System Administration

Slippery When Wet

Alan Cox said some nice things (question #3) about XML-RPC and SOAP, and Dave Winer responded politely. SOAP's overloading of tcp/80 is not really new; the exposure of more powerful APIs is.

Remember that "the Internet treats censorship as damage and routes around it." That's a catchy way of saying that people want to communicate, and prefer things that allow them to do so with a minimum of fuss. Firewalls, like broken routers, limit the flexibility of the environment, restricting the ability to communicate. They do this by blockading unknown ports, or by relaying both halves of the conversation, in order to achieve some semblance of control over the environment. It's known that people use tcp/80 for HTTP, so that port likely will be open. The easiest way to communicate is thus through tcp/80.

Now, this doesn't mean that firewalls are bad, or that SOAP is bad, but that an open hole will be used. Firewalls reduce your environment to a smaller set of variables. They are not the be-all and end-all of data security. So how do you secure your environment against SOAP scum? By following the same methods that you would to protect against any scum: simplify. Is it necessary to expose that API? Do you need all that clutter?

The flow of data is like water, finding any hole, no matter how small, and passing through it.

5:39:21 PM # Google It!
categories: Writing Online, Security, System Administration

Where does he get all those wonderful toys?

Finally, Apple is making a rack-mount server. As usual, there're opinions on the Xserve. I like the looks of the box, the software is keen, but it misses a few options, particularly hardware RAID. And with a paucity of inexpensive backup devices for huge amounts of data, one really needs the security of RAID-5 or equivalent.

There are few boxes that can make a home network simple enough that you can buy it at Sears. This will be one of them.

5:07:20 PM # Google It!
categories: Industry, System Administration