sysadmin

"GlusterFS is used in environments where high performance, redundancy and reliability are of a premium. The best part is that it’s exceedingly easy to use GlusterFS is a file system that is designed to provide network storage that can be made redundant, fault-tolerant and scalable. It’s particularly well suited to applications that require high-performance access to large files. With GlusterFS, you can have enterprise- or scientific-research-grade storage up and running in minutes, but it wouldn’t be our first choice for the type of simple file sharing that Samba or NFS are usually used for." - imabonehead from Bookmarklet

"Following on from my previous post about setting up a highly available web server cluster, this post covers the next step, which is setting up a highly available file server cluster, after some research I’ve decided to use GlusterFS, GlusterFS is a an open source, distributed file system capable of scaling to several petabytes (actually, 72 brontobytes!) and handling thousands of clients. GlusterFS clusters together storage building blocks over Infiniband RDMA or TCP/IP interconnect, aggregating disk and memory resources and managing data in a single global namespace. GlusterFS is based on a stackable user space design and can deliver exceptional performance for diverse workloads." - imabonehead from Bookmarklet

"In this video from the Lustre User Group 2013 conference, Josh Judd from Warp Mechanics presents: Lustre & ZFS go to Hollywood." - imabonehead from Bookmarklet

"In this video from the 2013 Open Fabrics Developer Workshop, Rupert Dance from Software Forge presents: InfiniBand Fabric Administration for Linux." - imabonehead from Bookmarklet

"A rare picture from inside one of the Rackspace datacenters, this was used to promote their Cloud Block Storage service which is built on OpenStack (of which Rackspace is one of the core contributors behind Red Hat)." - imabonehead from Bookmarklet

"HTTP Strict Transport Security (often abbreviated as HSTS) is a security feature that lets a web site tell browsers that it should only be communicated with using HTTPS, instead of using HTTP. This tutorial will show you how to set up HSTS in Apache2, NGINX and Lighttpd. It is tested with all mentioned webservers, NGINX 1.1.19, Lighttpd 1.4.28 and Apache 2.2.22 on Ubuntu 12.04, Debian 6 & 7 and CentOS 6.It should work on other distro's however, these are just reference values." - imabonehead from Bookmarklet

"In this previous post, I deployed a test IIS Server and used a self signed SSL Certificate to encrypt the HTTP traffic. I am sure everyone have seen this page in Internet Explo" - imabonehead from Bookmarklet

"In this video from the 2013 Open Fabrics Developer Workshop, Doug Oucharek from Intel presents an Update on Lustre, OpenSFS, and FastForward InfiniBand." - imabonehead from Bookmarklet

"With encryption enabled, all the data written to a disk is inaccessible without the right credentials. The newest security features in the latest version of FreeNAS support full-disk encryption, meaning that the encryption is done at the disk level, below the ZFS filesystem. FreeNAS employs GELI, a block device-layer disk encryption subsystem written for FreeBSD, which makes it more efficient than any add-on encryption tools would be." - imabonehead from Bookmarklet

"If you're looking for Linux-based, hardware-agnostic storage software, check out Gluster, an open source project for creating a distributed filesystem. It provides fast performance, high availability, and horizontal scalability by spreading storage volumes over redundant cluster nodes. Here's how you can build a Gluster distributed storage system yourself. Gluster's storage is build up by what it calls bricks, which are exported directories allocated on the cluster nodes. Cluster nodes are united in trusted pools that together provide storage services and share disk resources." - imabonehead from Bookmarklet

"Well, almost everyone. If one just wants to backup a few files on random occasions then Bacula is not the software to use. But if one wants to run regular, scheduled backups to just about any type of storage media then Bacula will most definitely work." - imabonehead from Bookmarklet

"Bacula is an open source network based backup software, used to allow the System Administrators to manage backup, recovery and send the verification of data’s from any systems in any location across the network." - imabonehead from Bookmarklet

"Here's an approach on how you can eliminate the need to travel and still get the same work done. One advantage of this approach is that this approach does not require you to ship an appliance or device to the customer that must later be returned. Also, this doesn't only work for consulting shops but also for large companies with internal penetration testers who need to audit several sites." - imabonehead from Bookmarklet

"Looks like Kali Linux is a great success. Kali Linux is the successor to BackTrack, the much loved Linux Penetration Distro/ Operating System that is aimed at penetration testers and security professionals. Before we dive into our brief review – we thought it would be cool to give a brief history of how Kali Linux came to be." - imabonehead from Bookmarklet

"Sean Reifschneider does an introduction to Proxmox, the virtualization solution for Linux with DRBD replicated storage." - imabonehead from Bookmarklet

"As a system administrator, Linux security technician or system auditor, your responsibility can involve any combination of these: software patch management, malware scanning, file integrity checks, security audit, configuration error checking, etc. If there is an automatic vulnerability scanning tool, it can save you a lot of time checking up on common security issues. One such vulnerability scanner on Linux is lynis. This tool is actually supported on multiple platforms including CentOS, Debian, Fedora, FreeBSD, Mac OS and Ubuntu." - imabonehead from Bookmarklet

"The overall design and implementation process can be relatively simple or sophisticated depending upon the need of particular business or network system environment. The DMZ has proven to be more secure, flexible, scalable and robust offering multiple layers of guards for the security of the shielded network and machines. DMZ design now integrates the ability to use multiple products (both hardware and software based) on various platforms to achieve the mandatory level of protection." - imabonehead from Bookmarklet

The fuel-pm node definitely needs more than 512MB - looks like swapping causes timeouts in puppet. Bumping up to 1GB solved that problem. On to the next obstacle... - Kevin Johnson

I gave up getting Fuel up and running in my environment. Not enough RAM and my attempts to resolve other issues in the installation are taking too much time - impacting my job hunt. #fail - Kevin Johnson

"The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth). These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238." - imabonehead from Bookmarklet

"Intel is working to replace the traditional server rack with a more efficient architecture that separates CPU, storage, power, and networking resources into individual components that can be swapped out as needed." - imabonehead from Bookmarklet

"Power and cooling would be shared across CPUs, rather than having separate power supplies for each server. Server, memory, network, and storage resources would all be disaggregated and shared across the rack. Incredibly fast interconnects will be needed to prevent slowdowns because disaggregating components pushes them further apart, and Intel is thus building an interconnect that's capable of 100Gbps." - imabonehead

"One of Google’s custom servers from ~07-08, notice the 12v battery designed for redundancy should the main power supply fail. This server is 2U, has 2 CPU’s, 8 RAM Slots & 2 Hitachi Desktar SATA hard drives. Goes to show you can do things in a simple way, especially when you have thousands of these things all running in a DC." - imabonehead from Bookmarklet

Yep, when they told googlers to “think outside the box” it meant you could put some of the components outside the box ;) - Amit Patel

haha - imabonehead

"OpenFlow seems to be a "Gym Protocol" everyone talks about it; but not many folks actually do it. So what is it? Do you need it? It's a great idea to direct custom traffic flow, however, it's not a panacea for every network." - imabonehead from Bookmarklet

"On Linux systems, initialization (init) scripts manage the state of system services during system startup and shutdown. When the system goes through its runlevels, the System V init system starts and stops services as configured. While this tried-and-true technology has been around since the dawn of Unix, you can now create modern and efficient CentOS 6 init scripts by using Upstart, an event-based replacement for System V init. Until its latest release, CentOS used the System V init system by default. SysV init scripts are simple and reliable, and guarantee a certain order of starting and stopping." - imabonehead from Bookmarklet

"In the first episode of SecuraTip we learn how to extract files from a pcap using NetworkMiner. Additionally this episode also shows some of the other features of NetworkMiner, and the manual process of carving files from a pcap using Wireshark." - imabonehead from Bookmarklet

"What do the recent compromises of a number of LA Times websites and the blog of hard disk drive manufacturer Seagate have in common? According to several security researchers, all these sites are hosted on servers running Apache web server software, and have been compromised and equipped with module that is able to insert and rotate malicious iFrames on all pages of websites hosted on these servers." - imabonehead from Bookmarklet

"The iFrames in question usually redirect users to website hosting exploit kits (mostly Blackhole) and they often end up with malware on their computers. The information security community has know about Darkleech (as the malicious module is dubbed) for a while now. The first attacks using it have been spotted in August last year by the writers of the Unmask Parasites blog, and the module has been offered for sale on underground online markets for months." - imabonehead

"IEEE, the world's largest professional organization advancing technology for humanity, today announced the launch of an IEEE 802.3 standard for Ethernet study group to explore development of a 400Gb/s Ethernet standard to efficiently support ever-increasing, exponential network bandwidth growth." - imabonehead from Bookmarklet

/* The resilience of Ethernet and IP protocols is amazing; they scale from kilobit speeds to hundreds of GBps. */ - 9000