You may have read about the tens of millions of usernames and passwords which have been recently been compromised/hacked/leaked on major websites in the last few weeks. If not, here are a few of the stories:
- 30 million passwords leaked from LinkedIn due to unsalted SHA-1 hashes stored centrally.
- 6 million passwords hacked at Last.FM, the popular music discovery service.
- 1.5 million passwords leaked from eHarmony.
In the last year other services have experience serious security breaches:
- 100 million accounts compromised on the Sony Playstation Network (PSN). Sony offered free credit monitoring and games to all PSN users to compensate them, a major departure from the typical “change your password” / sweep it under the rug response.
- All RSA SecureID tokens were compromised by the theft of RSA intellectual property and cryptographic keys. RSA tokens are used by most enterprises to login remotely as part of multi-factor authentication scheme.
How can you protect yourself?
Signup for a service like 1Password or LastPass, which offer convenient browser extensions. They generate unique passwords per website that you user, so the breach of security at Facebook won’t affect your password on Mint.
How can Web Developers protect users?
Move to standardized authentication methods, like OpenID or Facebook/Twitter/Google login integration. If the authentication mechanism is outsourced, your customers and users don’t need to worry about how you store their passwords.
If you absolutely want to store user passwords, please read How to Safely Store a Password and use bcrypt to do the heavy lifting. Then even if your login/password database is compromised, nothing will come of it.
In this post, I’ll be reviewing a brand new Synology DiskStation DS1511+ NAS equipped with five Hitachi Deskstar 2TB 5K3000 drives configured in RAID5. For comparison, I’ve also written about the Gen 1 Drobo’s performance as a NAS before (it tops out around 20MB/s), and own two of them at home. While the Drobos allow you to build mix-and-match RAID arrays, they are slow, take forever to rebuild, noisy, and hot. I am hoping the DS1511+ will remedy all of these issues.
Read more about the DS1511+ specs here
Network Base Configuration
The Synology NAS is using default MTU of 1500, connected to a Gigabit Ethernet Switch on LAN2. Testing with iperf shows a good gigabit connection between my PC and the NAS of around 885Mb/s:
Big_Bug> iperf -s
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
[ ID] Interval Transfer Bandwidth
[ 7] 0.0-20.0 sec 2.05 GBytes 882 Mbits/sec
[ 6] 0.0-30.0 sec 3.09 GBytes 885 Mbits/sec
In megabytes per second, we can transfer 110.625 MB/s. As you will see, this is actually slightly lower than the performance of the RAID array.
The Hard Drives
How fast are the triple-platter 2TB deskstar 5K3000s in RAID5? It can do a very reasonable 125 MB/s in unbuffered pure-disk performance:
Big_Bug> hdparm -t /dev/sda
Timing buffered disk reads: 374 MB in 3.01 seconds = 124.22 MB/sec
Benchmarking File Copy from Windows
To test how fast I can transfer from my PC to the NAS, I’ve created a 4GB binary file:
C:\Users\Elliott Bäck\Desktop>ls -l test.file
-rw-rw-rw- 1 Elliott Bäck 0 4693544330 2011-04-19 20:00 test.file
Copying this file in Windows 7’s explorer took just 50.5 seconds. Doing the math, this gives us an average write rate of 88.63 MB/s. How fast can we copy it back? It took 71.6 seconds, for an average read rate of 62.51 MB/s. Both of these number are going to be constrained by how fast my desktop PC’s Intel SSD can read/write. I also tested using Java and writing a RandomAccessFile with a ByteBuffer, which achieved 95MB/s write and 97MB/s read on a 1GB file.
Reliability & Temperature
You just need to open up the storage manager on the Synology DS1511+ NAS to see what a beauty it is, giving you a full SMART status readout on all your physical drives, as well as their temperatures. Even after running through my benchmarking, the drives were only 34° C warm:
At nearly $900 for the NAS itself without drives, it’s pricey. But plugged into a Gigabit ethernet, the DS1511+ from Synology is also fast, cool, and quiet; the three things you want most from a NAS. Featurewise, it has a glorious UI, media servers built in (which I don’t use) and expandibility from 5 to a maximum of 15 drives. I anticipate phasing out my Drobos, with their proprietary technology, for the Synology NAS, which runs on open-source plain-vanilla linux.
Now that the iPhone 4 is offered on both AT&T and Verizon platforms, you might be wondering:
- Should I switch from AT&T to Verizon?
- I have an older AT&T iPhone, should I just upgrade?
- Is Verizon or AT&T more expensive over the life of the contract?
To answer these questions, I’ve gathered the following data:
Major cost differences between providers
|Trade In 3GS||$181.76||$120|
|Data Monthly (200M)||$15||N/A|
|Data Monthly (2G)||$25||$29.99|
|Voice Monthly (450m)||$39.99||$39.99|
|Termination Fee||$325, -$10 for each month in service||$350, -$10 for each month in service|
New Subscriber Costs
If you are not an existing AT&T or Verizon customer, or you are signing up with either network for the first time, or upgrading after closing a two year contract, your costs are similar and easy to calculate. You buy the phone, and you pay the activation fee, which differs by a dollar. However, with a more expensive voice plan, the future liability of the Verizon plan is slightly higher:
Over two years, you pay $114 more if you open a Verizon contract.
Should I upgrade or switch?
Assume that the CDMA Verizon iPhone just doesn’t do it for you–you are going to stick with AT&T. When is the best time to upgrade? What if you’re stuck in a contract already? This chart will show the cost of switching from AT&T to Verizon compared with the cost of upgrading:
It’s very simple. If you’re an existing subscriber, you can save up to $80 by switching to Verizon between your 13th and 21st months of service. However, once you become eligible for an AT&T upgrade, it becomes $100 cheaper to stick with AT&T.
This post has been updated to correct an error in plan pricing: Verizon offers a $39.99 no-text plan with 450 minutes to perfectly match AT&T’s offering.