* Posts by Gerhard Mack

352 posts • joined 4 Apr 2007

Page:

User filed fake trouble tickets to take helpful sysadmin to lunches

Gerhard Mack

Re: Apologized to? Sure.

It depends on who is paying for the support call.. If it were costing my employer money, I wouldn't do it. If, on the other hand, the guy buying lunch was the one paying the bill (per hour charge and he is the signer) then it's all good.

4
0

FreeRADIUS fragged by fuzzer – by invitation – and fifteen fails found

Gerhard Mack

Re: C is a [value judgement of choice] language for security

"So, don't wait around for somebody else to do this simple stuff for you: just do it."

In addition: GCC has a ton of new sanity checks for you to enable.. Use them.

If your compiler provides a way to annotate varargs. Use them (ex GCC: __attribute__ ((format(printf, 2, 3)));"

If your compiler lets you annotate parameters as allows NULL/must never be NULL etc. Use those too.

Always make sure your code compiles without warnings.. Warnings are often the C language telling you that what you are doing is undefined and even if you leave the safe warnings in place they will hide the important warnings in the noise.

0
0

Wikibon drops bomb, says Intel's Optane could be a flop...tane

Gerhard Mack

I wouldn't mind

Right now SSD is the premium options on workstations and servers with the 3x price markup to match on the server side. If Optane took that spot instead, and dropping SSD into the standard spot on everyone's price list,I would be much happier.

1
0

Microsoft boasted it had rebuilt Skype 'from the ground up'. Instead, it should have buried it

Gerhard Mack

"We've switched to Signal, but we mostly do one-to-one conversations"

And now you have a new problem. Signal only works on phones making it and most of it's competition useless for most of Skype was good for. And then we have hangouts, which chokes on my 1080p webcam (worked great with Skype even on Linux).

Only thing I have found that looks promising is Ring.cx but no one uses that and it's still in Beta.

1
0

Linus Torvalds slams 'pure garbage' from 'clowns' at grsecurity

Gerhard Mack

Re: Grumble

"You might be able to download an Ubuntu ISO for free, but in a production environment Linux has costs just like Windows or OS X (unless your techies work for free in some kind of medieval serfdom, which I very much doubt).

How much are RHEL support subscriptions these days?"

Where I work, I maintain a mix of Windows, RHEL, Centos, Debian and pfSense. Of all of those Debian (completely free) is the one I spend the least amount of effort maintaining and Linux servers in their entirety require less tech time than the Windows servers to maintain despite the fact that we have more Linux servers than Windows.

12
1

You're all too skeptical of super-duper self-driving cars, apparently

Gerhard Mack

Re: Shills ignore Public Transit

"Meanwhile, public transportation has its own issues such as uneven access and tax burdens on the public (not one is self-sustaining)."

I don't know very many countries that have self sustaining roadway systems either. You pay for your own car but usually the road is paid with taxes.

0
0

Microsoft officially hangs up on old Skype phones, users fuming

Gerhard Mack

Re: The usual story

you forgot Sidekick.

9
0

Did someone say server sales are crappy? Yes, nearly everyone

Gerhard Mack

I wish the place I worked would. I checked Supermicro and their retail prices are far less but management won't go for it because they don't offer 3 hour onside like Dell does.

Sadly, my explanation that everything runs in a VM with hot failover so we can just buy an extra server so a dead machine can be down all month while still being cheaper, go on deaf ears.

1
1

The Linux cloud swap that spells trouble for Microsoft and VMware

Gerhard Mack

Re: The real reason for VMs on x86?

"We have multiple Oracle and Mongo instances all running happily on one machine"

We do the opposite of that, not for technical reasons, but because it was the saved us money by being the most effective way to deal with per core licensing.

0
0

SSD price premium over disk faaaalling

Gerhard Mack

Re: Most/many of us

Your needs are not everyone else's needs. For myself, I realized that neither my desktop nor my laptop were actually using the 1 TB drives they had and downsized trading the wasted space a very noticable speed increase. Same goes for things like my home firewall, it didn't need anything more than the 64 gb drive I gave it. I still keep two spinning drives in my home NAS (video collection is large) but I have more SSD drives than spinning in my home.

At work, it's pretty much the same story, I have a lot of wasted space on my servers and when they get upgraded, I will downsize the space and trade in for SSD.

4
1

Linus Torvalds stops personally signing Linux kernel RC tarballs

Gerhard Mack

Re: Linus has a mother? Must be one of all inventions

She is a Karate champion.

1
0

Mozilla to Thunderbird: You can stay here and we may give you cash, but as a couple, it's over

Gerhard Mack

Re: yeah, right

"Are you a member of the goldfish tribe (a.k.a. the new generation)? You know, those with the attention span of less than 5 seconds? How on Earth you boarded the tube without knowing where you'd get off?"

Get on transfer, transfer again, forget where I was going to get off, easier to forget when Spanish names are harder for me to remember.

0
0
Gerhard Mack

Re: yeah, right

"IMAP has the same problem. And if you never downloaded the e-mail onto your device BEFORE going into a not-zone, you're screwed no matter what. Otherwise, what happened to SAVING the e-mail before heading out?"

Most IMAP clients solved that problem over a decade ago by downloading the email and only deleting it if the server said the email is gone on the next synch. These days, I use K-9 and have it synch all of the mail to my phone so I can read it regardless if I have a data connection or not.

0
0
Gerhard Mack

yeah, right

"Because most of the world has gone to webmail, especially Gmail. You don't need an e-mail client then. Fewer programs to maintain, fewer potential exploit avenues and/or points of failure."

Yeah, works great until you are somewhere without cell service service and need to consult your email. I had this happen when I was underground on the metro (subway/tube for you Americans/brits) and needed to find the email that told me what stop I needed to get off of.

3
1

Cisco patches switch hijacking hole – the one exploited by the CIA

Gerhard Mack

Cisco treated SSH like a premium feature for the longest time. Even just a few years ago enabling the SSH v2 protocol required the Advanced encryption pack licence.

7
1

Michael Dell? More like Michael in-Dell-nial: No public cloud, no future

Gerhard Mack

Re: Simplifications in server hardware might beat cloud offerings

Cloud providers save money by chopping each server into many little pieces. I've done the math, doing on premises VM cluster is cheaper when looking at lease monthly payments than cloud even if I use expensive servers and brand name networking gear.

2
0

Partners? With them? No way, says HPE of Nutanix

Gerhard Mack

@MikeR

"actually we have a few and they are all rather good, helps us to help our customers put their technology on the right platform, which could also be Converged or 'build your own'"

Yes, I know, your people stopped by my workplace and treated me to roughly 2 hours of presentations on the topic. Your president of Converged systems really likes to talk.

0
0
Gerhard Mack

Actually, Dell has their own HCI offering.

0
0

Microsoft sparks new war with Google with, er, $999+ lappies for kids

Gerhard Mack

Re: Skydrive?

"Is it 2014 again? Now it's OneDrive."

Still stuck in my head after their paid product placements on NCIS LA,

"I put the file on Skydrive"

Next episode "I put the file on Skydrive"

Third episode in a row "I put the file on MICROSOFT Skydrive"

After that, I gave up watching NCIS LA.

To this day, I've never used Skydrive/Onedrive/whatever they rebrand it as next to get the numbers up when people still can't be bothered to use it.

1
0

Yeah, keep buying those SSDs, grins Seagate: Your data will be on our disks eventually, muaha

Gerhard Mack

Re: Capacity or Revenue?

Exactly, In my case as flash goes down in price, I'm replacing drives with SSD since on my PC and Laptop, I just don't need more than a few hundred GB of space.

The larger drives, seem even more expensive so as much as I'd like to replace my two spinning drives with something larger, I just can't justify the expense right now. My remaiing two drives are actually more expensive now than when I bought them 3 years ago.

2
0

AWS v Oracle: Mark Hurd schooled on how to run a public cloud that people actually use

Gerhard Mack

Re: AWS infrastructure Boss is Ex-Car mechanic.. says it all.

"Presumably he means overhead on your licensing costs - Do Oracle actually recognise virtualisation in their DB licensing yet?!"

Sort of, I had to look into this for work and basically:

1 Oracle licensing assumes that a core is dedicated to that VM

2 unless you have Oracle's VM software configured in the correct way than HT threads count as Cores so you must turn them off leading to a 30% drop in performance.

I took one look at the above and opted for bear metal servers.

.

1
0

Dell servers set to get a flash boost from Toshiba

Gerhard Mack

Now if only they would be affordable

Dell's markup on SSD is insane and keeps me from using even the smaller sizes for boot drives. Finding the same drive for far less elsewhere is just frustrating.

1
1

Manufacturers reject ‘no deal’ Brexit approach

Gerhard Mack

Re: Welcome to Trump.UK

"Unlike the Trump campaign though it has been the "popular press" propagating lies about the EU for decades which did the damage"

Fox news isn't "popular press" ?

5
1

Google promises policy review after several big brands pull YouTube ads

Gerhard Mack

You miss the point

It has nothing to do with morals and everything to do with brand damage from having heir ad associated with something that makes people angry.

6
0

BOFH: Don't back up in anger

Gerhard Mack

Re: The moral of the story?

A better moral of the story is: Do not try passing blame for your own mistakes on the IT department.

41
0

Dormant Linux kernel vulnerability finally slayed

Gerhard Mack

@Paul 195

"The fact is, not all open source software has that many eyes on it, because nobody is paying for them."

I think you are missing the point that most kernel devs are paid these days. In this case though, there have been few eyes because almost no one uses the driver in question.

3
0

Germany to Facebook, Twitter: We are *this* close to fining you €50m unless you delete fake news within 24 hours

Gerhard Mack

Re: Could be tricky

@mstreet

"So...what the government is saying, is in fact a load of meaningless drivel designed to make them look like they are being forward thinking heroes for the masses?"

"If it has no legal or binding impact, then what, other than getting their smiling mugs on camera is the point? I thought they were elected to lead the country, and make real decisions based on real situations. Instead, they are wasting their time and our tax dollars, putting together a giant group hug that seems to have no purpose but to tell everyone "look at me, I'm not a racist"."

"If their intent is in the slightest bit inspired by noble intent, then why is it just Islamophobia, and not racism period?"

It references Islamophobia because we have some anti Muslim actions lately including the recent shooting in mosque by a white nationalist.

But other than that: If you were more familiar with the current political situation in Canada, you would understand that the current Liberal government lead by pretty boy Trudeau is pretty much all about looking good for the cameras and that they have accomplished nothing useful. They were elected to be the opposite of the Conservative Party that got a ton of things done, but also tended to be annoying social conservatives and as an example took pointless parting shots at Muslims in an effort to wind up their base and keep from losing the last election.

1
0
Gerhard Mack

Re: Could be tricky

@pccobbler

"It is very much binding. Read the bill yourself instead of assuming. I quoted the relevant sections in a comment made yesterday. Or just start here: http://www.assnat.qc.ca/en/travaux-parlementaires/projets-loi/projet-loi-59-41-1.html"

I'm a bit lost here.

1 This is not the bill currently being debated in Parliament, it's from 2 years ago.

2 It is for the province of Quebec only.

3 It doesn't mention Islam or Islamophobia anywhere.

4 It references the Charter of Rights and Freedoms and there is plenty of case law to establish what contravenes the charter making offenses rather well defined.

1
0
Gerhard Mack

Re: Canada debating a bill that would criminalize Islamophobia

"There is no right to country-wide enforcement of one point of view, as that is the sort of thing found in communist and fascist countries."

Correction, Province wide. That bill is from the legislature of Quebec.

0
0
Gerhard Mack

Re: Could be tricky

The reports that there is a proposed Canadian law banning Islamophobia are a god example of fake news. The reality is that its a non binding motion calling on the government to condemn Islamophobia and study what actions should be taken to reduce it.

It doesn't define Islamophobia because it doesn't really need to since it makes no changes to the existing legal framework of Canada whatsoever.

3
0

Public IPv4 drought: Verizon Wireless to stop handing out static addys

Gerhard Mack

Re: I wonder if I could sell my class C

It will depend a lot on how you got it. If you got it before the registries stopped giving them away and moved to a rental model then yes, it's valuable.

The annoying part is, I know exactly how expensive a /24 is right now given that I'm working on a startup that needs a /24

1
0

UK's Virgin Media subscribers suffer fresh email blocking misery

Gerhard Mack

@Lee D

That is why I just refuse the message and let the sending mailserver generate the bounce.

0
0
Gerhard Mack

I wish

"So the marketing department will gnash its teeth the first time, not afterwards. And they should be happy about it, because it's that much less of a chance they'll click on a bad link."

Dream on. Sales departments get a lot of emails from new people and when they don't respond right away the customers call in wondering what happened and then the question "Why is our mail server slow" I tried it years ago and it worked as expected but I nearly lost all of my clients that month.

If I tried it at my current job, I'd have the whole sales department in the IT director's office demanding my head on a plate (they have pitched fits for less).

2
0
Gerhard Mack

Greylisting tends to really aggravate the users. Users (especially sales teams) get upset if mail is even a little bit slow to arrive.

0
0

3Par brought down Australian Tax Office with >REDACTED<

Gerhard Mack

Re: Seriously?

I would be *really* pissed if the SAN didn't alert me to a failed redundant path.

3
0
Gerhard Mack

Seriously?

How could this possibly be a cabling issue? I don't recall the last time I've seen a SAN without redundant cables for everything.. power, SAS network and FCAL all have redundant cables and they are all supposed to hot fail-over in the case that one of them is damaged.

5
0

One IP address, multiple SSL sites? Beating the great IPv4 squeeze

Gerhard Mack

Re: Wrong.

"There's no need for that sort of language around here."

How else to describe it? The guy has invented motivations in his head for missing features that aren't actually missing, ignored several people here who told him hes wrong, and continued to heap insults on the IPv6 designers based on his original misconceptions.

The only thing that might be true, is that SMB and home equipment doesn't support it(I don't know one way or the other. But it's hardly the fault of the IPv6 designers if manufactures didn't bother to implement features available by other manufactures.

1
1
Gerhard Mack

Re: Wrong.

"And it took 20 years to get the bastards to admit we needed Network Prefix Translation, and it will be 20 more before it's widely supported enough for use. NAPT in IPv4 scared the IPv6 purists enough for them to fight a generation-long war against the simple idea ease of use matters for someone other than developers, universities flush with grant money and large corporations."

Again, it has been supported and completely usable since before you wrote the original article in 2012.

You are like the Breitbart of the tech world.

2
4
Gerhard Mack

Wrong.

"NPT *is* 1:1 NAT, and IPv6 purists hate the ever-living crap out of it, with many refusing to code for it, add support for it, etc.

I even wrote about it in the article I linked to..."

It would have helped if the article you linked to wasn't completely full of crap.What IPv6 Purists hate is 1 to many NAT. NPT on IPv6 is easy and has been supported for years (I've used it) and support is firewall based so application independent.

Don't even get me started on the bits of IPv6 doing away with static IPs, it was actually DHCP they wanted an alternative to. On public servers, you will want to renumber anyways if the ISP changes your address. On private servers, you will want to assign them to a local (non routeable) IPv6 range and either 1:1 NAT at he gateway or use the local IPV6 addresses internally and allow the machine to auto assign the external IPs for internet access. Again, IPv6 makes this easy.

1
2

HPE CEO Whitman says everything's 'on the right track' as sales are literally decimated

Gerhard Mack

Re: It gets even worse

Buy a next day service contract and discover that when you actually need it, the server is "too old" and it will take them two weeks to replace it.

4
0

Talk about a slow pour: Oracle now brewing late Java EE 8 for July 2017

Gerhard Mack

Re: Re AMBxx: Does anyone really care?

"I wasn't talking about the plugin. We don't allow Java on any machines where I work for security reasons. Same with Flash."

Great..a purist. If I did that, I would not be able to remote manage any of our machines. Our Raritan KVM wouldn't work, Neither would any of Dell iDRACs, HP iLOs, SUN ILOM, or the Lenovo equivalent some of our branch offices use. And that is just client side.

On top of that, one of our largest income generating systems runs on Java.

And even then? Even if we wanted to replace a whole team's several year long effort, what do we replace it with? C takes to long to code, PHP isn't suited to the task, Python and Ruby do backwards compatibility badly, making security updates out to be a night mare and everything else doesn't have enough developers for us to be able to hire people.

0
0

Penguins force-fed root: Cruel security flaw found in systemd v228

Gerhard Mack

@Dan 55 Re: right ..

"How about you start networking first, then iSUSI, then OCF32, then Dovecot? Just throwing that out there."

You can mess with the boot order, but the pain comes when you actually want to mount the filesystem. /etc/fstab has an option to wait for the network but none to wait for the iSCSI/OCFS2

and in most distros a failed mount would simply then start loading the rest of the services. This means adding checks to each daemon's startup script to make sure all file systems are mounted.

Under systemd, I can just add a config file for just the mount point that causes me trouble, and it does not even attempt to mount the FS until all needed services are up and then mark the postfix/dovecot as a dependancy of the filesystem. Much less fragile, and my time to setup new services has been reduced and as an added bonus, I don't have daemons saving things to the local drive instead of the network drive which is kind of a pain when it's supposed to be a shared FS.

3
5
Gerhard Mack

right ..

I'll take your "abomination" Thanks to SystemD I finally have shared filesystem clusters booting correctly the first time without a ton of hackery. (dovecot depends OCFS2, OCFS2 depends on iSCSI, iSCSI depends on networking) something that was almost impossible to do under the old init system.

As a server admin, SystemD has solved more problems than it has created.

9
31

Windows 10 networking bug derails Microsoft's own IPv6 rollout

Gerhard Mack

Re: Not that awful

"I also like the ability to define my own internal networks, obviously with IPv4 being in short supply for a long time doing it with real IPs for most orgs is impossible. So NAT to the rescue. At the end of the day NAT works for the vast majority of use cases out there, and as the old saying goes if it ain't broke don't fix it."

So do that anyways using an internal range and SNAT at the border. IPv6 only killed the one to many NAT the other types are still supported.

1
1
Gerhard Mack

Re: IPv6 needs a catalyst

"The main limitation of NAT is 16 bit ports. If port addresses were expanded to 32 bits, we'd probably be fine with IPv4 pretty much forever. "

It all sounds so easy until you realize that the port number is a fixed field in the IPv4 header and changing it would break backwards compatibility and that would have most of the same deployment issues that IPv6 has.

7
1

The top doc, the FBI, the Geek Squad informant – and the child porn pic that technically wasn't

Gerhard Mack

Re: "To be clear, our agents unintentionally find child pornography"

"Digital forensics is one of the things I do. You'd be surprised by how over-confident, dumb and technically illiterate the porn addicts/pornographers are. I suppose there's a valid argument that the ones who get caught are the stupid ones, but boy are they dumb."

Not just porn addicts..These people just think everyone around them either thinks the same way they do or are invisible pieces of furniture. I once had a client leave naked pictures of himself sitting on some hooker's face on his Adult dating site (something I'm sure his wife didn't know about) for me to find. All he had done was ask me to check his computer because "my internet is slow" and all I did was click the back button to see an example of a site he uses to speed test on.

I have also had clients have meetings about phone scams they are running while I am sitting in the room working on their PCs.

0
0

UKCloud: We ARE cheaper than Microsoft or AWS online storage

Gerhard Mack

What race to the bottom? Amazon is expensive.

The trick is that they break the charges down per item so you don't realize what the cost will be until you get the bill.

2
0

HPE 3PAR storage SNAFU takes Australian Tax Office offline

Gerhard Mack

Re: Problem with SAN in general

"The performance of even the fastest NVMe SANs are very very slow compared to distributed file systems."

Not according to any of my measurements. With several of our servers our Compellent SAN + 8 gbps FCAL link outran the local disks in some of our older servers. Meanwhile, GlusterFS on 3 nodes with local storage actually cost me a contract when it was outrun by a single NFS server.

0
0

Oracle finally targets Java non-payers – six years after plucking Sun

Gerhard Mack

Re: Phones?

That would be why Oracle is suing Google.

0
1

Is your Windows 10, 8 PC falling off the 'net? Microsoft doesn't care

Gerhard Mack

Re: It's all a bit farcical, isn't it?

"static DNS: worst case, use 8.8.8.8 [should work everywhere the intarwebs is supported] - it's a freebie from google. [yeah they probably track it]"

Great plan.. now explain how I I access local resources by host names that don't resolve on the wider internet . Even some Wifi routers use DNS to redirect you to their setup page.

Come to think of it. One of my predecessors used to keep a company wide zone file for our parent company with resources we needed to access and even that turned into an maintainable mess.

3
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017