WSANDERS.NET

The Great Big Beautiful Wonderful Incredible Super Spectacular World of ZFS

Tuesday, August 26, 2008, 09:48 AM
Posted by wsanders

I almost feel professionally negligent for not doing this earlier (probably because we have limited storage and Solaris 10 resources at work), but after giving ZFS a spin, I'm hooked.

For example, setting up a mirrored filesystem with two disks is as simple as:

- zpool create nfspool mirror c4t5d0 c5t5d0
- zfs create nfspool/nfs4
- zfs set mountpoint=/nfs4 nfspool/nfs4

You now have a filesystem:

nfspool 286949376 24 286949220 1% /nfspool
nfspool/nfs4 286949376 24 286949220 1% /nfs4

Other mountpoints share this pool of space:

zfs create nfspool/mnt
zfs set mountpoint=/mnt nfspool/mnt

nfspool 286949376 24 286949220 1% /nfspool
nfspool/nfs4 286949376 24 286949220 1% /nfs4
nfspool/mnt 286949376 24 286949220 1% /mnt

You can grow, shrink, take snaphots, thin provision, etc, etc, all for "free".

I'm late to the party, so others have created lots of blog entries before me, you can search for them. I'm hooked.

[ view entry ] ( 4 views )

Old News: The 5 Best Kept Security Secrets

Sunday, August 24, 2008, 03:40 PM
Posted by wsanders

I am cleaning out the files and summarizing old clippings. Best practices never die, and they don't even fade away. From Nov 13, 200, Network World Article by Julie Bort, "The Best-Kept Security Secrets".

1. Most security holes hired experts find are well-known vulnerabilities with easily accessible patches. A lot has changed - you can send me ping of death packets all day long, and who runs telnet anymore?- but the 2008 update is that most common vulnerabilities are "social". Simply scamming credit card numbers from unsuspecting phishees is a multi-billion, worldwide business. Much less likely someone is going to decrypt your 1024 bit private key.

2. Contrary to common practice, scanning for vulnerabilities and patching holes is not good security. A tease in the original article, of course scanning for vulnerabilities and patching holes is not enough . Duh.

3. You can't find security breaches by looking for anomalies. 2008 summary: IDS sucks a lot less but still mostly just annoys users with false positives. This is improving as IDS gets better (slowly). Still, who cares about getting port scanned?

4. Hacker tools are essential for your arsenal. Yup. The more you know the better. Learn to code, for heaven's sake. Security "experts" who are really just script kiddies - well, I guess you have to start somewhere.

5. Key length is a near-meaningless measure of PKI. In 2000, 1024 bit RSA/Diffie-Hellman keys were just becoming the default. Now everybody has PKI, and a few even understand how it works. Your keys are going to get scammed (see #1) long before they get cracked.

One less clipping in the files ...

[ view entry ] ( 10 views )

Crap is Crap, but the New Crap is better than the Old Crap

Wednesday, August 20, 2008, 10:57 AM
Posted by wsanders

Amid the pompous pronouncements from the 2008 Edge Conference is this wonderful bit of common sense from Steward Brand:

Good Old Stuff Sucks

[ view entry ] ( 15 views )

Welcome to WSANDERS.NET

Tuesday, August 19, 2008, 03:08 PM
Posted by wsanders

I'm going to be blogging stuff here that is related to my work. Like my resume

Catch my feed for all the latest developments.

[ view entry ] ( 17 views )

| 1 |