Language:
switch to room list switch to menu My folders
Go to page: First ... 65 66 67 68 [69] 70 71 72 73 ... Last
[#] Sun Jul 31 2011 00:32:23 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I would be *very* surprised if any PCI auditor didn't laugh in your face if you told them you were hosting a compliant application on EC2. Some of them won't even let you run multiple VM's on your own hardware if they are in different security zones.

OpenVZ isn't appropriate for all use cases. It's mosly being used for retail grade "virtual private server" offerings where margins are slim and they need to be able to pack as many containers onto a server as possible. It does that well. I ran it for a couple of years before I had VT-capable hardware; it allowed me to have dev/stage/prod on the same host without having to play silly games.

[#] Sun Jul 31 2011 11:19:22 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


There are multiple levels of PCI... EC2 is level 1.

[#] Sun Jul 31 2011 11:19:04 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Jul 31 2011 12:32am from IGnatius T Foobar @uncnsrd
I would be *very* surprised if any PCI auditor didn't laugh in your

Then you should be very surprised.

[#] Wed Aug 03 2011 21:23:17 EDT from Ford II @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

There are multiple levels of PCI... EC2 is level 1.

Really? Are you serious? They can back that up?
Actually, we're level 1 too, and we get away with quite a bit of bullshit.

For example: you're not allowed to reflect credit card numbers, right? The idea being, you don't store CC numbers (unless you do amazing things to protect them) so if you don't do that, you can't store them, you can only collect it on the webpage and send it through the payment gateway, never storing it on permanent storage. That's the legit way to do it.

But what about reflecting it from one http request back into the response? No permanent storage there, but you're reflecting.
You know what the auditor's response to that was? "That's kind of a grey area."

In some cases, it's not possible to have the payment page where you collect the CC number be the last thing that happens before you call the gateway with it and you have to persist knowledge of the CC number from one page to the next before going to the payment gateway.

you'd think something like that wouldn't be a grey area at this point. Yet we're level 1.

[#] Wed Aug 03 2011 21:19:49 EDT from Ford II @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I would be *very* surprised if any PCI auditor didn't laugh in your
face if you told them you were hosting a compliant application on EC2.


I'd be surprised if you could pass PCI compliance running your shit on ANY server in the cloud/at some vague puff of virtual machine hoster anywhere.
I mean you'd have to guarantee that the VM itself was rock solid, and who does that?

[#] Wed Aug 03 2011 22:03:22 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


A hypervisor is Secure Enough. It's got a way smaller attack surface area than the Linux kernel proper, and said attack surface area is buried deep underneath the guest kernel, which you would have to utterly subvert *before* you could even think about attacking the hypervisor.

Also, EC2 is not Xen anymore. It's a highly proprietary Xen fork and you can only obtain technical details of it under NDA. So, somehow, Amazon obtained certifiation for it.

[#] Thu Aug 04 2011 00:52:01 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

It's ...

... AMAXEN !!

Ok, with that bad sobriquet out of the way ... it turns out that not only are there multiple levels of PCI, but there are multiple areas of PCI. You can certify various serving systems, the datacenter itself, networks, etc. etc. etc. so it creates *lots* of grey areas to keep the expensive auditors employed.

There's also a lot of language about whether "cardholder data is shared with service providers" which, of course, no cloudynet is going to want to come anywhere near your cardholder data.

Level 1 is what -- less than 20 million transactions?

[#] Thu Aug 04 2011 01:14:43 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Heh. Evidently I'm not the only one who refuses to buy into the "make it suck moar plz" UX of Unity/GNOME3/KDE4/Windoze7/MacOS10.kittycat.whatever.

My Linux-using coworkers saw that I switched to Xfce and said "oh yeah, that's more like it" and made the switch too ...

...and it seems that Linus Torvalds is doing the exact same thing:

[ http://digitizor.com/2011/08/04/linus-torvalds-ditches-gnome-for-xfce/ ]

"I used to be upset when gnome developers decided it was "too complicated" for the user to remap some mouse buttons. In gnome3, the developers have apparently decided that it's "too complicated" to actually do real work on your desktop, and have decided to make it really annoying to do."

More than a decade ago when some people were waxing eloquent about Enlightenment (which is still around, actually) I had commented that it's great if the only purpose of your computer is to render a pretty desktop, but most of us actually want to run some applications. Now it seems that GNOME, KDE, Unity, Apple, and Microsoft have all caught up to Rasterman's dream of a world in which a computer desktop is 100% eye candy.

[#] Thu Aug 04 2011 07:56:58 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Do Aug 04 2011 01:14:43 EDT von IGnatius T Foobar @ Uncensored
More than a decade ago when some people were waxing eloquent about Enlightenment (which is still around, actually) I had commented that it's great if the only purpose of your computer is to render a pretty desktop, but most of us actually want to run some applications. Now it seems that GNOME, KDE, Unity, Apple, and Microsoft have all caught up to Rasterman's dream of a world in which a computer desktop is 100% eye candy.

Actualy Enlightment can be called "lightweight" these days, and is considered to be run on mobiles & tvs (bada ;-)



[#] Thu Aug 04 2011 08:48:03 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

There's also a lot of language about whether "cardholder data is
shared with service providers" which, of course, no cloudynet is going

to want to come anywhere near your cardholder data.

That refers to providers like Cybersource or WorldPay I presume. And of course you have to share it.

Best to send it out over the wire once, then use tokenization, and never store the card# on physical media ever.

[#] Thu Aug 04 2011 09:26:05 EDT from Ford II @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

The problem with this world shift towards mobile device interfaces on desktops is like all other big paradigm shifts.... that's how it's going to be.
They're not all going to say "uh oh, we made big mistake, let's put it back the way it was and try again."
With the exception of new coke, I don't think there's an example in the history of our country where somebody actually backpedaled on what appeared to be a new trend.
Facebook may be annoying, but it was new, it didn't replace something that was better.
But taking away something that people liked for something that people don'tlike is what really sucks, and nobody's got the balls to admit they made a mistake.

[#] Thu Aug 04 2011 09:27:26 EDT from Ford II @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

However. I'm actually a fan of this particular instace. I'm installing gnome 3 now in a VM so I can see what it's like.
When the iphone first came out, I realized that for most people, this is what the PC should have been 20 years ago. But that shouldn't deny the few tech people a power user style interface. And that's where they went wrong here. Taking away the good rather than making it an option.

[#] Thu Aug 04 2011 11:02:44 EDT from Ford II @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

well ain't that I riot.
So before I get to gnome 3 I thought I'd try unity. I install the latest ubuntu, and it finally restarts and says "you don't appear to have the hardware required to run unity, please select ubuntu classic when it starts up." or something like that.
So what happens when they ditch 'classic'? I'm just SOL?

[#] Thu Aug 04 2011 11:41:57 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


I seem to recall hearing that Unity uses desktop composition. Try enabling the 3D acceleration in e.g. VirtualBox and install their guest additions...

(last time I checked under Linux, though, their 3D acceleration was slower than software rendering)

[#] Thu Aug 04 2011 13:12:51 EDT from Ford II @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I'm running this vbox vm on my work machine.
which is a .... I shit you not... a 3Ghz P4.

I'm not going for performance here. :-)

[#] Thu Aug 04 2011 16:40:54 EDT from Ford II @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

After much farting around I just couldn't get unity to work.
I installed guest additions and turned on 3d (I found a help page saying the same thing) and the unity probe verifier script thingi said no go.
So now I'm trying fedora.
Good thing I have all these extra CPU cycles on my machine so I can actually do work while installing an OS in a vm.

[#] Thu Aug 04 2011 16:41:26 EDT from Ford II @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

HOLY SHIT. There's a FUCKING BIRD on my desktop.

[#] Thu Aug 04 2011 21:02:23 EDT from Sig @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I liked early builds of Gnome-Shell (except for the crashes), but I didn't like the way it changed over the last few iterations. I used Unity for a while on my netbook and didn't find it as bad as people said, but it wasn't really what I wanted, either. Right now I'm using... um... whatever the default is in Linux Mint Debian Edition.

[#] Fri Aug 05 2011 15:03:33 EDT from Ford II @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

after many tries I was never able to get fedora 15 to fire up gnome 3.
But finally after much upgrading of vbox I got unity to run.
I see what you mean.
If only I had a touch screen monitor and no keyboard, then maybe this would work.

But just think... those guys who were developing those graphical languages where you drag the decision box (the if statement) onto the program editor page to add an if statement to your program.... those guys were years if not DECADES ahead of their time. The desktop environment FINALLY caught up with them. :-)

[#] Fri Aug 05 2011 16:24:20 EDT from Ford II @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Something else I notice

With this 4th vm on my machine I finally bumped the 8gig mark and started using swap.
Drives hold more and more data all the time but they haven't gotten any faster. so now that program absorb gobs of memory at a time instead of mobs of memory, the demand for swap grows quickly and in big jumps and using swap is really damn slow.
There's going to become a point where it won't be feasible to use swap anymore and you'll just have to have enough memory on the machine to do everything you want.

Go to page: First ... 65 66 67 68 [69] 70 71 72 73 ... Last