Feeds

* Posts by kosh

57 posts • joined 9 Apr 2011

Page:

VMware hyper-converge means WE don't NEED no STEENKIN' OS...

kosh

Of course VMware would much rather you used their storage management and got all nicely locked into their volume formats at so forth.

Because why would you want to use anything native to your storage array? What do you mean, "some of your stuff isn't in VMDKs" ? I hope you don't use bare metal servers. Please call our sales staff immediately.

1
0

Acorn founder: SIXTH WAVE of tech will wash away Apple, Intel

kosh
Go

I think it's great that he's found something to fall back on after professional cycling.

0
0

AppFog PaaS drops Rackspace IaaS

kosh

fact checking much

Engine Yard already deploys on the Terremark cloud as well as the Amazon cloud.

0
0

Amazon, eBay, banks snub anti-fraud DNS tech, sniff securo bods

kosh
Pirate

Wrong.

This is crap. Not only have Paypal signed their domain, but they also defer email for you if your domain signatures don't validate.

Are Paypal not a "big e-commerce site"? I guess not if you're Secure64 pulling a marketing angle for credulous journalists. But they handle most of the payments for eBay, which is the big name trumpeted in this article. So, er ... oops.

Hint: querying PR flacks isn't "checking the facts".

0
0

Google+ dying on its arse – shock new poll

kosh

Wasn't federated

Needed to be a distributed federation (a la email or xmpp) to kill facebook. But then Google wouldn't control the data, and we can't have google without big data, can we?

On the bright side, this post prompted my monthly visit to G+.

On the downside, I find myself actively avoiding posting, since the death spiral means I'll just end up having to rescue the content later.

1
1

Boffins: SOPA breaks DNSSEC, and won’t work anyway

kosh

I use DNSSEC all the time, for distribution of my ssh keys.

If you visit https://dnssec.imperialviolet.org/ with Chrome then you have also just used a DNSSEC chain of trust to validate the hash of a SSL certificate.

0
0
kosh

This attack is prevented by DNSSEC chains of trust. Just because Verisign sign the root and .com, doesn't mean they can undetectably fake a response from further down the tree, because they don't have the keys for that.

They could sign a false delegation, in which case it would be instantly detectable because it wouldn't match any other published delegation data.

You could execute this attack on a single target, assuming you can sit inline with their IP transit and spoof DNS responses from the listed nameserver, but that isn't SOPA.

Finally, no-one owns the root key. You should take a look at the root signing ceremony. That's quite of list of people you'll have to compromise. Have fun working out how to hack it.

3
0

Mysterious sat-pic China desert markings - EXPLAINED

kosh

It's a map of central <major western industrial city>.

0
0

Why your tech CV sucks

kosh

Yeah, same.

Probably troll, though. I have met recruiters this arrogant, but they're not this eloquent.

There are two messages in this pieces:

1. Write your CV with the audience in mind.

2. Hire direct (as I do, using my network) - recruitment agents add no value.

However, it doesn't need this many words to deliver, and the attitude dulls the edge rather than driving it home.

1
0

‘Want to be more secure? Don’t be stupid’ redux

kosh

> "I know nothing about computer security or administration."

This means you are already ideally qualified to become a high-paid government IT security consultant.

0
0
kosh

Don't be silly

Those four things look like processes to me. What an absurd notion. Everyone knows that security is a product, not a process. Now buy this firewall. It'll put security in your network. Honest.

15
0

(At least) 4 web authentication authorities breached since June

kosh

You've missed the point in a rush to be negative.

I didn't suggest including certificates in DNS. The suggestion is to include a hash of an existing certificate in DNS, then sign the hash, to provide an additional avenue of verification.

Your point is also made by Marlinspike but he then goes to on to promote Convergence as the dynamic, personal-choice layer (using notaries) building atop multiple functional trust layers. And this DNSSEC mechanism is actually one of them, and he even suggests it in the Convergence talk.

You've also taken the client-side perspective. From a server operator point of view, clients using DNSSEC protects you against *everyone who isn't Verisign* from issuing certificates in your name. No wonder Google are interested (see DNSSEC stapled certs in latest versions of Chrome).

Finally, DNSSEC supports DLV if you don't trust the root. In other words, it already has look-aside notaries.

0
0
kosh

There is a solution pending, sort of.

We can't fix the burgeoning sprawl of CAs -that horse has already bolted.

However we can create a second validation of every certificate via DNSSEC, which means a counterfeit cert becomes detectable by failing a positive check. This is better and easier than the negative OCSP revocation checking that we currently do, or at least it will be when everyone's recursive resolver supports DNSSEC.

Unfortunately the IETF has two groups (DANE and PKIX) both working on this in parallel and there is not yet clarity over which DNS record to use or how. However, the DANE group has just published their scope RFC (http://www.rfc-editor.org/rfc/rfc6394.txt). So there is progress.

0
0

Facebook comes out swinging

kosh
Mushroom

Any legitimate trial form may be used in a Shadow Proclamation hearing.

1
0

Googler squeals: 'We don't get platforms'

kosh
Holmes

Shenanigans.

Who amongst us hasn't used "Oops I hit reply-all by mistake" as a cover story for a good broadcast rant?

4
0

Gay-bashing cult plans picket of Steve Jobs funeral

kosh

It's just stats

With a sufficient large population, every normal distribution will exhibit outliers.

The only way to reduce their extremity is to reduce the overall deviation, also pronounced "dictatorship".

Advice: Just ignore the trolls and/or counterprotest. They're not going away.

0
0

FalconStor founder found dead

kosh
Thumb Down

Yes the man needed counselling and love, but it's a squalid proselytizer indeed that suggests someone's lifetime nadir is the right moment to indoctrinate them in a belief system. Have you considered joining Scientology?

1
0

VMware 'to work with just five storage companies'

kosh
Thumb Down

oh for heaven's sake

Having reinvented the operating system (without the rich capabilities) and having reinvented the routing protocol (with less scalability), VMware now want to reinvent the file system.

Get stuffed.

1
1

Oracle uncloaks 'speedier' MySQL installer for Windows

kosh

nope

At the risk of replying to a fourteen-year-old troll, I have to say it's none of the above. Get into the 21st century, guys. The best available web stack is BNUP (BSD, unicorn, nginx, postgresql).

0
0
kosh

meanwhile ...

In the real world that doesn't need or want to bend over for larry, we're all quietly switching over to postgresql.

1
1

VMware, Cisco stretch virtual LANs across the heavens

kosh

@lewis

Not only have I read the specification but by referring to it as "tunneling" I am quoting it. You can't split the difference between tunnels and encapsulation; the latter is simply the wire format of the former concept.

The truth of the matter is, a man was once faced with problem. A network that wasn't quite numbered how he liked it for a clean topological separation. "I know," he said, "I'll use a dynamic mesh of self-discovering tunnels". Now he had two problems.

1
0
kosh

and next...

Soon enough you need a distributed protocol for managing your tunnels. And no doubt that tunnel creates a FIB entry and an adjacency table entry. Thus reinventing the IGP.

It's so easy to advertise a host route, so why not just do that?

0
0
kosh

er

So it's a tunnel with an access list.

Seriously, guys, please stop reinventing the wheel just because you don't know how to use dynamic routing protocols.

I'm looking at you especially VMware. Your complicit partner Cisco should damn well know better.

2
0

IDC numbers show chink in NetApp wall

kosh

no longer recommending netapp

Having done so frequently in the past, I am not currently recommending NetApp to my consulting clients; for three reasons:

1. They've totally dropped the ball on delivering the shared-nothing cluster capability in OnTAP 8.x. It is way behind schedule and the release is looking half-baked. Whether the development group has run into insurmountable technical difficulties, lost some key talent, or suffered from BigCo processes (rather than being allowed to innovate like a startup) I cannot say but I fear a mix of all three.

2. The management UI has always been crap and despite repeated promises to develop a high-quality modular interface, it remains crap. I think they hired too many developers with a Java Enterprise background. Oops.

3. Even with VAAI the integration with VMware remains saddening. It's so easy to imagine array-assisted snapshot/clone integration for zero-copy backups & VM management. The prospect remains unfulfilled, unlike in Citrix/Xen land. VMware shares the blame for this but with the HQs twenty minutes apart I remain unimpressed by VAAI.

Alone I guess my recommendations haven't contributed more than a few $m to NetApp's net worth, but other like-minded infrastructure consultants may be expressing similar concerns.

0
0

Accenture and Telstra open cloud lab

kosh

Enterprise horrors.

I'm trying to think of two companies I'd less like to do business with again.

Telstra, who I have repeatedly seen bring their toxic internal culture to customer engagements from $5m to $50m. Accenture, the team that taught me the phrase "justifiable non-delivery".

I wouldn't touch this unholy marriage with a ten-foot barge pole.

0
0

Google+ bans real name under ‘Real Names’ policy

kosh

Falsehoods Programmers Believe About Names

Google are becoming the Enron of online services - arrogant enough to believe they are the smartest guys in the room, but actually not.

http://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/

7
1

Accenture closes in on Aus government e-health tender

kosh
FAIL

downhill

So it's going to another overpriced enterprise bigcorp catastrophe.

Accenture - the team that brought you the phrase "Justifiable non-delivery".

When are people going to learn that the consulting IT giants are only in it to do the minimum amount of work for the maximum amount of money?

0
0

Peaches Geldof explains Kubrick's 2001

kosh

and..

and I thought *I* was being hard on Lester.

1
0
kosh

Actually

She has it pretty close to accurate and without sounding like an idiot pseud.

Perhaps Lester should stick to the Swedish masturbation stories - definitely more his level.

0
0

Network switches look different in the cloud

kosh

Layer 2 is a horrible solution.

Article is pandering to switch vendor marketing without any critical thinking.

Article is downright wrong.

Flat layer 2 networks have horrible scaling, security, managability and reliability characteristics, all of which get solved by layer 3 segmentation. Not by reinventing the layer 3 wheel at layer 2 (c.f TRILL and other half-arsed horrors)

0
0

Apple Mac OS X 10.7 Lion Part One

kosh
Thumb Down

Crap review

Not sure the reviewer is competent enough to write a technical review. I'm no OSX ninja but it took me all of five seconds to google how to do a reinstall of lion (hint: command-R whilst rebooting).

0
0
kosh
Thumb Down

wifi issues

There's a lot of chatter on the Apple support forums about severe wifi performance issues, and I can confirm them. Apple handled the iPhone 4's signal issues really, really badly. Wonder if they'll do better this time?

0
0

Oracle buys Ksplice

kosh

yes

Just because your virtual OS is running as a VM doesn't mean you don't have to reboot it. A great many applications are still very stateful - you can't just pull a host out of a pool.

Moreover, if you are selling shell logins or zones then live kernel patching is a great thing to have.

Of course, rootkits have been doing this for donkeys

0
0

Apple annihilates Wall Street performance estimates

kosh
Pint

what?

I am intrigued by your ideas and would like to subscribe to your newsletter.

0
0

Google's Facebook: It rocks, but who cares?

kosh

it's true

There's no chance that G+ could replace Facebook. That would be like Facebook replacing Myspace, or Orkut.

Unthinkable. Could never happen.

1
0

VMware whitewashes self in open source

kosh
Facepalm

The cloud vision

Let me get this right. VMware's vision of the future is to have a database, an app server, a message queue and so forth, all running on top of a "hypervisor" that mediates shared disk, memory, cpu resources?

Can anybody remember what the definition of "multi-tasking operating system" was?

D'oh, because we're reinventing the wheel.

2
0

Can virtualisation rejuvenate your old servers?

kosh

but...

all of those benefits flow from using shared storage and a multi-tasking operating system. none of them are really attributable to virtualization.

2
0

Microsoft pounces as Mozilla shuns enterprise

kosh

Apple.

Apple lack a long-tail support cycle too, which is a barrier to enterprise adoption.

1
1

Telstra, Optus expand filter list

kosh

As everyone who deals with them knows...

Telstra or Optus. Your choice: between hopeless and useless.

0
0

World braces for domain name EXPLOSION

kosh
FAIL

.catastrophe

ICANN is a laughing stock. Without efficient hierarchy, the DNS loses all relevance as a discovery & naming scheme. The only beneficiary here is ICANN; everyone else suffers from confusion, cost, and in the long term a grossly polluted namespace.

2
0

Upstairs, downstairs: IT goes into service

kosh

The failure of chargebacks

If a business owner can just finding cheaper hosting elsewhere, they will. The resulting feral IT is wholly uncoordinated with other systems.

The result: fragmented services that don't integrate or interoperate.

So don't take on pay-as-you-go scheme. You can still pinpoint inefficient users through cost reporting.

0
0

Apple iMac 27in

kosh
Meh

I buy Macs because

... They look good in my house

... I'm a UNIX hacker and this is the best desktop *nix by far

... I can afford them

... I can still use Windows apps if necessary. Bootcamp, Crossover, Fusion, Citrix, View depending on where I am.

I dream of being able to justify them in the enterprise, but Apple's entire operational strategy is geared against that (even with the chunky discounts and embedded support guy they offered me on the quiet). They remain harder to integrate and manage en masse vs PC clients, and there's no line of DC-grade servers.

0
0

LulzSec hacks EVE Online as rampage goes on

kosh

au contraire

How is that "bad at security"? Bad at security would've been leaving the vulnerable forum code running.

It's not wrong to be vulnerable - all systems are. What's wrong is allowing glaring problems to fester.

I'd hate to be CCP. Browsing the forums reveals they have some of the most awful, ungrateful, childish, self-serving customers. Add in that EVE is a haven for real-money-traded russian & chinese goldfarming, and I'm not surprised they get owned, and quickly how la.

1
1

A sysadmin's top ten tales of woe

kosh

Backups, db sync ...

modern data protection doesn't use backups or database sync, it takes single-instance archive snapshots.

0
2

El Reg guide to the Private Cloud

kosh
FAIL

Cloud schmloud

It's an over-engineered mess. The cloud: a way to abstract DC resources and run multiple applications across an arbitrary cluster of hosts.

So, uh, like processes running on a kernel.

Virtualization solves a problem only Windows ever had: software co-existence. But not even DLL Hell is a problem anymore.

So why do the likes of BNP rate it a success?

1. The provisioning tools are really simple (this is why VMware beat Xen), and

2. It is really easy to describe to CIOs whose last hands-on was with COBOL.

As for chargebacks, the psychology and economics are disastrous. Shame on the register for even suggesting that internal markets are a solution, not a problem.

0
0

A cloud hangs over the sysadmin

kosh
Holmes

Hiring policy

So we should hire for versatility and imagination, not certification.

This is as true now as it has been for the last forty years. The "cloud" is irrelevant. Indeed the so-called cloud is not a new computing model either. It's just bureau computing, rehashed with a better abstracted data model and horizontal rather than vertical scaling.

4
0

Apple embraces 'n' extends messaging

kosh

Rubbish.

Meanwhile, here in the real world outside Andrew Orlowski's fantasy land, real architects like me are still successfully producing large-scale solutions using protocols like SIP, XMPP, RTP, G.711, SMTP, IMAP, HTTP, DNS, TLS, XML, LDAP and another hundred open standards..

Why should Apple's closed-system messaging automatically be assumed a success? Facetime is a failure. Not everything the Church of Steve produces turns to gold.

There appears to be conflicting information about whether or not iMessage will be XMPP based, but Apple have rocks in the head if it isn't.

0
0

Red Hat's Oracle shot: The Unbreakable Database?

kosh
Thumb Up

A smart play.

I'm an infrastructure architect and I am waiting for a good alternative to Oracle & SQL Server to recommend as an enterprise standard.

I personally adore PostgreSQL and would love to be able to recommend EnterpriseDB. The only reason I cannot, right now, is because over my head are CIOs and they've never heard of EnterpriseDB. They have, however, heard of Red Hat.

Honestly, in a bigco the decision tree often is that boneheaded.

Acquisition would be a very smart move, if RedHat can learn from their post-M&A integration mistakes with JBoss.

1
0

RIM PlayBook strikes back at Jobsian internet dream

kosh
Thumb Down

flash? TBL?

Flash is the opposite of the Web. TBL, rolling in his grave.

At least you found out why flash is terrible on tablets for yourself.

0
0
kosh

toy computer name

If they wanted to market it as a professional tablet, they need a less Fisher-Price name.

Can't believe they missed the opportunity to call it the BlackBook. Chumps.

2
0

Page: