I'm not saying storage gateways aren't cool, but they aren't hyperconvergence. They're storage gateways.
And yes, arrays are legacy.
6717 posts • joined 31 May 2010
I'm not saying storage gateways aren't cool, but they aren't hyperconvergence. They're storage gateways.
And yes, arrays are legacy.
The CRTC stood by and refused to allow Bell Canada to disconnect the service. Great support from a government body.
Ah, back in the days when our government served us. Now it's been captured by the intustries it proposes to regulate. And our choices for leader are between a religious control freak crazy man, a traitor and coward, and a flip-flopping liar.
Don't see no border.
Don't see no people.
Doesn't matter anyways. CRTC rulings that benefit the people will be overturned.
I don't care. Just get me affordable fibre. But not here, no. On the island, please. I aim to head there in about 10 years, which is about the timeframe for a fibre rollout.
They may be, Vaughn. But they'll go through a slump here right soon as the legacy arrays struggle to catch attention, especially at the eye-watering prices they are charging. Heck, people are even willing to buy from you over at Pure at your prices rather than EMC, and they do it in a big way! And you guys charge $virgins!
But hyperconvergence is coming. It's driving down costs. Datacenter convergence is already emerging, driving down costs further. Software defined infrastructure plays are being researched and endgame machines are being assembled.
Worse, companies are managing to build just fine arrays on commodity hardware. Those afraid of the future and wishing to cling to arrays are increasingly able to find tried and tested arrays for a fraction the cost of EMC. That's bad for them.
That said, unlike NetApp, EMC seems to understand the above. Or, at least, some people at EMC understand the above and haven't been fired yet. The really ambitious, aggressive people that could see change was coming all left for Pure ages ago. The ambitious but not aggressive people that could see change was coming left EMC to form their own startups. And the ambitious but socially gregarious people that could see change was coming came from all over to join Solidfire.
That still leaves a huge collection of very technically talented, albeit not overly ambitious people at EMC that see change is occurring and have more than enough talent to drive innovation internally. Nobody at EMC seems to be interested in purging them, so EMC won't head down Netapp's path.
The $64B question is: will EMC tap those unambitious, but technically talented individuals who can see the changes required by soliciting their opinions and then listening to them? This is the "good management" question. The ambitious people all left. Ambition is required to raise one's head above the parapet and volunteer opinions.
EMC will, or it won't. If it doesn't, it will have to rely on acquisitions to see it through. Again: it isn't NetApp here. Sometimes the acquisitions go okay with EMC. Unfortunately, that's only "sometimes". And EMC probably doesn't have too many chances to play "marry the sweetheart" before its star starts permanently fading.
So who will be around to compete with it? Netapp? Pure? Solidfire? Tintri? Nutanix? SimpliVity? Coho?
There are dozens upon dozens of storage, CI, HCI, DCI and IEM companies out there now, beavering away in stealth or evolving organically from other concerns. There isn't room for them all.
It isn't just tech that will pick the winners. Good tech is part of the story. You need a company where the sales, marketing and evangelist roles are populated by people whom you don't want to blend and then pour into the sewer. You need prices that companies can afford. You need continual development to not only meet the challenges of this refresh, but the next and the next after that.
I, for one, am curious to see whom the people that actually matter - the customers - pick to survive.
How much effort does it take to fire all the vile, sociopathic, money-grubbing executives and their hellions in the licensing department directly into the sun and burn everything, everywhere that contains even a single line of Adobe source code? That is the only thing that is required for Adobe. Ever.
FFS, how many times do I have to write "Java is a piece of shit stop using it unless there's a gun to your head making you do so"?
There is no need for Java in the browser. Many/most people aren't installing it anymore. Bloody everyone is still installing flash. The drum needs banging until we treat the bug ridden piece of shit that is as being at least as toxic as the bug ridden piece of shit that is Java.
Whereas I don't believe that front line staff not giving a damn is an accident or a mistake. I believe that those services are designed to be demoralizing and are purposefully staffed with the bottom of the barrel. I believe that most government services - but especially American ones are purposefully sabotaged.
Some times they do it for malicious intent: rooting out political dissidents, putting "the proles" in their place, etc. But just as often such things are led to ruin purposefully because having a given service degenerate suits the political machinations of someone fairly high up the food chain.
This could be because they covet the budget for their own projects/district/etc. It could be out of spite towards an enemy who supported something they didn't like and is not in charge of that department. It could be any of a number of things.
In my experience however - and, increasingly, as we are learning through all sorts of leaks about all sorts of departments - failure in government and the failure of government are not accidents. Nor is incremental (and protracted!) government overreach.
This is all by design. Petty, hateful, spiteful, covetous, vengeful, prideful, megalomaniacal and yes, even terrified, design.
Governmental degeneracy isn't the result of millions upon millions of individual and coincidental acts of apathy and incompetence. It is the result of purposeful sabotage and thwarting by a mere few thousand near the top.
Hanlon's razon just doesn't apply to government. At least as I see it. Not ever.
It's not just DHS. It's that every time someone is pooh-poohed for "tinfoil hatting" about the US governments ignoble intentions - typically using the premise of Hanlon's razor in order to attempt to silence the cynic - the tinfoil hatter is actually proved right.
I submit to you sir that this is can no longer be considered coincidence: it is design.
Hanlon's Razor does not apply to the US government or it's military industrial complex. Ever.
Have played with swarm. It's actually quite nice. Decent object store and fairly easy to use. If object storage is your thing, you kinda ask for too much more.
That said, I really hope object storage is never my thing. I do so hate writing code...
Actually, it's entirely possible there is no internal activity and the "new" surface is entirely due to atmospheric evaporation and deposition.
And Pluto is a dwarf.
Legit, naturally. Now, are you going to drink that kanar, or am I going to have to come over there and drink it for you?
This from the company that conflates hypervisors and containers. Few things in this world are more arbitrary than Gartner.
The simple fact is that dark matter doesn't have to exist for galaxies to rotate the way they do and not tear themselves apart. There are other ways this could work - specifically that our laws and theories describing gravity are not accurate.
If you say MOND we can't be friends.
Why don't I get you lot a beer instead?
at one point in some undetermined future, the Universe will attain a point of equilibrium and stop expanding
That's one of many interpretations of the data, yes. It seems to be one that more and more scientists are moving towards. A handful think that space - like some sort of elastic - will "snap back" and that whole "big crunch" thing will actually happen.
Others (who are now considered traditionalists, ha!) think space will keep expanding forever, with the force of expansion eventually accelerating past the speed of light (there is a difference between acceleration-driven speed and local timeframe speed which makes this compatible with relativity). At some ????? after this occurs expansion would be so fast that large structures like galaxies, and then stars, planets and even atoms couldn't hold themselves together (the Big Rip).
The former (that the universe will unfold to a maximum extent or eventually collapse) view is held by people who - not to put too fine a point on it - think mcuh of string theory is a whole bunch of hooey. Not that it's all bollocks, mind you, but quite a bit of it. (Brane extrusion is still likely the best reason for our universe to have come into being in the first place.)
The latter people - those who think the universe will continue forever - seem to think the universe will continue expanding forever because that is what it is busy doing now. That the universe changed it mind about how fast it was unfolding in the past seems to be no reason to believe things could ever change again and off they go trying to use maths to prove it. Thus string theory gets more and more silly as they try to beat maths into submission to make it agree.
Basically there are two camps that matter:
1) New space is constantly being created as part of the expansion of the universe and that as a function of this creation there is dark energy. The universe will always create new space (because that's what what it does) and thus the universe is doomed.
2) All the space in the universe was already there to start with, it was just compressed, and the universe is not unfolding to its current size. (Actually, some believe the universe is a multi-dimensional hologram, but let's not get into that as it doesn't really change anything.)
Critical to the debate is the almost anthropic belief of camp 1): that this is the only universe and that it is special. The second group believe that the universe is pedestrian. there are many and instead of being infinite they are popping up all over like sun umbrellas being opened on a beach.
For the universe to expand forever, it basically has to be special. Otherwise it would eventually interact with another universe. Some of us - myself included - believe that the fact symmetry breaking occurred and that expansion changed speeds indicated that our universe has already interacted with other universes (possibly via extra universal forces we don't know - and can't know - anything about.)
Personally, I fall into the latter camp for the simple reason that every time we've thought something about where we lived was "special" we were ultimately proven wrong. There's nothing special about where we live and there's nothing special about us, either.
Thins then changes a "fundamental truth" about what many of us were taught in school: the universe is not infinite. It's just really, really, mind-bogglingly big.
For the life of me I cannot imagine that Dark Matter exists.
Don't see why not. You read about things like pentaquarks here on El Reg on a regular basis. Why is it so hard to conceive of non-baryonic matter made up of a different collection of subatomic particles that result in matter with different properties? We're not talking magic. Just think of dark matter sort of like Linux systems to a Windows admin: same basic building blocks, but being used in a completely different fashion.
I'm convinced that it is gaseous particles, or maybe even small asteroids that orbit galaxies and make up for the "missing matter"
Nope. These would emit light that we could see.
After all, we can hardly spot asteroids in our very own Kuiper Belt
Actually, we're reasonably good at this, given the limitations of the technology to hand. Talk to @plutokiller about how many he's found just in the past few years.
The reason we have trouble is that it's a big ass sky and we have a small ass budget. The primary tool we use for asteroid hunting (Hubble) was never designed for the task. It's slow to turn (shit at tracking anything close by) and has terrible resolution (so kinda crap at focusing on things smaller than stars).
If you wanted to build a modern high end telescope and give it the ability to turn quickly and see in infrared (think an upjumped WISE) you's spot all sorts of awesome stuff. In fact, WISE mark one did see a huge chunk of stuff and we're still picking apart the data from it.
And spotting them in the next solar system is simply impossible
That would be because of the giant ball of fusion that happens to be drowning out the rocks and other things. We can, as a matter of fact, see the interstellar medium and we do have to compensate for it when observing.
Also: the entire mass of a solar system is a mere fraction of the mass of the star. When we calculate what the mass of galaxies "should" be, that's typically included. The problem is that the missing mass is orders of magnitude larger than simply "a bunch of missing planets and asteroids circling the stars".
Questions you didn't ask:
What about rogue planets and brown dwarves?
Glad you asked. This is a growing area of research but the short version is that we can usually actually see these. These live out between the stars so they - believe it or not - count as "galactic dust" as far as we're concerned. They are visible (in aggregate) along with the interstellar medium of the galaxy.
What's more, unless our calculations about solar system formation are wildly off - to the point that we'd need to rewrite physics - there simply can't be enough rogues out there to make up the difference.
I still don't understand what Dark Energy is, though.
Oooooohkay. This is the hard one. Let me try to do this. Apologies for inevitably getting some or all of it wrong.
In the beginning there was nothing, which exploded. And by nothing, of course, I mean everything, but compressed into the most impressive singularity of all time.
Except this wouldn't be a singularity as you understand it. It was "a bunch of baryonic matter shoved into a ball so densely that photons can't escape". Matter didn't exist. Space didn't exist. Not, really, anyways.
But then, all of a sudden, and for no good reason at all, space exploded.
For simplicity's sake I want you to picture the universe as a great big flat circle squished into an impossibly small ball. If you were to unfold that circle and flatten out you would have The Universe in its final, fully extended form. This is The Universe's eventual goal. It was scrunched up so tightly that it is seeking to stretch out a little and get rid of the cramp.
Now, each cubic meter of space to expend energy in order to unfold. This energy comes in the form of two completely different types of energy.
The first type of energy was all released right at the beginning of the universe. The initial collapse of the fundamental singularity caused its emission. At the initial instant of emission it was simply an incomprehensible amount of raw energy occupying an infinitesimal amount of primordial space. This energy would eventually become all matter - dark and baryonic - that we know today.
But the universe was intent on unfolding beyond that mere initial plank space. It continued to expand and as it did so it emitted the second type of energy: dark energy. So far as we can tell, dark energy doesn't interact with the energy that makes up mass in any meaningful way.
In any case, as the universe continued to expand somewhere around 1 usec after the big bang baryogenesis started to occur. The fundamental particles as we understand them formed.
For reasons we don't understand - but which probably mean that either dark energy or dark matter does interact with regular energy on some level - symmetry breaking occurred and the current form of baryonic matter (not baryonic anti-matter) coalesced as the (currently) densest concentrations of energy.
The universe kept right on expanding and that baryonic matter eventually cooled enough that protons and electrons could form atoms and the rest you know from there.
The two odd pieces are symmetry breaking - discussed above - and the variation in universe expansion rates. The initial inflation seems to make perfect sense. The universe sought to unfold and began doing so expeditiously. It then slowed it's expansion for a time and then sped up again.
Some like to think that the gravity of the early universe (it was denser then) slowed the initial expansion. Once past some critical threshold, however, the universe's tendency towards expansion overcame gravity and expansion started accelerating.
The problems with this are A) there's no reason to assume gravity has any sort of effect whatsoever on the universe's desire to expand and B) the universe isn't increasing it's rate of expansion exponentially. (As would be expected if it had overcome some critical threshold.)
The nearest anyone can figure is that the universe is expanding because it damned well wants to, but that it has to expend (or release, like a coiled spring) energy to do so.
I hope that explains things. I am sorry if it doesn't.
Of all the tech companies, I'm slowly coming 'round to be quite positive regarding IBM. Maybe they don't win, but they certainly have a different vision than other companies and are putting both research dollars and a very painful transition period towards what they see as the next generation of computing.
There never was a future for IBM in the low-margin world. They just don't have a corporate culture that can compete in the race to the bottom of shifting tin, cranking out management software or even providing services. There are too many competitors in all of these markets now.
IBM's going other places. Doing things at large scale with computers that only Google seem to be interested in trying for. Win or lose, good luck to 'em! I hope the turnaround shakes lose some of the internal bureaucracy and ends up with a leaner organization focused on competent individuals and not endless managers.
Probably not, but it's worth hoping, sometimes...
Is it really a joke if typed whilst sobbing?
If we'd snagged it we'd be finding all sorts of interesting new uses for platinum. The price wouldn't tank entirely, but it might go down by half. Which is fine. Asteroid mining is viable to even a quarter of current prices. You can also control the price of platinum by varying the return rate.
Also: why return it all? Platinum is really useful in space, and that asteroid will have lots of Silicon. Make high-value parts (like highly efficient solar panels) in-situ instead of lifting them from Earth. Platinum helps with all sorts of high-tech gadgets and given the density is kind of expensive to drag out of our gravity well.
Oh there's some debate here. So Gartner (and some internal EMC projectsions) say that hyperconverged solutions will have 51% of the market by 2018. I disagree and think it's going to be 2020. The wikibon people seem to be somewhere in the middle.
What nobody seems to understand when they do these calculations is that - with the exception of NetApp - array vendors will adapt. EMC is already doing so. Tintri is doing so. Others are slowly trying, at least, for change.
With the exception of Nutanix, hyperconverged vendors are still in startup mode. They don't have the R&D capacity to really go toe to toe with someone like Dell. Array vendors will start to add value by acquiring new startups (like copy data management experts) and raising the bar for enterprise storage functionality. This will force hyperconverged players into a feature way they may well not win.
The end result will be a thinning of the herd on both sides. I ultimately think that hyperconverged vendors will win, but I am expecting a rally by array vendors around the end of 2016 that will buy them a couple of years before arrays are finally reduced to a niche.
The war is already over, but arrays will fight to the last man to keep their margins. And they'll ultimately lose.
Gridstore's cool, but has a few problems
1) Next to no sales. Who has ever seen a Gridstore in the wild? Half the storage analysts I talk to are convinced they're functionally a myth. I'm not entirely sure they're really more than trolling myself.
2) Nutanix does Hyper-V. And they do it damned well. SimpliVity, Maxta and many, many others will be there very soon. (I expect by end of year for most of them.)
3) Marketing. Gridstore's budget for marketing and community engagement appears to be the square root of negative fleventy. This goes back to "who has ever seen a Gridstore box in the wild?" These things aren't in front of the kinds of people who to talks at user groups or Spicecorps or what-have-you. Gridstore has virtually no mindshare amongst the technorati, so even people who know about it tend to forget when it comes crunch time and they have to choose a solution. This leads us to...
4) Really terrible channel support. Gridstore may have a channel strategy. If so, I haven't been able to detect it. If they do have someone out there kicking the channel in the ASCII then those channel monkies aren't doing their job. (See: 3.) They aren't pushing Gridstore as a solution when customers come to call and this is hurting them.
I can't comment much on price - I seem to recall vaguely that it was actually not bad - or functionality - the last time I saw a demo it seemed to do what was required in a reasonable enough fashion - but the fact that I can't summon that information immediately and it is essentially my job to know this stuff just reinforced how ineffective Gridstore has been at remaining "sticky" with mindshare.
By all accounts Gridstore seems a good product, but the company that sells that product is about to get absolutely pwned by the fist of a dozen angry gods as they all turn their eyes from KVM to Hyper-V. Everyone has an ESXi hyperconverged solution. They're all finishing up with KVM/Openstack. Hyper-V is next. After that: Xen.
Gridstore doesn't seem ready to go to war. They don't seem to even understand what is about to happen to them, let alone be remotely ready for it. Too bad, really. They seemed like nice folks.
A) Age is relevant here, especially as correlated with experience, the type and quality of education during their formative years, the culture under which individuals were raised, etc.
B) "Old fart" is not an "ageist" term, unless you are unbelievably oversensitive. It is a term of endearment. It categorizes individuals by age, yes, but it also implies a fondness for the group in general.
If I'd wanted to be ageist I could have chosen any number of other descriptors. Ancient cranks. Hoary gits. Creaky bastards. Grumpy greybeards. So on and so forth.
Now, as to the acceptability of agism, that's another story. On an individual level I don't think it's fair to be prejudiced against anyone. Black, white, short, tall, fat, skinny, old, young, you name it...everyone deserves to be considered individually.
That said, I have negative sympathy for old people as a group.
The few members of "the best generation" that are still around, I have no issue with. But my parents' generation? The boomers? Fuck 'em.
Boomers ruined our planet and created trillions upon trillions of dollars in debt in virtually every other nation. They collectively lived easy lives of low unemployment, easy access to jobs, capital, material goods and resources and left my generation and those who come after us with the bill.
Collectively, boomers are selfish, myopic and in denial about the damage they have done.
Give me an old person and I will do my level best to judge them individually, just as I would anyone else. But I don't have any room in my heart for treat them - as a group - with deference or even respect. I have no room in my heart to treat boomers as a group as though they deserve a goddamned thing.
All of that said, I do rather like "old farts". Technocodgers with decades of experience and a certain cynisim about hype and trends. I've no issue with them, and I use the term they use for themselves: "old farts".
Though, I fully intend to convert thtem all to "technocodger" by the end of the year. Just you wait and see...
If Trevor were to write about this stuff, two things would happen.
1. He'd get sued for breach of contract (the NDA is a contract).
Actually, some of the stuff that's out there might well never make the light of day. It's so very deeply hush hush that sometimes companies get bought up just to keep the tech from competitors. And most of it is damned good. I'd be far more worried about well paid character assassins basically ruining my life than any legal consequences. There are ways to perfectly legally ruin a man's life. I'd rather not attract that sort of attention.
2. He's get excluded from this sort of information in the future.
Which is why I comply. By being one of the few who comply, I get to have input in early stage products and help design go-to-market approaches such that there is at least a chance this technology will be made available to my people (the SMBs) at a price they can afford. I then usually have a shot at getting a launch exclusive review.
In fact, he's probably on shaky ground even admitting that he's subject to an NDA, if they're worded like any of the ones I've been subject to in the past.
This is really the weird part. Yes and no. I probably would get in deep cacapoopoo for letting on which companies I was talking to in the context of this conversation. But general innuendo that "I know people who know people who know things"? That actually works out rather well for the startups in question.
People who need the kind of tech we're discussing (or next gen storage tech, or next gen SDN tech, etc) e-mail me. I pass that info on to the startups and their folks do background checks and maybe reach out, get an early customer.
The world of stealth startups is weird.
If you've seen this top secret stuff then write about it in detail, you're a journalist after all, otherwise it is just another fisherman's story. Without proof, it is meaningless drivel
You're absolutely correct. You either trust me that I have seen this stuff, or you don't. It you do then you can trust that when I am allowed to write about it, I will. If you don't, then none of it matters, does it?
It is useful to think of it as another version of the tragedy of the commons.
That may be the single most interesting thought in the whole thread.
Getting the right core team together would be the make-or-break of the whole enterprise.
No, no, no and 10,000 times no. This is absolutely wrong. The whole point of security by design is to design out any single point of failure, including the failure of individuals. You don't need a stellar core team to run a secure, successful business. You need one to run a business that will rock wall street and perpetually exceed expectations.
There are literally thousands of examples of large enterprises around the world that are well run, stable, steady businesses that do things in a secure fashion. They don't make the news because they aren't prima donnas, they aren't high-stakes wall street derivatives stocks but many of them are household names.
If you design your business to rely on the charisma and personality of individual members of your corporate team you have already failed at information security. Everyone in a company is disposable. Even the CEO. That's proper security. Nobody can be indispensable. Nobody can be in a position to "leverage" the company. No one person - not even the CEO - can be allowed to have full security access to anything.
Policies, procedures and best practices determine how operations are carried out. Changes to those policies procedures and best practices are researched, audited, vetted and tested before being implemented.
It means the company evolves slowly. It means they will never be on the bleeding edge. But it can mean - assuming the design is correct - that they will be secure.
Anyone who is "exceptional" is a threat to the stability of such a company. Exceptional individuals have no place in the smooth running of an organization. They may be useful in research and development, but not on the implementation side.
None of this is a dig, by the way. I'm almost certainly worse at this hoo-man stuff than you are. People can also be considered as exploitable flaws, however, and a bit of introspection does no harm.
People are exploitable flaws. But the biggest risks are in ongoing operations (and the people making those operations go). New equipment can be vetted and tested and verified before being put into service. Any behaviour that deviates from modeled behaviour can be/should be analyzed. Equipment can be deployed in test/simulation environments before going into real ones.
Individuals responsible for design of equipment should be isolated from those designing testing. Those implementing testing should be separate from those implementing production and from those who designed the tests. Those who deliver the goods should be separate from everyone. There should be a "chaos monkey" group internally whose job it is to try to break things. Talk to Netflix about it and you'll understand the benefits.
But the people who are doing day-to-day production. Who are working the help desk, who have access to backups, administrative privs, commit privs, push privs, deploy privs...all these people are threats. They need to be categorized. They need to be maintained. They need to be well cared for, kept happy and - above all - their activities need to be closely monitored and documented so that if they attempt to screw up you not only know about it, but you can replace them at a moment's notice.
That said, that doesn't mean you have to be the evil overlords. You make it clear to people up front that you are a secure environment. They will be monitored. The company doesn't care if they watch porn while waiting for something to break. The company doesn't care if they listen to music or drink coffee at their desks.
The company does have issues with communications with the outside world during office hours unless they agree to allow that communication to be monitored for corporate secrets getting out. If they want to type sexy somethings to their significant other, that's fine: but it's going through the corporate network, not their cell phone, and the content will be analyzed by computers.
Make sure the corporate policy doesn't prevent them from typing sexy sweet nothings, and that corporate policy prevents anyone other than security teams from accessing those messages. respect privacy as much as possible and provide as relaxed an environment as possible, but make it clear that there are concessions to security.
If they don't act against the company's interests then they are guaranteed a job as long as they perform adequately. If the systems detect them acting against company interests a specially qualified, vetted individual trained in discretion and personal privacy ethics will examine thier suspect events/traffic and determine if they pose a risk to the company. The individual will be informed of the event and information about whether or not the data was false or positive will go back to the algorithm team to make the machine better.
That's the best design I have for keeping operations teams satisfied, but I am still not sure if it manages the balance quite well enough. And it is here where, if there is a failure in my design or a breach in the company that it will occur.
This is why I would personally bring experts in to pick apart various stages of my design.
That said the design is based on a lot of research. Failures and successes of other companies. Every single security expert I've talked to - and most that I've read - are adamant that the biggest risk to any company is ongoing operations. Not procurement.
What's more, the procurement design discussed here ad nauseam is one that aligns not only with the best expert advice, but with game theory as well. I simply do not understand why you seem so obsessed with the idea of compromising devices as opposed to compromising the people who will be safeguarding and using those devices every day.
Pretty sure that your biggest problem is going to be people
So you design everything in such a way that noone is 100% trusted. Which is what I've been saying all along...and was really hoping for a great discussion on how one might go about that.
mentioned earlier that IT knowledge and loyalty-inspiring charm weren't exactly synonymous and we spent subsequent posts proving exactly that. Now you can mitigate that with good working conditions; but that only goes so far.
Where did I claim to have loyalty-inspiring charm? That's a purchasable commodity. A network architect doesn't require it directly. Picard didn't have to deal with children on his ship: he had Riker for that. Etc.
And that goes for parts of the supplier chain you own.
Holy fuck, you're back on that again.
As you said in the article, a project of this type requires leadership and a company-owning leader who pisses people off may quickly end up in a worse position than someone more personable who has never been near the place.
Well, yes and no. You see grown ups don't sabotage their workplaces because they don't like their boss' boss' boss' boss. Good HR can root out most of those who would before they do and good network design can limit access of the hoi polloi, with only the most trusted (and well vetted, well compensated) individuals having deep knowledge of more than their segment of the network and/or access to multiple areas.
In addition, quite frankly, when someone is as obstinate or stubborn as you have been - not to mention unable to read - I'd simply let them go.
A better approach might be to send in a personable member of the team to negotiate a fixed-term contract that includes all the data/diagrams that you need.
Uh, no. That would leave your designs in the hands of someone else and raises all sorts of interesting rights issues. The goal is total control. You can't control what's in peoples' minds, but you can bind them by contract not to disclose and you can expunge their access to any design materials when they are not actively working on a design-related project.
and as a bonus, anyone who is trying to attack you by spiking hardware and the like will have to do it all over again at regular intervals; thus making it more expensive
Wrong. it makes it easier for them to do so, because you've created multiple soft targets that have information about your designs. You're far better to control the supply chain and still design your testing and validation regiment to expect potential compromise. Reduce the risk of compromise at the outset, but test for it anyways.
I put it to you (and this is not a snark, although it absolutely would have been if I'd said it 8 hours ago) that "If you own the folks who make the devices" is the worst possible way of approaching things...you're already inciting revolution (or at least mumbles of "fuck that guy rhubarb, rhubarb, rhubarb") before you've even plugged in your first box.
You're really, really bad with people, aren't you? Funny how it seems to be fairly easy to get qualified, talented, relatively loyal people to work for you if you pay them well and get them to work on projects they enjoy. I don't have problems with "rebellion", and hundreds of millions of other businesses don't have problems with rebellion. There are entire disciplines devoted how to treat people right to ensure you don't have rebellion. You could also - holy shit - listen to your staff regularly and find out if they feel they need anything.
And there's trust (although this may just be a different name for the people problem). You have testing and monitoring kit; but who wrote it? You have testing and monitoring kit; but who wrote it? The software stack it runs on? The hardware? Do you need monitoring software to monitor the original monitoring software? Who writes it? And so on.
As discussed eleventy billion times already, multiple independant teams who are given the design materials and tasked with coming up with independent testing regimens. They are not related to the original design team at all.
This is ground I've been over dozens of times. And you're still obsessed with the kit going into the business as the point of attack. Holy wow, man. Holy fucking wow.
Questions along these lines end up in a recursive loop and your brains running out of your nose. </I.
No, they're really quite straight forward. As a matter of fact there are quite a few very simple bits of game theory that apply here. They even give you the optimal number of independent teams, etc. Verifying supply chain is not hard if you own it. It's really, really not.
<i>For an enterprise of this type, it'd probably be better if you took the Merlin role and appointed someone else to do the King Arthuring.
No, Merlin had to read.
You'd also need someone truly stellar in HR...one of those rare ones who are very good at reading people.
The ability to read English and retain it would be where I'd start. We would then proceed to see how much charisma was required from there...but honestly that skillset if not that difficult. There are entire business schools full of them.
You did say that the network would have monitoring, mitigation and all the rest. First order of business for a potential evil attacker is gaining some sort of access. Thinking of ways to do that and sidestep as much security as possible sounded like a fun thought experiment
I agree that it is a fun thought experiment. I certainly enjoy kicking holes in such designs. I'm merely saying you're attacking the wrong end. If you own the folks who make the devices then guarding against tampering with the devices themselves is trivial.
This means that if you want to attack the network you need to get closer. Your attacks - and your reconnaissance - need to be at the point of deployment, not at the point of procurement.
I'm positive there are vulnerabilities here. There is, after all, only so much isolation and mitigation you can do. Systems have to interact in some fashion. How to you do that so they can, but are still as isolated as possible? How do you do this in a manner than can change in an automated fashion so no one person can know the whole design?
These are the weak points.
My poking at you was to get you to see this. To do a broader security analysis of the design and move your focus away from the easily defended procurement and towards the areas of the network where there actually are real questions.
That would have been a much more interesting debate because there are some very real limits to what's possible with today's technology. Even "new" application designs present problems. Any legacy apps would be huge security holes.
I have some thoughts - application proxies, mainly - but it's the area where my knowledge hits its limits and I would have to bring in a series of specialists to help me work out the fine details.
Network connectivity is one of the major barriers. Just how do you know which part of the web is causing a problem? How do you test and manage response times and latencies, especially if your audience now includes users on mobile devices?
Is Azure, Amazon or one of the hundreds of different cloud providers offering the right platform for your particular application?
Nope. Not unless you're A) American, B) picking a public provider in your jurisdiction or C) building a private cloud.
“To burst into the cloud sounds like a great vision but how do you actually do it? How do you implement it? How do you set it up to be flexible? You need clever bits of software and people who can manage that software,”
Not really. The software is relatively commonplace and the skills for it are mundane. You just have to be prepared to spend. And spend and spend and spend. People with those skills are smart, and they won't be treated like crap. Companies with that software charge a lot. And you need great reliable internet connectivity and your ISP is going to take it out of your genitals. With prejudice.
Sounds easy? Maybe not, but if you plan your transition to a hybrid cloud setup correctly you will retain control over your IT. You get to choose how you customise your environment for your workloads.
No, your ISP does. They control the pipe and you do exactly as they say. Same with your hypervisor/management tools vendor. And your tin shifter. And your storage overlords. And - above all else - your government, who may well demand that any company large enough to be seriously looking at hybrid cloud computing build in back doors to allow the spooks to pwn us all in the information so that they can nose out political dissidents.
You are not in control. Everyone else is in control. You just give them money and hope they leave you alone long enough to retire. Even if you're a Fortune 1000 company.
So design your networks with that in mind. If your duty of care - and your legal obligations - run towards the protection of your customers'/employees' data, then you absolutely must treat your ISP, your vendors and your government as hostile agents who are just as likely to try to cause compromise as any outside hacker. They'll use different means, but you need to be prepared to defend against them nonetheless.
Can we trust Google
Probably not. But more than we can trust most governments. Absolutely more than we can trust almost any other company in the tech industry and probably more than we can trust any other fortune 2000 company.
Google are awful, thieving, sociopathic kleptocrats, but of the options available to the hoi polloi they're still the fuckwits likely to do the least amount of damage.
India also has big bump in its demographic bell curve, as more than half the population is under 35. That smartphone-toting generation is just the kind of demographic to stir up strife if under-employed.
Part of the problem is to stop having so many goddamned children.
Flash insecurity does not go up from those nasty guys to regular otherwise properly secured websites that happen to be using flash
Yes it does. Infected ad networks are, in fact, a thing.
If a major news site stopped supporting flash, the ad houses would fall into line.
two reasons news and/or entertainment sites use flash:
1) third party advertisement houses use it. If you want the revenue, you post the ads.
I don't even want to enter attempting to debate any of the many sides of either of those.
How can you not be sure who I am referring to when you wrote what I was referencing. I am not twisting your words like you are with me. Your writing has no real spec.
You make an educated guess and then you verify. It's how grown up learn things.
How can you not be sure who I am referring to when you wrote what I was referencing. I am not twisting your words like you are with me.
If it walks like a duck and quacks like a duck, clearly it's a pony. Clearly.
Maybe you cannot be direct and because of this you believe everyone has ulterior motives.
Not everyone. Just the people who are so overwhelmed with rage that they feel the need to comment. Commenters make up less than 1% of the readership, and among them most aren't quite so angrily tart as you've proven to be. So when you get to fractions of a single percent of pure internet rage, yeah, I start asking some questions.
You think I work or have worked for NetApp
No, I think you're affiliated with Netapp because of your "Clearly NetApp is not superior over all things and any sane person knows this," attitude. It's the sort of thing NetApp has been very careful to ensure is the only view allowed internally.
Why can't you just do your job and go into the specific details of how storage requirements are changing and where specific NetApp portfolio (not my) gaps exist?
Who says that's my job? You? And how do you know I'm not putting together such a piece already?
Why is this your motivation and not what is really going on in the data center?
Because there's usually an interesting reason why the smell of bullshit is stronger in some places. Besides, what people are doing in the datacenter today is not really all that relevant. They're doing that with stuff they've already bought. What matters is what people will be doing in their datacenters tomorrow, as that drive innovation, competition and - most importantly - sales.
Are you sure all of those people work at NetApp? Not saying they do not but you think I do when I do not.
Not sure to whom you're referring, but yes, I am absolutely positive that some of my sources work at NetApp. As for you, if you don't work at NetApp what rational reason would you have to be so frothing? Why should I assume anything other than a fairly direct association?
Now, being an anonymous commenter on the internet you're fairly useless for analysis or quoting purposes, but as far as "frothing commenter in a comment thread" it's fairly safe to presume affiliation or insanity. It's not polity to presume insanity, so I choose to presume affiliation.
but you had to write a passive aggressive article under the guise of analysis?
Reading comprehension is important to all people at all times. The article is tagged "comment", not analysis.
Anything else you would like to vomit on the carpet? Or are we done here?
Your customers are whiners? The people trying to sell your stuff are whiners? I'm glad to see you hold the opinions of the individuals and corporations who purchase NetApp's products in such high regard.
I'll be sure to link them to this post with your views on the subject.
But thanks for proving my point so spectacularly.
That is going to depend entirely on whether or not we kick out that nutjob Harper while still managing to keep the traitorous coward Trudeau from office. If either wingus or dingus get in charge, we're pretty much screwed.
Who says it's alcohol. The US is drunk on it's own overinflated sense of exceptionalism!
Go home, USA, you're drunk.
For guest pieces, content is more important than style and form.
As for not being technical in nature, I agree (to a limited extent). That said, there's still a lot of research. We're treading ground that vendors have to walk, so how do they do it, and why? What corners do they cut? What lessons have they learned? Can OCP implement the difficult stuff and leave the easy stuff as a todo for buyers?
And if OCP doesn't move downmarket beyond Facebook-class deployments, what's the relevance? There are only a handful of Facebook-class entities that will ever exist at any one time, and I'm not remotely sure that systems integrators have the capability to take up the slack.
If they do, what's in it for them? What's the business case for them to do so? Will it help save them in the face of the public cloud, or just draw out an inevitable painful death?
At the same time, large vendors are moving towards massive "black-box" vertically integrated endgame machines. Is OCP - and for that matter systems integrators - relevant in the fact of that sort of market shift?
As developers cut their teeth on cloud tech (private, public and hybrid) first, is OCP still relevant? Will regular enterprises even be able to field sysadmin teams and developers who code to anything other than the black-box style clouds?
And these are just the questions off the top of my head.
"why not run it by" I mean could El Reg run an opinion piece?
Well, of course El Reg can. It becomes a question of who is qualified to write it. If you wanted to write something I could get you in touch with the relevant people to see about a guest piece.
As for myself, the truth is that I don't know enough about all the nooks and crannies of this just yet to open my big mouth in print. There's a lot of research to be done and many opinions and views to gather before I weigh in.
OCP is a different world from the one I normally inhabit. Perhaps more to the point VMworld is a month and a half on fire and the vendors are on fire and their content is on fire and I'm on fire and everything's on fire and air travel is hell. I'm full up for the next while and don't have time to learn a whole new world until after the big game. (I just learned OpenStack and am putting my free time to SDN/NFV at the moment.)
I think the problems presented are deep and complex. They deserve a full research and analysis treatment. Ideally, I'd like to see the OCP become much more important and central to the how we all procure IT, and I fear that going off half-cocked writing about it could do far more harm than good.
I grok the liability argument, I really do...but I think centralized testing is core and critical to economies of scale. There has to be a balance between "certifying everything works together" and "meh, I hope it all goes to plan".
I think that balance rests on testing for established standards. E.G. meeting JEDEC standards for your memory channels/traces/controllers/etc.
In a perfect world I envision the OCP as essentially becoming the "reference implementation" of various hardware standards. If your RAM doesn't work in an OCP box then chances are you screwed up and didn't meet spec because OCP verified that their widgetry meets the published specs.
The other side of it is that if the testing is to be left up to the customer than I think those folks behind OCP should open source testing tools relevant to all elements as well as procedures for using them/expected results for the tests. This would let any tom dick and harry assemble OCP gear, select parts from various suppliers and verify it all works to plan before ordering it by the datacenter load.
If OCP is to be just some plans for someone to (apparently badly) put together some motherboards then what's the point? It becomes something you can't trust to do the job and ultimately doesn't drive down the costs, because instead of centralising the costs of testing, verification and R&D those costs have to now be replicated by each and every company implementing OCP systems!
Lots of companies don't feel the need for the liability portion of the equation to be taken by the vendor. And, to be frank, that's a huge part of the cost. But making sure that at least basic quality is dealt with and that testing R&D is central and open is essential.
The OCP doesn't have to be "a cheap Tier 1" vendor. We have Supermicro for that. But OCP should also be more than a PR exercise or a way to offload hardware engineering on "the community". The community will contribute back if there is a great base to start from. That starts at verifying standards compliance and making available the ecosystem of testing tools and procedures required for companies to do testing in house.
At least, that's my take on it. I understand entirely that others may well see it differently.
The M500DCs have served me very, very well. Looking forward to using the 510s for new deployments, as they look like a solid upgrade. Keep 'er steady, Micron!
"Graham finds – and so does Vulture South – the idea that the FBI would hit the roof about simple and basic technology “implausible”."
You're talking about an organization led by a cryptography denier. Sorry, but <i.any</i> level of stupidity is plausible for them.
The tabletop didn't use a multitouch film. It used IR sensors that tracked fingers from underneath. It was actually designed completely differently.
Good for Microsoft. Hope it sells well.