Both GIMP and Inkscape are far far away from Adobe products. It's worth to pay extra USD 1K for application that will save your time, brain and achieve perfect results. Unfortunately
It's not about needs, it's about possibilities and how it works. GSM network requires hard planning in coverage, it's radio part is crappy, has delays.
CDMA/TDMA is not encoding, it's way data is delivered to required phone. GSM has not switched to CDMA method, GSM has timeslots. UMTS is not GSM. UMTS is based on CDMA entirely and has derived nothing from GSM.
GSM has not evolved at all, all it has done is PSK8 modulation.
What about quality, spectral efficiency, bandwidth? I don't care about SIM card, if I'm switching from mobile operator to mobile operator - I still need to buy a card.
In fact, you will never get SECURE firewall, especially HIGHLY SECURE if you don't follow updates. This is a fact.
Also, tell me when did you saw firewall security related bugs last time. On *BSD, or on Linux.
Compensate control (access limiting) doesn't do anything good, it's not the security, it's a workaround to do something that is enough for some time. Compensate control only applies to internal personnel.
OpenBSD cannot pass audit even in my preproduction corporate environment, because we just won't pay a 100000$/year to hire coders and make it comparable to Linux features every time we need it.
It does not matter where openssh came from, it matters where distribution/software suite comes from and how is it maintained. In my case I have no problem, while both community and enterprise vendor (RH) are providing instant updates - one in the form of version updates, which may include features and possibly bugs and configuration-changes (harder to track, not enterprise), and in the form of release updates/patches, with only security and other important bug fixes with less possibility of do something bad in my infrastructure.
Regarding what is better PF or iptables - both are fine for me - I can manage both. If I need a firewall that is easy to manage via GUI - there are hundreds of interfaces. iptables is not complex, you just have to read a short manual. There is nothing wrong, nothing hard. Really.
And forward chain concept in iptables is the "pedantic" and correct way, it's flexible and can do maany interesting things that will come to you in larger environment (ex. NAT load balancer). If you want to have BSD firewall at home, just forget about it, I don't believe you need it and it's worth of it.
iptables is effective, functional and proven solution, I see no reason to not to use it.
So, where openssh came from? That's not an answer, that's a troll. Major part of OSS software you use inthere is maintained not by *BSD guys and by Linux service/distro vendor companies. Fact.
Another fact: openssh guys are mad men, they are like separatists, stating about users: "This list specifically includes companies like Cisco, Juniper, Apple, Red Hat, and Novell; but probably includes almost all router, switch or unix-like operating system vendors. In the 10 years since the inception of the OpenSSH project, these companies have contributed not even a dime of thanks in support of the OpenSSH project (despite numerous requests)."
In fact, there is no good way to contribute to openssh.
Openssh is just a remote access thing for me. I can use IPSec with telnet.
Is that a joke? Nobody cares about base install. In this case we care about updates, immediate patches, commercial support and strong, quality community and commercial background with experience.
At first, *BSD market is too small to have this on appropriate level. At second. What do you call "security"? Patching holes? No no no. Security is a hard thing; * it's about hardening too * it's about writing policies * it's about having consistent directory structure * it's about easy and ensured, certified audit * it's about ease of maintenance * it's about consistency checking * it's about access limiting * it's about support from various vendors etc. * It's about enterprise integration
*BSD lacks that. I see no future in here for production corporate environment.
I'm not yet talking about possibilities of other operating system and software suite, I'm just telling that BSD is even worse than Windows in here.
When I hear "*BSD is secure operating system" or "*BSD is a good thing" (c), I don't hear any other arguments. Please prove.
One of the big problems with mod_php is that not every extension is thread-safe (gettext comes to mind), so you should use prefork anyway for generic installations, so a fcgi setup will be far more flexible.
You're absolutely right, I had the same situation and switching to CGI solved all the problems.
Nope, they were using mysql for history and current states - switched to disk storage, using MEMORY DB for current states, there is no iowait, only CPU usage by the C++ processes. Main reason of load: code (?).
Thanks for sharing:) For HE/Enterprise there are SSD caching and dynamic allocation of storage already available - ex. EMC FAST and FAST Cache. From low-priced solutions - Adaptec MaxIQ.
For a site hosted on a VM, a 2GB setup would be 8x as expensive as a 256MB setup:-P (I presume we're both hosted on bare metal now, so my setup simply leaves more space for cache; but nginx's slimness did allow me to to stay on a cheap VM until recently)
Great, that's the place where you must use nginx, exactly. But we know that you'll not gonna run 1500 hit/sec site on this VM, I think so:)
per process comparison (we assume httpd with same or even less number of processes can handle same number of requests): 17.6/9 = 1.95 MiB - nginx 252.7/190 = 1.33 MiB - httpd
Honestly, I'm also surprised:D Probably the reason could be what processes are doing to load CPU's, processes are already in the memory and CPU doesn't have to start them. My friend is running large hosts with less security and what I saw at shared hosting providers - they had muuuch higher CPU load and because of this only, but less RAM. I prefer to buy RAM. More vhosts you serve - more RAM you need, but less CPU (per host), from point of view of investment it's better to buy RAM - its cheap and no need to buy larger system, at least you have power economy, not talking about the delays for starting processes. Maybe today there is nothing special to process (_compute_) with PHP. For computing: I know one guy who wrote online game completely in PHP with MySQL backend for one company and 12 cores were hardly serving ca. 400 users: each client was sending and receiving 1 message per second - status updates, moves, server responses with statuses of other users and calculation of games. Surely, they've decided to rewrite it in C++, he did. Surprise: CPU usage is almost the same, I couldn't believe it, I've double-checked protocol and yes it is, without apache:D
I can't say that it's idle, some virtual hosts are running over 30 processes sometimes. Static files ar served by apache, content is processed through reverse squid 2.2 for http 1.1 - very small part is cached (assume none), data cannot be cached with memcached because it's shared hosting running for different needs. DB is on different machine, some part goes through mysql-proxy, web server nodes are running behind L3 Balancer with persistency per IP, L2/L3/TCP filtering done with iptables and automated scripts for checking connection states on both LVS-NAT and realservers, L7 filtering with additional custom mod_security rules, processes running with mod_fcgid, selinux in effect, files are shared with gluster. You can notice some iowait numbers too because of storage HW problems.
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 28086 vu2150 20 0 528m 35m 19m S 8.9 0.4 0:01.23 php-cgi 27671 vu2176 20 0 542m 52m 23m S 2.7 0.7 0:02.70 php-cgi 32005 squid 20 0 169m 104m 5264 S 2.0 1.3 19:24.22 squid
7828 root 20 0 194m 74m 1040 S 1.7 0.9 626:35.09 glusterfs 28080 vu2240 20 0 626m 20m 8916 S 0.7 0.3 0:03.93 php-cgi
Slashdot Mirror
Both GIMP and Inkscape are far far away from Adobe products. It's worth to pay extra USD 1K for application that will save your time, brain and achieve perfect results.
Unfortunately
FUCK YOU :))
It's not about needs, it's about possibilities and how it works. GSM network requires hard planning in coverage, it's radio part is crappy, has delays.
CDMA/TDMA is not encoding, it's way data is delivered to required phone.
GSM has not switched to CDMA method, GSM has timeslots. UMTS is not GSM. UMTS is based on CDMA entirely and has derived nothing from GSM.
GSM has not evolved at all, all it has done is PSK8 modulation.
What about quality, spectral efficiency, bandwidth?
I don't care about SIM card, if I'm switching from mobile operator to mobile operator - I still need to buy a card.
There is no 3G GSM. 3G is actually CDMA. Technologically there is nothing from classic GSM in there.
Actually not. It had sense when GSM phones were cheaper. Technologically it's much more complicated than CDMA and very crappy.
Worst mobile standard ever.
In fact, you will never get SECURE firewall, especially HIGHLY SECURE if you don't follow updates. This is a fact.
Also, tell me when did you saw firewall security related bugs last time. On *BSD, or on Linux.
Compensate control (access limiting) doesn't do anything good, it's not the security, it's a workaround to do something that is enough for some time.
Compensate control only applies to internal personnel.
OpenBSD cannot pass audit even in my preproduction corporate environment, because we just won't pay a 100000$/year to hire coders and make it comparable to Linux features every time we need it.
It does not matter where openssh came from, it matters where distribution/software suite comes from and how is it maintained. In my case I have no problem, while both community and enterprise vendor (RH) are providing instant updates - one in the form of version updates, which may include features and possibly bugs and configuration-changes (harder to track, not enterprise), and in the form of release updates/patches, with only security and other important bug fixes with less possibility of do something bad in my infrastructure.
Regarding what is better PF or iptables - both are fine for me - I can manage both. If I need a firewall that is easy to manage via GUI - there are hundreds of interfaces.
iptables is not complex, you just have to read a short manual. There is nothing wrong, nothing hard. Really.
And forward chain concept in iptables is the "pedantic" and correct way, it's flexible and can do maany interesting things that will come to you in larger environment (ex. NAT load balancer). If you want to have BSD firewall at home, just forget about it, I don't believe you need it and it's worth of it.
iptables is effective, functional and proven solution, I see no reason to not to use it.
So, where openssh came from? That's not an answer, that's a troll. Major part of OSS software you use inthere is maintained not by *BSD guys and by Linux service/distro vendor companies. Fact.
Another fact: openssh guys are mad men, they are like separatists, stating about users:
"This list specifically includes companies like Cisco, Juniper, Apple, Red Hat, and Novell; but probably includes almost all router, switch or unix-like operating system vendors. In the 10 years since the inception of the OpenSSH project, these companies have contributed not even a dime of thanks in support of the OpenSSH project (despite numerous requests)."
In fact, there is no good way to contribute to openssh.
Openssh is just a remote access thing for me. I can use IPSec with telnet.
Is that a joke?
Nobody cares about base install.
In this case we care about updates, immediate patches, commercial support and strong, quality community and commercial background with experience.
At first, *BSD market is too small to have this on appropriate level.
At second. What do you call "security"? Patching holes? No no no. Security is a hard thing;
* it's about hardening too
* it's about writing policies
* it's about having consistent directory structure
* it's about easy and ensured, certified audit
* it's about ease of maintenance
* it's about consistency checking
* it's about access limiting
* it's about support from various vendors etc.
* It's about enterprise integration
*BSD lacks that. I see no future in here for production corporate environment.
I'm not yet talking about possibilities of other operating system and software suite, I'm just telling that BSD is even worse than Windows in here.
When I hear "*BSD is secure operating system" or "*BSD is a good thing" (c), I don't hear any other arguments. Please prove.
Trending: http://www.redhat.com/about/news/archive/2012/3/A-billion-thanks-to-the-open-source-community-from-Red-Hat?utm_source=twitterfeed&utm_medium=facebook
Thanks to both RedHat and OpenSource communities!
pr0n is available for others while you're watching others pr0n
Mozilla/Other browsers?
----> https://wiki.mozilla.org/NPAPI:Pepper
Mozilla is not interested in or working on Pepper at this time. See the Chrome Pepper pages.
Verdict: Google did it.
They've killed Kenny! Bastards!
Another Debubuntuian user at Geeknet detected. Generating dump.
One of the big problems with mod_php is that not every extension is thread-safe (gettext comes to mind), so you should use prefork anyway for generic installations, so a fcgi setup will be far more flexible.
You're absolutely right, I had the same situation and switching to CGI solved all the problems.
The performance hit for doing that is pretty bad
Why? nginx is also using CGI interface. Everything's the same.
any time you hit a .php file the system has to go start up a new PHP interpreter program.
Actually it depends on php side, not the web server:
php-cgi - you configure how many processes you want to have
php-fpm - automatic
Nope, they were using mysql for history and current states - switched to disk storage, using MEMORY DB for current states, there is no iowait, only CPU usage by the C++ processes.
Main reason of load: code (?).
Thanks for sharing :)
For HE/Enterprise there are SSD caching and dynamic allocation of storage already available - ex. EMC FAST and FAST Cache.
From low-priced solutions - Adaptec MaxIQ.
For a site hosted on a VM, a 2GB setup would be 8x as expensive as a 256MB setup :-P (I presume we're both hosted on bare metal now, so my setup simply leaves more space for cache; but nginx's slimness did allow me to to stay on a cheap VM until recently)
Great, that's the place where you must use nginx, exactly. But we know that you'll not gonna run 1500 hit/sec site on this VM, I think so :)
Rough comparison:
16.4 MiB + 1.2 MiB = 17.6 MiB nginx (9)
vs
202.6 MiB + 50.1 MiB = 252.7 MiB httpd (190)
per process comparison (we assume httpd with same or even less number of processes can handle same number of requests):
17.6/9 = 1.95 MiB - nginx
252.7/190 = 1.33 MiB - httpd
mod_php for nginx would do the same. use mod_fcgid
I've heard tux kernel web server supports CGI. Oh! Now you can leave just 128 MB of RAM and switch to it?
"I was running nginx on a cheap virtual server with 512M ram, That was until I moved to tux. Now running on 128 MB" :D
What about using PHP-CGI on apache without mod_php?
I've got different experience, absolutely (see my prev message) :D
RAM vs CPU?
16 GB DDR3 ECC - 160 USD :)
Intel Core i7-2600K - 325 USD
Honestly, I'm also surprised :D :D
Probably the reason could be what processes are doing to load CPU's, processes are already in the memory and CPU doesn't have to start them.
My friend is running large hosts with less security and what I saw at shared hosting providers - they had muuuch higher CPU load and because of this only, but less RAM. I prefer to buy RAM. More vhosts you serve - more RAM you need, but less CPU (per host), from point of view of investment it's better to buy RAM - its cheap and no need to buy larger system, at least you have power economy, not talking about the delays for starting processes.
Maybe today there is nothing special to process (_compute_) with PHP.
For computing: I know one guy who wrote online game completely in PHP with MySQL backend for one company and 12 cores were hardly serving ca. 400 users: each client was sending and receiving 1 message per second - status updates, moves, server responses with statuses of other users and calculation of games. Surely, they've decided to rewrite it in C++, he did. Surprise: CPU usage is almost the same, I couldn't believe it, I've double-checked protocol and yes it is, without apache
I can't say that it's idle, some virtual hosts are running over 30 processes sometimes. Static files ar served by apache, content is processed through reverse squid 2.2 for http 1.1 - very small part is cached (assume none), data cannot be cached with memcached because it's shared hosting running for different needs. DB is on different machine, some part goes through mysql-proxy, web server nodes are running behind L3 Balancer with persistency per IP, L2/L3/TCP filtering done with iptables and automated scripts for checking connection states on both LVS-NAT and realservers, L7 filtering with additional custom mod_security rules, processes running with mod_fcgid, selinux in effect, files are shared with gluster. You can notice some iowait numbers too because of storage HW problems.
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
28086 vu2150 20 0 528m 35m 19m S 8.9 0.4 0:01.23 php-cgi
27671 vu2176 20 0 542m 52m 23m S 2.7 0.7 0:02.70 php-cgi
32005 squid 20 0 169m 104m 5264 S 2.0 1.3 19:24.22 squid
7828 root 20 0 194m 74m 1040 S 1.7 0.9 626:35.09 glusterfs
28080 vu2240 20 0 626m 20m 8916 S 0.7 0.3 0:03.93 php-cgi
And how enterprises deal with protocol filtering/security then? :)