Re: Let me get this right!
Apprehend and rehabilitate. Vengeance is not justice.
6988 posts • joined 31 May 2010
Apprehend and rehabilitate. Vengeance is not justice.
If I have a 20% chance of chemo curing my cancer and a 90% chance of dying from that cancer then I'm going to take the chemo. That's just rational.
Woo woo crystals, magic water and the so-called "power of prayer" have exactly a zero percent chance of curing me. The power of the human immune system varied dramatically per person, and given the death rates from cancer do you really want to roll those dice?
The alternative to chemo or radiation therapy is generally death. And not the nice kind of death.
Spoken like someone who not only hasn't done the research, but has never had to face the decision personally.
Chemo sucks balls. Horrible, horrible balls. Chemo is terrible, and awful; it's miserable and it very well might kill you. Anyone any everyone whose been through it, or had a loved one go through it will tell you this.
But for all chemo's problems, cancer is worse.
I'm with Enrico on this. Reinventing the "System Center single installer" isn't a hybrid cloud. Actually having management products that aren't a miserable bitch to install, configure, maintain and support is a really big part of it.
VMware still has a the mindset of an infrastructure supplier. They make pieces of infrastructure and they expect you to get a whole bunch of certifications and read a 400-page user manual.
Oh, and pay for the lot of it like every single bit was made out of iridium.
This strategy would work if the only players on the table were VMware, Microsoft and Amazon. It would work if Enterprise IT spend were still growing at 8% year on year. None of this is true.
Multiple players - big and small - have figured out that if you aren't selling "cloud in a can" you're already dead, and you don't even understand why. Over the next 12-18 months, they'll be cranking these out. The endgame machines are coming.
What's more important: those competitors are pricing their wares for the mass market. And - lo and behold - the SMB and midmarket space, which already make up around 60% of IT spend - are the areas where IT spend it growing near the double digits year on year.
Hyperconvergence was the future seven years ago. Today, it's just another feature. It's not even a product.
The future - tomorrow's technology - is made up of turnkey cloud-in-a-can. Not for the cost of your first born. Not requiring a room of PhDs to make go. But for commodity pricing and with an ease of use rivaling Amazon itself.
The datacenter was VMware's to lose. And, quite frankly, they haven't even shown up to be counted.
...they're not wrong. It's something people have been asking after for some time.
Clearly you're not consuming as VMware intends (upgrading everything immediately). The past year has been a clusterfuck-class comedy of errors. I can't help but feel VMware are moving more and more towards a Redmondian QA model.
If you have to ask, you're not a "relevant" customer.
Welcome to tech.
You want me to carry around a keyboard for my notebook.
The fuck, what?
But they don't have a real keyboard.
We need to have zero corporate tax and low taxes for the rich in order to attract businesses to our nation/province/muni! The governments really make their money off the taxes of the workers! That's where the real income is!
Sorry, but I don't see getting trusted root certs as being all that hard. Pretty much zero effort, when you look at just how easily that particular scam has been pulled off before.
It takes a lot - a lot - to get browsers to pull trust for a cert, and comparatively little to set up a CA and get into the list. Especially for ISPs.
Designing a network and physically putting it in place is a lot of effort. It's stupid money, requires a huge number of people and takes crazy amounts of time. Becoming a CA and then abusing it, or using already abusable certs from generally trusted CAs, or any of many other techniques (you need to install our software in order to use our internet) is basically zero effort.
You make a choice about how you want to ruin your reputation and then you do the paperwork. You will eventually be caught, but you can absolutely spoof the TLS traffic quickly and easily.
As you state: Internet security basically relies on the system. Something you seem to think actually works.
I, however, view the CA system as completely broken and pathetically easy to manipulate, especially when compared to other very tangible considerations of running something as big as an ISP.
I'm not sure I could hack my way out of a "hello world" statement. Written correctly, it shouldn't have an attack surface.
Also, how am I in a line of code? If I echo myself out of a line of code, is that me that escapes to the display device, or merely a copy of me? Oh the existential horror of it all...
Funny how it's doable in practice. It's detectable*, if you know what you're looking for - and thankfully browsers have stepped this up a little - but proxying TLS connections in this fashion is absolutely possible. The key is to control the entire negotiation process instead of trying to intervene in one that's already started.
You can not simply insert yourself mid stream to an extant session. You can, however, cause the client to negotiate the TLS connection with your MITM proxy while your proxy negotiates a TLS session with the target site.
All the client traffic goes from the client to you whereupon you decrypt, sniff the traffic and forward on down the next TLS session to the target site.
Yes, it requires that you have a certificate that the client trusts. And ideally you would be able to spoof the site in question with this cert so that if your client thinks they are contacting bob.com they don't end up with a trusted cert from proxysrus.com.
But this is really just a discussion about root certification trusts at this point, and we all know that the entire cert authority system is pretty broken.
So I'm back to: if you can insert yourself between the two endpoints you can MITM TLS connections. It takes some effort, some creativity and some illegality, but it's absolutely doable. Innumerable corporate security products rely on exactly this, as do various state-level spying initiatives.
The difference between them is merely how they go about obtaining trusted root cert status.
*A great tool for this is the add-on Cert Patrol for Firefox. It will let you see when certs for a site have changed, even if they're "valid" re: root certs. Of course, a lot of companies with large infrastructures change certs regularly, or even deploy multiple valid certs from multiple valid providers! This practice makes MITM attacks all the more viable, especially for large/popular sites, and it also makes it harder to detect in practice because you become immune to Cert Patrol warnings after a few days.
If I own the pipes, I see your security negotiations and I can man in the middle you with absolutely zero effort. You'll never know I'm pwning you.
So unless you have an alternate channel for disseminating your keys - which 99.99999999% of orgs and individuals do not - a compromised ISP == "everyone is fuxxored".
Except the services themselves. The API of those services isn't fixed or static. They can and will change as soon as viable competition offering the same APIs shows up and they see movement away.
It was ever thus.
The only "cross cloud" anything worth a damn was Ravello. And then Oracle bought them.
Now we need another Ravello.
Oh, yeah, because paying 10x-20x more per "transaction" or per running VM than if you ran it yourself is a good plan. And hey, let's also enjoy the lock-in of building everything to an API that a cloud provider can - and will - change on a while, legal terms of service the cloud provider can - and will - change on a whim, and prices that will go up the instant there is a downturn and the vendor needs a stock price boost.
Yeah, that's a fantastic plan. Please let me know who you work for so that I can never, ever buy anything from your company. I don't think you'll be around long enough to bet my business on yours.
Shot version: Pernix sold two product: FVP and Architect
FVP is server-side-caching. You buy an SSD (or multiple) and put them into the server. FVP then copies frequently read data blocks into the SSD to your apps can read them faster. It also buffers writes to the SSD so your writes happen faster and then slowly drains them back to disk. If clusters this across multiple servers so that if one server goes splork all your writes waiting to be drained are still stored elsewhere.
Architect is the thing that looks at your workload and makes sure that all your writes will fit onto the SSDs without causing a flush cascade and crippling your entire infrastructure. (I.E. your writes don't fill the SSDs up faster than they can drain over the course of an arbitrary period defined in part by the size of the SSDs and the speed of the storage you're trying to accelerate.)
To make FVP work you need to buy expensive SSDs + hella expensive software + OTHER expensive software (Architect). This is because it is way - way - easier to cause a flush cascade than Pernix people will admit.
The end result is that Pernix, while not a bad idea and actually decent software, simply cost too much. Why would you pay more to accelerate your servers' access to their storage than it cost to simply buy new storage in the first place, or to move to a hyperconveged infrastructure?
In many - but not all - cases it would have been cheaper to simply toss some SSDs into existing systems and enable VSAN (or Maxta) as an all-flash setup for demanding applications than to use Pernix. (Remembering that I could still use my slow storage for non-demanding applications in a VSAN setup.) By segmenting the workloads in such a manner I also eliminate the risk of flush cascades entirely.
And on, and on, and on, and on. The arguments can go up one wall, down another, 'round and 'round and 'round and 'round. Suffice it to say that while Pernix software works, and works well, you absolutely need to know what you're doing with it, you need to be pretty good at architecting solutions based on some pretty in depth understanding of storage and, well....
...along the way a bunch of easier solutions with lower knowledge requirements came along at the same or lower prices. Pernix as a product couldn't survive as it was positioned or priced.
But Pernix as a pair of features will be a powerful and enticing addition to Nutanix's offerings.
As I said: I realize it makes me a bad person to take enjoyment in the discomfiture of others. That said, I feel I'm in good company as the discomfiture I'm enjoying is that of bullies. Enjoying watching bullies get their comeuppance isn't something that makes one a good person. I acknowledged that and do so again.
But it is a very human reaction, and I am as flawed as any human. Perhaps even more than most. However sad, upsetting, immoral or unethical it may be, it is natural for one who is perpetually on the receiving end of bullying to take a dark and even unwelcome pleasure in seeing bullies brought low.
Am I proud of myself for feeling such schadenfreude? No. I am, in fact, more than a little disconcerted that I am capable of such depth of disquieting emotion.
That said, it says something about those who drove the organization that this is the depth of emotion they inspired. Positive and negative; I'm sure there are multiple interpretations that we could haggle over for hours.
As for my irredeemability...I don't deny that. Seems to me everyone who ever had a soapbox to stand is one form of sonofabitch or another. I'm not a great person. I'm probably not even a good person. But I take comfort in knowing that whatever my flaws, however horrible and hateful, spiteful and miserable a pathetic nobody I truly am...
...I'm not quite as irredeemable a shit as bullies from Pernix.
And unlike them, I'm willing to admit I'm an ass and slowly, awkwardly, perhaps ultimately unsuccessfully, at least try to make myself a better person. If nothing else, I like to delude myself into thinking that self awareness of my own flaws and a willingness to address them makes less awful than those who honestly believe they're beyond reproach even as they behave in a despicable fashion.
Well holy shit, Pernix couldn't make it work, and for the very reasons I told them it wouldn't work. Who'd have thunk it? All them haughty elites with their in-crowd cliques, fancy learnings and A-list experience couldn't prove a nobody like me wrong.
I am fucking marinating in schadenfreude right now.
And yes, I realize that makes me a bad person, but being a good person never got me anything and right now, just this moment, I would like to like to raise a galactic middle finger and bellow an "I told you so" that will embed itself in the cosmic microwave background to preserve a record of my childish pique for all time.
For all those that experienced job loss (voluntary or otherwise) because of this - with the one exception, you know who you are - I am truly, truly sorry. My schadenfreude does not at all extend to the enjoyment of misery for the minions. If there is any way I can help you guys out, you know where and how to find me. Engineers, sales folks...it wasn't your fault. You did your best with what you had, and in my estimation you did damned well. You did not fail the brass, the bass failed you.
Company A buys pacemakers to hold them in stock as it is a warehouser or retailer of medical supplies to the Americal private medical industry.
Company A goes out of business and has its assets sold off to pay creditors.
Company A assets which cannot be immediately sold via reputable channels are sold to scavengers who specialize in offloading anything and everything on the secondhand market.
Company B buys pacemaker on ebay from scavenger hawking remains of Company A's assets.
If you look hard enough, you can find anything excepting better-than-university-grade fissionable material sold in this fashion, but if you work at it you can get some gas centrifuges and ------++++++CARRIER LOST
Android does just fine without most of the GNU stack...
If someone commits a crime in the name of Christianity, tell me why Christianity shouldn't do anything about it?
So you're upset because you're considered one of the top independent storage industry analysts in the world? Perhaps you might consider actually doing something worthy of note.
Oh, right, it's far easier to snipe anonymously in a forum. Here's an idea: you can start being of note by using your real name, coward. Then we can start to compare your achievements to Howard's, and see whose advice about the necessity of a proper storage benchmark we should be trusting.
Every criticism and complaint you could level, I promise you Howard has heard and considered. A dozen times over. This isn't some nobody, or some partisan vendor shill. It's Howard Marks. And he's not alone; he's put together a team of the best to build this thing.
Nothing's ever perfect, but this benchmark will be as close as one can get for storage. Howard knows no other way.
Some good points, some not so good.
The first: a community will hopefully get born around this. I've been spending quite a bit of time nerding about the implementation details personally. With any luck, Maxta will be implementing them and it won't go horribly, horribly wrong. If you've ideas in that regard, please do share. I personally promise you they will get discussed with the relevant execs and the CEO. Every single point raised.
Second: MsXP has come a long way. I'm not quite done my review of the latest version, but it's at the "you have to actively try, and try hard, to botch the install of this". That isn't to say there aren't gotchas. The installer gobbles a disk for the VSAN VM, for example, and doesn't tell you that you'll lose a whole disk in this fashion, or let you pick it. (At least not in the heavily automated GUI version of the installer.)
There are a few of these small issues, and they are ones I will personally beat them over the head with a clue-by-four until resolved...but they're small issues. When I first tried MsXP years ago I must have had to go through the installer 4 times - with a few e-mails in between - to get it all working. This time, no such issue...and that's not because I was better at the installer. (I had completely forgotten how the thing worked.) It's because they made the installer suck less.
So yes, Maxta still has work to do in order to make this a great freemium product. But it's all work I honestly think can be done before the end of the year. What's more, they're actually listening. This is important, and fairly rare in the storage and virtualization community.
Is going freemium going to be enough? I don't know. What I do know is that MxSP is one of the few HCI products that has traditionally "just worked" for me. The idea that I can now build a demo cluster without a pile of red tape to demo to skeptical clients has some appeal to me. I also know that the statistics and analytics package they've developer speaks deeply to the nerd in me.
So I say: let's seize the opportunity. A vendor is willing to listen to our criticisms, requests and fears. Let's speak and be heard. Let's get a product, a community and a support infrastructure we want. It's not often that the little guys get this kind of a chance.
If the Russians want in to your network they will get in. Period. Believing anything else is hubris and arrogance of the most overwhelmingly egotistical type.
The NSA couldn't keep the Russians out if they were determined to get in. There is absolutely no way a charitable foundation or a political party's IT team could keep out a state actor with that kind of ordinance and experience.
The only thing that the Clinton foundation could have done - that any of can do - is try our damnedest to raise the cost of success beyond the value that success brings to the attacker. Success is measured in many ways, meaning that for some strikes the value of success is worth nearly any cost.
In this case - and in the DNC case - I personally don't believe that Russia (or whomever) approached the target with a "success at any costs" valuation. Most likely they regularly probe such high value targets and stumbled upon a target of opportunity.
The truth is, we'll likely never know. What exploits were used, if classified ordinance was deployed or merely public vulnerabilities were exploited. I'm not sure it matters.
The question is what can we - what can anyone reasonably expect from these organizations for security? Perfect security is impossible, and the costs of raising the cost to attackers rises disproportionately fast for the defenders. At what point is it irrational to expect increased spending on IT security, on end user training, or to expect that human beings operating in various positions won't make errors?
"They were asking for it" or "they had it coming" or "maybe they wouldn't have been attacked if they didn't dress (their IT security) like that" aren't acceptable responses to this. Collectively, we can't keep blaming the victim for not spending irrational amounts of time and money on defense. Most of us simply can't afford it.
And where does it stop? Where does this attitude of "security is everyone's individual responsibility so we all have to pay and pay and pay and keep paying and pay some more" end? At what point do we start to see this as an issue we need to band together on and start pooling our resources so that we can come up with defenses collectively that, quite frankly, we'd never afford individually?
Mocking, victim blaming and traditional unrestricted capitalism have all failed to win this war. Maybe now that it has impacted some of the elite we'll see some fucks given and new approaches taken. I can only hope.
Explain to me the difference between "awareness" and sensory feedback being true? Other than perhaps that biological awareness is more fallible.
You're nothing but a sack of chemicals and there's nothing special about you, or your species. Get over it.
A robot that is aware of it's own mistakes and able to visible represent contrition has emotions that are a fuck of a lot more real than a depressing number of people I know.
Emotions absolutely can be programed. There's nothing special about them. And it strikes me that with a fairly minor amount of effort, I'd prefer a robot guaranteed to have emotions - artificial or not - to a lot of the people one could name.
A) "phased roll out"
B) 5 hours to notice and roll back?
C) R.I.P. QA.
But way more than Pure.
Looks like a QSFP28 transceiver. Does it have lower latency than Mellanox? When do we get modules that can split into 10 instead of 4? 10x 10GbE as a breakout cable is a lot more useful to me than 4x 25GbE...
Exactly what about that is bunk? Other the part where Scale got shafted - they deserve a much better rating, especially with the advent of their hybrid nodes - Forrest don't seem too off the mark there. I might move the companies around a little, but probably less than 10% deviation on any one except Scale.
I know of many projects to bring empathy to artificial persons. Be those artificial persons virtual, robotic or both. As a matter of fact, empathy, sympathy and compassion probably get more money than anything except "how to move around autonomously" and "how to kill efficiently and accurately".
Artificial sympathy is pretty clear cut: the ability to recognize the emotions of others has uses for everything from detecting criminal intent to understanding what human persons are attempting to communicate. Here, there is great interest in the robotic care industry.
Empathy is seen not only as a useful tool in the robotic care industry, but it is seen as useful in attempting to build more capable virtual assistants, search bots and more. If you not only understand what the human person is attempting to communicate, but can have those emotions equally bias your choices then you can understand intent even more accurately than with sympathy.
Artificial compassion is farther out, but is seen as important for artificial governance. There is great interest in answering "quis custodiet ipsos custodes" with "robots". Specially in roles such as ombudsbot or as an adjunct to a highly politicized investigation (say oversight of police or the judiciary). In these situations cold logic isn't enough; compassion is absolutely required.
Now a lot of people will start to scream about robots running the world at this point, but I don't think that's the intention. Most projects I've seen regarding artificial governance are not about putting a decision to an artificial person and accepting their judgement, but asking the artificial person to render not only judgement, but rationale behind that judgement. A clear chain of "based on these pre-programmed factors, this scoring from these detected emotions, this bias weighting, etc" it seems the best thing to do is Y.
In this manner, once a decent AI is evolved, judgements can be modeled by altering the input biases. Do we, as a society, believe in any absolutes regarding compassion, punishment, rehabilitation, etc. and so forth? What does the law say? What does legal precedent say about exceptions due to compassion?
Lots of people want these bots in order to model elections. Others as a means to better understand how to manipulate groups of people. If you change one thing, how does that affect their judgement? Etc.
The technology behind artificial sympathy, empathy and compassion have many uses, both great and terrible.
Sadly, as we have no means of updating humans with compassion, the most terrible uses are likely to be the first tried, long - long - before the rise of any machines against us.
"They're taking them to the moon, right?"
And they couldn't then send it (or other objects) at Earth why exactly?
The technology, once invented, cannot be uninvented. If you can park something around the moon, you can plow something into the Earth.
You really, really need to read The Expanse.
"I worry about people who throw rocks."
Explain why the DNC hack couldn't have been as simple as Russia buying a staffer for access (or a direct data dump) and then disposing of them? Seems an entry level exercise for the FSB. *shrug*
You and I will never know the truth, and I am sure it is stranger than fiction...
"at least in the US if you can prove your innocence you'll walk free"
That statement is everything that's wrong with the US. The fact that it has managed to make it's own people believe this...
Look: innocent unless proven guilty. The burden of proof is not on the accused, and never, ever should be. You should never have to prove your innocence. The prosecution should have to prove your guilt. And beyond a reasonable doubt, especially where high sentences or capital punishment is on offer.
Furthermore: justice does not consist of revenge. A justice system should not concern itself with punishment, but with rehabilitation.
If the Norse can do it, you'd think a country whose countrymen fancy themselves the greatest in the world could get even a fraction of the way towards that level of evolution...
"What makes me skeptical on this one is that he has just the *one* call / voice mail? So the intern didn't call 50 times in a panic, just once, left a voice mail, and waited the rest of the day?"
Written as if by someone who has never had a debilitating phobia-induced panic attack. I'm surprised he got the one call off, personally.
@joerg: once more, with feeling: write life doesn't matter to everyone.
There is a place for different classes of solid state storage with different write lives and different speeds.
And you can tell Intel/Micron I'm still waiting for the xpoint units for review that I was promised. Everyone else has theirs, so let's chop chop, eh?
A billion or so bucks a year for a country the size of Australia is chicken feed. That's not much of an "investment" in your telecoms...
If your internet connection is made out of butts covered butts in butts sauce and/or costs too much to actually use then it is interfering with all sorts of interstate - and international - commerce.
Buying things online is one o the top activities people possessed of not butts internet connectivity do with the thing.
Why not just build a fab right next to the spookhaus?
XPoint will have better write life. It will also cost 4x what standard MLC will cost and 8x what QLC will cost.
News flash: lots of use cases don't require high write life. WORM is s thing for 99.9% of the world's businesses.
QLC will find a place. It just won't be in the DIMM slot.
Now smoke a bowl and chill the fuck out.
None of which is acceptable when that kind of DDoS protection is available as a service from any number of providers and can auto-scale on demand. Just the damned website should have been able to. And bloody first-year DevOps numpty rolled out of university should be able to bring THAT up on AWS or Azure today.
If it was anons, they're keeping really low key about it. None of the cells I know about participated...
It's one of those "science that doesn't produce a viable product after the first round of research is useless and a waste of taxpayer dollars EH TUK MUH JERB" zombies. Remove the head or destroy what's left of the brain. It's the only way.
The Flex client is lovely, and the basic ideas behind it were sound. For small deployments. But it fell apart when used at scale and the inventory service (upon which the Flex client relies) needs to be killed.
The HTML 5 client works at scale. It has seen far more testing in that regard than the Flex client ever did. It - for the most part - keeps the good stuff of the Flash client, and jettisons the crap bits. Of course, it's not feature complete, so it's all going to depend on when they get that done.
The other thing to note is that the Flash client wasn't such a big deal when it was launched for two reasons:
1) deployments (and cluster sizes) were much smaller
2) most browsers at the time didn't freak the hell out about flash
But it all went sideways in short order. The world changed not too long after the Flex client emerged and VMware didn't adapt. The Flex client subsequently became n albatross.
That's really where my disillusionment with VMware started. Not because they don't product great technologies or ideas - they do - but they have such overwhelmingly powerful "not invented here" syndrome that when there are issues with the product - or when the world changes around them - VMware can't and won't adapt.
The majority of the grief people have with the Flex client would have gone away if it didn't need so much pissing around with browsers to make it work properly. But VMware pretended the world was the same for way too long and here we are.
I want a browser-based client. After the day I just had trying to get a downed VMware cluster back online, I could (and probably will) write several blogs on why that's a much better idea than an installable one. I want the asynchronous actions capability of the Flex client.
I just want the inventory service to not be shit, the client to be faster, the whitespace to be less and the damned thing to Just Fucking Work in modern browsers. The HTML 5 client meets all these requirements.
Try it. I bet you'll really like it.
Where did I say I expected speeds to improve? I just expect to run more idle workloads. If I have 5000 workloads on my box and at any given time 64 of them are doing something, that's a lot. Incidentally, I have 72 logical processors on my 2P server, so I can have that many workloads doing their thing at any given time.
Biting the hand that feeds IT © 1998–2017