Comments for Aaron Toponce https://pthree.org Linux. GNU. Freedom. Sun, 17 Sep 2017 02:25:05 +0000 hourly 1 https://wordpress.org/?v=4.9-alpha-41386 Comment on Colorful Passphrases by Carlos Melero https://pthree.org/2017/09/15/colorful-passphrases/#comment-271962 Sun, 17 Sep 2017 02:25:05 +0000 https://pthree.org/?p=4872#comment-271962 Hi! I'm the author of UnicornPass, thank you for mentioning my extension!

Time to update my local copy of your generator 😛 I wonder if it will help me remember new passwords

]]>
Comment on Encrypted Mutt IMAP/SMTP Passwords by Chris Hilton https://pthree.org/2012/01/07/encrypted-mutt-imap-smtp-passwords/#comment-271885 Fri, 08 Sep 2017 15:34:07 +0000 http://pthree.org/?p=2183#comment-271885 Oops, that should have read:
cat <<EOF | gpg -r my_gpg_id -e -
set imap_pass="my_password"
set smtp_pass="my_password"
EOF

]]>
Comment on Encrypted Mutt IMAP/SMTP Passwords by Chris Hilton https://pthree.org/2012/01/07/encrypted-mutt-imap-smtp-passwords/#comment-271884 Fri, 08 Sep 2017 15:32:38 +0000 http://pthree.org/?p=2183#comment-271884 This keeps your password out of the filesystem:

cat <<EOF | gpg -r -e -
set imap_pass=""
set smtp_pass=""
EOF

Have a good day!

]]>
Comment on Analysis of RIPEMD-160 by Maxim https://pthree.org/2014/05/02/analysis-of-ripemd-160/#comment-271863 Tue, 05 Sep 2017 18:14:28 +0000 https://pthree.org/?p=3629#comment-271863 SHA-1 is broken... ))

]]>
Comment on ZFS Administration, Appendix C- Why You Should Use ECC RAM by Klaus https://pthree.org/2013/12/10/zfs-administration-appendix-c-why-you-should-use-ecc-ram/#comment-271767 Mon, 28 Aug 2017 16:21:18 +0000 https://pthree.org/?p=3352#comment-271767 @Daryl: The first DDR4 modules on the market had ECC. Non-ECC-DDR4-RAM appeared later on the market. That probably explains the (false) rumor that "DDR4 has better error handling than DDR3". Plus, there are numerous articles on the web which "prove" the increased reliability of DDR4-RAM (with ECC) by comparing it to DDR3-RAM...without ECC. Yep. Very funny.

I do not yet know how DDR4 compares to DDR3 regarding reliability. However, we do know that DDR3 was more reliable than DDR2-RAM. The Google report to which the article refers showed high error rates in DDR2-RAM. Note that at this time Google also did not replace RAM which began to show correctable errors - no wonder you see higher error rates when you decide to keep your failing RAM in use. Also note that Google used non-standard memory modules which were, according to the specs, incompatible with the mainboards (they worked in real life, of course, but possibly less reliably than standard modules).

Back to DDR4: DDR4-RAM can *optionally* have a "Write CRC" feature which can detect errors occurring on the bus when data is written to the RAM (the host could then retry the data transmission). However, this optional feature will, AFAIK, not be present on non-ECC-DDR4-RAM.

]]>
Comment on The Sheer Size of IPV6 by Fanyit https://pthree.org/2009/03/08/the-sheer-size-of-ipv6/#comment-271679 Wed, 23 Aug 2017 07:27:19 +0000 http://pthree.org/?p=973#comment-271679 ipv6 addresses are much better ip adress then ipv4

]]>
Comment on ZFS Administration, Part II- RAIDZ by xaoc https://pthree.org/2012/12/05/zfs-administration-part-ii-raidz/#comment-271668 Tue, 22 Aug 2017 09:04:19 +0000 http://pthree.org/?p=2590#comment-271668 I have strange situation and can't explain it . I will appreciate your comment on bellow setup:
zpool list
NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT
test_3x3s 327T 1.11M 327T - 0% 0% 1.00x ONLINE -
dmadm@s1349014530:~$ sudo zpool status
pool: test_3x3s
state: ONLINE
scan: none requested
config:

NAME STATE READ WRITE CKSUM
test_3x3s ONLINE 0 0 0
raidz3-0 ONLINE 0 0 0
sdc ONLINE 0 0 0
sdd ONLINE 0 0 0
sde ONLINE 0 0 0
sdf ONLINE 0 0 0
sdg ONLINE 0 0 0
sdh ONLINE 0 0 0
sdi ONLINE 0 0 0
sdj ONLINE 0 0 0
sdk ONLINE 0 0 0
sdl ONLINE 0 0 0
sdm ONLINE 0 0 0
sdn ONLINE 0 0 0
raidz3-1 ONLINE 0 0 0
sdo ONLINE 0 0 0
sdp ONLINE 0 0 0
sdq ONLINE 0 0 0
sdr ONLINE 0 0 0
sds ONLINE 0 0 0
sdt ONLINE 0 0 0
sdu ONLINE 0 0 0
sdv ONLINE 0 0 0
sdw ONLINE 0 0 0
sdx ONLINE 0 0 0
sdy ONLINE 0 0 0
sdz ONLINE 0 0 0
raidz3-2 ONLINE 0 0 0
sdaa ONLINE 0 0 0
sdab ONLINE 0 0 0
sdac ONLINE 0 0 0
sdad ONLINE 0 0 0
sdae ONLINE 0 0 0
sdaf ONLINE 0 0 0
sdag ONLINE 0 0 0
sdah ONLINE 0 0 0
sdai ONLINE 0 0 0
sdaj ONLINE 0 0 0
sdak ONLINE 0 0 0
sdal ONLINE 0 0 0

errors: No known data errors
df -h
Filesystem Size Used Avail Use% Mounted on
udev 189G 0 189G 0% /dev
tmpfs 38G 850M 37G 3% /run
/dev/md0 103G 1.9G 96G 2% /
tmpfs 189G 0 189G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 189G 0 189G 0% /sys/fs/cgroup
tmpfs 38G 0 38G 0% /run/user/1002
test_3x3s 231T 256K 231T 1% /test_3x3s
##########################################################################################################
zpool list
NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT
test_3x3s 326T 1.11M 326T - 0% 0% 1.00x ONLINE -
dmadm@s1349014530:~$ df -h
Filesystem Size Used Avail Use% Mounted on
udev 189G 0 189G 0% /dev
tmpfs 38G 858M 37G 3% /run
/dev/md0 103G 1.9G 96G 2% /
tmpfs 189G 0 189G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 189G 0 189G 0% /sys/fs/cgroup
tmpfs 38G 0 38G 0% /run/user/1002
test_3x3s 230T 256K 230T 1% /test_3x3s
zpool status
pool: test_3x3s
state: ONLINE
scan: none requested
config:

NAME STATE READ WRITE CKSUM
test_3x3s ONLINE 0 0 0
raidz3-0 ONLINE 0 0 0
sdc ONLINE 0 0 0
sdd ONLINE 0 0 0
sde ONLINE 0 0 0
sdf ONLINE 0 0 0
sdg ONLINE 0 0 0
sdh ONLINE 0 0 0
sdi ONLINE 0 0 0
sdj ONLINE 0 0 0
sdk ONLINE 0 0 0
sdl ONLINE 0 0 0
sdm ONLINE 0 0 0
sdn ONLINE 0 0 0
sdo ONLINE 0 0 0
sdp ONLINE 0 0 0
sdq ONLINE 0 0 0
sdr ONLINE 0 0 0
sds ONLINE 0 0 0
sdt ONLINE 0 0 0
raidz3-1 ONLINE 0 0 0
sdu ONLINE 0 0 0
sdv ONLINE 0 0 0
sdw ONLINE 0 0 0
sdx ONLINE 0 0 0
sdy ONLINE 0 0 0
sdz ONLINE 0 0 0
sdaa ONLINE 0 0 0
sdab ONLINE 0 0 0
sdac ONLINE 0 0 0
sdad ONLINE 0 0 0
sdae ONLINE 0 0 0
sdaf ONLINE 0 0 0
sdag ONLINE 0 0 0
sdah ONLINE 0 0 0
sdai ONLINE 0 0 0
sdaj ONLINE 0 0 0
sdak ONLINE 0 0 0
sdal ONLINE 0 0 0

In few words ... If I undesrtand it correctly:
2 VDEVs RAIDZ3 should use 6 disks for parity (3 for each VDEV)
3 VDEVs RAIDZ3 should use 9 disks for parity (3 for each VDEV)
And it is logical to have less usable space with 3 VDEVs compared with 2 VDEVs, but practicaly it seems that with 2 VDEVs configuration I have less usable space?

]]>
Comment on Hardware RNG Through an rtl-sdr Dongle by Christoffer https://pthree.org/2015/06/16/hardware-rng-through-an-rtl-sdr-dongle/#comment-271443 Wed, 09 Aug 2017 09:55:14 +0000 https://pthree.org/?p=4093#comment-271443 Thank you for this!

]]>
Comment on ZFS Administration, Part IV- The Adjustable Replacement Cache by asmo https://pthree.org/2012/12/07/zfs-administration-part-iv-the-adjustable-replacement-cache/#comment-271429 Mon, 07 Aug 2017 23:09:04 +0000 http://pthree.org/?p=2659#comment-271429 Supposed that there are two zpools on one machine, will there be two separate ARC in memory or will the ARC cache data from both pools?

]]>
Comment on Password Attacks, Part I - The Brute Force Attack by Mac McMeans https://pthree.org/2013/04/16/password-attacks-part-i-the-brute-force-attack/#comment-271167 Thu, 20 Jul 2017 13:31:06 +0000 http://pthree.org/?p=3038#comment-271167 Aaron, you use the term "search space" to describe the number calculated by:
95 * 95 * 95 * 95 * 95 * 95 * 95 * 95 = 95^8 = 6,634,204,312,890,625 passwords

I understand that to be "keyspace," the set of all possible permutations at a given length: 95^8. Whereas "search space" would be the total number of all possible permutations up to and including the given length: 95^1 + 95^2 + 95^3 + 95^4 + 95^5 + 95^6 + 95^7 + 95^8.

Please forgive my ignorance, and correct my understanding if I'm wrong.

]]>
Comment on Install ZFS on Debian GNU/Linux by CROW KNOWS https://pthree.org/2012/04/17/install-zfs-on-debian-gnulinux/#comment-271114 Mon, 17 Jul 2017 18:47:17 +0000 http://pthree.org/?p=2357#comment-271114 Many thanks for the outstanding ZFS write-up (it's still relevant in 2017)!

]]>
Comment on The Kidekin TRNG Hardware Random Number Generator by Vitalie Ciubotaru https://pthree.org/2015/06/20/the-kidekin-trng-hardware-random-number-generator/#comment-271011 Tue, 11 Jul 2017 16:41:24 +0000 https://pthree.org/?p=4117#comment-271011 Oops, I was wrong. Please disregard my previous comment.

]]>
Comment on The Kidekin TRNG Hardware Random Number Generator by Vitalie Ciubotaru https://pthree.org/2015/06/20/the-kidekin-trng-hardware-random-number-generator/#comment-271010 Tue, 11 Jul 2017 16:39:10 +0000 https://pthree.org/?p=4117#comment-271010 I guess, in this command

$ dd if=white.bmp of=entropy.kidekin bs=1 count=54 conv=notrunc

'if' and 'of' parameters need to be swapped.

]]>
Comment on Playing Card Ciphers by Pierre https://pthree.org/2014/09/15/playing-card-ciphers/#comment-270947 Thu, 06 Jul 2017 18:19:54 +0000 https://pthree.org/?p=3888#comment-270947 hello,

on the The Card-Chameleon Cipher page, in the greyed box, some examples tell that 25/26 red cards are the expected ones and so, 1/26 is not.

I may be dumb but how can only *one* card be wrong ?

]]>
Comment on ZFS Administration, Part X- Creating Filesystems by AS https://pthree.org/2012/12/17/zfs-administration-part-x-creating-filesystems/#comment-270867 Sat, 01 Jul 2017 14:13:27 +0000 http://pthree.org/?p=2849#comment-270867 Hello, I'd like to use ZFS for my desktop / workstation box.

I is there a way to tell ZFS where to place a dataset on the disks in a pool? AFAIK reading and writing is faster on the outer parts than on inner parts of a disk.

There is a tool that arranges files in a sequential order so that data is accessed "in a row". That speeds up the boot process or other scenarios like starting X loading the binaries, fonts, desktop theme, icons….
There is a tool that does this but it only works for EXT* file systems. It's named e4rat http://e4rat.sourceforge.net/ . Years ago I used a tool on windows which did both.

I am almost sure that both is possible with ZFS. Am I wrong?
Is there anything speaking against positioning a DS on the disks and making ZFS store data in a sequential order?

]]>
Comment on ZFS Administration, Part I- VDEVs by asmo https://pthree.org/2012/12/04/zfs-administration-part-i-vdevs/#comment-270819 Mon, 26 Jun 2017 23:27:07 +0000 http://pthree.org/?p=2584#comment-270819 Will a hot spare replace a SSD in a cache-VDEV as well? If so, how do I tell ZFS to use the hot spare only for disks in the "payload-VDEV"? These are named "tank" and "pool" above. Thanks in advance!

]]>
Comment on ZFS Administration, Part VIII- Zpool Best Practices and Caveats by Martin Zuther https://pthree.org/2012/12/13/zfs-administration-part-viii-zpool-best-practices-and-caveats/#comment-270805 Sun, 25 Jun 2017 21:45:39 +0000 http://pthree.org/?p=2782#comment-270805 Hi Aron,

thanks for the great ZFS tutorial! I do have a question though. Where does the following recommendation come from?

"Do not mix disk sizes [...] in a single VDEV. In fact, do not mix disk sizes [...] in your storage pool at all."

You can find it all over the net, but there seems to be no one who ever explains it or points to the ZFS documentation. I'd like to exchange a 2 TB disk for a 3 TB one in a two-mirrored-disk setting (utilising the "autoexpand" property) if that matters.

Martin

]]>
Comment on ZFS Administration, Appendix D- The True Cost Of Deduplication by asmo https://pthree.org/2013/12/18/zfs-administration-appendix-d-the-true-cost-of-deduplication/#comment-270727 Wed, 21 Jun 2017 20:03:09 +0000 https://pthree.org/?p=3365#comment-270727 Why is there such a big difference in "Determining RAM Needs" between "Counting Blocks" and "Rule of the Thumb"?

In the first example the ARC of a 2TB zpool should have an ARC size of 160GB RAM - that's 80GB per terabyte. As well that zpool occupies only 40% of the available space.
In the second example the 10TB zpool needs 200GB RAM - that's 20GB per terabyte. I guess this calculation based on the assumption that the pool contains ~40% payload data, isn't it?

So 80GB versus 20GB per terabyte - that's a difference of 4:1.

]]>
Comment on ZFS Administration, Part VIII- Zpool Best Practices and Caveats by asmo https://pthree.org/2012/12/13/zfs-administration-part-viii-zpool-best-practices-and-caveats/#comment-270717 Wed, 21 Jun 2017 17:18:33 +0000 http://pthree.org/?p=2782#comment-270717 @ pdwalker

I guess he ment that you can use /zpool when you created a pool without creating any datasets.

]]>
Comment on ZFS Administration, Appendix C- Why You Should Use ECC RAM by Daryl https://pthree.org/2013/12/10/zfs-administration-appendix-c-why-you-should-use-ecc-ram/#comment-270616 Fri, 16 Jun 2017 17:01:17 +0000 https://pthree.org/?p=3352#comment-270616 DDR4 supposedly improves error handling, with CRC checks and on-chip parity detection, over DDR3. How does this stack up in comparison with ECC?

]]>
Comment on ZFS Administration, Appendix B- Using USB Drives by Paranoin. Green Powe https://pthree.org/2013/05/09/zfs-administration-appendix-b-using-usb-drives/#comment-270365 Mon, 29 May 2017 18:44:41 +0000 http://pthree.org/?p=3129#comment-270365 You say if saves energy! I am not sure of that.

Some USB sticks consume a lot of power, like Sandisk USB 3 64GiB, after five minutes of written a full virtual disk image backup (more than 10Gigabytes) it is so hot you can not touch it or you get burn.

So moving the head is less power than power used by such USB stick.

Anonymous: How much power uses your old (>500) usb sticks plus hubs? I understand you to not buy a SSD (no one give such great speed yet), but can you pay so much electricity bill (speculating on power)?

I had measure power for such Sandisk with a device that is set in middle, it drains more than 20 watts when writting at full USB 3 (5gb/s) speed... ihave no USB 3.1 Gen 2 (10gp/s) ports

]]>
Comment on ZFS Administration, Appendix B- Using USB Drives by Anonymous https://pthree.org/2013/05/09/zfs-administration-appendix-b-using-usb-drives/#comment-270364 Mon, 29 May 2017 18:34:45 +0000 http://pthree.org/?p=3129#comment-270364 Are you using a USB 2.0 Hub on a USB 2.0 port?
What about using a USB 3 Hub on a USB 3 port? (and what about 3.0 versus 3.1 Gen2).

I mean, about using a lot of ols USB 2.0 Sticks on a HUB that is USB 3.x, would it pass beyond 40MB/s!

And what about IOPS (number of operations per second).

My tests (with EXT4) with more than five hundred old USB sticks give an impressive 9.5Gigabits/s.

]]>
Comment on Weechat Relay With Let's Encrypt Certificates by Gene Wood https://pthree.org/2016/05/20/weechat-relay-with-lets-encrypt-certificates/#comment-270181 Mon, 15 May 2017 22:41:25 +0000 https://pthree.org/?p=4658#comment-270181 Here's my workaround for the moment. Every 3 months I :

* Connect to my detached screen session running weechat
* Run "/relay sslcertkey"

This reloads the cert and then I can connect to the relay

]]>
Comment on Weechat Relay With Let's Encrypt Certificates by Gene Wood https://pthree.org/2016/05/20/weechat-relay-with-lets-encrypt-certificates/#comment-270179 Mon, 15 May 2017 22:36:37 +0000 https://pthree.org/?p=4658#comment-270179 Ya, same question. I'm using these instructions to use letsencrypt certs but the client doesn't notice when the cert is updated in relay.pem to know to reload it.

]]>
Comment on Password Attacks, Part I - The Brute Force Attack by Tom Li https://pthree.org/2013/04/16/password-attacks-part-i-the-brute-force-attack/#comment-270157 Sat, 13 May 2017 09:15:45 +0000 http://pthree.org/?p=3038#comment-270157 A strong encryption depends on:

1. Large keyspace (keysize).
e.g. 128-bit or 256-bit.

2. The encryption should be able to actually provide such keyspace, shortcuts are not allowed.
e.g. AES (best cryptanalysis reduced 128-bit AES to 126-bit but still good enough), or TwoFish

3. The chosen encryption key should have as much entropy as the keysize.
e.g. 123456 for 256-bit AES is almost 0-bit encryption, not a 256-bit encryption at all.

However, in the real world, a passphrase instead of a random key is often used (e.g. full disk encryption), because humans are not able to memorize long random bytes.

So, in my understanding, no matter what type of key-derivation algorithm, or hash algorithm you use, to slowdown the brute-force attack, even if you can make it impossible, a 128-bit full disk encryption, protected by a passphrase with 70-bit of entropy, is ultimately still 70-bit encryption, am I correct?

]]>
Comment on The Lagged Fibonacci Generator by Anonymous https://pthree.org/2015/05/29/the-lagged-fibonacci-generator/#comment-270150 Fri, 12 May 2017 10:26:03 +0000 https://pthree.org/?p=4061#comment-270150 sir could you tell me the working of lagged fibonacci generator

]]>
Comment on ZFS Administration, Part XII- Snapshots and Clones by Simone Baglioni https://pthree.org/2012/12/19/zfs-administration-part-xii-snapshots-and-clones/#comment-270096 Thu, 04 May 2017 14:49:32 +0000 http://pthree.org/?p=2900#comment-270096 Hi, excellent work. I always go back to this pages about ZFS. I think there's a typo here: " The clone does not need to reside in the same dataset as the clone, but it does need to reside in the same storage pool."... one of the two "clone" should be "snapshot".

]]>
Comment on Ubuntu Vs. Fedora Artwork by chris read https://pthree.org/2009/02/05/ubuntu-vs-fedora-artwork/#comment-269934 Wed, 12 Apr 2017 06:26:09 +0000 http://pthree.org/?p=904#comment-269934 ubuntu is an open source software platform that runs from the cloud, to the smartphone, to all your things.it's doing a great work till now.Thanks for sharing.

]]>
Comment on ZFS Administration, Part XVI- Getting and Setting Properties by Mike Holden https://pthree.org/2013/01/02/zfs-administration-part-xvi-getting-and-setting-properties/#comment-269879 Thu, 06 Apr 2017 03:35:48 +0000 http://pthree.org/?p=2950#comment-269879 Hi Aaron, love these references. Just starting with zfs, and this is the best guide by a mile!

Just to note that the groupquota item in the list above references userquota in the notes. Copy&paste error no doubt!

]]>
Comment on ZFS Administration, Part VIII- Zpool Best Practices and Caveats by c0x https://pthree.org/2012/12/13/zfs-administration-part-viii-zpool-best-practices-and-caveats/#comment-269782 Mon, 27 Mar 2017 04:59:45 +0000 http://pthree.org/?p=2782#comment-269782 ~# zpool list
NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT
storage 31,9T 18,1T 13,8T - 16% 56% 1.00x ONLINE -
zds 14,2T 6,85T 7,40T - 27% 48% 1.00x ONLINE -
ftp 7,16T 5,66T 1,49T - 33% 79% 1.00x ONLINE -

how to defrag this?

]]>
Comment on Linux Kernel CSPRNG Performance by Helmut https://pthree.org/2016/03/08/linux-kernel-csprng-performance/#comment-269635 Sun, 12 Mar 2017 15:46:06 +0000 https://pthree.org/?p=4606#comment-269635 Hello

Since the kernel version 4.7, the CSPRNG is now based on the encryption algorithm Chacha20. Since then, the CSPNRG has been significantly faster. Even on my rather old hardware, good 10GB via dd can be written in less than a minute. This is even faster than using /dev/zero, or gpg/openssl without aes-ni.

]]>
Comment on ZFS Administration, Part II- RAIDZ by TMS https://pthree.org/2012/12/05/zfs-administration-part-ii-raidz/#comment-269559 Sun, 05 Mar 2017 17:47:10 +0000 http://pthree.org/?p=2590#comment-269559 Very nice article, but you are incorrect wehn you say mirror is ALWAYS faster. No it isn't. For sequential reads Raidz is faster. Same with writes. IOPS are always faster on a mirror.

]]>
Comment on Automating Debian/Ubuntu Installs With Preseed by Tibco Online Training https://pthree.org/2008/05/20/automating-debianubuntu-installs-with-preseed/#comment-269505 Mon, 27 Feb 2017 18:58:50 +0000 http://pthree.org/?p=583#comment-269505 Thank you for such amazing post.. Really informative.. We are MindboxTrainings where we provide Tibco Online Training , Devops Online Training and more....

]]>
Comment on Digest Algorithms in Google Spreadsheets by August Detlefsen https://pthree.org/2016/02/26/digest-algorithms-in-google-spreadsheets/#comment-269479 Fri, 24 Feb 2017 08:36:50 +0000 https://pthree.org/?p=4576#comment-269479 Thanks for this! I was able to use these hashing functions to create the unique inputs needed to force my own custom functions to update when the underlying data changes. Check it out:

https://www.codemagi.com/blog/post/265

]]>
Comment on ZFS Administration, Part I- VDEVs by Renjith https://pthree.org/2012/12/04/zfs-administration-part-i-vdevs/#comment-269448 Tue, 21 Feb 2017 18:17:55 +0000 http://pthree.org/?p=2584#comment-269448 What makes more sense for a protected & performing 30TB POOL with reasonable expansion capability.

3x3TB ZFS1 vdevs X 6
OR
6x3TB ZFS2 vdevs X 3

]]>
Comment on ZFS Administration, Part XIV- ZVOLS by Anonimous https://pthree.org/2012/12/21/zfs-administration-part-xiv-zvols/#comment-269438 Mon, 20 Feb 2017 15:26:23 +0000 http://pthree.org/?p=2933#comment-269438 Just as a point, not to cause any discussion.

I had seen some apps that refuse to work is there is no swap area defined (some als refuse to even start, no swap error message shown, etc).

I had seen some apps that causes swap area to be used among there is plenty free ram at the same time (they are not so common, thanks who know why, etc); by the way, how an app can force data go to swap when there is free ram ata same time?

But the worst case is when you can not add more ram to your motherboard (when i personally by motherboards i also buy the top most ram they can support), some motherboards (quite old, or not so much) only allows 2GiB of RAM (talking about PC, not laptops, etc).

And there is also the other part counting, what if adding RAM is multiply the cost of the entire PC by four or five times? Example: A laptop with touch screen that can be turned (TabletPC) with 3GiB of ram, with a max of 4GiB said by vendor, but having some people tested it with 8GiB and with 16GiB (really max, there are no bigger ram than 8GiB and it only has two modules), now the costs, the 4GiB module (2x4GiB=8GiB) cost arround 300 euros each (the tablet cost 300 euros with 3GiB of ram), so putting 8GiB is making the tabletPC cost the triple, but the 8GiB module (2x8GiB=16GiB) cost more than one thusand euros each, both arround 2500 euros, so cost would be more than eight times the cost of the tabletpc... and much much more than a new computer.

Sometimes adding more ram is not an option, some can not hold more than 2GiB, others is too much expensive.

So could you explain a little how ZFS would go in a system with 2GiB RAM and 4GiB on SWAP with only one disk (laptop) of 500GiB? Understanding no dedup is being used, of course; and the top most important point: how to configure it to not be a pain in terms of speed!

I mean: Ext4 is great (i had no loose i had noticed), but i can not trust it for silent file changes... i do not mind if HDD breaks, i have OffLine backUPs...

I better explain it a little: If i use Ext4 for BackUPs on external media, silent changes can occur, if i use ZFS they will be detected (at leas most of them); since i use 3 to 7 external HDDs, only one powered at same time because i am a really paranoid on loosing my data (tutorials maid by me), all with Ext4, i can suffer from silent corruption (never seen it yet, but not impossible), ZFS would be great to detect them if they occur.

Till i can use ZFS i may think my method to avoid silent corruption is great, i use 7-Zip to compress LZMA2 one directory or file, then i put such 7z file on one external disk, then unplug it, then on another, ... up to 7 disks... 7-Zip has an internal checksum, but how can i be sure all 7 copies had not have a silent corruption ata the same time? so i can not recover data from inside 7z files (all copies are bad)... to avoid at most that, i check 7z integrity prior to copy it on the 7 external disks... but it does not warranty at all co corruption can occur.

If i just can put ZFS on each of that 7 external DISKs i would have another level of trust.

By the way... a lot of times the Ext4 has been powered of (freeze) at brute force... but i am really lucky, i never lost anything, neither seen any of such silent changes... but i am paranoid, they can happen, so better to be safe.

Resuming: How would you configure ZFS for rootfs (i do not like to create partitions for /home, etc, since i am so paranoid i make periodically full clones of all system on external media) for a laptop (only one hdd) with only 2GiB (3GiB at most) of RAM, with 500GiB HDD, but only 64GiB for rootfa and 64GiB for data partition, the rest is used by other OSs... better is you can explain it for SolidXK distro, thanks; thinking of having a similar response as having a Ext4 over a LUKs over a LUKs over a LUKs over a logical partition (i hate primary partitions)... and of course, having encryption enabled (better if ZFS encryption with cascade of TwoFish and Serpent algoriths, since i collaborate on coding the break of AES-128 up to AES-8192).

Thanks in advance for any help, and also thanks for your great turorial i am reading with pleasure.

]]>
Comment on ZFS Administration, Part XIV- ZVOLS by Mael Strom https://pthree.org/2012/12/21/zfs-administration-part-xiv-zvols/#comment-269306 Tue, 07 Feb 2017 08:20:35 +0000 http://pthree.org/?p=2933#comment-269306 It maybe necroposting, but it can make a difference...

2Ekkehard: in your case you need to use sparse zvols ( -s key) and enable iscsi export to acts like ssd, with rpm=1 and unmap=on, and use windows 8 or above (XP, Vista and 7 are unable to send unmap command through iscsi). So just used (or touched by snapshot) blocks will be keep, others will discard.

]]>
Comment on Manual Authenticated File Encryption With OpenSSL by v6ak https://pthree.org/2016/02/27/manual-authenticated-file-encryption-with-openssl/#comment-269294 Sun, 05 Feb 2017 19:44:12 +0000 https://pthree.org/?p=4582#comment-269294 This is NOT so simple. When verifying MAC, it is desirable not to provide any side channel. Usual string comparison methods stop when they find first difference, so they provide a timing side channel.

Do you have any countermeasure against this? I know none in Bash, except some hacky solutions like comparing hashes, for example:

salt=$(head -c16 /dev/urandom | base64)
[ "$(sha256sum <<< "$salt$expected_mac")" == "$(sha256sum <<< "$salt$actual_mac")" ]

This hack makes the side channel randomized, so attacker should not be able to find any correlation to differences between MACs from the information leaked from timing. I know, it is crazy and it is easy to misuse it. (Reusing the salt makes reasoning about security harder – it might be secure, but I recommend against this. Hashing concatenated values is also problematic in some other cases.) But it is the best I was able to create quickly in Bash.

Also note that your solution is not suitable for many multiuser systems, where other users would be able to recover the key from /proc.

]]>
Comment on Your GnuPG Private Key by John Lane https://pthree.org/2015/11/19/your-gnupg-private-key/#comment-269229 Sat, 28 Jan 2017 16:41:35 +0000 https://pthree.org/?p=4416#comment-269229 Concur with Glenn. You can read my discussion on the mailing list here:

https://lists.gnupg.org/pipermail/gnupg-users/2017-January/057506.html

and also a summary on Stack Exchange here:

http://security.stackexchange.com/a/149371/107494

But, to summarise, Werner confirmed that it is not possible to configure
the encryption of the secret key: "Right now the agent always uses AES
and S2K paremeters which require on the running machine about 100ms for
decryption."

]]>
Comment on ZFS Administration, Part II- RAIDZ by gsalerni https://pthree.org/2012/12/05/zfs-administration-part-ii-raidz/#comment-269076 Fri, 13 Jan 2017 18:08:49 +0000 http://pthree.org/?p=2590#comment-269076 re. Alvins post (9) about trying to assemble a raidZ pool made up of 1tb vdevs which were in turn a variety of single disks, mirrors and stripes. Although you can't nest vdevs (other than disks and files) - could he not use madam to construct the various 1tb metadisks using md mirrors and stripes as required and then create a zfs raidz out of those? I imagine that wouldn't perform great but would it work? zfs wouldn't care that the raw disks were in fact meta disks would it?

]]>
Comment on ZFS Administration, Part VI- Scrub and Resilver by Colbyu https://pthree.org/2012/12/11/zfs-administration-part-vi-scrub-and-resilver/#comment-268931 Fri, 30 Dec 2016 22:00:16 +0000 http://pthree.org/?p=2630#comment-268931 I would actually recommend, when creating the pool, to add the diskd by /dev/disk/by-id rather than using the sd_ node because that id will then be used as the disk name in the zpool status view. The id typically contains the disc's serial number, so you will see immediately which disk is bad. It's also considered generally a good practice, less ambiguous, and can alleviate an issue that can occur when importing the array on a new system.

]]>
Comment on How To Properly Create And Burn CD/DVD ISO Images From The Command Line by njorl https://pthree.org/2011/09/26/how-to-properly-create-and-burn-cddvd-iso-images-from-the-command-line/#comment-268863 Thu, 22 Dec 2016 17:57:48 +0000 http://pthree.org/?p=2067#comment-268863 ISO Image Capture (including bad disc recovery)

Problem Disc:
xorriso -outdev /dev/sr0 -check_media use=outdev sector_map="$HOME"/cdrom_sector_map data_to="$HOME"/cdrom_copy.iso abort_file="$HOME"/cdrom_copy_abort --

Decent Disc (cmd trimmed down from above):
xorriso -outdev /dev/sr0 -check_media use=outdev data_to="$HOME"/cdrom_copy.iso

Source: http://unix.stackexchange.com/a/311519 (or http://unix.stackexchange.com/questions/311365/how-to-copy-cdrom-to-iso-in-debian-8-x)

]]>
Comment on Convert Text To Base-64 By Hand by Vlad https://pthree.org/2011/04/06/convert-text-to-base-64-by-hand/#comment-268826 Thu, 15 Dec 2016 01:26:18 +0000 http://pthree.org/?p=1862#comment-268826 very nice explanation,thank you man

]]>
Comment on ZFS Administration, Part VIII- Zpool Best Practices and Caveats by Brian Lachat https://pthree.org/2012/12/13/zfs-administration-part-viii-zpool-best-practices-and-caveats/#comment-268750 Mon, 12 Dec 2016 02:17:48 +0000 http://pthree.org/?p=2782#comment-268750 First, Thanks so much for such a great write up. You state "Email reports of the storage pool health weekly for redundant arrays, and bi-weekly for non-redundant arrays." Perhaps I overlooked it but I don't see where It states how I can automate this. Would you please elaborate.

Thanks,
Brian

]]>
Comment on Adblockers Aren't Part Of The Problem- People Are by Slavko https://pthree.org/2016/11/30/adblockers-arent-part-of-the-problem-people-are/#comment-268457 Fri, 02 Dec 2016 14:22:27 +0000 https://pthree.org/?p=4766#comment-268457 Thanks for nice summarization of the history. Yes, some people think, that i have computer, monitor and browser only to i can see their adds... But they forget, that it is my computer and only i have to decide what will be displayed/used and what will not.

]]>
Comment on Setting Up A Global Tor Proxy on Android with Orbot by Azmin https://pthree.org/2015/08/27/setting-up-a-global-tor-proxy-on-android-with-orbot/#comment-268222 Mon, 28 Nov 2016 10:15:53 +0000 https://pthree.org/?p=4283#comment-268222 Tor is connected. When click to browse after connection orfox is not showing congratulations message neither showing anything else. Just buffering for 25%and stop there. Does that mean orbot not configured properly? Help me .

]]>
Comment on ZFS Administration, Part XVI- Getting and Setting Properties by Kal https://pthree.org/2013/01/02/zfs-administration-part-xvi-getting-and-setting-properties/#comment-267868 Wed, 23 Nov 2016 02:56:38 +0000 http://pthree.org/?p=2950#comment-267868 I have a few questions regarding the sharenfs property and the zfs share/unshare commands.

Under the explanation for the sharenfs property, you write:
Debian and Ubuntu require a valid export in the /etc/exports file before the daemon will start.

Is that still true?

What's considered *valid*? For instance, if I have a dataset tank/foo, do I need to create an export rule for /tank/foo in /etc/exports, with export options matching the sharenfs property (rw, no_root_squash, etc)?

What happens if the export options don't match between /etc/exports and the sharenfs property?

What's so special about ZFS that they included the sharenfs property and share/unshare commands? Why not let people manage the sharing of the dataset just like any other file system?

]]>
Comment on Playing Card Ciphers by Kanika Mathur https://pthree.org/2014/09/15/playing-card-ciphers/#comment-267807 Mon, 21 Nov 2016 11:00:42 +0000 https://pthree.org/?p=3888#comment-267807 I think we got them as a present but if you put Invisible Playing Cards into Google they come up. Check out our website for latest design playing cards we have updated new cards in our website.
http://www.jmdcards.com/

]]>
Comment on Tor and the CloudFlare Problem by Pwn thee https://pthree.org/2016/04/17/tor-and-the-cloudflare-problem/#comment-267559 Tue, 15 Nov 2016 21:57:19 +0000 https://pthree.org/?p=4625#comment-267559 The Tor Project replied to that piece from Cloudflare in their blog,

https://blog.torproject.org/blog/trouble-cloudflare

To be fair, there's nothing unreasonable there.

]]>
Comment on Weechat Relay With Let's Encrypt Certificates by Chris Hills https://pthree.org/2016/05/20/weechat-relay-with-lets-encrypt-certificates/#comment-267019 Fri, 28 Oct 2016 09:46:51 +0000 https://pthree.org/?p=4658#comment-267019 How do you signal to weechat to reload the ssl cert automatically?

]]>