Several days ago my staff bought some network cards for our stock. Today I took a look, and to my surprise, it’s a model from 3Com with a chip titled “Crypto”. Could it be….?

Nowadays we use SSL a lot, most of the time without us even realizing it. ssh, scp, rsync - these are just a few example of software based on SSL. Then we have their derivatives — sshfs for example, a filesystem based on ssh.
SSL is not just about browsing to ecommerce website anymore. It’s pretty much integrated into our daily activities.

However, as you may have noticed, the encryption process kills performance. It’s very processor-intensive, and thus decrease the transfer rate, significantly. For huge file transfers, I had to use FTP or HTTP, since the speed is just too slow using scp.

So an SSL accelerator can make overall system performance better. That’s what I was hoping when I saw these 3Com 3CR990 (also known as “Typhoon”) cards.

Alas, no such luck.
The crypto chip was only for DES, which is a very weak encryption, for use on IPSEC. OpenBSD developers also noted that the chip is pretty buggy. And no driver for the crypto chip on Linux (and in OpenBSD), so we can only utilize its 3XP chip to offload several TCP processing (checksum, etc). It doesn’t bring much increase in system performance though.
I didn’t want to give up, so I look around for another mass-produced SSL accelerators.

I found SSL offloaders instead. Basically, these are expensive products (some costing US$ 20.000 or more) which would receive all SSL communications, and then relay the plaintext (deciphered) packets to the servers “behind” it.
This brings security risk though, since we no longer have end-to-end encryption (which may in turn bring liability issues, if we have promised our customers that we do).

I failed to find any other consumer-level SSL accelerators, except for (surprise) — VIA C3 CPUs.
These C3 chips with Nehemiah core are able to process AES-128 for OpenSSL at rate of 780 MBps (that’s 6.2 Gbps). Mighty awesome !
It’s already supported in Linux since 2006, and patch for OpenSSL existed, giving instant performance-boost to SSL-related applications. Michal claimed that he actually able to reach speed of 1.8 GBps / 14.4 Gbps.

You can fully saturate a 100 Mbps (or even 1 Gbps) ethernet link with full, and very strong, encryption. So if you want / need accelerated SSL performance, now you know which CPU to use.

Now if only someone would slap these cheap chips (about US$ 33 each) onto NICs and selling them as SSL accelerators, I would be buying. It would be way cheaper that current SSL-accelerator NICs currently selling at > US$ 1000, and probably much faster too. And then we are free to choose other CPU for the server.

Any takers ?

Demikian salah satu isi dialog antara Manoj Punjabi, boss MD Entertainment, dengan wakil PKS di DPR kemarin ini. Kutipan:

Manoj, Hanung,
Hasri Ainun, Habibie
(sumber: detik.com)

Menurut bos MD Entertainment itu, ada lima pihak yang diduga berpeluang mengedarkannya yaitu Badan Sensor, sutradara, LSM, pihak editing, dan produsennya. Manoj merasa, orang yang telah membajak, berusaha merusak imej perusahaannya.

Kok bisa tega begitu sampai mau mengadukan ke polisi ? Padahal mas Hanung sudah demikian jungkir-balik berusaha di tengah segala halangan agar film ini dapat tetap bisa berhasil.

Lalu ketika sudah berhasil, diadukan ke polisi ? Ketika jerih payah mas Hanung berhasil melampaui bahkan target produsen, yaitu 1 juta penonton ?

Kalau berita dari detik.com ini akurat, maka saya sangat kecewa.
Tapi ini memang bukan konflik pertama antara MD entertainment dengan sutradara, sebelumnya sutradara juga sudah pernah ditekan agar membuat AAC menjadi lebih hedonis & “gaul”.

Di tengah rencana MD entertainment untuk membuat versi extended AAC, kalau ada shooting ulang, tentu wajar jika produsen ingin menggunakan jasa sutradara yang bisa lebih akur dengan kemauan mereka.

Tapi kalau itu sampai terjadi, saya pastikan saya tidak akan menonton versi extended tersebut.

Nah, mari kita lihat bagaimana perkembangan selanjutnya dari soal ini.