparable to some of the best (government run, paid-for-by-taxes) internet access in the world. You can already get 100mb/s DOCSIS 3.0 cable in major metro areas. Verizon FiOS is available in 12.7 million homes (as of 2009). The problem is rolling out these services to a piece of land the size of the US.
I'm not making excuses, I'm just explaining. For example, Japan is 145,000 square miles and has a GDP of US$4.3T, the US is 3.7 million square miles with a GDP of US$14.4T. So the US is physically 25 and 1/2 times larger but has less than 4x the GDP. I'm just trying to illustrate the scope here. You cannot compare national broadband deployments between the US and physically, relatively speaking, small Asian countries.
It's against the terms of service of basically every ISP to share the connection via wireless. Yes, you could probably get away with it. Just pointing it out.
That would be great if the broadband market wasn't a state-sponsored duoploy between LECs and cable company managed service areas. The problem is that because the government has granted these two classes of providers a shared monopoly they have to be much more involved.
See I never understood how that's going to shake out. Verizon is clearly rolling out FiOS in locations where it's the ILEC. We all saw the ruling that Verizon doesn't have to resell the fiber. So what happens when Verizon, as the LEC, decides to rip out all of the copper? Or will they? What's the long term strategy here? Why doesn't it make more sense to deploy FiOS where you're NOT the incumbent LEC so you can offer a competing service?
Slashdot Mirror
We had a guy who thought the best way to backup the datacenter years ago was to take 1 of the RAID1 drives out of every server, put them into a large padded/locked pelican case and store it offsite. We spent weeks begging him not to do this.
We lost about 30-40 Ultra320 SCSI disks in a year (riding in vans is not good for hard drives, who knew!) along with about 10 disk back planes in HP servers (from the drive swapping in and out).
I'm glad you had good luck. I would not trust customers data with what you've described. I'd put an encrypted copy on two tapes and store them at two different locations. To each his own I suppose.
I'm confused are you paying $100-$200 for TAPES? Because I'm buying 1.6TB LTO4 tapes for ~$40.
It really depends if it's offsite. 100MB/s (800mb/s) is more WAN bandwidth than most organizations have (especially one's that find LTO4 to be cost prohibitive). I also disagree with your concerns over redundancy, which like you said, could be built into the application layer. It seems to work pretty well for Google. Don't build N+1 redundancy into every box just buy two boxes and put them in two different locations.
Basically we need cost and performance guidelines to really determine what is and what is not an effective solution for the original poster.
Are you doing disk to tape to tape or disk to tape and the disk to tape again? or disk to disk to tape/tape? are you using LTO4? Just curious, because that seems like a lot of data to backup to tape (twice! every night!)
Tape is impractical but you're going to store RAID5 disk sets in safe deposit boxes? How is tape impractical? Speed? Upfront cost?
Just FYI - It's abbreviated as CMS not CMMS. But I couldn't agree with you more.
You think the government had minimal involvement in creating the Internet?
You really think they don't use compromised hosts elsewhere to mount these attacks? Guess where the LEAST likely source address an attack from China would probably come from? Right. APNIC address space in China.
The password complexity policy is domain wide - if you set it for your users (you did set it for your users, right?) then it applies to you as well.
Boss's browser is configured to use Websense proxy (running on Linux actually, Websense Security Gateway). All traffic blocked at firewall, only Websense allowed out and only via destination port 80 and port 443 (and other specific allows for certains servers/apps to specific destination networks). Uncategorized sites are blocked in Websense. Cisco Botnet filtering installed on ASA's at the edge. Sourcefire IDS monitoring. Ironport e-mail gateways filtering spam. Trend anti-virus running on everything running Windows.
And most importantly - constant user training, re-training and reminders.
I'm sure I missed a few other security components I take for granted but that should be enough to cover it. I work for a medium sized health care company, nothing fancy.
aaaaaaaaaaaaand you missed the point entirely congratulations.
Especially that whole "Internet" thing I'm glad that was a private project without any government intrusion. WHEW!
That's ridiculous. Everyone knows that we linux nerds live in basements! This is outrageous!
From a technical perspective I think UAC was a huge step in the right direction. From a usability standpoint I think they really shot themselves in the foot. You're assuming the exact same people are saying both of these things, when that's obviously not the case. You create this abstract group of people ("linux fanbois") and then attribute every argument against Microsoft to them as if everyone is saying the exact same thing. They're not. It's a sweeping generalization.
"The Vista and Windows 7 security model is vastly more sophisticated than out-of-the-box Linux implementation"
SELinux is enabled by default on Fedora. I wouldn't call UAC "vastly more sophisticated".
I highly HIGHLY recommend a flash blocking add-on like FlashBlock for Firefox. There will be a play button where all the embeded flash videos would be and it won't load them until you click play. You can of course whitelist sites that you'd like to load all flash from. But now you don't have to have those 10 pages in tabs each with 2, 3 or more flash ads or graphics eating up CPU cycles.
There used to be a ramdrive.sys but turns out the OS is smarter than us when trying to use RAM as a cache. Here's a reference to it in an article for troubleshooting memory problems: http://support.microsoft.com/kb/142546
I agree, 2 minutes is very slow.
The last article specifically said RAM was nearly exhausted and there was excessive paging to disk. No one cares if RAM is full or not, if it's unused it's wasted anyway. The concern is having 85% memory utilization and then paging memory out to the pagefile.
To cover 95% of the work done by your average programmer just go to a local university and see if you can audit a data structures class. This is assuming you're already competent in general.
100mb/s yes, 300mb/s becomes a little trickier. We can support DOCSIS 3.0 (capable of 150mb/s) using a lot of the current cable infrastructure. To get to 300mb/s requires a new physical cable plant, be it fiber optic or something else - you need new wires in the ground (or wireless). That's not a small undertaking by any means. The growth curve will not be linear with respect to broadband speeds because of the infrastructure.
What we're going to do is have companies like Verizon and Google run fiber to every home. We're going to have companies like Verizon Wireless, AT&T and Clear deploy WiMax coast to coast. These things take time. The US is huge. In major metro areas we already have speeds comparable to some of the best (government run, paid-for-by-taxes) internet access in the world. You can already get 100mb/s DOCSIS 3.0 cable in major metro areas. Verizon FiOS is available in 12.7 million homes (as of 2009). The problem is rolling out these services to a piece of land the size of the US.
I'm not making excuses, I'm just explaining. For example, Japan is 145,000 square miles and has a GDP of US$4.3T, the US is 3.7 million square miles with a GDP of US$14.4T. So the US is physically 25 and 1/2 times larger but has less than 4x the GDP. I'm just trying to illustrate the scope here. You cannot compare national broadband deployments between the US and physically, relatively speaking, small Asian countries.
It's against the terms of service of basically every ISP to share the connection via wireless. Yes, you could probably get away with it. Just pointing it out.
That would be great if the broadband market wasn't a state-sponsored duoploy between LECs and cable company managed service areas. The problem is that because the government has granted these two classes of providers a shared monopoly they have to be much more involved.
See I never understood how that's going to shake out. Verizon is clearly rolling out FiOS in locations where it's the ILEC. We all saw the ruling that Verizon doesn't have to resell the fiber. So what happens when Verizon, as the LEC, decides to rip out all of the copper? Or will they? What's the long term strategy here? Why doesn't it make more sense to deploy FiOS where you're NOT the incumbent LEC so you can offer a competing service?