Forgot your password?
typodupeerror

Comment: Re:Full disclosure takes a hit (Score 1) 156

by nenolod (#42438505) Attached to: EFnet Paralyzed By Vulnerability

He did not disclose it, the person who disclosed the vulnerability did so in a public space for development discussion on charybdis. Once it was out in the open, we quickly jumped into action to start mitigating it across all fronts including EFnet. The ratbox developers were notified at least an hour before the exploit was unleashed, with a patch to deploy and everything, so really we did everything we could possibly do to mitigate the possibility of fallout.

Once people started running the exploit on EFnet servers, there was not much we could do, other than get the ratbox devs and admins regrouped elsewhere to coordinate getting things patched. I would say that things mostly went down as well as could be expected given the situation...

Comment: Re:Stop writing things in C/C++ (Score 1) 156

by nenolod (#42437509) Attached to: EFnet Paralyzed By Vulnerability

The problem isn't performance as much as it is accessibility. Almost every UNIX system has a C/C++ toolchain installed, not so much with Lisp, Java or C#. Also, C and C++ are generally the lowest common denominator for contributors. Almost everyone knows a little bit about C, not so many people know about Lisp (which is a travesty in and of itself, but not my problem).

Comment: Re:C strings strike again! (Score 1, Interesting) 156

by nenolod (#42437301) Attached to: EFnet Paralyzed By Vulnerability

This was a NULL-pointer exception, not a buffer issue. But I do agree that it makes more sense to invest in building IRCd software which is written in string-safe and pointer-safe languages. Mozilla's rust language, for example looks promising for use in IRCd. The main thing is that we need a language which provides scalable data structures, as servicing IRC messages involves many data lookups.

However, it is easier for most people hacking on IRCd to just pick up a 2.8-derivative.

Comment: Re:EFnet is already paralyzed (Score 3, Informative) 156

by nenolod (#42437279) Attached to: EFnet Paralyzed By Vulnerability

There has been a lot of work in this area with a few projects now... Microsoft's IRCX, then IRCNEXT, IRCPLUS and now atheme.org's IRCv3. IRCv3 is becoming the defacto standard at this point, supplanting the traditional IRC protocol, as almost all vendors that are noteworthy have adopted support for revision 3.1 of the protocol already.

Both Atheme and Anope can be interacted with via RPC from scripts allowing for web integrations. Also, there are immersive web clients which provide a lot of useful metadata to clients.

Comment: Re:Actually (Score 4, Interesting) 163

by nenolod (#34528114) Attached to: Hosting Giants Teaming Against Small Businesses

Except they don't. Because it's impossible.

Bandwidth isn't something you can just oversell without consequence; if you have a massive overage from people actually using what they are paying for then you are probably out of business.

See, I think what happened here is that 100tb had a massive overage and found out that SimpleCDN was one of their big players and they are frantically trying to get the big guys off their bandwidth pool so that they can hedge against the overage while already having SimpleCDN's money. This would fit into my projections for the original business model of 10tb.com before they became 100tb. At least with 10tb there was some sign of it being at least somewhat realistic; with 100tb there is no way.

Or... let's think of it this way:

Say you buy a server from 100TB for $201.95/mo (baseline server with 100TB bandwidth). This works out to being ~303mbps 95% on a typical burst pattern (and likely much higher for streaming traffic!). The server probably costs $100/mo just to run, leaving $101.95 for bandwidth (in this example we're not making any profit mind you!).

This means that your ~303mbps 95% breaks down to $0.33/mbps.

Not even BANDCON can hit that price point and they go really, really low.

This business model does not make sense to me. There is very high risk and I see no way that they can hedge against overages if everyone actually opens up and uses all of their 100tb allotment. Maybe they are paying by GB instead of mbps but that makes no sense because then SoftLayer would be holding the bill and frankly I don't think they are that stupid.

So no, it's not possible to make up profit through volume on this when you keep in mind the risk you are hedging. It's just too much of a gamble for any sane business operator to even consider.

Comment: Re:Unfortunate But Wait... (Score 2) 163

by nenolod (#34528052) Attached to: Hosting Giants Teaming Against Small Businesses

UK2 also confirmed to us many times that their business model fully supports 100TBs of transfer, and SimpleCDN has been utilizing these servers for many months now without problem.

Why didn't you look at their business model directly? What you were getting would cost at least 5 times more directly from SoftLayer...

Comment: Re:Actually (Score 0) 163

by nenolod (#34528048) Attached to: Hosting Giants Teaming Against Small Businesses

You know, posting followups on every site where this is being discussed makes you look like less of a victim...

I would like to hear what ditlev has to say about this, as the numbers behind 100TB never made any sense to me as a business model... how can they make any money selling for $10000 what SoftLayer directly charges $50000 for?

Comment: Re:No, *avoid* DreamHost... (Score 1) 456

by nenolod (#31241678) Attached to: Things To Look For In a Web Hosting Company?

Hurricane Electric sucks and is down more than you think. I used to colocate there, and it was a total disaster. HE is a provider which does not have a reliable UPS system (although they tote pictures of car batteries on their web site), infact their ATS failed (caught fire, I have been told) last year on two different occasions... which lead us to leave.

I would suggest looking into a different provider if you are using HE for anything.

Security

+ - Security Flaw Hits VAserv - Head of LxLabs Hangs

Submitted by Keldrin_1
Keldrin_1 (1573003) writes "The discovery of 24 security vulnerabilities may have contributed to the death of the chief of LxLabs. A flaw in the companies HyperVM software allowed data on 100,000 sites, all hosted by VAserv, to be destroyed. The HyperVM solution is popular with cheap web hosting services and the attacks are easy to reproduce, which could lead to further incidents."

If entropy is increasing, where is it coming from?

Working...