Re: [PLUG] The lock down?! Uhh.. why?

Keith C. Perry via plug on 20 Sep 2019 12:30:55 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] The lock down?! Uhh.. why?

From: "Keith C. Perry via plug" <plug@lists.phillylinux.org>
To: prushik@gmail.com
Subject: Re: [PLUG] The lock down?! Uhh.. why?
Date: Fri, 20 Sep 2019 15:29:27 -0400 (EDT)
Cc: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Reply-to: "Keith C. Perry" <kperry@daotechnologies.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
Thread-index: lVGa9yiKpnfGwuW5vXu3CVbb6AXD0g==
Thread-topic: The lock down?! Uhh.. why?

True but it still isn't *that* "heavy" for pretty good range of processors now.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 
Keith C. Perry, MS E.E. 
Managing Member, DAO Technologies LLC 
(O) +1.215.525.4165 x2033 
(M) +1.215.432.5167 
www.daotechnologies.com

----- Original Message -----
From: "prushik--- via plug" <plug@lists.phillylinux.org>
Cc: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Friday, September 20, 2019 3:21:02 PM
Subject: Re: [PLUG] The lock down?! Uhh.. why?

>On Fri Sep 20, 2019 at 2:43 PM Rich Freeman via plug wrote:
>> Seems like a best practice all around.  Here is my thinking:
>> 
>> The only cost is a bit of CPU - not a big deal.

Could be a big deal. A lot more computers and servers are cpu-bound than you might expect, and TLS is likely heavier than you expect.

On September 20, 2019 3:00:13 PM EDT, Drew DeVault via plug <plug@lists.phillylinux.org> wrote:
>
>False. The size (in bytes) of each package in the repo is practically
>unique, so you can simply measure the requests and make a pretty
>informed guess as to what packages are being installed.

This assumes that each file is downloaded in a seperate connection, which I doubt is the case. Popularity of HTTP 1.1 is probably in part do to the fact that it fixes this, making TLS more secure and mitigating the performance overhead.

This is not to say that I actually like TLS or HTTP. SSH seems to solve all of my encrypted communication needs better than TLS does. Centralized Certificate Authorities are my big problem.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] The lock down?! Uhh.. why?
  - From: Joe Rosato via plug <plug@lists.phillylinux.org>

References:
- Re: [PLUG] The lock down?! Uhh.. why?
  - From: Drew DeVault via plug <plug@lists.phillylinux.org>
- Re: [PLUG] The lock down?! Uhh.. why?
  - From: prushik--- via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] The lock down?! Uhh.. why?
Next by Date: Re: [PLUG] Richard M. Stallman resigns
Previous by thread: Re: [PLUG] The lock down?! Uhh.. why?
Next by thread: Re: [PLUG] The lock down?! Uhh.. why?
Index(es):
- Date
- Thread