487000+ entries in 0.293s
decimation: asciilifeform: did you notice
that
ti now sells msp430 with 'fram'?
decimation: there's an obvious
tension between "we sell you cheap enterprise servers" and "we only support xeon"
decimation: yeah but you can't go
to dell,hp, and order a crate of arm boxes (to my knowledge)
decimation: asciilifeform: supposedly
there are moves
to stuff
thousands of little arm servers in a rack
assbot: Logged on 25-04-2015 21:39:55;
trinque: what I'd love
to see someday is a DC with no virtualization, just
tinier boxes
decimation: and
then route packets
through aws just for spam protection
decimation: actually I wonder how many folks use an old dell/hp server hosted at home on
their cable modem
decimation: although in
terms of raw compute power/watt
they can suck
ben_vulpes: <ben_vulpes>
there's nothing more undervalued right now
than cheap old servers << okay fixd
decimation: as opposed
to a 1u server you slip into
the rack
decimation: usually with power, bus, network, etc supplied as part of
the 'crate'
☟︎ decimation: typically
the word 'blade' is used for a computer
that's mounted vertically in
the rack, in some kind of proprietary container
ben_vulpes: you people keep mistaking me for someone who knows what he's doing or
talking about
decimation: are you
talking about a server
that fits in 1u or 2u?
ben_vulpes: usually i bolt
them on directly, but i'm a barbarian and haven't actually derped much with physical servers.
decimation: ben_vulpes: how do you mount your blades
to
the rack?
Naphex: trinque: have you any protection in place for
the payment data and
the orders?
menahem: ben_vulpes ill give
that a go next
time.
Naphex: trinque: how do you keep
the payment data secure?
ben_vulpes: Naphex: he runs a payment processor and web fast food order
taker/relayer
to fast fooderies
menahem: ben_vulpes
totally. didnt know how
to approach
that.
ben_vulpes: menahem: blockquotes on your blog with
the email formatting is a pita
to read
decimation: I'm not against putting
things on bare metal, just
that blades lock you into a generally shitty 'blade-crate' vendor
trinque: Naphex: consider
that your gut reactions may be poorly
tuned
trinque: decimation: yeah,
the idea would be
to replace
tiny VMs I
think
decimation: blades suck ass, but you can probably buy
them from junk dealers for cheap
Naphex: and really, i hate
the way
they look
Naphex: ben_vulpes:
the button
ben_vulpes: what -- specifically -- hurts about
the parens, naphex?
ben_vulpes: wow i've never heard
that argument made in
the wild
Naphex: cause it shit, and
the paranthesis suck
ben_vulpes: there's nothing more undervalued right now
than cheap old blades.
☟︎☟︎ ben_vulpes: <williamdunne>
trinque: Oh like a stack of rPis in a server enclosure? << just start buying cheap old blades and racking
them.
Naphex: what's wrong with
them?
Naphex: decimation: yeah, you can do a lot of stuff. depending on far you want
to go
ben_vulpes: <asciilifeform> ... prevention of fits-in-head << can vouch for
the pita of
this in clojure
Naphex: keep your stuff safe. i
try
to
decimation: Naphex: can you sign your name under
the resulting machine code - all of it -
that will 'filter' and 'app'
the crap coming from your socket?
Naphex: anyway. words ain't much
to me and I ain't one
to duke it out on irc for random bullshit
Naphex: anyway, what i was saying is you
take steps 'secure' or
tape your stuff always, and you don't feed raw data
to your apps if you can filter
the input beforehand.
☟︎ Naphex: trinque: is it
the word secuire
thats
the problem, s/secure/replace/ ?
decimation: no analysis of security can begin without identifying exactly what one wishes
to keep secret, and from whom
trinque: if we're
talking about how best
to patch
the raft we're riding in, sure,
tape
the
thing and hope for
the best
trinque: if you cannot fit it in your head, you are a liar if you point
to it and say you know it
to be secure
trinque: (notwithstanding
that I don't see how ipsec protects some JRE app)
trinque: Naphex: it
takes some humility
to be able
to see
that while you may be able
to reason about ipsec in
the abstract, neither you nor anyone else can
take
the current computing stack and fit it in his head
Naphex: so maybe you setup, ipsec.. or something
to keep
that channel encrypted.
williamdunne: Naphex: Isn't
the general idea
that you use end-to-end encryption not hub and spoke encryption
Naphex: trinque: and you might want
the data
transfered between
them, you know encrypted
Naphex: trinque: if you have servers, and
they are linked
together maybe you're using a DC Switch
trinque: Naphex: you'd have
to give me a coherent explanation of what you
think an encrypted LAN is before I could possibly
tell you what I
think about it.
Naphex: trinque: lol, you
think encrypted lans are 'enterprise'
trinque: "I don't want
to read
that much; can you
tweet me about secure?"
Naphex: or protect yourself, any
techniques?
Naphex: do you do anything
to prevent?
Naphex: asciilifeform: i do work, explain me in
tehnical
terms
Naphex: preach me
the 'secure' way please
Naphex: asciilifeform: how do you defend from 0days? on
the stuff you host?
Naphex: wtf are you
talking about really?
Naphex: well i have no clue what you're saying is
too complex
trinque: I'm not going
to copy and paste
the last 20 lines of logs for you
trinque: the situation
there is
too complex for you or any other fool
to be able
to claim with certainty
that it's secure
trinque: so atop your shit
tower of an incomprehensible computing stack and a further incomprehensible virtual computing stack you what?
trinque: Naphex:
there's a difference between knowing of
things and knowing
them comprehensively
Naphex: asciilifeform:
the languasge and jre are pretty fine. when it comes
to enterprise stacks and j2ee it goes all around
Naphex: asciilifeform:
there won't be any 0days in
the basic stuff.
There are rarely buffers in
the stack. And everything is accounted for. NIO/events/the
threads etc are all safe and you don't give raw user input
to
them