So that's about 3.28 times of NetBSD's record. Considering the fact that NetBSD's record was about 1.5 years old and they were using off the shelf hardware (Dell 2650 and Dell 650, Intel Pro/10GbE, routers were Cisco highend) except the routers, this new record is not all that impressive IMHO.
First of all, md5crypt() was invented by Poul Henning-Kemp from FreeBSD project and was released under "THE BEER-WARE LICENSE". Linux distributions adopted it later on.
Second, MD5 algorithm and md5crypt, while related, are 2 different things. While MD5 algorithm is broken (in academic world, not yet in real usage), I don't think md5crypt is broken. If that is not satisfactory, there is blowfish crypt from OpenBSD project.
I was searching for Java port of md5crypt because I was on a project that uses tomcat, which doesn't really provide a satisfactory password hashing algorithm (they only provide MD5 hash). Fortunately, I found Ganymede's port. (Anyone can find a java port of blowfish crypt?)
Last, I think md5crypt() can be used in any situation where password authentication is required, not only when authenticating against UNIX/Linux system password.
I used to use FreeBSD and OpenBSD exclusively but what got me started with NetBSD was once I wasn't able to get FreeBSD or OpenBSD installed on one of our boxes, only NetBSD managed to get itself installed. Then I began to discover NetBSD of its well thoughtoutness in various aspects, and most of my servers are NetBSD now...
... is that those servers are used by spammers as open relay, not that those spams are originated there.
There're just too many clueless email admins over there. They lack the skills of configuring a well behaved MTA (it's a pretty tough job these days indeed), and the language barrier is just making things worse. Most of the people are just configuring their mail servers according to howto-like articles written by some clueful guys, and those articles are mostly just laying out the steps, no how and why things should work that way. If you hop to any of the tech forums' email section, you'll find it's full of questions like:
"Help, I just configured my email server according to XXX but things didn't work out..."
"Help, why my smtp auth doesn't work? It'll accept any username/password..."
"Help, why I can send out email by can't receive?"
"Help, I got blacklisted by XXX, how can I get myself out?"
etc., etc....
So, it's a matter of educating them how to do things right. As a Chinese myself, I am trying hard to help out those poor guys by answering questions on those forums, and by helping them out translating the documentations to Chinese.
So please, don't shut the door to them, they just need to be educated.
I used to build a similar kind of raid system (half a TB) using the Antec case. Their case is nice, but not for the IDE raid. The problem is that the IDE cables need to be within certain length in order to get DMA 5. The case is designed for scsi, which has a longer cable length limit. To hook up all the IDE drive in that case is really a pain in the butt.
For IDE raid, this case is good except it's a bit expansive:
http://www.rackmountnet.com/rackmountchassis/rac km ountchassis_4ud.htm
It can hold up to 16 drives with hot swappable trays. There should be no cable length problem.
On a side note, I used to plugin 5 Promise Ultra100TX2 cards in one computer. All cards are recognized but only 8 drives are recognized correctly (I plugged in 12 drives altogether). I remember seeing some where (either in linux kernel source or FreeBSD sys source) saying that Promise has a limit of 12 drives per system, with 8 of then in DMA mode, and the rest 4 in PIO mode with some tweak (burst?). So for a big raid like that, an ide raid cards (either 3ware's or high point's) are recommended. Using a hardware raid ide card also has the benefit of being able to hot swap the drives with the case mentioned above.
Packet filter is not supposed to look into the payload of the packet. That is done by something called proxy. Regarding FTP, well, let's face it, it is a badly broken protocol, period.
Also, "limit the number of SYN packets from a single source" doesn't really help in defending the DoS attack. The attacking machine doesn't use its real ip as the source ip nor does it use a single source ip.
I agree with other posters: iptable is playing catch up with ipfilter.
Granted, GB2312 or Big5 should be enough for daily use. But from culture point of view, they are far from enough. I don't know how many charactors CJK Extension B can include but the amount of Chinese charactors could be in 100,000 - 200,000 range. Of course most of them are rarely used.
Re:Chinese language in the information age
on
China Banning Win2k
·
· Score: 1
> So what your ancestors wrote 2000 years ago is not as easy to read as it was a generation ago, my friend.
You are very right. The evil CCP is to be blamed. For me, I can read traditional charactors no problem, but I can't write all of them. Shame on me:-(
> As for banning W2K: how this can possibly benefit software developers in China is beyond me. Encouraging a domestic piracy industry is the most likely result--if people can't buy it, they'll steal it.
Well the banning is for government agency according to the article, so ordinary people still can buy it. But tell you what, even they are allowed to buy the software, they will pirate it anyway. They simply can't afford it. Those sold copies of Windows XX are mostly bundled with new branded machines.
Chinese language is one of the most superior language in the world. It might not shine in the infomation age (that's still debatable), but it certainly shines in a lot other area. While you guys can hardly understand what your ancestors wrote several hundred years ago, we can fully understand what our ancestors wrote 2000 years ago. You know Sun-Tsu? That was writen around that time and it's been taught in a lot of business schools in US nowadays.
Another interesting observation is, if you take a one-inch thick English book and translate it into the "clumsy dumb primitive scripts like Chinese", without loosing information, it will reduce its thickness to at least 3/4 inch if not 1/2 inch. Go figure!
Slashdot Mirror
... you need to choose a competent admin. Remember, security is a process, not a product ...
From this link: http://proj.sunet.se/LSR3-s/ (This was from an old /. story)
NetBSD's Internet2 land speed record was (back at Sep'04):
# Network Distance: 28,983 kilometers
# Data transferred: 1831.05 Gigabytes (1966080000000 bytes)
# Time: 3648.81 seconds
Which equals 124.935 petabit-meters/second (1,966,080,000,000 * 8 * 28,983,000 / 3648.81)
Record in this story equals:
2,560,000,000,000 * 160,000 = 409,600,000,000,000,000 bit-meters/second = 409.6 petabit-meters/second
So that's about 3.28 times of NetBSD's record. Considering the fact that NetBSD's record was about 1.5 years old and they were using off the shelf hardware (Dell 2650 and Dell 650, Intel Pro/10GbE, routers were Cisco highend) except the routers, this new record is not all that impressive IMHO.
First of all, md5crypt() was invented by Poul Henning-Kemp from FreeBSD project and was released under "THE BEER-WARE LICENSE". Linux distributions adopted it later on.
a nymede/src/md5/MD5Crypt.java?rev=1.12&content-type =text/x-cvsweb-markup
Second, MD5 algorithm and md5crypt, while related, are 2 different things. While MD5 algorithm is broken (in academic world, not yet in real usage), I don't think md5crypt is broken. If that is not satisfactory, there is blowfish crypt from OpenBSD project.
Third, the first Java port of md5crypt I'm aware of was from Ganymede project (http://tools.arlut.utexas.edu/gash2/):
http://tools.arlut.utexas.edu/cvsweb/cvsweb.cgi/g
I was searching for Java port of md5crypt because I was on a project that uses tomcat, which doesn't really provide a satisfactory password hashing algorithm (they only provide MD5 hash). Fortunately, I found Ganymede's port. (Anyone can find a java port of blowfish crypt?)
Last, I think md5crypt() can be used in any situation where password authentication is required, not only when authenticating against UNIX/Linux system password.
I used to use FreeBSD and OpenBSD exclusively but what got me started with NetBSD was once I wasn't able to get FreeBSD or OpenBSD installed on one of our boxes, only NetBSD managed to get itself installed. Then I began to discover NetBSD of its well thoughtoutness in various aspects, and most of my servers are NetBSD now ...
Just give it a try and you'll see what I mean.
... is that those servers are used by spammers as open relay, not that those spams are originated there.
..."
..."
...
There're just too many clueless email admins over there. They lack the skills of configuring a well behaved MTA (it's a pretty tough job these days indeed), and the language barrier is just making things worse. Most of the people are just configuring their mail servers according to howto-like articles written by some clueful guys, and those articles are mostly just laying out the steps, no how and why things should work that way. If you hop to any of the tech forums' email section, you'll find it's full of questions like:
"Help, I just configured my email server according to XXX but things didn't work out
"Help, why my smtp auth doesn't work? It'll accept any username/password
"Help, why I can send out email by can't receive?"
"Help, I got blacklisted by XXX, how can I get myself out?"
etc., etc.
So, it's a matter of educating them how to do things right. As a Chinese myself, I am trying hard to help out those poor guys by answering questions on those forums, and by helping them out translating the documentations to Chinese.
So please, don't shut the door to them, they just need to be educated.
... can achieve almost the same thing.
man securelevel
man chflags
I used to build a similar kind of raid system (half a TB) using the Antec case. Their case is nice, but not for the IDE raid. The problem is that the IDE cables need to be within certain length in order to get DMA 5. The case is designed for scsi, which has a longer cable length limit. To hook up all the IDE drive in that case is really a pain in the butt.
c km ountchassis_4ud.htm
For IDE raid, this case is good except it's a bit expansive:
http://www.rackmountnet.com/rackmountchassis/ra
It can hold up to 16 drives with hot swappable trays. There should be no cable length problem.
On a side note, I used to plugin 5 Promise Ultra100TX2 cards in one computer. All cards are recognized but only 8 drives are recognized correctly (I plugged in 12 drives altogether). I remember seeing some where (either in linux kernel source or FreeBSD sys source) saying that Promise has a limit of 12 drives per system, with 8 of then in DMA mode, and the rest 4 in PIO mode with some tweak (burst?). So for a big raid like that, an ide raid cards (either 3ware's or high point's) are recommended. Using a hardware raid ide card also has the benefit of being able to hot swap the drives with the case mentioned above.
Packet filter is not supposed to look into the payload of the packet. That is done by something called proxy. Regarding FTP, well, let's face it, it is a badly broken protocol, period.
Also, "limit the number of SYN packets from a single source" doesn't really help in defending the DoS attack. The attacking machine doesn't use its real ip as the source ip nor does it use a single source ip.
I agree with other posters: iptable is playing catch up with ipfilter.
http://www.netbsd.org/Misc/feature s.html#large-ide
Granted, GB2312 or Big5 should be enough for daily use. But from culture point of view, they are far from enough. I don't know how many charactors CJK Extension B can include but the amount of Chinese charactors could be in 100,000 - 200,000 range. Of course most of them are rarely used.
> So what your ancestors wrote 2000 years ago is not as easy to read as it was a generation ago, my friend.
You are very right. The evil CCP is to be blamed. For me, I can read traditional charactors no problem, but I can't write all of them. Shame on me :-(
> As for banning W2K: how this can possibly benefit software developers in China is beyond me. Encouraging a domestic piracy industry is the most likely result--if people can't buy it, they'll steal it.
Well the banning is for government agency according to the article, so ordinary people still can buy it. But tell you what, even they are allowed to buy the software, they will pirate it anyway. They simply can't afford it. Those sold copies of Windows XX are mostly bundled with new branded machines.
Chinese language is one of the most superior language in the world. It might not shine in the infomation age (that's still debatable), but it certainly shines in a lot other area. While you guys can hardly understand what your ancestors wrote several hundred years ago, we can fully understand what our ancestors wrote 2000 years ago. You know Sun-Tsu? That was writen around that time and it's been taught in a lot of business schools in US nowadays.
Another interesting observation is, if you take a one-inch thick English book and translate it into the "clumsy dumb primitive scripts like Chinese", without loosing information, it will reduce its thickness to at least 3/4 inch if not 1/2 inch. Go figure!