Posts by KHobbits 10 publicly visible posts • joined 17 Jul 2009
Google have released their smearing ntp servers to the public, for people who don't want to deal with 61 seconds our repeated seconds.
Their blog has a nice write up of the problem and why they solved it that way.
https://cloudplatform.googleblog.com/2016/11/making-every-leap-second-count-with-our-new-public-NTP-servers.html
No matter what sort of solution you decide to go with, you are throwing your trust behind a vendor, that could be the guys that make your tape drive, or the guys who are providing you with offsite hosting.
Amazon has a fairly decent track record, so I'm fairly happy to trust them with my data.
AWS has a rather decent level of security. If you want to have a web application interact with the AWS API you set it up with just enough IAM permissions to do the task it needs to do. You can bake these credentials into the app, or into a server, or even a set of credentials for each app per server.
You should never need to write your console credentials in any script or server location. Each console account can be fine tuned in privileges. I for example have granted my development team with access to view all my servers, ssh to them with the key attached to their account, but they can only use sudo and deploy to the development stacks.
The developers have read only access to the s3 object storage, but not access to delete, and don't have any access to the AMI's or ability to manage databases what so ever.
Me and my boss both have our own admin console credentials, protected via 2 factor auth, with the root credentials secured in the same manner.
This is all standard, and recommended behaviour for any AWS account. Anyone that isn't doing this is ignoring recommended practices, and if you would be stupid not to if you are hosting anything worth protecting.
They could use double hashing, for example:
sha1 ( sha1(Password) + salt )
If they did it this way, they could upgrade the old database by just taking the current hash, adding a salt, and rehashing.
That said, using a single static salt on a database the size of linked in, wouldn't really be sufficient for my piece of mind.
Linode has some really decent hosting. When I signed up to Linode originally, they didn't have the London DC, so I did a bit of chatting to people on their IRC help channel (currently over 400 users).
After spending a few minutes talking with the happy customers in there, and doing a few speed tests to pull from some of the offered test files, I found Newark data centre offered fast enough speeds to Europe for my purposes. And infact if you were looking to host websites with a global audience I'd still recommend Newark.
Few perks:
Really nice web interface, you can roll out a really nice selection of premade images of distro's ready to go, and manage thinks like DNS from on panel.
Full root access, and running on XEN software, so you don't get silly shared burstable ram, and can do anything you want to the box.
More help than you could ask for, their 'linode library' has guides to set up a huge range of services, their customer support is fast, and has a huge community online with helpful souls.
Because the main version is pay to play most people gloss over the GPL version of virtualmin, but its a great tool. As mentioned above webmin has the ability to give selected powers to individual users, the virtualmin extension, expands this to include all the tools a user would need to handle web hosting, such as mail/mysql/apache details for a domain or subdomain, even the ability (if you allow it to create sub users and sub domains). It's a full blown alternative to cPanel. There is also an install script available which completely rolls out and configures everything a shared hosting server would need (although I recommend a little bit of time spent tightening the security).
Although it isn't as popular as some email services, gmail is pretty damn popular. Not only is gmail popular with users itself, my own website, my ISP (Sky) and my university have all moved to gmail powered systems. The system has such good spam filter (with built in reporting), I get spam through to my inbox less than once a month and I don't think I've ever noticed a valid email get marked as spam (I occasionally check the spam bin every 3 weeks or so) At the moment, gmail blocks around 900 spam emails a month from my inbox.
If gmail can do such a good job, there doesn't really need to be anything left on the client end. Just so you know, gmail supports email forwarding, pop3, imap, over 7gb space and can collect email from other pop services.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
