Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Is It Mission Critical? (Score 1) 298

by dermoth666 (#27048281) Attached to: Best Solution For HA and Network Load Balancing?

Why the hell would you want to use VM's? It add complexity and overhead. It doesn't even take into account that a database (preferably a redundant one) will likely be required.

A much simpler setup: get heartbeat running between two servers, set up each server to run a web server with floating IP, do the same with MySQL (one master, one slave, configured so that they can both live on the same server) and configure DNS round-robin between the two floating web IPs.

You can probably add LVS on top of that if you wish (still managed with heartbeat) - I don't have too much experience with LVS though.

As you grow, you can add more servers to handle the load and eventually separate the DB and WEB clusters.
Earth

Submission + - Japan Scientists say global warming isn't man made (theregister.co.uk)

Submitted by grassy_knoll
grassy_knoll writes: The Register reports that the Japan Society of Energy and Resources (JSER) has decided that Global Warming isn't man made:

Japanese scientists have made a dramatic break with the UN and Western-backed hypothesis of climate change in a new report from its Energy Commission.

Three of the five researchers disagree with the UN's IPCC view that recent warming is primarily the consequence of man-made industrial emissions of greenhouse gases. Remarkably, the subtle and nuanced language typical in such reports has been set aside.

One of the five contributors compares computer climate modelling to ancient astrology. Others castigate the paucity of the US ground temperature data set used to support the hypothesis, and declare that the unambiguous warming trend from the mid-part of the 20th Century has ceased.

The report by Japan Society of Energy and Resources (JSER) is astonishing rebuke to international pressure, and a vote of confidence in Japan's native marine and astronomical research. Publicly-funded science in the West uniformly backs the hypothesis that industrial influence is primarily responsible for climate change, although fissures have appeared recently. Only one of the five top Japanese scientists commissioned here concurs with the man-made global warming hypothesis.

JSER is the academic society representing scientists from the energy and resource fields, and acts as a government advisory panel.
The Courts

Submission + - Zango v. Kaspersky Argument & Briefs Online (ericgoldman.org)

Submitted by
NewYorkCountryLawyer
NewYorkCountryLawyer writes: "The superb technology law blog of Eric Goldman has posted the links to the 9th Circuit oral argument, and to all of the appellate briefs, in the important case of Zango v. Kaspersky. This case will establish an important precedent on the extent to which companies which are in the business of identifying viruses, adware, spyware, and the like, will be immunized from liability for their screw-ups."

Comment Re:Use DNSCurve (Score 1) 91

by dermoth666 (#26977747) Attached to: Working Around Slow US Gov. On DNS Security

Not quite. The "root key" will sign the root zone, and all the delegations for the TLDs (.com, .org, .ca, .uk, .gov, etc.)

The TLDs will then sign anything below them. So the .com key will sign the delegation to google.com, and the .org key will sign the delegation to slashdot.org.

It will be then be up to each organization to sign their own records, and possibly delegate any sub-domains.

Basically it's one large set up of PGP key-sign and webs of trust.

True. I've been a bit mislead... There's still a whole lot of domains that will be signed by network solutions though.

While DNSCurve sounds interesting (like a lot of Bernstein's stuff), besides his software, what uses it?

Actually his software does not even implement this yet (I guess he's looking to see if it gets traction from the rest of the world first). Besides, I read on an IETF list about people who independently wrote a client and server implementations. It is simpler to implement than DNSSEC in many aspects too.

Comment Re:Use DNSCurve (Score 1) 91

by dermoth666 (#26969801) Attached to: Working Around Slow US Gov. On DNS Security

Every keys has to be signed by Network Solutions, and you must update your signatures every 3 month.

Well, actually it seems that I relied on confusing information - the truth is that the domain owner has to sign it, it just happens that Network Solutions will be the one signing all .com's and probably a bunch of other ones.

Comment Re:Use DNSCurve (Score 1) 91

by dermoth666 (#26969079) Attached to: Working Around Slow US Gov. On DNS Security

DNSSEC has many years of actual deployment, not as wide spread as it needs to be, but it has been out there and tested.

Can you point me to a single implementation of DNSCurve? Can you even point me to a specification of what exactly it is? I've looked, and the best that I can tell, there aren't any. More over, it doesn't appear that DJB's website has been updated since he proposed DNSCurve last year.

From the namedroppers mailing list (IETF) there have been report of independently built client and server implementing DNSCurve. I alto trust Daniel J. Bernstein to update tinydns & dnscache as required if it gets adopted. Note that Microsft and Apple, who both have a good share of DNS servers out there, do not have a DNSSEC implementation yet.

The implementation is also much simpler than DNSSEC.

Comment Re:Use DNSCurve (Score 1) 91

by dermoth666 (#26968311) Attached to: Working Around Slow US Gov. On DNS Security

DNSSEC rely on having a central "trusted" authority to sign all the dns keys. [...] that means that everyone will depend on a single authority for name resolutions

Uhm... No?

The root key signs the ".org" key, the .org key signs the "slashdot.org" key, etc. Unless the owner of the root key and the .org key is one and the same, you don't have the root controlling whether slashdot can get signed, and you don't have .org controlling whether .com can get signed (and what can get signed under .com).

Go back to the specs. Every keys has to be signed by Network Solutions, and you must update your signatures every 3 month. If you have >100 domains to manage you sure can understand the pain :)

DNSCurve is a much better solution in that it offers a trust system without the need of a central authority. The key is embedded in the DNS name server (NS) hostnames which are always returned by the upper level name server.

Uhmm... so in DNSCurve you don't need to trust the root? Also, DNSCurve offers integrity of the communication, not integrity of the data. That means if I'm the MITM between you and your DNS resolver, assuming you don't connect to the resolver in a secure manner, I can still spoof all the DNS data I want to. That's not possible when the data is signed (or at least it appears to be equivalent to the problem of breaking the cryptography).

At least, this is how I understand it. I welcome any corrections :)

DNSCurve is a trust chain. You have to trust the root and every server in-between to guarantee integrity. Once implemented from the root to the final authoritative server the trust is complete. It doesn't require any modification to registrar interfaces to managing it though, as all you need is to change your NS hostname (which embeds the DNSCurve key).

Comment Re:Use DNSCurve (Score 2, Interesting) 91

by dermoth666 (#26968289) Attached to: Working Around Slow US Gov. On DNS Security

Trust is the same for DNSSEc, it's just that instead of using the root servers as a trust chain, you use a 3rd party that every domain owners had to pay for.

I hardly doubt many institutions will actually pay for signing their zones. o me it's more DNSSEC which is a hype and I'm under the impression many people pushing for it just don't know the implications (they just want to secure DNS).

DNSCurve is much easier to implement than DNSSEC and and also advantages in term of cryptography speed and increase of traffic.

Comment Use DNSCurve (Score 5, Interesting) 91

by dermoth666 (#26967697) Attached to: Working Around Slow US Gov. On DNS Security

DNSSEC rely on having a central "trusted" authority to sign all the dns keys. Not even speaking about the inherent security issues with this model, that means that everyone will depend on a single authority for name resolutions (sure Network Solutions loves this)

DNSCurve is a much better solution in that it offers a trust system without the need of a central authority. The key is embedded in the DNS name server (NS) hostnames which are always returned by the upper level name server.

See http://dnscurve.org/index.html

Comment Re:Second on the drive thing (Score 2, Informative) 835

by dermoth666 (#26585967) Attached to: How To Diagnose a Suddenly Slow Windows Computer?

'nice' does not affect IO, only process scheduling.

The CFQ scheduler have IO classes with priorities that can be set with 'ionice'. Be sure to use a recent kernel though, I've seen nasty bugs in 2.5.25.

Depending on the typical load type even the IDLE class might be worse than the Deadline or Anticipatory schedulers (they do not support classes even if you can set them) so testing is the key, though for desktops CFQ+ionice should be best in most cases.

Comment Re:Short and long answers? (Score 1) 503

by dermoth666 (#26542995) Attached to: Can a Small Business Migrate Smoothly To OpenOffice.org v3?

The problem is often not compatibility within the same company, but supporting clients and partners that never heard of OOo.

This means that when you send out a document in MS format from OOo, you need to be assured that the other party will see it properly with Office, and you shouldn't spend too much time fixing up documents you receive in MS format.

Slashdot Top Deals

Nothing happens.

Close