Skip to main content


Showing posts from November, 2011

Domino Disk Performance

So, today marks the first day that I've had a chance to play with our new Domino server.   Most of the hardware is pretty standard.   IBM 3650M2 hardware, 12GB of RAM and 2 quad core CPUs. Usually, the performance bottleneck I run into is disk access.   Today, I'm trying some new hardware to see if we can eliminate that bottleneck. Here are my first results: This spike was the result of starting a compact -C on a database with a size of 1.6GB and 150,000 documents.  It took 2 minutes to complete. I'll let you know how performance continues.

RCMP Camera Gaffe and Security Policies

I read about the RCMP's gaffe with leaving images from past investigations on a camera used for surveillance of a suspected graffiti artist, and immediately thought of this article entitled "IT Security policies Widely Ignored, Survey Suggests". Is that what happened?   Was it a process issue, or a policy issue? I wonder if we'll ever know?

Anonymous and the City of Toronto

Toronto Mayor Rob Ford is confident that City of Toronto systems are secure after a threat from hacking group Anonymous. I read that in an article from SC Magazine.  He really couldn't say anything else, but I wonder if he really believes it.   I also wonder what City of Toronto CIO David Wallace is thinking...   After large takedowns of Sony and the like by Anonymous, he's probably not as confident.

Help: Domino ACLs and Email Address as User Login

It's not often I resort to the LazyWeb method of looking for information, but I haven't had any luck finding what I was looking for otherwise. I have a client who wants to use their email address to log in to a Domino web application. My memory tells me that there is/was an issue with this and using Groups in the ACL of the Domino database. Can anyone point me to any resources on how to do this, or that it can't be done, or anything along those lines? Thanks.

Security Notice: THC-SSL-DOS, Lotus Domino and SSL Regegotiation

A group called released a tool called THC-SSL-DOS.  Here's a clip from their site: THC-SSL-DOS is a tool to verify the performance of SSL. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via single TCP connection. Its also been covered in various places on the web, like here or here . While it doesn't look like there is much that can be done to mitigate it, you may get some relief for your Lotus Domino servers (and other software that uses Domino as a platform) by disabling SSL Renegotiation. It's an option available in the following releases of Lotus Domino

Greece, a Referendum and Security

About now, some people will be pontificating that if Greek citizens vote down austerity measures, Greece will run out of money in a matter of days, and that the world/European economy will go into a tailspin shortly thereafter. I suspect that if that occurs, there will be a rather public hack of Greece's infrastructure, taking advantage while they are down.   Quite possibly, it will be an inside job, by someone disgruntled that they are broke.