On Mon, Nov 4, 2013 at 12:04 PM, John Arbash Meinel
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 2013-11-04 17:52, roger peppe wrote:
>> There's no point in salting the agent passwords, and we can't
>> easily change things to salt the user passwords until none of the
>> command
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2013-11-04 17:52, roger peppe wrote:
> There's no point in salting the agent passwords, and we can't
> easily change things to salt the user passwords until none of the
> command line tools talk directly to mongo, so I'm +1 on john's
> patch for
There's no point in salting the agent passwords, and we can't easily
change things to salt the user passwords until none of the command
line tools talk directly to mongo, so I'm +1 on john's patch for now.
On 4 November 2013 13:26, William Reade wrote:
> On Fri, Nov 1, 2013 at 1:39 PM, roger pep
I have the patch up for review, and it doesnt really break compatibility.
If you want to change how we salt things we can, but it would mean changing
what is written to the DB. I suppose the new form of the hash could be
salt:hash or something.
John
=:->
On Nov 4, 2013 5:26 PM, "William Reade" wr
On Fri, Nov 1, 2013 at 1:39 PM, roger peppe wrote:
The changes look trivial, although we'd have to be careful if we wanted to
> maintain backward compatibility.
>
If we're going to fix this (which ISTM we should) we should make sure we
fix the salting at the same time: there's no sense incurring
On 1 November 2013 05:07, John Arbash Meinel wrote:
> I'm still skeptical that we need pbkdf2 for Agent logins, though I do
> like it for user logins. (We are generating 18 character passwords
> because originally they were used by Mongo which "only" md5sum'd them.
> We could use sha512 and 64-byt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2013-10-31 11:11, John Arbash Meinel wrote:
> So I managed to instrument a jujud with both CPU and Mem profiling
> dumps. I then brought up 1000 units and did some poking around.
>
> The results were actually pretty enlightening.
>
>
> 1) Guess
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
So I managed to instrument a jujud with both CPU and Mem profiling
dumps. I then brought up 1000 units and did some poking around.
The results were actually pretty enlightening.
1) Guess what the #1 CPU time was. I know I was surprised:
Total: 25469