Language:
switch to room list switch to menu My folders
Go to page: [1] 2 3 4 5 ... Last
↑↑↑ Old messages ↑↑↑            ↓↓↓ New messages ↓↓↓
[#] Mon Sep 30 2013 07:43:51 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Finally got around to reading that. Bizarre. Can you even generate a key with a specific exponent, or do you have to just keep re-keying until you get something acceptable?

[#] Mon Sep 30 2013 08:19:18 EDT from ax25

[Reply] [ReplyQuoted] [Headers] [Print]

 

Mon Jan 14 2013 11:30:42 PM EST from IGnatius T Foobar @ Uncensored
After a whole lot of pain with iSCSI multipath stupidness, I am swearing off block protocols for good. Everything I put in my data center is going to be NFS over 10 Gbps Ethernet from now on.

It Just Works (tm).

Off the shelf solution or something you built?



[#] Mon Sep 30 2013 09:08:13 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Off the shelf solution or something you built?

In this case it's a storage system from this little outfit called NetApp
:)

However ... the decision was based on experience that included homebrew storage.
Even at 1 Gbps, our little NFS boxes were far easier to manage than big-vendor iSCSI. I never want to read the words "logical volume not on preferred path" again. Several of my future homicide victims will have those words written on their gravestones.

[#] Mon Sep 30 2013 17:17:40 EDT from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]

Finally got around to reading that. Bizarre. Can you even generate a

key with a specific exponent, or do you have to just keep re-keying
until you get something acceptable?

Yeah, there are some arcane options to openssl's commandline that let you override the default exponent. There are only a few that are commonly in use, and the only one that's broadly acceptable to all software, and also secure under the most stringent standards, is probably 65537

But it's all pointless unless you ensure that every CA cert in the chain that signs your key, also uses a large exponent.

[#] Mon Sep 30 2013 19:51:46 EDT from DemonStalker <DemonStalker@bbs.bubbanfriends.org>

[Reply] [ReplyQuoted] [Headers] [Print]

big-vendor iSCSI. I never want to read the words "logical volume not

on preferred path" again. Several of my future homicide victims will

have those words written on their gravestones.

Heh. My FHVs are going to have "Abort/Retry/Ignore? >" on *their* gravestones! <evil grin>

[#] Mon Sep 30 2013 23:17:20 EDT from ax25

[Reply] [ReplyQuoted] [Headers] [Print]

 

Mon Sep 30 2013 8:13 AM EDT from IGnatius T Foobar @ Uncensored
Off the shelf solution or something you built?

In this case it's a storage system from this little outfit called NetApp
:)

However ... the decision was based on experience that included homebrew storage.
Even at 1 Gbps, our little NFS boxes were far easier to manage than big-vendor iSCSI. I never want to read the words "logical volume not on preferred path" again. Several of my future homicide victims will have those words written on their gravestones.

Funny you should say.  I just remembered Coraid the other day and thought, what if they were still not just sales droids, but actually wanted to sell something to some company without coming off as being a used car salesman.  I took the bait and researched what little there was on the internets to be gleaned and finally had to go to the website and post a "gimmie a quote you slimy so and so" request.  The site made it seem like you were filling in a quote sheet that would be automated and sent out in a few minutes, but it was not until the next morning that I found out that 'it's a  trap' was in store.

The sales droid first sent me an email with no body text (yes I use alpine as my mail client), but I digress.  The second email was one to implore me to call him back for the quote.  After a few hours he emailed me a sketchy pdf which contained the semi plausible bits that described a 1GBps/10GBps san unit (without enough details and enough asterisks to choke a horse stating that you needed a support contract on top of the purchase price of the hardware before they would sell you the minimum hardware).  Even the base price (minus any drives) was enough to make me go away.

Glad you had more fun in that arena IG.  I have opted for simple raid 1+0 and NFS to fit the bill for now as the needs have not shot past that (yet).



[#] Tue Oct 01 2013 08:32:30 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Heh. Back when we had a ridiculously low budget, we came into possession of some Isilon boxes. Their schtick is that there's no big box, just lots of little ones tied together with Infiniband. I ripped out the Infiniband cards, threw away their software, and loaded OpenFiler on them. NFS for the win - even at 1 Gbps it was a great performer.

This year we have upper management that wants us to be Teh Cloud (tm) so we got the budget for NetApp hardware. Yum. It's pricey but the performance just screams. Because cloud.

[#] Tue Oct 01 2013 08:37:21 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Yeah, there are some arcane options to openssl's commandline that let

you override the default exponent. There are only a few that are
commonly in use, and the only one that's broadly acceptable to all
software, and also secure under the most stringent standards, is
probably 65537

I learned that 65537 is the default for OpenSSL while learning how to check to see if a certificate matches a particular public key (such as, when a CSR is sent out to a customer and then the cert they send back may or may not be generated from the CSR you gave them ... some people do weird things).
"Compare the modulus and exponent." And I said "gee, the exponent is *always* 65537, what's with that?"

I want to try an exponent of 0 and see what happens :)

[#] Thu Oct 03 2013 13:18:53 EDT from vince-q <vince-q@ns1.netk2ne.net>

[Reply] [ReplyQuoted] [Headers] [Print]

Hmmmm...

Is this thing working?????



[#] Thu Oct 03 2013 13:24:51 EDT from DemonStalker <DemonStalker@bbs.bubbanfriends.org>

[Reply] [ReplyQuoted] [Headers] [Print]

Oct 3 2013 1:18pm from vince-q @cascade (Cascade Lodge BBS)
Hmmmm...

Is this thing working?????


Looks that way...

[#] Thu Oct 03 2013 23:39:44 EDT from ax25

[Reply] [ReplyQuoted] [Headers] [Print]

 

Thu Oct 03 2013 01:18:53 PM EDT from vince-q @ Cascade Lodge BBS

Hmmmm...

Is this thing working?????



You gots to blow on it, or jiggle it :-)



[#] Fri Oct 04 2013 10:24:50 EDT from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]

New-to-me security tools:

http://blog.chromium.org/2011/06/new-chromium-security-features-june.html

chrome://net-internals/#hsts

^^^ mandatory SSL and certificate pinning for Chrome

http://technet.microsoft.com/en-us/security/jj653751

^^^ finer control over ASLR, the NX bit, stack smashing for Windows, and certificate pinning for IE

[#] Mon Oct 21 2013 14:31:27 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Oooh, new Chrome fiddlybits.  /me likes.



[#] Tue May 20 2014 16:41:05 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


Okay, throwing out some weird here...

Remember IPX/SPX?

I wonder if it's still possible to set up a functioning network with those protocols today, and what limitations one might expect from it.

Hmmm...

[#] Tue May 20 2014 17:12:54 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

You could probably build a local network with it.  Good luck getting your hands on something to route traffic between different IPX subnets.

(Horrible memories of routers with fixed size RIP/SAP tables and seeing networks and services randomly drop off the network...)

I do think that the deployment of IPv6 is going to bring back some of the old IPX traditions.  An IPX address was 32 bits of network and 48 bits of host, with the host side being a MAC address.  IPv6 can autoconfig based on MAC address when the subnet size is /64 (as is recommended and typical).  I think we'll see a lot of "let it autoconfig and register itself with DNS" which is an awful lot like "get an address from RIP and register your name with SAP"

 



[#] Tue May 20 2014 17:20:05 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


For what I'm thinking, the machines would not require routing (they're all on the same segment).

But then, I suppose I could use NetBEUI as well. I just don't know if NetBEUI is available for Linux.

[#] Tue May 20 2014 19:44:18 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

There was an attempt at it years ago, but it fell by the wayside as both Microsoft and Samba began migrating away from NBT and towards running CIFS directly on port 445.

[#] Wed May 21 2014 09:13:52 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


Yeah, I think IPX/SPX is more the way to go, if we elect to go down the road of an alternative protocol.

We can't use something that goes over TCP/IP for our purposes... we're trying to hide communications on the LAN (so students do not confuse our traffic for the kind of traffic they seek in their lessons).

We have other alternatives, but they aren't necessarily very good (e.g. virtual serial ports).

[#] Wed May 21 2014 12:40:32 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


Hm. Even better, there's SCTP.

It's a protocol that has been around a while, but remains supported in some fashion. I can even download a user-land stack for it that can be compiled on Linux or Windows, and it looks to be better able to avoid SYN attacks.

Works over IP. Hm. Neat stuff.

[#] Thu May 22 2014 15:59:35 EDT from dothebart

[Reply] [ReplyQuoted] [Headers] [Print]

if its only for the shake you could also use l2tp...

I guess everything else died - for a particular reason.



Go to page: [1] 2 3 4 5 ... Last