I have been using ZFS (on Solaris) for more than a year, both at work and at home, and I am following closely the latest developments. IMHO the best intro on ZFS is the official ZFS slides (36 pages): http://opensolaris.org/os/community/zfs/docs/zfs_last.pdf
"Microsoft struggles to port Windows to a device originally conceived to run Linux."
If you had told me, in the 90s, that it would eventually happen, I would have never believed you.
I am no expert, but here is a watermarking technique robust to this "averaging attack". To watermark a movie composed of N frames where N is at least a couple thousands, choose a random number 0 <= X <= 999, then watermark frames X, X+1000, X+2000, X+3000, etc, using a simple standard image watermarking algorithm. This algorithm must satisfy the condition that the average of an original frame and its watermarked version is likely to produce a frame where the watermarking is still detectable (most existing watermarking algorithms would satisfy this condition). That's it.
To attack this watermarking technique, it seems you would need to average thousands of movies, because a small set of watermarked movies would unlikely have the exact same frames watermarked. Of course this technique wouldn't be able to withstand a frame rate re-sampling, but I am sure you could make it more resistant to this (e.g. by watermarking frrames X, X+1, X+2, X+3, X+1000, X+1001, X+1002, X+1003, etc).
I remember reading 2-3 years ago research articles claiming that state-of-the-art image watermarking techniques were pretty robust against alterations and 100% undetectable even though their algorithms were known. Which makes sense, this is the same principle as in cryptography: the security of the mechanism should not rely on the secrecy of the algorithm itself.
Now I understand that video watermarking techniques is an entirely different domain, but I am surprised by your comment... So are you talking about watermarking of images or videos ?
All current socket AM2/AM2+ AMD processors (Opteron 1000 series, Phenom,
Athlon X2, etc) support a maximum of four unbuffered
DDR2 memory sticks. All current socket F AMD processors (Opteron 8000 and
2000 series) support a maximum of eight registered DDR2
memory sticks. (You can find this info in AMD's public datasheets).
As of today, unbuffered and registered DDR2 memory sticks of 4 GB or more
are extremely expensive because the technology cannot be inexpensively
mass-produced (yet). Only 2-GB DDR2 sticks can be found at reasonable
prices.
For these financial and technical reasons, your are restricted
to a total of 8 GB per socket AM2/AM2+ processor, or 16 GB per
socket F processor. Therefore the cheapest option for an AMD
mobo supporting more than 8 GB of memory is to buy a single socket
F model.
Newegg sells one for $136 (open box, though).
Add a $180 Opteron 2212 processor,
$240 for eight 2-GB sticks of registered DDR2-667,
and you end up spending only $556 for a dual-core 2.0 GHz 16 GB barebone server
assuming you have a chassis and a PSU lying around.
I'll leave other people comment on your Intel options. I am not very
familiar with Intel server motherboards.
With ZFS you can also dynamically expand your pool by replacing drives
one-by-one with larger ones, no matter what the current pool configuration
is: combination of stripes, mirrors, raidz, raidz2.
You can also expand a pool by adding a new "vdev" to it. A vdev can
be a single drive or a N-drive mirror/raidz/raidz2.
There is one thing you can't do (yet): dynamically reconfigure
a N-drive raidz/raidz2 vdev to a (N+1)-drive vdev.
Also, RAID-X doesn't seem to implement snapshots, quotas,
reservations, compression, end-to-end checksumming, etc.
I fail to see how RAID-X would interest ZFS users, did I miss something ?
That's $0.73/GB for this Netgear product.
Almost a year ago I built a 2.5 TB OpenSolaris fileserver using ZFS for $950, that's
twice cheaper: $0.38/GB.
I understand Netgear market this product for endusers without the time
or the ability to build and configure a NAS themselves, but this reminds
me that some of us are privileged people, because we don't have to
be victims of such horribly expensive proprietary gear... We have the
choice to build it ourselves and save real, big bucks.
This also shows that the storage market really have room for more competitors.
At a time where the raw cost of disks is $0.20/GB and where you can build
storage servers for $0.36/GB (proof: I did it), the only explanation behind
the high prices in the storage market is pure lack of competition. This is
one of the reasons why Google build their servers themselves: they figured
out all the "professional products" out there are overpriced.
I can't find who the CEO of 23andme is (after only 30 sec of research), but Anne Wojcicki is indeed at least co-founder of the company and member of the Board of Directors: https://www.23andmeobjects.com/res/1570/pdf/factsheet.pdf
I haven't been able to find the presentation that Nick Breese gave at Kiwicon. It's not on kiwicon.org, it's not on the websites with which he is associated. However I found a 10 min of audio recording excerpt of his presentation on this podcast (between 9:38 and 21:06).
Do you then let your clients know that you've sent sensitive company information to a commercial third party using insecure channels?
When they ask, yes of course. And they don't care. We all know early phases of the pentest already leak out even more sensitive data (the actual process to take over machine XYZ) over insecure channels (usually network services facing the Internet: HTTP, SMTP, IMAP, etc) through commercial third parties (ISPs routers).
I have personally been using Google this way for a while.
This is the first thing I do when I encounter a passwd hash during a pentest.
This is a technique that works very well especially for hashes produced by random
apps that you have no idea what hashing algorithm they use.
It works well not because the public passwd hash databases
indexed by Google are large (they are not), but because they are very diverse, both in
term of number of algorithms (MD5(), MD5(uppercase()), SHA1(), etc) and in terms of number of
hash formats (hexadecimal value, decimal value, base64, etc).
And above all, it only takes 2 sec to perform the Google search.
Question to slashdotters: I am wondering... Would you accept to run a distributed app if you didn't know what it did (let's say the developers want the purpose of the app to remain secret) but if there was some kind of competition with money prizes for, say the top-100 CPU time contributors ? Such as $5000 for the 1st, $1000 for the next 4 and $500 for the next 95.
(Of course I assume some would be tempted to reverse engineer the distributed app, because of pure curiosity).
It is more than quiet, it is completely silent. There are no moving parts: no fan, no hard disk, no DVD drive.
On a side note, the Eee PC has the same size and weight (within +/- 10 mm in width and 50 g) than the Panasonic R series (I have the R3, this year's model is the R7): http://panasonic.jp/pc/products/r7b/index.html However the R7 chooses another compromise: more expensive and more powerful.
Virtualization is no doubt a complex problem to get right, but it's only one problem.
And it's one problem you can avoid by not using virtualization.
Theo's point is a very simple, obvious fact. Why is this necessary to even argue about this ? He is not saying virtualization is useless. He is not saying it has no practical uses in the real world. He is just saying it reduces your overall security by introducing new potential attack vectors.
One concrete data point: a VM running under QEMU 0.9.0 can escape the virtualized environment by exploiting buffer overflows in the code emulating the virtual NIC. If you run under a VM you are vulnerable, else you are not. Remind me why you are arguing about this again ? See http://taviso.decsystem.org/virtsec.pdf for a bunch of other vulnerabilities recently discovered in VMware, Xen, QEMU, etc.
Slashdot Mirror
I have been using ZFS (on Solaris) for more than a year, both at work and at home, and I am following closely the latest developments. IMHO the best intro on ZFS is the official ZFS slides (36 pages): http://opensolaris.org/os/community/zfs/docs/zfs_last.pdf
"Microsoft struggles to port Windows to a device originally conceived to run Linux."
If you had told me, in the 90s, that it would eventually happen, I would have never believed you.
I am no expert, but here is a watermarking technique robust to this "averaging attack". To watermark a movie composed of N frames where N is at least a couple thousands, choose a random number 0 <= X <= 999, then watermark frames X, X+1000, X+2000, X+3000, etc, using a simple standard image watermarking algorithm. This algorithm must satisfy the condition that the average of an original frame and its watermarked version is likely to produce a frame where the watermarking is still detectable (most existing watermarking algorithms would satisfy this condition). That's it.
To attack this watermarking technique, it seems you would need to average thousands of movies, because a small set of watermarked movies would unlikely have the exact same frames watermarked. Of course this technique wouldn't be able to withstand a frame rate re-sampling, but I am sure you could make it more resistant to this (e.g. by watermarking frrames X, X+1, X+2, X+3, X+1000, X+1001, X+1002, X+1003, etc).
I remember reading 2-3 years ago research articles claiming that state-of-the-art image watermarking techniques were pretty robust against alterations and 100% undetectable even though their algorithms were known. Which makes sense, this is the same principle as in cryptography: the security of the mechanism should not rely on the secrecy of the algorithm itself.
Now I understand that video watermarking techniques is an entirely different domain, but I am surprised by your comment... So are you talking about watermarking of images or videos ?
All current socket AM2/AM2+ AMD processors (Opteron 1000 series, Phenom, Athlon X2, etc) support a maximum of four unbuffered DDR2 memory sticks. All current socket F AMD processors (Opteron 8000 and 2000 series) support a maximum of eight registered DDR2 memory sticks. (You can find this info in AMD's public datasheets).
As of today, unbuffered and registered DDR2 memory sticks of 4 GB or more are extremely expensive because the technology cannot be inexpensively mass-produced (yet). Only 2-GB DDR2 sticks can be found at reasonable prices.
For these financial and technical reasons, your are restricted to a total of 8 GB per socket AM2/AM2+ processor, or 16 GB per socket F processor. Therefore the cheapest option for an AMD mobo supporting more than 8 GB of memory is to buy a single socket F model. Newegg sells one for $136 (open box, though). Add a $180 Opteron 2212 processor, $240 for eight 2-GB sticks of registered DDR2-667, and you end up spending only $556 for a dual-core 2.0 GHz 16 GB barebone server assuming you have a chassis and a PSU lying around.
I'll leave other people comment on your Intel options. I am not very familiar with Intel server motherboards.
I am still working on a draft of CTP - Chair Transmission Protocol
2-TB TeraStations sell for at least $760... Which illustrates my point.
With ZFS you can also dynamically expand your pool by replacing drives one-by-one with larger ones, no matter what the current pool configuration is: combination of stripes, mirrors, raidz, raidz2. You can also expand a pool by adding a new "vdev" to it. A vdev can be a single drive or a N-drive mirror/raidz/raidz2. There is one thing you can't do (yet): dynamically reconfigure a N-drive raidz/raidz2 vdev to a (N+1)-drive vdev.
Also, RAID-X doesn't seem to implement snapshots, quotas, reservations, compression, end-to-end checksumming, etc. I fail to see how RAID-X would interest ZFS users, did I miss something ?
TFA: "Targeted at "prosumers" and small to medium-sized businesses, [...]". Ahem.
That's $0.73/GB for this Netgear product. Almost a year ago I built a 2.5 TB OpenSolaris fileserver using ZFS for $950, that's twice cheaper: $0.38/GB.
I understand Netgear market this product for endusers without the time or the ability to build and configure a NAS themselves, but this reminds me that some of us are privileged people, because we don't have to be victims of such horribly expensive proprietary gear... We have the choice to build it ourselves and save real, big bucks.
This also shows that the storage market really have room for more competitors. At a time where the raw cost of disks is $0.20/GB and where you can build storage servers for $0.36/GB (proof: I did it), the only explanation behind the high prices in the storage market is pure lack of competition. This is one of the reasons why Google build their servers themselves: they figured out all the "professional products" out there are overpriced.
Isn't that a perfect situation to make use of Netburst-based Pentium 4 processors ?
No, nuclear power is not expensive. Quote from http://www.speroforum.com/site/article.asp?idarticle=9839&t=France%3A+Energy+profile : "French nuclear power is efficient and low cost, and French electricity tariffs are therefore the lowest in Europe.". In fact, it is so inexpensive that we are the "world's largest net exporter of energy, exporting 18% of total production (about 100 TWh) to Italy, Britain, and Germany." See http://www.world-nuclear.org/info/inf40.htm
More interesting references can be found in this WP article: http://en.wikipedia.org/wiki/Nuclear_power_in_France
My post wasn't meant to be negative. I just found this bit of information interesting and wanted to share it with others.
I can't find who the CEO of 23andme is (after only 30 sec of research), but Anne Wojcicki is indeed at least co-founder of the company and member of the Board of Directors: https://www.23andmeobjects.com/res/1570/pdf/factsheet.pdf
Oh and Google is already involved in this company, they are an investor: https://www.23andme.com/about/corporate
I haven't been able to find the presentation that Nick Breese gave at Kiwicon. It's not on kiwicon.org, it's not on the websites with which he is associated. However I found a 10 min of audio recording excerpt of his presentation on this podcast (between 9:38 and 21:06).
France successfully generates more than 75% of its electricity using nuclear power with no pb at all.
When they ask, yes of course. And they don't care. We all know early phases of the pentest already leak out even more sensitive data (the actual process to take over machine XYZ) over insecure channels (usually network services facing the Internet: HTTP, SMTP, IMAP, etc) through commercial third parties (ISPs routers).
I have personally been using Google this way for a while. This is the first thing I do when I encounter a passwd hash during a pentest. This is a technique that works very well especially for hashes produced by random apps that you have no idea what hashing algorithm they use. It works well not because the public passwd hash databases indexed by Google are large (they are not), but because they are very diverse, both in term of number of algorithms (MD5(), MD5(uppercase()), SHA1(), etc) and in terms of number of hash formats (hexadecimal value, decimal value, base64, etc).
And above all, it only takes 2 sec to perform the Google search.
Question to slashdotters: I am wondering... Would you accept to run a distributed app if you didn't know what it did (let's say the developers want the purpose of the app to remain secret) but if there was some kind of competition with money prizes for, say the top-100 CPU time contributors ? Such as $5000 for the 1st, $1000 for the next 4 and $500 for the next 95.
(Of course I assume some would be tempted to reverse engineer the distributed app, because of pure curiosity).
Because!
The "Loudness War" explained in 112 seconds: http://youtube.com/watch?v=3Gmex_4hreQ
Oops, you are right. (I read a misleading article claiming it was fanless a few month ago.)
It is more than quiet, it is completely silent. There are no moving parts: no fan, no hard disk, no DVD drive.
On a side note, the Eee PC has the same size and weight (within +/- 10 mm in width and 50 g) than the Panasonic R series (I have the R3, this year's model is the R7): http://panasonic.jp/pc/products/r7b/index.html However the R7 chooses another compromise: more expensive and more powerful.
And it's one problem you can avoid by not using virtualization.
Theo's point is a very simple, obvious fact. Why is this necessary to even argue about this ? He is not saying virtualization is useless. He is not saying it has no practical uses in the real world. He is just saying it reduces your overall security by introducing new potential attack vectors.
One concrete data point: a VM running under QEMU 0.9.0 can escape the virtualized environment by exploiting buffer overflows in the code emulating the virtual NIC. If you run under a VM you are vulnerable, else you are not. Remind me why you are arguing about this again ? See http://taviso.decsystem.org/virtsec.pdf for a bunch of other vulnerabilities recently discovered in VMware, Xen, QEMU, etc.