RT Alec - Slashdot User

Comment Using it now for my home "superserver" (Score 1) 235

by RT Alec on Thursday November 26, 2009 @03:31PM (#30239068) Attached to: FreeBSD 8.0 Released

PF + AltQ, a ZFS raidz array, and booting from a CF card. Excellent job, kudos to the FreeBSD team!

Comment Re:SSH as root (Score 1) 391

by RT Alec on Tuesday October 06, 2009 @10:33PM (#29665709) Attached to: Sloppy Linux Admins Enable Slow Brute-Force Attacks

I find it hard to believe that the folks whining (I'm sorry, "bitching") about sudo usage are sysadmins on servers, and certainly not servers that are depended on by others. This policy is a good idea on any system that you can access remotely (thus making it a "server"). Running an internet connected server like a five year old is selfish and it should not be a surprise that it is discouraged.

Presumably when doing system operations, you will do as little as root as possible. Therefore sudo is not much of an inconvenience. Yes, you could prepend a destructive command with sudo, but you would have to be twice as stupid.

If remote root logins are disabled, then you cannot (remotely) guess the root password.

Comment Re:SSH as root (Score 1) 391

by RT Alec on Tuesday October 06, 2009 @10:19PM (#29665625) Attached to: Sloppy Linux Admins Enable Slow Brute-Force Attacks

I read your post as:

"I am so good, and so careful, I would never, ever make a mistake as root."

Good luck to you on production servers, and may your employer and clients have mercy on your soul.

Look, admit it: running commands as root is a convenience for you, and you are willing to make the obvious tradeoff in stability and security. But don't imply that others are as gifted as you are in avoiding simple mistakes that are catastrophic as root.

Comment SSH as root (Score 1) 391

by RT Alec on Monday October 05, 2009 @01:35AM (#29641057) Attached to: Sloppy Linux Admins Enable Slow Brute-Force Attacks

This touches on another point, that is being "root" at any time other than sysinstall. FreeBSD has never (by default) allowed root logins via SSH, and I will always contend that is a "good thing". If you access a system via SSH, it is a server. If you are on a shell session on a server, you should NEVER be root-- that's what sudo is for.

If you whine about this, you are indeed a poor sysadmin. It reminds me of my friend who habitually texts while driving. "But I have never been in an accident," he says. How selfish, putting his convenience above the safety of those around him.

Comment Tunnel SOCKS through SSH? (Score 3, Interesting) 118

by RT Alec on Thursday March 05, 2009 @10:59AM (#27077101) Attached to: The Best Way Through the Great Firewall of China

I found that when a client of mine connected via SSH to a well connected server (Equinix/Ashburn), they could use the SOCKS setting in Firefox (connecting to localhost since that's what their SSH client listened to) to tunnel all of their traffic with no problem. Note: this was a Mac, up to date as of last year when we tried this.

Sure enough, one day the tunneling stopped working! We changed the port used by SSH to 443, and it worked just fine after that.

Comment Re:Need to factor in motherboard and RAM prices to (Score 2, Interesting) 115

by RT Alec on Tuesday December 16, 2008 @11:53AM (#26133171) Attached to: Intel Quad-Core Price and Performance Showdown

I'd like to see how the systems (CPU/RAM/MB etc) perform with a 64 bit OS with a simulated workload. How about:

FreeBSD 7 (AMD64)
MySQL 5.1.30
Apache 2.2 (worker MPM)
PHP 5.2.8 (or HTML::Mason)

What is the responsiveness of the system under load? Openssl speed? bonnie++?

Slashdot Top Deals