Archive for August, 2009
August 31, 2009 at 04:40 · Filed under Personal
Just wanted to post some thoughts on UNR 9.10 -
Most of the netbooks utilize the Intel i915 based video cards and have HORRID performance under the latest xorg drivers. 9.10 fixes this and allows for UXA acceleration and was my main reason for skipping over 9.04 UNR. The image installs quickly and provides for the basic web based programs. The EXT4 (I use it on all my desktop/laptop now) allows for quick boots and shutdowns on the MSI Wind I have. A few points on 9.10 UNR:
- The interface shows some tearing without compiz. Due to a bug right now in 9.10 compiz is disabled, so hopefully it will be fixed
- Wireless drivers in 9.10 are being massively overhauled and the WPA2 function on 802.11n are iffy right now. I swapped a BCM4300 and RT8190 and both had issues with WPA2 making the netbook a little useless for me at this time
- Skype and Pidgin go full screen. UNR is designed to be mostly one application at a time. If you have used Moblin you are familiar with the shortcoming
- Evolution is included and a little heavy for the netbook. With that said I installed sun-java5 and was able to utilize the MAPI portions of Evolution with my work exchange server. All on 1024×600 sized screen
I would say in varying degrees of usefulness it would be Moblin –> UNR –> Full Distro. I love Moblin, but a lack of Fedora yum compatible repos leaves me wanting for OpenOffice and others. Full distro takes too much time and customizing to get GNOME to fit, while UNR is right in between. I love the fact that I can still do sudo apt-get install aircrack-ng and be one step away from UNR to WEP/WPA hacker :)
August 29, 2009 at 14:55 · Filed under Personal
A great post from W. Mark Brooks asks when did Information Security become IT Security? The point is very much in line with my triangle theory, that security is the pinnacle of IT and requires mastering the lower levels first. Though to counter the ITS vs IS argument I posted that IA is the more appropriate name. Post below:
I prefer the military nomenclature of Information Assurance. I have carried it over to the commercial world and make sure all my security types carry that title now. I like the definition and what it means:
Assurance – a positive declaration intended to give confidence; a promise
My teams positively declare with confidence that the information of our systems is assured. It carries some weight and responsibility on their parts.
August 28, 2009 at 14:51 · Filed under Personal
Wanted to share a quick “how does it work” about PGP WDE for Mac.
http://www.pgp.com/mac/
This is the only solution that does pre-boot and true WDE for the Mac. The software is 189 for a yearly license or 239 for perpetual. The software itself is very “apple-ish” with great wizards and walk through for those not familiar with key based authentication and encryption. Some of the features are:
- WDE for Intel based Mac running 10.4/10.5, no SL due to the 64bit kernel from the debug trace on my Mac Pro :)
- Encryption integrates with Apple Mail or Entourage through scripts for PGP authentication on messages
- Integrates into iChat for encrypted chat – HORRIBLE compared to OTR and Adium IMO
- Encrypted ZIP – not winzip compatible
- Encrypted virtual volumes – think truecrypt
- Secure Wipe – Secure Empty Trash on a Mac doesn’t comply with NISPOM standards last time I checked. They include a Finder integrated tool that works against those standards. Much quicker too than secure erase on standard macs.
Now for QA:
- Why did you buy it?
- 2 main reasons are work and security. FileVault is a great tool, but due to the sparse volume approach it shares some technical limitations and issues that I am not willing to accept. Let alone the bugs that refuse to allow default settings within the OS saved for 10.5. In addition with WDE I can perform time machine backups to my WDE firewire drive for total protection
- What is the performance hit?
- Once the drive is encrypted it is little to no impact. If you have done cryptfs in Linux, the impact is about the same. Compared to the windows Boeing image the performance is phenomenal. Notice though I said once it was encrypted. My MacBook Pro with a 500GiB drive is still going. Screenshot attached to share my sadness at the speed.
- How well does it integrate?
- Very nicely! There is a little icon bar that sits up top near the airport indicator informing you of messages encryption and other status. It is not GROWL integrate (NIH) so that is a little annoying, but the interface overall feels like a full mac product
- Would you buy again?
- Since WinMagic STILL has not put SecureDoc out for Mac or Linux this is your only choice right now. I am a little peeved that the product is not FIPS 140-2lvl2 in this day and age, but the encryption suffices. I will say that having used both PGP and SecureDoc, PGP is what I would give to Mom for use.
- What about Bootcamp?
- Nope – bootcamp does not work with this product. I know that on the MacPro it wiped out my dual boot gentoo build in one swoop. That was using the EFI based boot (rEFIt), so I am not sure what PBA system they are using. Use Vmware or VirtualBox :)
August 14, 2009 at 03:01 · Filed under Personal
I posted this to ServerFault.com today. Folks loose site of requirements and systems engineering and it drives me batty. Here was my response to the guys question about redundancy and RAID/COOP/etc.
——–
Every design and architecture should be requirements driven. Good systems engineering calls for defining the constraints of the design and implementing a solution that meets that. If you have a SLA with your customers that calls for a .99999, then your solution of N+N redundancy should account for all those LRU (line replaceable units) that could fail. RAID, PS, and COOP planning should all account for that. In addition your SLA with vendors should be the 4 hour response time type or account for a large number of spares onsite.
Availability (Ao from here out) is that study. If you are doing all these things because it seems like the right thing to do then you are wasting your time and your customers money. If pressed, everyone would desire 5×9’s, but few can afford this. Have an honest discussion about the availability of the data and system in the perspective of cost.
The questions and answers posed thus far do not take into account the requirements. The chain assumes that N+N redundancy with hardware and policies is the key. Rather, I would say let the requirements from your customers and SLA drive the design. Maybe your mom’s flat and your old laptop will suffice.
Us geeks sometimes go looking for a problem just so we can implement a cool solution.
