amuck-landowner

Search results

  1. D

    Beast5.com - Wide range of Fully managed dedicated servers - Arbor Anti-DDoS PRO

    Just a question, do you have permission from Cisco to use their logo on your web page? If so, can you provide the written permission from [email protected]
  2. D

    Higher %wa value on OpenVZ server

    Sounds like a process is writing lots of data to disk. SATA disks do not support disconnected writes, which can create high I/O wait times.  Probably a misconfigured MySQL with stupid innodb buffer settings.
  3. D

    Differences between common transfer methods?

    Always use SFTP/SCP. If you can, use a CPU optimized cipher like arcfour or blowfish for speed, ie:  scp -o Cipher=arcfour ...
  4. D

    Any experience with playing video games off an external USB drive?

    Make sure you disable c1e in the bios, because it does funky things to the clock signals, causing a noticable drop in bus speed, especially USB and SATA controllers. 
  5. D

    Any experience with playing video games off an external USB drive?

    USB is not good for concurrent reads/writes because of the high latency, just remember the USB controller lives off somewhere in PCI space, behind the 'NB' (or whatever it's called these days) On some test products I have here, USB 3.0 gives ~30MB/s or so, but that's with one direction (reads)...
  6. D

    What could be the cause for auditd to use almost 400% CPU?

    strace the process, or attach gdb to it and see what it's doing
  7. D

    VPS Benchmark Testing is Useless. Creating better benchmarking tests.

    Same tasks again is futile, since some/most things will be in VFS cache after the first iteration. This is why when you remount a filesystem your VFS cache layer is cleared. All and all, Benchmarking VPS containers is silly, you need to do the host node, as I've said before, the containers do...
  8. D

    Raid Card

    LSI MegaRaid. Get the advanced license for the firmware, and a BBU (so you can use writeback caching). 
  9. D

    How you handle DDOS Customer

    Remove the customer. Offering DDOS services attracts the people who will cost you money in the long run. 
  10. D

    OpenSSL insecure and has been for two years.

    There is more defective code. You should see the results of coverity prevent against the openssl tree, quite a few theoretical null derefs, no bounds checking on some things, others. They decided to avoid calling free() because of the slowdown it would cause, so they cached it. You can view...
  11. D

    DD Script

    The only way to know is from the host node itself, not from the containers; that information is not exposed to the containers (since they run in ring3) The good thing about VPS is the translation layer for block I/O is cached, so you'll always get decent write speed (and latency) compared to...
  12. D

    DD Script

    Running benchmarks within any Virtualized environments is futile. You will never receive consistent results because of emulation (timers, interrupts), non direct access to hardware, CPU cache thrashing because of the excessive amounts of context switching, emulated instructions, etc. No matter...
  13. D

    DD Script

    Where does the inaccuracy come from?  - Gettimeofday, on Linux, is setup with a shared page designed to cache/not perform a full read from hardware (depending on how good your timesources are), which makes it less expensive to call. It's not going to be completely accurate this way, either...
  14. D

    DD Script

    This is one of the most useless 'scripts' I have ever seen in my 20 years of being around the IT field.  ioping is equally useless on Linux because of the shared page (vsyscall) between userland and the kernel, which will not give you accurate results. Not only that, context switching is...
  15. D

    Running haveged to enhance your system entropy

    IIRC haveged uses AES/AVX instructions on the CPU to seed the random number generator. The old method is slow because it has to use a very expensive ioport() to talk to the ISA bus, which takes a long time. Also, running this on non ring0 hardware is silly because of privilege instruction...
  16. D

    Ebury Root Kit

    This isn't new.  There are more versions floating around that avoid detection by not sending udp traffic over port 53 if IF_PROMISC is active. I've counted at least 9 versions, all of them behave differently. The more important issue is 'how' it's getting installed.
  17. D

    14 Zettabytes!

    Sounds like you have inode corruption.  Reboot into single user mode and fsck your partitions.
  18. D

    VPS's .. The dangers of doing business with idiots

    Personal ethics and liability, really. I did not want to work on a server that was hacked (or use this server for development). After voicing my concerns, they were quickly shunned. I was hired to write a module, not do security for them. (And I wouldn't do security for them anyways)
  19. D

    VPS's .. The dangers of doing business with idiots

    How about some common sense for starters.  I would not trust anyone who doesn't have a dedicated 'security team' [sic] or at least someone with a clue. Having low level tech support reinstall the OS on hacked boxes is pretty pathetic, since the intrusion point is not known. Tracking down HOW is...
  20. D

    VPS's .. The dangers of doing business with idiots

    Exactly. These people that run these so-called VPS companies scare me to death by not being more paranoid about security. I've had things hacked before, due to 0 day exploits (wayyy back in the 90s, qpopper was a big target), solution was to reformat and reinstall. But we have the Microsoft...
Top
amuck-landowner