Wednesday, September 28, 2005

Sidewinder and Squid and Selecting an application proxy firewall

On 9/27/05, jrdld2 wrote:

A month or two back I heard that SC were planning to drop squid. For myself, I'd rather they wouldn't.


Secure sent the official EOL notice for Squid in late August, I have faint hope they will change their mind.


Squid support in Sidewinder has always been marginal at best, and the functionality of the Squid proxy is crippled by TE. For example, cache_peer queries fail because the packet cannot be sent, triggering a TE event in the G2 audit log.


Worse yet, Sidewinder has been perpetually stuck on 2.4.STABLE6, not exactly the best vintage of Squid :)

The HTTP proxy logging is very poor by comparison,

In my personal opinion, G2's HTTP proxy logging is very poor by comparison to a "Speak & Spell" with leaky alkaline batteries not changed since 1978.

and traffic seems to be slower.


That is an interesting observation -- Going from Gauntlet 6.0's http-pdk to Squid, I've had a few users make the opposite claim, that traffic seems to be slower under Squid than under a non-caching HTTP "application proxy" such as Gauntlet.


I do know that if you are trying to do any access control based on the destination domain (without paying for a SmartFilter license), Sidewinder's request processing can be massively degraded, whereas Squid can handle literally hundreds of destination pattern match ACLs with little or no performance loss.

Squid also has some functionality which is useful in our own particular setting.


Ditto here. One of the biggest issues we have (an issue of which Secure is well aware) is the lack of support for ftp-over-http in the current Sidewinder HTTP proxy. We worked with TIS and NAI for years to get this feature working correctly in Gauntlet.


Additionally, we have a relatively large cache hierarchy deployed with a mix of commercial and freeware caches interconnected with ICP, and are faced with tearing down the entire infrastructure because SCC, our sole corporate-standard proxy firewall vendor, cannot (will not) support the ICP protocol, and is dropping what limited Squid support they have today. This hurts, this makes me feel that I may have been remiss in recommending a move to Sidewinder G2 when we were forced to migrate off of the (stable as a rock) Gauntlet product.


I made this recommendation based in a large part on the understanding that the best features of Gauntlet would be incorporated into Sidewinder.
I guess "best features" was code for "as much of the customer base as we can retain (by any means necessary)."


Live and learn.

Are there any others out there who would like to see squid stay?

Sunday, September 18, 2005

Toshiba's continued interest in fuel cells

Toshiba announced further fuel cell prototypes, including versions built into MP3 players. This is similar to the prototype they showed just over a year ago.


These are filled with 195-proof methanol, diluting it down to just 20 proof (ten percent) in the reaction chamber. In traditional fuel cells, methanol delivers power most efficiently when it is mixed with water in a 3 to 6% methanol concentration, but this would require a large fuel tank containing less methanol than windshield wiper fluid.


Toshiba has repeatedly postponed the launch of
fuel cells for laptops, and recently stated that the product
won't reach the market until at least 2007. Ms. Suzuki, Toshiba spokeswoman for international media relations, said the main reasons for the latest delay are regulations that prohibit passengers from bringing methanol onto airplanes.


There are very few production fuel cell products on the retail market today, on exception being Jadoo Power Systems, which run on Hydrogen.

Wednesday, September 14, 2005

The Hackers of the Lost RAID (OpenBSD 3.8 pre-orders open)

OpenBSD 3.8 is now available for pre-order.

Puffiana JonesAmong other changes, ifstated is now official, DVD Fileystems can be read, and the broken USB thumb drive support is unbroken.


That, and I expect a kick-ass release song.

Wednesday, September 07, 2005

Relativity and the "Enterprise Year"

shek has an interesting observation on the Enteprise Year (EY).


EY explains so many things, including most Dilbert strips.


In my opinion, the ratio of EY to Calendar Years is directly proportional to the number of layers of management.


By the same formula, the EY for a sole proprietorship is a tiny fraction of a human year. Sort of like a mayfly.