57 posts • joined 9 Apr 2011
Of course VMware would much rather you used their storage management and got all nicely locked into their volume formats at so forth.
Because why would you want to use anything native to your storage array? What do you mean, "some of your stuff isn't in VMDKs" ? I hope you don't use bare metal servers. Please call our sales staff immediately.
I think it's great that he's found something to fall back on after professional cycling.
fact checking much
Engine Yard already deploys on the Terremark cloud as well as the Amazon cloud.
This is crap. Not only have Paypal signed their domain, but they also defer email for you if your domain signatures don't validate.
Are Paypal not a "big e-commerce site"? I guess not if you're Secure64 pulling a marketing angle for credulous journalists. But they handle most of the payments for eBay, which is the big name trumpeted in this article. So, er ... oops.
Hint: querying PR flacks isn't "checking the facts".
Needed to be a distributed federation (a la email or xmpp) to kill facebook. But then Google wouldn't control the data, and we can't have google without big data, can we?
On the bright side, this post prompted my monthly visit to G+.
On the downside, I find myself actively avoiding posting, since the death spiral means I'll just end up having to rescue the content later.
I use DNSSEC all the time, for distribution of my ssh keys.
If you visit https://dnssec.imperialviolet.org/ with Chrome then you have also just used a DNSSEC chain of trust to validate the hash of a SSL certificate.
This attack is prevented by DNSSEC chains of trust. Just because Verisign sign the root and .com, doesn't mean they can undetectably fake a response from further down the tree, because they don't have the keys for that.
They could sign a false delegation, in which case it would be instantly detectable because it wouldn't match any other published delegation data.
You could execute this attack on a single target, assuming you can sit inline with their IP transit and spoof DNS responses from the listed nameserver, but that isn't SOPA.
Finally, no-one owns the root key. You should take a look at the root signing ceremony. That's quite of list of people you'll have to compromise. Have fun working out how to hack it.
It's a map of central <major western industrial city>.
Probably troll, though. I have met recruiters this arrogant, but they're not this eloquent.
There are two messages in this pieces:
1. Write your CV with the audience in mind.
2. Hire direct (as I do, using my network) - recruitment agents add no value.
However, it doesn't need this many words to deliver, and the attitude dulls the edge rather than driving it home.
> "I know nothing about computer security or administration."
This means you are already ideally qualified to become a high-paid government IT security consultant.
Don't be silly
Those four things look like processes to me. What an absurd notion. Everyone knows that security is a product, not a process. Now buy this firewall. It'll put security in your network. Honest.
You've missed the point in a rush to be negative.
I didn't suggest including certificates in DNS. The suggestion is to include a hash of an existing certificate in DNS, then sign the hash, to provide an additional avenue of verification.
Your point is also made by Marlinspike but he then goes to on to promote Convergence as the dynamic, personal-choice layer (using notaries) building atop multiple functional trust layers. And this DNSSEC mechanism is actually one of them, and he even suggests it in the Convergence talk.
You've also taken the client-side perspective. From a server operator point of view, clients using DNSSEC protects you against *everyone who isn't Verisign* from issuing certificates in your name. No wonder Google are interested (see DNSSEC stapled certs in latest versions of Chrome).
Finally, DNSSEC supports DLV if you don't trust the root. In other words, it already has look-aside notaries.
There is a solution pending, sort of.
We can't fix the burgeoning sprawl of CAs -that horse has already bolted.
However we can create a second validation of every certificate via DNSSEC, which means a counterfeit cert becomes detectable by failing a positive check. This is better and easier than the negative OCSP revocation checking that we currently do, or at least it will be when everyone's recursive resolver supports DNSSEC.
Unfortunately the IETF has two groups (DANE and PKIX) both working on this in parallel and there is not yet clarity over which DNS record to use or how. However, the DANE group has just published their scope RFC (http://www.rfc-editor.org/rfc/rfc6394.txt). So there is progress.
Any legitimate trial form may be used in a Shadow Proclamation hearing.
Who amongst us hasn't used "Oops I hit reply-all by mistake" as a cover story for a good broadcast rant?
It's just stats
With a sufficient large population, every normal distribution will exhibit outliers.
The only way to reduce their extremity is to reduce the overall deviation, also pronounced "dictatorship".
Advice: Just ignore the trolls and/or counterprotest. They're not going away.
Yes the man needed counselling and love, but it's a squalid proselytizer indeed that suggests someone's lifetime nadir is the right moment to indoctrinate them in a belief system. Have you considered joining Scientology?
oh for heaven's sake
Having reinvented the operating system (without the rich capabilities) and having reinvented the routing protocol (with less scalability), VMware now want to reinvent the file system.
At the risk of replying to a fourteen-year-old troll, I have to say it's none of the above. Get into the 21st century, guys. The best available web stack is BNUP (BSD, unicorn, nginx, postgresql).
In the real world that doesn't need or want to bend over for larry, we're all quietly switching over to postgresql.
Not only have I read the specification but by referring to it as "tunneling" I am quoting it. You can't split the difference between tunnels and encapsulation; the latter is simply the wire format of the former concept.
The truth of the matter is, a man was once faced with problem. A network that wasn't quite numbered how he liked it for a clean topological separation. "I know," he said, "I'll use a dynamic mesh of self-discovering tunnels". Now he had two problems.
Soon enough you need a distributed protocol for managing your tunnels. And no doubt that tunnel creates a FIB entry and an adjacency table entry. Thus reinventing the IGP.
It's so easy to advertise a host route, so why not just do that?
So it's a tunnel with an access list.
Seriously, guys, please stop reinventing the wheel just because you don't know how to use dynamic routing protocols.
I'm looking at you especially VMware. Your complicit partner Cisco should damn well know better.
no longer recommending netapp
Having done so frequently in the past, I am not currently recommending NetApp to my consulting clients; for three reasons:
1. They've totally dropped the ball on delivering the shared-nothing cluster capability in OnTAP 8.x. It is way behind schedule and the release is looking half-baked. Whether the development group has run into insurmountable technical difficulties, lost some key talent, or suffered from BigCo processes (rather than being allowed to innovate like a startup) I cannot say but I fear a mix of all three.
2. The management UI has always been crap and despite repeated promises to develop a high-quality modular interface, it remains crap. I think they hired too many developers with a Java Enterprise background. Oops.
3. Even with VAAI the integration with VMware remains saddening. It's so easy to imagine array-assisted snapshot/clone integration for zero-copy backups & VM management. The prospect remains unfulfilled, unlike in Citrix/Xen land. VMware shares the blame for this but with the HQs twenty minutes apart I remain unimpressed by VAAI.
Alone I guess my recommendations haven't contributed more than a few $m to NetApp's net worth, but other like-minded infrastructure consultants may be expressing similar concerns.
I'm trying to think of two companies I'd less like to do business with again.
Telstra, who I have repeatedly seen bring their toxic internal culture to customer engagements from $5m to $50m. Accenture, the team that taught me the phrase "justifiable non-delivery".
I wouldn't touch this unholy marriage with a ten-foot barge pole.
Falsehoods Programmers Believe About Names
Google are becoming the Enron of online services - arrogant enough to believe they are the smartest guys in the room, but actually not.
So it's going to another overpriced enterprise bigcorp catastrophe.
Accenture - the team that brought you the phrase "Justifiable non-delivery".
When are people going to learn that the consulting IT giants are only in it to do the minimum amount of work for the maximum amount of money?
and I thought *I* was being hard on Lester.
She has it pretty close to accurate and without sounding like an idiot pseud.
Perhaps Lester should stick to the Swedish masturbation stories - definitely more his level.
Layer 2 is a horrible solution.
Article is pandering to switch vendor marketing without any critical thinking.
Article is downright wrong.
Flat layer 2 networks have horrible scaling, security, managability and reliability characteristics, all of which get solved by layer 3 segmentation. Not by reinventing the layer 3 wheel at layer 2 (c.f TRILL and other half-arsed horrors)
Not sure the reviewer is competent enough to write a technical review. I'm no OSX ninja but it took me all of five seconds to google how to do a reinstall of lion (hint: command-R whilst rebooting).
There's a lot of chatter on the Apple support forums about severe wifi performance issues, and I can confirm them. Apple handled the iPhone 4's signal issues really, really badly. Wonder if they'll do better this time?
Just because your virtual OS is running as a VM doesn't mean you don't have to reboot it. A great many applications are still very stateful - you can't just pull a host out of a pool.
Moreover, if you are selling shell logins or zones then live kernel patching is a great thing to have.
Of course, rootkits have been doing this for donkeys
I am intrigued by your ideas and would like to subscribe to your newsletter.
There's no chance that G+ could replace Facebook. That would be like Facebook replacing Myspace, or Orkut.
Unthinkable. Could never happen.
The cloud vision
Let me get this right. VMware's vision of the future is to have a database, an app server, a message queue and so forth, all running on top of a "hypervisor" that mediates shared disk, memory, cpu resources?
Can anybody remember what the definition of "multi-tasking operating system" was?
D'oh, because we're reinventing the wheel.
all of those benefits flow from using shared storage and a multi-tasking operating system. none of them are really attributable to virtualization.
Apple lack a long-tail support cycle too, which is a barrier to enterprise adoption.
As everyone who deals with them knows...
Telstra or Optus. Your choice: between hopeless and useless.
ICANN is a laughing stock. Without efficient hierarchy, the DNS loses all relevance as a discovery & naming scheme. The only beneficiary here is ICANN; everyone else suffers from confusion, cost, and in the long term a grossly polluted namespace.
The failure of chargebacks
If a business owner can just finding cheaper hosting elsewhere, they will. The resulting feral IT is wholly uncoordinated with other systems.
The result: fragmented services that don't integrate or interoperate.
So don't take on pay-as-you-go scheme. You can still pinpoint inefficient users through cost reporting.
I buy Macs because
... They look good in my house
... I'm a UNIX hacker and this is the best desktop *nix by far
... I can afford them
... I can still use Windows apps if necessary. Bootcamp, Crossover, Fusion, Citrix, View depending on where I am.
I dream of being able to justify them in the enterprise, but Apple's entire operational strategy is geared against that (even with the chunky discounts and embedded support guy they offered me on the quiet). They remain harder to integrate and manage en masse vs PC clients, and there's no line of DC-grade servers.
How is that "bad at security"? Bad at security would've been leaving the vulnerable forum code running.
It's not wrong to be vulnerable - all systems are. What's wrong is allowing glaring problems to fester.
I'd hate to be CCP. Browsing the forums reveals they have some of the most awful, ungrateful, childish, self-serving customers. Add in that EVE is a haven for real-money-traded russian & chinese goldfarming, and I'm not surprised they get owned, and quickly how la.
Backups, db sync ...
modern data protection doesn't use backups or database sync, it takes single-instance archive snapshots.
It's an over-engineered mess. The cloud: a way to abstract DC resources and run multiple applications across an arbitrary cluster of hosts.
So, uh, like processes running on a kernel.
Virtualization solves a problem only Windows ever had: software co-existence. But not even DLL Hell is a problem anymore.
So why do the likes of BNP rate it a success?
1. The provisioning tools are really simple (this is why VMware beat Xen), and
2. It is really easy to describe to CIOs whose last hands-on was with COBOL.
As for chargebacks, the psychology and economics are disastrous. Shame on the register for even suggesting that internal markets are a solution, not a problem.
So we should hire for versatility and imagination, not certification.
This is as true now as it has been for the last forty years. The "cloud" is irrelevant. Indeed the so-called cloud is not a new computing model either. It's just bureau computing, rehashed with a better abstracted data model and horizontal rather than vertical scaling.
Meanwhile, here in the real world outside Andrew Orlowski's fantasy land, real architects like me are still successfully producing large-scale solutions using protocols like SIP, XMPP, RTP, G.711, SMTP, IMAP, HTTP, DNS, TLS, XML, LDAP and another hundred open standards..
Why should Apple's closed-system messaging automatically be assumed a success? Facetime is a failure. Not everything the Church of Steve produces turns to gold.
There appears to be conflicting information about whether or not iMessage will be XMPP based, but Apple have rocks in the head if it isn't.
A smart play.
I'm an infrastructure architect and I am waiting for a good alternative to Oracle & SQL Server to recommend as an enterprise standard.
I personally adore PostgreSQL and would love to be able to recommend EnterpriseDB. The only reason I cannot, right now, is because over my head are CIOs and they've never heard of EnterpriseDB. They have, however, heard of Red Hat.
Honestly, in a bigco the decision tree often is that boneheaded.
Acquisition would be a very smart move, if RedHat can learn from their post-M&A integration mistakes with JBoss.
Flash is the opposite of the Web. TBL, rolling in his grave.
At least you found out why flash is terrible on tablets for yourself.
toy computer name
If they wanted to market it as a professional tablet, they need a less Fisher-Price name.
Can't believe they missed the opportunity to call it the BlackBook. Chumps.
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...