Posts by James 100

Custom v COTS

I've seen good and bad aspects of both. Yes, sometimes we find ourselves wrestling with expensive proprietary crud to make it do things that would be easy, or mocking an in-house kludge - but then we get "big projects", micro-managed to specifications written by people with no clue. They'll want a few basic functions ... but specify it must all be done in Visual Basic and get hosted on some rusting Windows cluster. Never mind that complying with those demands triples the cost! (Public sector, needless to say; they dumped that in-house deployment, after discovering that the hosted version of the same web app running on a budget server in another country was much faster as well as cheaper.)

Back at my previous place, when we switched email platforms, someone demanded that we include the facility to tell when an outgoing message was read. That eliminated most of the sane options and left us enduring proprietary crudware for years, throwing more and more money at bigger and faster SANs and servers to make the crud chug at a semi-adequate speed - ten times the resources for a quarter of the performance.

Right now, I'm limited to a 50 Mb home directory at work, on in-house servers - plus 25 Gb for email, on commercial outsourced ones, for a fraction of the cost. Can anyone really justify the extra cost for less service? I'd like to think nobody would try: better to focus on services where in-house staff could actually deliver a *better* service than a cheap off-the-shelf service.

Log analysis

"the identity of any non-Gmail users can only be found out if someone goes through all the non-Gmail users whose addresses are on file in its systems and then sifts through the responses"

That's a really difficult job. If only some big search engine company had some sort of toolset for processing large log volumes ... maybe they could call it Google Sawzall, like Google did when they created it over a decade ago?

I'm not too convinced of the case's merits, but the idea Google of all people can't process their own logfiles to find the names in question?!

Disintermediation?

Does the software market really need "resellers" to such a significant extent now? For hardware, yes, you have distribution, spares, warranty service ... none of that applies to software, where just buying the download rights and activation keys directly from Microsoft (or other supplier) seems better all round, IMO. Exactly what my own small company has done for Windows, Office, Sage, Google Apps, Dropbox and the AV package, in fact: are we really losing out on anything at all by going direct instead of paying for a "reseller" to get in between us?

I'd rather see drivers committed back to the public source tree - and a guarantee we can run "stock" firmware if and when we want. (Which, I suppose, is why I picked a Nexus 4 last time I bought an Android phone, and a Nexus 7 for a tablet.) I'd hate to be reliant on the manufacturer for a software update: imagine if you needed Dell or Acer's permission before updating Ubuntu or indeed Windows on a laptop they sold you?

Read-only storage

The "almost read only" nature of shingled drives sounds like a good fit for something like NetApp's WAFL - originally designed because they used RAID4, which struggles with writes unless you write a whole stripe at a time. Not at all hard to imagine them offering a shelf of shingled drives as an archival tier, in the same way they like to mix the fast pricey SAS/FC drives with slower, bigger, cheaper SATA ones already. I'm sure lots of data on a typical array doesn't change from one month to the next, but still needs to be accessible in the milliseconds of disk not the minutes of tape - so, shuffle it off in big batches onto a bunch of shingled drives, keeping new or frequently-changed data on regular platters and/or flash.

I doubt a disruption would bring us to the point you couldn't get hold of a replacement HAMR or helium drive for one that had failed - easy enough to keep some spares in stock if you're that worried, and replacing HAMR with helium or vice versa would be a big issue for your array. (Would it? Obviously there's a huge difference between shingled and conventional drives, do HAMR and helium drives differ much in performance?)

Roaming

It does seem bizarre that there's very little roaming or similar arrangement - 3 used T-mobile and Orange to plug some regional gaps, but that seems to be about it.

On remote islands etc, if it doesn't quite make sense for any one company to put in their own cell, why not split the cost: one installs a cell, the others split the cost and get roaming access in exchange? In effect I suppose this comes close: 3+EE or Voda+O2 will now be splitting the cost of a site, so it will be easier for both pairings to cover more marginal areas.

One or two niche SIM vendors do cross-network roaming, I know - Manx Telecom perhaps? That way, even out of range of one you can still use another; a bit pricey, but for people spending time in remote areas and really needing communications (rural GPs etc?) it's worthwhile: up here in Scotland I've noticed you can often get one network but not another, so roaming would still work fine but no single network would.

Consumer v creator

Actually, the consumer/creator dichotomy Trevor points out is quite relevant - contrary to the wishes of big media, ISPs are NOT just there for passively downloading web pages: there's peer-to-peer, content uploads, hosting our own servers.

Neutrality is particularly relevant now, with the battle over Netflix traffic - Comcast refusing to upgrade their peering with Level3 to handle the level of traffic they get, unless they get paid extra for it. Why, it's almost as if Comcast were an ISP who also had a commercial interest in some sort of rival video distribution service...

There's a different problem ahead though, with ISP port blocking, "carrier grade" NAT and other obstructions forcing end-users down to the lowest common denominator. Will ISPs be allowed to hand out RFC1918 IP addresses so users can't even receive incoming connections?

Upload=write speed

The '250-1000' will come from a simple comparison: "it's got Gigabit Ethernet, most people have 1-4 Mbps of upload" I imagine. Which has a bit of logic behind it, I suppose, you'll be able to write to the device at LAN speeds then leave it to upload over the Net much more slowly later on. Marketing BS, of course, and I doubt it can really max out GbE for more than a few seconds at a time - then again, ISPs and hosting providers can't handle saturated pipes 24x7 either.

A local storage cache like that would actually be quite handy - maybe an S3 wrapper. I remember looking for one a while ago and not finding it, though.

Trying to dodge the rules?

It seemed pretty blatant that Google were using it as a floating building to get around all the planning laws that apply if they put it on land - and unfortunately for them, I think a little Vulture said previously there's a specific law against exactly that: the wet bit's there for boats, not for buildings that aren't allowed on the land next to it.

As I recall, on land Google would have had to file architect's plans and much more detail about what the building is for - which seemed quite reasonable to me (is it a shop? factory? office? datacentre?) but didn't suit Google's "total privacy for us, none for you" agenda. They do seem to be taking that secrecy to ridiculous lengths, though: why not just admit it's their answer to the Apple Store? (Or a test bed for Glass, or whatever.)

Promising ... in theory

It's a nice theory, but I'm sure the government will manage to screw it up somehow in order to keep the cash flowing into the pockets of the failure-factories as it has for years - chop that billion pound fiasco into a dozen £99m pieces, so it just ends up costing a bit more for the same lousy result.

The root problem of civil servants wanting to buy a fire-breathing monster truck when a Transit van would do the job fine will take a lot more than just a spending cap, though - more like a wholesale cultural change. Having seen the process up close, people with no understanding get to write specifications and sign the cheques: demanding that a hosted service be written in a particular language (or, on one project I worked on, demanding that the web application's appearance conform to both of two conflicting templates, since they were re-organising at the time and had no idea which one actually applied!) ... at least they eventually moved off IE 6 though. That alone was adding a hefty chunk to the development costs on one project, between the extra workarounds and the testing involved.

Even if they lose power for an average of over 3 days per year, which would be a pretty lousy power supply, that's 1% of their capacity lost. Could you really provide backup power - UPS+generator or flywheel+generator - to a computer for less than 1% of its purchase price? I doubt it.

For non-urgent batch jobs like most HPC, you get better overall throughput by shutting down for the power outage and putting your UPS budget into buying some more compute nodes to be faster the other 99% of the time.

Of course for any real time service like a bank or ISP, stamping out that last 1% of downtime each year is worth spending a lot of extra money on: being offline 1% of the time will cost you a lot more than 1% of your revenue. For batch work like this, though, just work slightly faster the other 99% of the time and you come out ahead overall.

False dichotomy?

Even if HAMR and SMR won't play nicely together, surely helium could still be used to cram SMR platters more closely together, giving the benefits of both: 7 platters instead of 4 in the same space, so somewhere around a 10 Tb drive with the combination of current technologies?

RAID rebuild times are getting insane, though: because a drive twice the size still takes twice as long to read/write fully, you can get big arrays now which would take multiple days to rebuild fully. During which time, of course, you're at risk of a second drive failing during that rebuild cycle - and requiring a rebuild of its own, if you're using double-parity. Suddenly, that triple-parity stuff doesn't seem so paranoid after all...

Power grab!

I like the idea of a common connector - though micro-USB doesn't seem ideal. Can it handle 2A or more, for bigger devices to charge at a sane speed? I hope the next version of the plug doesn't care which way up it's inserted, and delivers decent current when needed.

Perhaps if the adapter options remains, we'll be OK: the future phone with a superconducting 10A nano-USB socket can still be charged much more slowly from micro-USB to keep compliant until the legislation is updated.

MTBF

I would guess the shorter lifespan comes from cycling the spindle speed up and down more often: it's virtually always when a drive is power-cycled that it dies, rather than while it's sitting there spinning at a constant speed for days. Just like a laptop, slowing or stopping the drive will save power, but shorten the drive's life.

Lower power/heat would be appealing for a big array: a smaller/cheaper power supply per drive shelf, less cooling cost per rack, a smaller/cheaper UPS/generator etc. It's not just shaving a few % off the electricity bill for the drive itself. I get the impression a lot of big installations have a lot of "cold" data where even a 7200rpm SATA drive is excessive, but the latency of tape would still be a deal-breaker.

I wonder if they could do a bigger version, like the old Quantum Bigfoot 5.25" HDDs? Pack 10 or 20 Tb in a single unit, with slower access times - we've moved the other way, to 3.5" and now 2.5" drives to get faster and faster access times, but in some cases a slower bulk HDD is just what the doctor ordered.

Power needs

"the social network needs chips with screaming fast CPUs to deliver dynamic web pages and perform similar tasks"

No, not really. What they need is lots and lots of CPU capacity - but not individual speed-at-all-costs cores.

On the desktop/workstation, you can really only use a few cores for most things, so you need those cores to be as fast as possible. Intel are very good at that: the i7 and latest Xeons are packed full of really clever tricks to shave every microsecond off the execution time of individual instruction streams so you can get the next frame of your FPS drawn in time, or get that complex protein molecule calculated and drawn that tiny bit faster. Having more cores doesn't give you much benefit if any, for all the effort put in lately trying to make tasks multithreaded wherever possible. To double the speed, you can be quadrupling the cost - and if you need the speed, that's where you go.

Facebook, on the other hand, have millions of requests coming in each second. More and cheaper cores are a big win for them: half the performance for a quarter of the price means they can get twice as much throughput for the same money.

Intel see this too, of course: it's why they've been adapting their Atom core for server use, as well as portable. It'll be a tough fight, though: their biggest asset, Windows compatibility through x86, just doesn't apply to these big Linux server farms: a LAMP stack should be just as happy on ARM as on x86.

I wonder if/when Intel might get a big Atom sale to the likes of AWS or Azure? Or, conversely, when Microsoft might get round to offering ARM builds of Windows Server...

Unlimited with lots of limitations

I'm really growing to hate "unlimited" offerings for exactly this reason. Barring illegal use, what does it matter to my ISP whether that gigabyte of data I just sent was going to visitors to my home-hosted website or me uploading a batch of photos to Flickr? Why do they pretend "server" use somehow matters?

Of course, it's all a dodge to try to clamp down on (some) heavy users. I'm very glad to be with an ISP now which does have traffic charges, but no arbitrary BS prohibitions: I have a static IP, no filtering. If I want to move my personal website onto my home connection, or be able to VPN to my home LAN, or do my own SMTP and DNS service, they're quite happy - I'll just have to pay a bit extra if it uses more bandwidth, because that's the bit that actually costs money.

Even Google can't offer a truly unlimited-usage gigabit pipe to everyone: it just doesn't work. Instead of trying to pretend it matters which end sends the TCP SYN packet and which is replying with the SYN|ACK, why not accept this and charge, say, $1 per 10Gb? Heavy users cost more, and pay more accordingly - and priced at a level that actually reflects costs, it's fair and cheap enough not to deter anyone sane.

Not in Chinese hands, he left it in .. China?!

Leaving information in Hong Kong doesn't seem like a very effective way of keeping it out of Chinese hands to me. Now, maybe those journalists did quickly get it out of Hong Kong again, to somewhere safe - but his confidence in that seems a little optimistic to me.

Of course, the NSA thought they had technical precautions in place to stop Snowden getting most of the information he's been leaking, up until it was too late. How can Snowden be so sure his own precautions are better than theirs - or that he's the first to breach the NSA's own? People have been speculating a lot about NSA-inserted backdoors in other products: what about PRC-inserted backdoors in the NSA itself? Were the holes Snowden exploited to get his haul of information all accidental or his own, or was he following in the footsteps of others?

It just seems a bit far-fetched to me that if one lone idealist could do this just as a matter of principle, the Chinese, Russian and other intelligence services wouldn't have gone the same route too. If they did, would the NSA know it (they didn't spot Snowden in time!) and would they admit it if they did?

Illegal snooping

He might have a bit of a point, given Google being caught illegally snooping on people's electronic communications recently - they do seem to have been getting off far too lightly with that, as the extent of their antics slowly becomes known.

It's disappointing to me they seem to have focussed more on the reporters illegally buying information, rather than the police illegally selling it to them: both crimes, but IMO the latter is the worse. Selling drugs is much more serious than buying them, the police breaking the law is much more serious than 'ordinary' people doing so.

None of that's a defence, of course: if you break the law and point out someone else committed a bigger crime, the correct answer is to prosecute both. Jail the bent journalists, their police sources, and whoever at Google thought it was OK to go poking around everybody's WiFi network and harvesting all the data.

Ironic twist

It's funny to see IBM having had the *lower* bid, by a substantial margin: one word that has never been associated with IBM is "cheap". For Amazon to be 50% more expensive yet better overall, there must have been something quite strange going on: were IBM only doing half the job, or had Amazon got some wonderful extra to offer that was worth a huge extra fee?

I could imagine the positions reversed: Amazon beat IBM's price by a third, IBM get upset and challenge. For Amazon to win with a much higher price, though? Maybe IBM's last bribe^Wcampaign contribution check bounced, or went to the wrong side, or maybe Amazon had something really clever on their side. Or IBM's had big vendor lock-in risks? Getting shackled to a proprietary hardware+software platform might be worse than the initial 33% saving, after all.

Amazon office offering

So far, it's Google Apps v Office365, and Azure v Google Cloud v AWS: Amazon haven't shown an interest in the office side, just cloud services.

It's not hard to imagine them offering some sort of e-mail service, though - they're already added static web hosting, DNS and e-mail sending facilities; putting inbound (MX), spam filtering, POP3/IMAP wouldn't be a huge departure. Trying to offer their own office suite, though? That would be a huge leap for them, and a strange direction to move in, too.

Premature smugness

"European readers will be looking slightly smug at this point, after the EU's digital tsar 'Steelie' Neelie Kroes forced telcos to cut roaming charges to a pittance"

Misplaced smugness in this case: Kroes is making a fuss about *reducing* the roaming charges *within the EU* - T-Mobile eliminates them for a much larger number of countries. Rather like greeting news of an international airport with "yeah? We've already got a BUS STOP, so there!"

I like the idea of scrapping roaming surcharges, but T-Mobile are going a lot further here than Kroes has even contemplated attempting so far. I hope they're starting a trend here!

Rejected for acting under duress?

Given the NSA's status, I doubt it was a case of the NSA asking nicely for their help in snooping and all the companies rolled out the red carpet for them - more a case of "we're going to connect these boxes up, and you're not allowed to peek inside or monitor them or we'll make you disappear in secret".

Right now we know these companies are fighting in court over it, despite ongoing gagging orders: is the EFF really attacking the right people here?

Passport 2

So ... like cookies, but Microsoft can see and control them, users can't necessarily delete or even view them, being on MS servers? I'll be rushing to implement that ...

For individual sites/domains you can already achieve this for free, with session state stored on your own servers. Presumably, this is all about sites sharing data across domains, outside the user's control - no thanks. I see the appeal there for advertisers, of course, but for users?

Google's ISP ambitions

Given Google's plans to build gigabit-per-user fibre services, how can they of all people now be struggling with congested WiFi? Presumably, a backhaul issue - did they cheap out and try to use wireless mesh, instead of running fibre or copper to each AP?

Cisco need QNX, which is the obvious target for them, being the basis of the top-end IOS (not that one!) platform. Maybe the odd wireless patent or something relevant to their VPN offerings, too, but that's probably all.

SAP - maybe the BES document handling? They're the odd one out in this list to me.

Google ... mobile patents to use against MS/Apple in protecting Android, of course, and probably BBM: a good way to one-up Apple's iMessage and open things up, if they want to go that route.

Apparently, BB owns 130 encryption patents they bought from Certicom 4 years ago, which presumably Cisco, Google and SAP would all have an interest in. The handsets, though? Hard to see anyone buying that up now: it's coming fourth in what is barely a three-horse race now, Android/iOS/WinPhone.

Too little, too small

It's been irritating me for a few years now that laptop monitors suddenly leapt backwards. After two decades of progress, from crummy VGA (and lower, sometimes mono) up to 1920x1200 17" or larger becoming a standard option at the top - now, Apple drop 17" entirely, the other manufacturers downgrade to 1920x1080 and brag about this being "full HD" as if that somehow makes it OK to be a step down.

Retina does sound nice, but I want more screen area on my laptop dammit! Start by giving the 2" or 120 pixels back, then try making some progress again...

Which current level?

If they're all to be the same, is that the half-amp (2.5W) of regular USB? The 1A (5W) of the higher-power option, or c 2A/10W for some tablets?

I like the idea of a standard connector, and micro-USB is adequate for that (though like other posters here, I much prefer mini) - but demanding the charger itself be the same seems too restrictive. Why not just take the sensible route of stipulating the charger must have a regular USB port? That way, everything's fine: just need a USB to micro-USB cable, which everyone will have anyway for syncing etc, and it actually makes the charger more useful too (can use it for non-phone purposes too: tablets, charging those external 'emergency' batteries, etc).

Now, if they were to push for a standard, say 48V at 1/2/5 amps with a standard plug, for laptops, I'd be very happy. (Lower voltage means more current, and high-end laptops can be drawing insanely high current which is why the plugs are getting thick and prone to failure. Manufacturers probably love this, given the prices they charge for current power supplies...)

Heck of a broad problem scope

So, not a problem with, say, "Intel's 2012 mid-range AHCI controller" - but "AHCI". As in, "pretty much all SATA controllers from the last decade" - and like the first two comments here point out, since everybody else has figured our how to work with AHCI perfectly well by now, it does sound as if VMWare have done something very dim. Apart from anything else, a problem with all AHCI controllers seems to rule out specific implementation issues on the controller side.

Still, just as well it's been caught in beta: they'd be in a whole world of pain if their SAN got caught eating production data in a full release.

Trust our security precautions, they say...

They claim it's safe to trust them with all our data, because their security systems stop people snooping on things they shouldn't. So ... where was that security when Snowden was downloading what is starting to resemble their entire stash of secrets? If it's not good enough to stop him grabbing every classified document under the sun, how on earth are we supposed to believe it's good enough to stop all his thousands of colleagues looking at my email or phone records?

There is something rather absurd about the boss saying "trust our security precautions to keep you safe from our staff", when we only know those precautions are needed because their security was so comprehensively breached by one of those same people!

"Limited availability phase"

Sounds like it's still a beta to me - which would explain why they haven't got the documentation polished up properly. If a client has paid to become a beta tester, though, I'd expect a much more pro-active response to their problems - apart from anything else, because that's the whole point of the beta phase, to find these problems before you release it fully!

Do as they say, not as they do?

Google.com? No DNSSEC there. Google.co.uk? Same. Likewise OpenDNS.com.

It's depressing: when even the DNSSEC *advocates* aren't actually enabling it themselves, who will? (FWIW, my personal domain has DNSCurve and DNSSEC, as well as IPv6 - it's truly disappointing that Google don't!)

Anonymous nuisance calls

One thing I'd like to see changed is a bar on non-personal use of 'number withheld'. EU rules give individuals the right to make anonymous calls free of charge - but does and should this apply to businesses too? I don't think so. That, and make anonymous call rejection a no-cost option to be offered to all customers at installation time, along with being ex-directory etc.

The £90k fine is a welcome first step, but nothing like enough: disconnection from the phone network - no more phonespam - would be better. The US approach of charging hundreds/thousands of dollars per illegal call documented would be good too.

Maybe grab their outgoing call records (from the telco; should go back at least a few months for billing purposes anyway), check against TPS; for every hit, require them to provide proof of the 'pre-existing business relationship' or specific consent required for that call to be legal or pay £1000 for the illegal call.

Anything less, they'll just shrug it off as a cost of doing business - hell, they probably pay more than £90k for their electricity each year!

Fair use?

The idea of needing to pay for "title and excerpt" of a web page sounds alarming to me - all too close to the shake-down news companies have been trying in Germany with Google, demanding that Google pay for the privilege of including their pages in Google's search results.

Maybe Meltwater's "excerpts" were too big, but it still worries me in that context. If they were copying whole articles, fine, that's a clear-cut violation, but ...

Big mistake?

"whoops, we lost £21m down the sofa" ... I can imagine getting 10k, maybe even 100k adrift on a big company (depreciation calculations, things like that) - but even on an NHS/government scale, £21m is a big accounting hole to explain.

I got quite worked up enough when the last quarter was about £300 out (couple of misplaced expenses forms)!

Double-fault?

Nice to be quoted in a Reg article there*! From their later updates, it seems the original problem was excess route entries overflowing the TCAM (fast lookup memory in big routers), which makes them fall back to a much much slower routing approach - which can't keep up with the level of traffic you see on an ISP backbone.

That was problem #1: the lab stress-test leaked out and flooded the live network, bringing it to its knees. (IPv6 itself was unaffected - it's routed separately anyway - but since the line is authenticated over IPv4, as soon as you disconnect, your authentication packets get lost, stopping the PPP link coming back up.) Like their autopsy says, filtering out the routes then re-booting the routers cleared the problem - then they discovered a Cisco line card was still misbehaving.

The wonky line card seems to have been problem #2: it seems to be working again now, but they're keeping most traffic away from that card until Cisco can figure out why it misbehaved in the first place.

* Apparently the router problem took out their VoIP lines and access to their own status system - downside to "eat your own dogfood" as an ISP, when your own services are down, you can't use them to communicate about the problem - normally, I've found Entanet to be very helpful and responsive. In this case, the live traffic graphs on noc.enta.net were enough to tell me it wasn't just my line that was dead - how many other ISPs give you that kind of detail?