Alpha830RulZ writes: I'd like to get the wisdom of the community for a good, economic way to do large volume backups. We are looking at establishing a data storage service for an offering of ours. The load characteristics are, daily inserts, very low volume of updates, and eventual large size of the database(s), with a total of ultimately some small number of terabytes of data. The DB's will likely be separate for each customer. The DB in question could be Oracle, Postgres, or SQL Server.
We're planning on doing backups from a dump of the database on a daily basis to a second system which will just be a disk farm, and then backing up that second disk farm to media of some sort. The size of the backup is such that tape speed will be a constraint, and deity forbid we ever have to restore. The vendors I have talked to all have the same answer: buy our gear, which requires a drive that will cost as much as the server we're planning on backing up.
As I am looking at the hardware costs for this second box, I have to ask the question, why don't we just buy multiple sets of removable hard disks, and swap out the disks for backup? It looks like I can buy sets of drives for less than I would pay for high end tape equipment, and this would greatly improve our recovery time if we ever need to use it. I'd set up the disk farm with a root disk to run the box, and then install the drives as a raid 5 set. The backup would consist of initializing the drives, and then saving the dumps to the drives. At the end of a week, we'd roll a set of drives offsite, and reinstall the oldest set. The insert volume is such that we will archive the daily update files, and in a restore situation we'd install the backup, and then reapply the daily files needed to bring us up to date.
Does anyone use this type of solution? What would make this untenable as a solution? I can see that we'd want to get some protective storage to shield the drives from shock, but that doesn't seem too onerous. However, I am feeling a bit cautious about this approach, as I don't hear of others doing it. What am I missing (please be gentle)?
Alpha830RulZ writes: According to a story in the Seattle PI today, http://seattlepi.nwsource.com/national/1152ap_airport_security.html, investigators were successful in getting components for so called liquid explosives past airport security in 19 different airports in the US. This raises the interesting question, since airport security is demonstrably porous to the motivated and educated person, and yet we have had no explosions on planes, does this not indicate that we are chasing terrorists that aren't there?
This will no doubt cause a hue and cry to develop to tighten security further("Sir, will you please remove your trousers and place your hands on this table?"), I think it actually demonstrates the opposite. Airport security is simply expensive theatre, which serves our government in keeping us concerned. If 19 airports are able to be circumvented, and yet no planes have dropped out of the sky, a reasonable conclusion might be that there are relatively few attempts being made to blow up such planes.
Alpha830RulZ writes: "A couple of us at work are pretty sure that we have at least one compromised machine inside our firewall. We get a lot of SPAM that has contiguous email addresses from our company address book, and they have shown up in enough ways that it looks like some user's machine has been pretty well read over. This is happening repeatedly enough, and new employee's addresses are showing up, so I am concerned that we have some botted machines. We run current Symantec AV, corporate version, on all machines.
Everything I read about the Storm Worm and similar just scares the piss out of me. Is there any way for a normal sysadmin type to detected a Storm botted machine? We are familiar with the likes of rootkit revealer, and when we have had suspicions about a particular box, we run that, Kaspersky, Symantec, and Bitdefender. We haven't found anything definitive, but we have found:
— one machine that prevents Kaspersky from being installed on it. The install hangs on an access violation of a directory newly created by the Kaspersky installer during the install. Symantec, Rootkit Revealer, and Bitdefender find nothing on this machine.
— one machine that has entries deep in the user's temp directories which can't be deleted. These were found by Rootkit Revealer, but we haven't been able to remove them.
We've got the machines segregated for now, and are wondering what we can do to get a handle on this. Help me, my geek brethren."