Backups & Server Hardware | TechSNAP 6

Backups & Server Hardware | TechSNAP 6

Every six hours the NSA collects as much data that exists in the entire lib of congress and we have a few practical notes on how a system like that could even function.

We follow up on Dropbox, and what looks like the FTC is getting involved with their recent snafus.

Plus we answer a big batch of your emails, and our backup tips for home, small business, and the enterprise!

Please send in more questions so we can continue doing the Q&A section every week! techsnap@jupiterbroadcasting.com


Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:

[ad#shownotes]

Show Notes:

Topic: NSA collects data on a massive scale

NSA Gathers 4x the Amount of Info than the Library of Congress, Daily

  • NSA gathers data at an incredible rate, equivalent to the entire content of the US Library of Congress every 6 hours.
  • The Library of congress contains nearly 150,000,000 catalogued entries.
  • The Library of congress ‘American Memory’ site contains tens of petabytes of public domain images and audio/video recordings.
  • The NSA has the ability to apply for patents under a gag-order, if and only if another entity tries to patent the same process, do the NSA patents become public. NSA patents never expire.
  • http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN%2F6947978 – the NSA patented the geo-location by pinging a series of routers technique we discussed a few weeks ago during the iPhone GPS story.


Topic: new US Internet censorship bill, the ‘PROTECT IP’ Act

Revised ‘Net censorship bill requires search engines to block sites, too
http://arstechnica.com/tech-policy/news/2011/04/google-private-web-censorship-lawsuits-would-create-trolls.ars

  • Law is in part about attacking foreign sites that US law enforcement currently cannot target
  • Proposes to require search engines to remove results for sites as the request of not only the government, but also of rights holders. Have we not seen enough false positives and trolling via the DMCA?
  • rights holders would not have to seek government assistance to have sites censored, but could seek court orders directly against payment processors and advertising networks (but not ISPs or search engines)
  • actively encourages search engines and other sites to take action without any sort of court order
  • Act will protect ad networks and payment processors from being sued by the customers they spurn if they “voluntarily cease doing business with infringing websites, outside of any court ordered action”. The definition of infringing is left up to the rights holder.

Book recommendation: The Master Switch (Audio Book / Audible Sign up)


Topic: Lieing about security for a competitive edge

http://www.wired.com/threatlevel/2011/05/dropbox-ftc/
http://www.wired.com/images_blogs/threatlevel/2011/05/dropbox-ftc-complaint-final.pdf

  • A complaint has been filed with the Federal Trade Commission claiming that Dropbox engaged in Deceptive Trade Practices by claiming to securely store your data when they in fact do not store it according to industry best practices.
  • It is the belief of the complainant that the security claims made by dropbox gave them a competitive advantage over other services, specifically, users might have chosen a more secure service if they were aware of the problems with dropbox
  • At issue is a specific claim from the dropbox website that has since been retracted when it was discovered that it was false. “All files stored on Dropbox servers are encrypted (AES-256) an are inaccessible without your account password.”
  • Because Dropbox uses only a single AES-256 key, rather than a separate one for each user, employees and others at Dropbox may access your files at any time without your password. The Dropbox page has been updated to reflect the fact that Dropbox will turn over your files if requested by law enforcement or possibly other parties.

Topic: Q&A

Q: (akito) What do data centers use for fire suppression now that Halon is frowned upon?
A: Some data centers still use Halon, however most have switched to using ‘clean agents’ such as FM-200 that are designed to remove the ‘heat’ from a fire. Unlike other agents, FM-200 does not leave an oily residue or otherwise degrade your equipment. Some systems use CO2 to displace the oxygen in the space and suppress the fire that way. Also 3M has developed a non-conductive fluid that can be used in place of Halon without damaging equipment.
http://solutions.3m.com/wps/portal/3M/en_US/Novec/Home/Product_Information/Fire_Protection/
http://www.youtube.com/watch?v=1iz4o3W6IJM

War Story: No means none, not even a little bit

(Allan) Interesting story from when I worked at Ontario Power Generation. There was a problem with one of the CRAC (Computer Room Air Conditioner) units in the on-site data center, and a refrigeration technician was dispatched. Before we let him into the server room we specifically told him that he must come to us before he started any kind of soldering or welding, as it would set off the fire suppression system, which thankfully no longer flooded the room with Halon, but still triggered an emergency shutdown of all electrical systems in the entire IT wing of the North Admin building. Basically, when a fire is detected by the system, the klaxon sounds and you have 30 seconds to silence the alarm before it is escalated, at which time the power is cut and Halon (if it had not been disabled) would be deployed. I was down the hall from the server room in one of the test labs, working on the windows NT4 to Win2000 migration. Out of nowhere, the fire alarm goes off; At first I was startled, then it clicked, the repairman had forgotten to warn us that he was going to begin soldering. I took off at a dead run towards the alarm panel, as I got closer I heard the alarm tone change, I only had 10 seconds left before the power to every server would be cut and the UPS system would be bypassed. We’d spend hours cleaning up the mess, and explaining what went wrong. Thankfully, I reached the panel in time, and jammed the big red silence button, saving the day.

Q: (DreamsVoid) I would like to backup my linux and windows computers to my linux server using rsync. How should I set this up
A: rsync has many advantages, specifically the way it can compute the delta between files and significantly reduce the amount of data that has to be transferred during a backup. However, rsync is not a good backup solution because it only creates a copy of the file, not a true backup. In a true backup system, you retain multiple versions of each file from different dates. Say for example a file is corrupted, if you do not notice this right away, during the next rsync, the ‘backup’ copy of the file will be replaced with the corrupted one, and you will have no recourse. If all of your computers are on a LAN, you don’t have any real worries about the amount of bandwidth you are using transferring the files, and a proper backup solution is best.

rsync for windows: http://itefix.no/cwrsync/
BackupPC – open source backup to disk: http://backuppc.sourceforge.net/
Bacula – high end open source network backup system: http://www.bacula.org

Q: (Nean) What are the differences between a server and a normal desktop computer?
A: Generally they are not all that different, but some servers have additional features and capabilities that are not necessary in a regular desktop. Typically, higher end servers have redundant power supplies, either because they need to draw more power than a single power supply can provide, but also to be able to continue operating in the event that one of the power supplies dies. Servers, and some high end desktops also have redundant disks, taking advantage of various RAID configurations to allow the server to continue operating even if one or more disks stop functioning. Servers typically have dedicated RAID controllers that support more exotic forms of RAID than your typical on-board controller found it high end desktops. Servers also tend to have remote management cards that allow an administrator to access the bios and even manipulate the keyboard/mouse remotely, instead of having to be local to the machine.

Download:

Question? Comments? Contact us here!