* Posts by Nate Amsden

1804 posts • joined 19 Jun 2007

That terrifying 'unfixable' Microsoft Skype security flaw: THE TRUTH

Nate Amsden
Silver badge

MS killed skype

their biggest mistake was breaking all backwards compatibility(which broke countless skype systems whether on phones or TVs or other devices that would never get upgraded). Close second perhaps was terrible new skype clients at least on windows and linux (which probably share a lot of code, similar to how slack does things which is equally bad).

I just tried to fire up skype 4.3 on linux and it just exits when I try to login(I know it's not compatible).

fortunately I never really had much dependance on skype outside of work and work switched to slack a 2 or 3 years ago, initially I missed skype, but skype has gone down the same road as slack(crap web app wrapped in a browser), so really isn't anything to go back to (for text chat at least, voice and video probably made up less than 2% of my skype activity). Slack was last restarted on my computer 1 week ago - 300MB of memory for a chat app(I have seen it over 1G before). Mozilla seamonkey started at the same time (computer bootup), it is using about 310MB of memory.

17
1

Microsoft's Windows 10 Workstation adds killer feature: No Candy Crush

Nate Amsden
Silver badge

I too am waiting, maybe by 2020 or 2021 it will have stabilized some(am not holding my breath though).

To-date my windows 10 usage has been limited to about 1-2 hours(Windows 8 limited to a few minutes). I generally use Linux as desktop/laptop though I do have a windows 7 VM I do a lot of stuff in for work(even use Outlook on occasion and Visio). Also dual boot to windows 7 for a couple of games(few times a year). I have had my fair share of use of Windows 2012 though which was pretty bad, classic shell helped some there.

Agreeing with most of the others, the UI was good enough a long time ago(same goes for Linux I use Mint+MATE now (since switching from Ubuntu 10.04 LTS years ago which has maintained the same GNOME 2.x ish UI for the past decade or more for me if it can go another decade with the stable UI I will be happy).

I timed my recent laptop purchase(about 20 months ago) so I could still get windows 7 on it (Thinkpad P50).

And yes, from Linux it was only about 1 month ago that I started having to mess with systemd, what a mess that is too. Drives me nuts (I wouldn't care if I didn't have to mess with it).

9
0

Roses are red, violets are blue, VMware's made a new vSphere for you

Nate Amsden
Silver badge

5.5 works fine here too. Only reason i plan to upgrade some time this year is to maintain support, 5.5 expires in several months. Though my track record of needing support once or twice a year doesn't have me too concerned. I upgraded to 5.5 from 4.1 (where upgrade means reinstall everything but vcenter, which was on 5.0 I believe), well past 4.1s end of life (wasn't aware at the time it had expired)

I think I will go 6.5 though my older DL385G7s officially stop at 6.0 for support.

2
0

This Valentine's day Oracle's given you 12 big red data centres

Nate Amsden
Silver badge

Re: Datacenters vs Availability Zones

history has shown on many occasions at least in US-EAST that those AZs aren't as independent as people are led to believe.

1
0

Dell goes on Epyc server journey with AMD

Nate Amsden
Silver badge

Power usage

I must've missed the article that talked about HP's DL38x Epyc. Was curious on power usage because I was reading mixed messages on Epyc's power usage (most of that revolved around Epyc's SOC design so you couldn't do apple to apple comparison with Intel with the extra chipset power).

Looking at this online HP Power advisor calculator https://paonline56.itcs.hpe.com/?Page=Index

I was just comparing most basic of specs (CPU + RAM).

----------------------------------------------------------------

Spec 1 - what my org currently uses (for vsphere 5.5 enterprise+)

DL380Gen9 2x 22 core 24x16GB 1Rx4 (technically my systems report as 2 rank but the power advisor says the 2 rank dimms they list are not compatible with those processors) -

Idle power: 61W 50% usage power: 230W 100% usage power: 395W

Fan loss operation: 540W

~8.97W / core @ 100% utilization

----------------------------------------------------------------

Spec 2 - High end Intel DL380

DL380 Gen10 2x28 core 24x16GB 2Rx8

Idle power: 64W 50% usage power: 282W 100% usage power: 500W

Fan loss operation: 644W

~8.92W / core @ 100% utilization

----------------------------------------------------------------

Spec 3 - High end Epyc

DL380 Gen10 2x32 core 24x16GB 2Rx8

Idle power: 174W 50% usage power: 422W 100% usage power: 675W

Fan loss operation: N/A (I assume this system can survive fan failure??)

~10.54W / core @ 100% utilization

----------------------------------------------------------------

I thought the fan loss operation metric was interesting, something I have never seen before. Interesting to see the idle power is almost triple on the AMD systems.

Taking one of my systems at random(lightly loaded) and looking at what iLO reports as power usage over the past 24 hours (22 core / 24x16GB, WITH 2 dual port PCIe 10G NICs, and 1 PCIe dual port Fibre HBA):

Average: 162W Maximum: 259W Minimum: 160W

Another random system over past 24 hrs(identical hardware)

Average: 251W Max: 335W Min: 239W

I have about 40 DL3x0 systems and have had 2 fan failures in the past 5 years (both of which on the same DL360 server, an HP StoreOnce system). Main point being I guess I am not concerned about frequent fan failures in accounting for power usage.

Having more cores is nice but have to try to balance with other factors as well of course. I find it interesting that power per core on the newer intel chips is basically identical.

I don't know if the numbers from the HP Power advisor are accurate or not - I have not noticed any other numbers(system wise) myself yet (though haven't spent a lot of time looking)

I remember being super excited about the Opteron 6000 when it first came out, still have 15 DL358 G7s in operation, so far not nearly as excited about Epyc -- though I can see it's biggest strengths aren't in the market segment that is most important to me (two socket vmware hosts). If you need massive I/O and PCIe lanes(I don't) they look awesome though.

1
0

Dell soups up low-end Data Domain deduper

Nate Amsden
Silver badge

Re: What software runs this Dell storage?

I migrated my org off of ZFS(Nexenta on OpenSolaris) for backup/dedupe onto HP StoreOnce (I believe filesystem is IBRIX but dedupe was in house HP labs stuff). Averaged 6:1 dedupe on ZFS(July 2014 from my records here), shot to about 37:1 on StoreOnce (both systems accessed over NFS). Current dedupe rates across a few shares:

share 1 20TB user data 39:1

share 2 2TB user data 22.6:1

share 3 781GB user data 12:3.1

share 4 500Gb of data 33:1 (not much active data here)

share 5 8.3TB user data 62.4:1 (I think inactive data here too)

share 6 13.5TB user data 13.6:1

This is on the smallest HP storeonce appliances (1U box / 5.5TB raw). HP's marketing stuff references 20:1 ratios a lot so I think we get pretty good ratios all things considered, the last share has a ton of unrelated things stored on it so dedupe is lower, there is a limited number of shares allowed, and the dedupe applies at the share(file system?)

typical data retention above is 60 days. StoreOnce is far from perfect, NFS performance is not good, maybe get 5-10% of the throughput of the super accelerated VTL stuff(for bigger backups have to mount NFS with sync mode which slows it even more). But it works for our needs.

ZFS dedupe on linux at home I tried recently(debian 8), completely unusable, on a 4-disk raid 10 on 3ware throughput was under 1MB/sec(32GB of ram quad core intel Xeon). No idea why. I created a 100GB volume on the 3ware(LUN level not LVM or anything) because I had no need to run dedupe on the entire array(especially knowing ZFS's memory needs for dedupe). I was hoping to replace rsnapshot with zfs dedupe, but after about an hour I gave up and went back to rsnapshot (still on ZFS but just no dedupe). Without dedupe performance easily 30-50MB/sec(don't care about going much faster than that).

I have no doubt zfs dedupe on linux can work fine, not sure what the issue on my side was, wasn't important enough to try to fix.

Not sure if DD's NFS is much better or not, seems everything is optimized for VTL.

0
2

E8 prises software away from its arrays to run on Dell, HPE, Lenovo kit

Nate Amsden
Silver badge

no Epyc

Sort of interesting to see such a startup seemingly not wanting to use the new AMD server chips with their massive PCIe lanes for the NVMe connections. Looking at Intel's site the E8 recommended CPU has only 12 cores/ 48 lanes (I am far from an expert but have read in many cases several lanes on Intel systems are provided by the chipset not by the CPU and thus is far less ideal performance wise).

I'd almost wager having a single 32 core 128-lane Epyc CPU with 128 lanes would be far better than two 12 core / 48 lane chips.

Epyc doesn't particularly excite me personally for my vmware workloads, but for NVMe storage systems it sounds pretty ideal.

3
0

FYI: Processor bugs are everywhere – just ask Intel and AMD

Nate Amsden
Silver badge

stay on top of firmware updates

Semi regularly anyway ..

Up until I joined my present company and moved them out of public cloud into hosted infrastructure (HP Proliant) in 2011 firmware updates prior seemed to be problematic, difficult to keep track of and sometimes really difficult to apply.

Enter the Proliant Service Pack ISO image, combined with ILO virtual media really changed the game for me anyway in being able to easily apply firmware updates, and know what versions are installed, I can just tell support I am on PSP 2016.10 or something like that. All firmware components updated whether it is BIOS, ILO(out of band management), Power management firmware, Network cards, storage controllers, disk drives etc..

Oh what a joy.. in 2012 a flaw was discovered in the Qlogic (HP OEM) NICs, and HP had me apply firmware updates to them.. those updates weren't available through PSP(yet), so had to make I believe a custom boot CD (FreeDOS ?? or linux I forget), in order to apply the updates(ESX 4.1 was the server OS), took me several hours alone to just to build that, hadn't done that in years and my only access was remote over iLO virtual media. But I got it done.. it was a harsh reminder on how firmware updates used to go for me. Those Qlogic NICs eventually got replaced, manufacturing defect.

At a previous company in about 2009 they asked me to track down a performance issue on their Dell servers, ended up being related to Seagate drives, and there was a firmware fix(prior to that I think I had never NEEDED to apply a firmware update to a hard disk connected to a server) -- however the firmware fix had to be applied via DOS floppy boot disk (no fancy management on those servers). Hardware guy had to go to each one plug in USB floppy to update the firmware. Firmware update fixed the performance issue. Damn dell and their multi vendor setup, servers had at least 3 different brands of disks in them(even those bought within the same batch of gear). Company tried to troubleshoot the issue for a year prior to my arrival.

Earlier than that working with Supermicro gear.. just forget it.. I mean they even used to(maybe still do) specifically say DON'T DO FIRMWARE UPDATE unless you have a problem that support says is fixed by firmware. Not only that but they often didn't even put a list of changes in the firmware files(as someone who had purchased about 400 servers(2004-2005) with supermicro stuff I was pretty shocked). My last experience updating firmware on supermicro was (ironically) on my own personal server at a colo. To update the out of band management firmware the first step they say to do is to reset the configuration to defaults(really never a viable option for remote management). So I did, and I lost connectivity immediately. That was probably 2 or 3 years ago now, fortunately haven't had a failure since, haven't gone on site to try to fix it. Next step is to replace the system it is getting old.

I know in fancier setups with blades and stuff the process is even simpler and more automated(even more so for vmware shops to apply firmware and driver updates in the right order - fortunately I have never had an issue with driver/firmware versions). I have about 40 DL38x systems running about 1300 VMs nothing converged here, I apply firmware updates typically once per year. vs prior to the PSP servers would typically only get firmware updates when they were first built(if that), or unless there was a problem support said to apply a firmware fix.

I know there was one or two issues with PSP in the past year or so HP recalled one of the PSPs I think, didn't affect me I never get the latest one right away, always give it at least 1-3 months to bake in (which is on top of the time taken by the updates before they make it into the PSP).

Recently due to size constraints I guess HP split the PSPs out, so instead of 1 ISO, I have to use 1 for G7, one for G8, and one for G9/10 (I only have G7-9). Not that big of a deal though.

I had used HP gear back in 2003-2008 though as far as I recall there was no such easy PSP method to install firmware at the time.

11
0

Laggard Cisco stumbles over, puffing: 'HyperFlex now supports Hyper-V'

Nate Amsden
Silver badge

had to read twice

Saw 3.5" disks and thought floppy drives..

4
0

White box, anyone? Big Switch pumps Big Cloud Fabric updates as pretty Big Deal

Nate Amsden
Silver badge

"lower cost than traditional networks from Cisco, and much easier to manage"

Companies have been selling stuff claiming that for probably 20 years now, and hasn't been enough. Kind of a worn out selling point.

(mostly non cisco network equipment user for the past 17 years myself)

1
0

IBM Zurich wants to spice up your life with SALSA translation layer

Nate Amsden
Silver badge

sounds similar to other tech

HP 3PAR adaptive sparing(2014, maybe earlier) closely integrates the SSD with the array, returning a chunk of space otherwise reserved for the SSD for bad blocks etc to the array. The array then uses it's own algorithms(which it was using regardless) to mark stuff as bad when there are read errors etc. Then there is adaptive read and write caching which optimizes the data going to the SSDs so they get the data in the most efficient means possible(reduces wear).

I believe more recently I have read other companies deploying similar tech in their arrays.

Obviously such tech generally hasn't been available to servers with internal storage(which is what the article seems to be targeting with software RAID etc)

0
0

What do people want? If we're talking mainstream enterprise SATA SSDs, reliability, chirps Micron

Nate Amsden
Silver badge

reliability and endurance good to see

I just checked again the oldest SSDs in my org's first AFA are from 10/2014, cMLC media, and the array is reporting still 95% of wear life left(2TB media), with an average of ~80% write workload to the controllers. This tech has been a lot more durable than my expectations.

2
0

You may not be a software company, but that isn't an excuse to lame-out at computering

Nate Amsden
Silver badge

as someone who has worked at several different startups over the past 17 years, all of which I would consider software companies, I'd have to agree. The new fad of break early/often is quite frustrating, much more so for mature products (lookin at you firefox from a palemoon browser).

The whole concept of SaaS I believe now is because the software is such a piece of shit that customers CAN'T operate it on their own. My first SaaS gig(before SaaS was even a term) had me on a project to prove to their largest customer that the software could be run by them, I completed the project and the customer paid the company I was with $1 million as part of the contract, but they saw first hand how shitty the experience was to manage the software and so continued to opt for the SaaS offering (that company I was with was later bought by a much much bigger company).

It's really sad how quality has gone out the window in so many cases in exchange for the new shiny.

"Don't fix what isn't broken" is my new saying I guess.

2
0

Red Hat slams into reverse on CPU fix for Spectre design blunder

Nate Amsden
Silver badge

Re: Almost There and Back Again..

I had to rebuild a vcenter server last year due to OS corruption in windows. Database for vmware lives on separate linux host with oracle. Used same vcenter version but the process itself was straight forward(reinstall and connect hosts). No complications. No issues with VDS or anything else. I spent a lot of time trying to repair main vcenter since i was quite paranoid about rebuilding it live(never had to do it before ). But once i gave up on that the process took just a few hrs.

1
0

HTML5 may as well stand for Hey, Track Me Longtime 5. Ads can use it to fingerprint netizens

Nate Amsden
Silver badge

Re: Bar-stewards

I'm sure it's not perfect but for me I use the firefox(now palemoon) per-site cookie stuff, and have been for as long as I can remember, I'd say at least 10-12+ years now. I do use an ad blocking extension on firefox/android just because it is less flexible. Sometimes I have to spend some time to undo one of my cookie choices, but I'm used to that.

Currently I have 19,830 sites in my permissions.sqlite file which goes back to the beginning (migrating to palemoon had to do some manual data injections into the sqlite as the full profiles weren't totally compatible, something I had done with one or two firefox upgrades over the years).

Tried to use waterfox but the cookie stuff there was broken too.

Palemoon is a good setup for my main browser anyway. I have firefox 5x ESR in a windows VM which I can leverage in the very odd case where Pale moon doesn't work (maybe 0.01% of the time so far in the past month). 99% of the stuff in that VM is work related(VPN etc).

3
0

Meltdown, Spectre bug patch slowdown gets real – and what you can do about it

Nate Amsden
Silver badge

hyperconverged

Haven't noticed anyone talk about this yet, but given the hit is much harder on systems that do a lot of syscalls I am curious the impact to hyperconverged systems.. Standalone storage systems that primarily leverage CPUs for storage stuff could do without the fixes since they are generally tightly controlled running only trusted software. Hyperconverged of course doesn't quite have that luxury in a typical deployment scenario.

Of course if your hyperconverged system isn't pushing much I/O then you probably won't see a big impact.

The lustre results are interesting.

6
1

Firefox 57's been quietly delaying tracking scripts

Nate Amsden
Silver badge

Re: That explains a few things.

I really like palemoon myself, just started using it, was able to migrate the bulk of my really old firefox ESR (which I'm sure I used for far too long - eventually several common websites I use stopped working) profile settings (mostly by directly injecting them into the sqlite dbs).

I tried waterfox, really wanting to keep the cookie accept functionality that firefox killed though it was broken in waterfox too. Waterfox told me every single extension I have(close to 20) are legacy and not supported with the newer firefox stuff. Currently have nearly 20,000 records in permissions.sqlite for cookie permissions going back at least 10-12 years now.

Fortunately palemoon is working nearly perfectly.

0
0

Oracle swallows sales spurt from one of its niche categories: Cloud

Nate Amsden
Silver badge

circle the drain

I'm sure there are a lot of hardware companies out there that would love to have $900 million in revenues per quarter..

3
0

IBM reminds staff not to break customers in pre-Xmas fix-this-now rush

Nate Amsden
Silver badge

i'm sure

that individual's high standards for not breaking things during this critical time will weigh heavily into the decision of whether or not IBM lays them off in the near future.

12
0

What network neutrality madness has happened today? Take a big breath

Nate Amsden
Silver badge

internet regulations look to DSL

Much of the at least early complaints online about net neutrality came down to "don't throttle my netflix" (people saying that generally didn't know or care whether or not there was actual congestion on the pipes).

But for me I keep going back to look at DSL, for a long time (I think even now) many/most/all telcos have to open up their networks for 3rd party network connections for things like DSL or even bigger lines like T1 etc(obviously not suitable for home use). I recall one of my early jobs I was dealing with 3rd party network providers on top of Qwest lines if I recall right.

Performance of DSL based connections is obviously pretty poor compared to most cable modem connections, though it seems many people who want this regulation toss away DSL as a viable option because it is generally far slower than cable (I think an argument could be made it is that way because they lack incentives to improve it in many cases). Myself I gave up on DSL probably around 2007(1Mbps up and 1Mbps down) when the 3rd party ISP I had was sold for the Nth time and they were going to be changing all of my static IPs. I have had my "server" stuff living in co-location facilities ever since(at a higher cost of course - currently $200/mo for 100meg unlimited, and 200W of power for my 1U vmware server).

For me I'm not really for or against net neutrality, it doesn't really matter to me. the internet worked fine for me before the rules in 2015 (first went online I think in 1993 or '94), and I haven't noticed anything different that I thought I could attribute to net neutrality that impacted how I use the internet since the rules went into effect(and no I really don't stream much of anything).

1
18

Linux laptop-flinger says bye-bye to buggy Intel Management Engine

Nate Amsden
Silver badge

Re: Alternative?

I have read that AMD has similar technology (though haven't noticed that they have similar security issues with it yet).

Myself I have always been interested in the Intel AMT going back maybe 12 years when I first heard about it. My current and previous laptops have the features I see but are not "enabled" (as in don't have the software/licensing which seems to be enterprise specific). Though that may not stop the security stuff from being exploited.

I am kind of assuming that most servers don't have this stuff enabled?(I also think that some server board makers like Supermicro or Tyan may sell boards with this ability) At least I have never noticed anything related to this tech in my HP servers, ever. They have iLO of course which is similar though not as tightly integrated. I have read that it needs Intel NICs, but am not sure if that is the case or not, if it is, then may explain why I've never seen it on my HP systems all of which seem to have broadcom NICs as their onboard interfaces, going back at least 10 years now.

6
0

Oops: LinkedIn country subdomains SSL cert just expired

Nate Amsden
Silver badge

the certs are public, anyone can get them from their browser. The keys are the valuable bit(and private) and I've yet to come across a key that expires with regards to SSL anyway (one exception might be the key's algorithm being old and no longer supported or something)

0
0

Los Alamos National Lab fires up 750-node RPi cluster

Nate Amsden
Silver badge

Re: Pi flavour?

I certainly could be wrong (never used any Pi ) but I thought I had read the ethernet on the Pi was running off the USB bus ?? (not sure if still the case), but as you say, probably not a very good setup beyond a simple toy - the exception may be for setups that aren't network bound (e.g. download a batch of data to work on and then work on it from local storage/memory).

Even if it's only 100Mbps, as long as it's on the PCI bus (not USB), I'd think would be a major improvement over anything running on top of USB.

1
0

Google broke its own cloud, again, with dud DB config change

Nate Amsden
Silver badge

Can't imagine it's that bad at google. I have been in the SaaS space for 14 years and have seen exactly 1 SRE (though at the time he was a "performance engineer" maybe not quite a SRE but the term SRE didn't exist at the time as far as I recall)any of the companies I have worked at.

0
0
Nate Amsden
Silver badge

Re: I wonder how long it'll be ...

Almost no IaaS cloud charges for close to utilization. They charge for provisoning. Exceptions typically include object storage.

Go provision 100 8 cpu vms let them sit at 99% idle and see how much it saves vs running at 80% utilization.

Go provision 30TB of amazon EBS storage and write 10gb to it, do they charge for the 10Gb? (my main storage arrays operate at about a 10:1 over subscription model and that approach has worked fine for me for a decade).

If you have a real solid handle on utilization and capacity requirements and ongoing capacity testing then public cloud can be good. Otherwise your most likely either going to be paying out the ass (previous company peaked at 500k/mo roughly 10x what was needed), or you will be having a lot of problems.

Certainly it is possible to "get it right", seems very few and far between though.

0
0

Online outrage makes Logitech drop a brick: Now it will replace slain Harmony Link gizmos

Nate Amsden
Silver badge

why can't they renew the cert?

Last I checked certs had nothing to do with encryption just identification. And even worst case if it used http. It's a remote control device, hardly anything that needs top grade security.

Suppose there must be more to the story but I haven't seen it in any of the articles I've come across

(Never have used Logitech remotes myself i just deal with the multiple remotes from the devices themselves, I don't have a lot of devices so not a big deal)

16
0

Qualcomm is shipping next chip it'll perhaps get sued for: ARM server processor Centriq 2400

Nate Amsden
Silver badge

Re: A power draw of up to 120 watts

What makes you think Qualcomm will be better than Intel with regards to buggy chips ? If Intel chips were so buggy there would be a lot of people complaining, and there doesn't seem to be(outside of some vocal people complaining about that AMT stuff). I certainly haven't been alarmed by any recent Intel bugs, and I certainly don't think I am in the minority(though I keep my HP servers fairly up to date with Proliant Service packs so they get whatever HP may put in there to fix issues).

The Intel f00f bug was a bad one, as was the FDIV bug.

When it comes to existing Qualcomm CPUs, one of their biggest markets I'd assume is phones/tablets, and there seems to be at least as many complaints about Qualcomm in that space. Looks like several root exploits against qualcomm CPUs released last year.

AMD Epyc sounds interesting though it seems to have quite limited availability at the moment from OEMs. I remember being very excited about Opteron 6000 when it came out and still have a bunch in production even today(HP DL385G7s)

0
0

KVM? Us? Amazon erases new hypervisor from AWS EC2 FAQ

Nate Amsden
Silver badge

amazon has how many developers and support staff to hack KVM and Xen to be something viable for them?

KVM or Xen are more of technologies rather than a product (the product would be Redhat KVM hypervisor whatever they call it these days, or Citrix Xen hypervisor etc..)

KVM looks interesting (Xen never has to me), though I haven't seen anything that makes me interested in trying it over ESXi (currently running 5.5).

But I'm sure it can work fine for many folks otherwise.

1
0

HPE and WekaIO sitting in a tree, k-i-s-s-i-n-g

Nate Amsden
Silver badge

brain flips characters

WekaIO reads like WeakIO, brain transposing..

Wish HP had a good NAS(NFS) solution.

0
1

VMware open sources VR overlay for vSphere

Nate Amsden
Silver badge

Re: Really?

hopefully 7 comes out and 6.5 will be stable at that point, I looked again at the feature set for 6 and 6.5 and see nothing that interests me, though 5.5 goes end of support next year I believe so will have to upgrade.

My track record for vmware support cases averages 1 or 2 per year for the past 5 years, would like to keep it that way (running around 1,200 VMs today).

0
0
Nate Amsden
Silver badge

Re: Gimmick of the highest order

nothin but windows client here (through Xenapp)

probably will upgrade to 6.5 next year though (5.5 now)

0
0

First iPhone X fondlers struggle to admit that Face ID sort of sucks

Nate Amsden
Silver badge

swipe unlock is all I need

Strange to me to see/hear about so many people talking about how they want their device locked, or encrypted, fingerprint sensors etc, but then so many of the same people install apps on their phone with slurp their data or spy on their location etc.

The only reason my Galaxy note 3 daily driver has a pass code on it is because I needed to install a 3rd party cert to sync with my personal server, and android requires installing a lock in order to do that (not sure why). It also reminds me (on bootup) that my device could be snooped on because I installed this cert (a cheap wildcard ssl cert from comodo).

I never do any banking on my phone, and any purchase activity is typically limited to the google store(pretty rare these days) where I use virtual credit cards generated on my laptop (Bank of America uses a Flash app to generate them).

I've never lost my phone, never had it stolen, last phone that broke down for me was 2005. So I'm more concerned about remote data slurping than I am someone physically getting at my device. I use my 2nd Note 3 (and Note 4) for apps that I'm curious about that ask for more permissions than I'm willing to give on my main device (and neither device has access to my internal networks, my wifi is on a separate port on my firewall - also those devices are not linked to my personal or work email/etc). If I need the 2nd Note 3 with me and it needs network access then I fire up the hotspot on my primary device to get it online.

Just bought a Sony XZ1 (Pink) for my girlfriend - and while it apparently has a fingerprint sensor Sony disables it via software in the U.S. Her current and previous phones had no fingerprint sensors either(no pass codes either), so I guess we agree on that bit.

Only reason I'd use just swipe to unlock is to help prevent accidental unlocks.

2
5

Licensing rejig and standard price rises set for Windows Server 2016

Nate Amsden
Silver badge

Windows VMs on non Windows hypervisors

How about for VMs running in VMware ?

Windows makes up a tiny part of the 1200 or so VMs I have, but I do have about maybe a dozen or two Windows 2008/R2/2012R2 Standard servers (each individually licensed today).

I know the changes don't affect the older versions of Windows, but if I have 48 physical cores on the VMware host, and I want say 2 x 2vCPU VMs on that host (with the rest of the VMs being linux), what is the license? Is it like Oracle DB processor licensing where I have to license the 48 cores on the VM host even though I'm only using 2 x 2 CPUs ? And/or am I having to license 8 CPUs even though I'm only going to allocate 2 CPUs to the VM?

The biggest Windows VMs I have are 4 CPUs, most are 2 CPU, with a couple 1 CPU and a couple 3 CPU.

1
0

Azure fell over for 7 hours in Europe because someone accidentally set off the fire extinguishers

Nate Amsden
Silver badge

Re: Really?

I think large scale graceful shutdowns in this situation is probably really complicated as they operate as a cluster, as systems shut down likely other things kick in to try to restore availability maybe moving resources to other nodes or something. At some point you probably have to set a flag in the entire system saying it is down and take it all offline(at which point graceful from a customer standpoint is out the window)

I think this happened during that semi recent big S3 outage.

Not as if these are just racks and racks of standalone web servers with local storage.

3
1
Nate Amsden
Silver badge

Re: From the looks of it, cogs were falling off all over the place

Most likely those folks know that architecting for failure in cloud is a pretty rare thing just look at how many customers have outages when cloud goes down.

Hell I have seen developers complain about tcp connections being dropped during a LB failover(takes about 1 second ) because their app couldn't even handle that without restarting it. And this is for a new application stack, not something designed 10 or 15 years ago. I could go on and on for other real scenarios easily.

Building apps with single points of failure is very common still.

I remember what was it a decade ago or so, fire at data center in seattle, a facility that had at least annual power outages for 2 or 3 years prior. Bing travel site was in that data center. Was down for a long time. Maybe MS got it onlinr before the datacenter came back online with external generator trucks about 40 hrs later not sure (this was a colo facility not a MS datacenter).

Point is 10 years ago isn't that long and a company with the size and resources of MS wasn't willing or able to do it for bing travel at the time(hell even I had the foresight to move the company I was with at the time out of that DC 2 years before the big outage), doesn't surprise me that companies the fraction of the size still can't figure it out today. It's not as if it's impossible, it is just very difficult to do and most talk the talk but won't walk the walk when it comes down to it.

Same situation applies to security of applications.

8
0

Un-Delled SonicWall beefs up firewall to wrestle ransomware

Nate Amsden
Silver badge

Re: It used to be a good company with a good product 15 years ago

Sonicwall customer for about 5 or 6 yrs now mainly for site to site vpn but recently deployed in combo l2 l3 bridge mode for inline firewalls.

They work well. My biggest complaints are doesn't support SNI for server SSL and for SSL inspection for servers requires termination on the appliance which I'm not willing to do. Fortunately these units are site to site vpn only so impact is minimal.

Have had one bug open on my 3500s where i have to reboot them every few weeks due to something in 5.9.1 hopefully will get that fixed soon. Before 5.9.1 on those units they were solid for 5 years straight.

0
0

Equifax backtracks arbitrate-don't-litigate plan for punters

Nate Amsden
Silver badge

let users choose own pin?

How hard can that be? I froze my credit for the first time the day after the announcement. At least one of them let me use my own pin. Though I think it was limited to 4 digits.

This is the only data compromise that I'm aware of that impacts me that I am concerned about. Compromising credit cards etc doesn't matter to me. I reported a credit card breach to a hotel chain earlier in the year. A virtual credit card I gave to them and only them was compromised (in part because they never charged it so it remained open). They never replied. About a month ago got notifications from the propery management service that hotel uses(among hundreds of other properties) to a mass compromise.

One of them transunion I think I had to call them the website was giving server errors.

Wonder if credit card companies will start including credit monitoring as a more common feature. Certainly seems more beneficial than a lot of the other things offered.

2
0

Container adoption still low, barks Cloud Foundation

Nate Amsden
Silver badge

Difficulty is relative of course. One issue that blocks further adoption of some docker containers stuff apparently nfs doesn't work well (or at all?).

I deployed LXC containers 2 and a half years ago in production and they work great. The deployment model isn't remotely what these folks would consider containers though.

0
0

Confirmed: Oracle laid off 964 people from former Sun building

Nate Amsden
Silver badge

Re: I need new glasses..

Solaris and other unix have been niche for a long time maybe a decade or more? A high value niche. Doesn't mean there is no money to be made still though. I'd say the same applies/applied for very high end storage arrays as well.

Last place I was at that ran unix was 2006(HPUX on itanium and PA RISC before that). Though I work for smaller companies generally.

In the linux space there are quite a lot of options depending on your business model. Ubuntu and CentOS remain very popular, and obviously lots of folks out there running other things that may have less formal support available. I haven't worked for a company that has been willing to pay for Linux support since that company in 2006 either.

1
1

Everybody without Android Oreo vulnerable to overlay attack

Nate Amsden
Silver badge

couldn't google block it

If it comes from the store I'd expect them to be able to have a check for malicious things like this. Won't be fool proof but it should catch a bunch of things.

Funny the researchers say most users will want to update. Obviously it will be years before most have the update.

ATT has stepped up their badgering of my note3 on 4.4.x to upgrade to 5.0 but i won't have it. Must've gone 3 or 4 months without a single notification to upgrade now maybe once every 2 or 3 days. Removing the mute menu option after pressing power button is a deal breaker when my phone is also a pager. I read this was fixed in a newer 5.x build but it is not available to att note 3 (have another note 3 with 5.0 and a note 4 with 5.1 i think it is). The 5.1 solution sounds worse (volume button mute thing ) than 4.x. haven't put a sim card in note 4 yet. Even with a new battery the battery life seems significantly worse than note 3 for some strange reason.

I really miss the mute switch on my webos devices as well as the ability to immediately silence the phone just by pressing the power button (no need to look at the screen).

0
0

Networking vendors are good for free lunches, hopeless for networks

Nate Amsden
Silver badge

if it works, use it

for me anyway, I have been building networks the same way for 13 years now(I'm not a dedicated networking person just a generalist(?) that does networking among other things), works great, so I use it. (and no I have never used STP, and no I don't use Cisco either). The vendor I do use doesn't even actively promote the method I use to build networks(even though it is technically proprietary to their equipment at least at the core switch level), though I find this approach to be great.

Though I'm sure the likes of EA has far more fancy requirements for their networks than I ever have had or will ever have.

I've seen what developers do with shiny things(having worked with developers for the past 17 years), often times end result is not stable. Most developers don't even understand basic networking concepts, so wouldn't let them near networking equipment.

18
2

Google Cloud rolls back changes after 18-hour load balancer brownout

Nate Amsden
Silver badge

Re: But, but... it's the cloud

One of my biggest issues was/is cloud players are always screwing with their stuff. Very little means for customers to opt out or postpone changes, probably 95%+ of the changes are not even communicated in the IaaS space(except when there are brownouts etc after the fact). More often they are communicated in the SaaS space at least for the application side of things, though even then it seems to be really rare in SaaS for a customer to have any feedback into accepting such changes.

vs more traditional data center stuff where you basically have power+network links, both of which often times have fantastic reliability proven over a decade or more(anything higher up in the stack is managed by the organization). Add to that the complexity of network routing and providing redundant power is far less complex(and is a very mature technology vs cloud technologies) than an entire cloud application stack(on top of networking and power as well).

Data centers and network carriers (the good ones anyway) are usually very verbose about communications with any maintenance or changes on their systems. The carrier that the organization I work for even communicates things such as events that would trigger BGP route recovergence. Not that we really care about short periods of times when routing may not be optimal, it's not that critical. But the attention to detail is good.

7
0

China to get its very own cut-price cut-down cut of vSphere

Nate Amsden
Silver badge

vmotion between versions

When I upgraded 4.1 to 5.5 3 or 4 years ago I vmotioned VMs from hosts on 4.1 to hosts on 5.5. Sounds like what vmware is working on now?

Maybe it doesn't work on newer versions of vsphere, wouldn't know since I have not had a need to upgrade from 5.5 yet.

0
0

Whatchu doin' Upthere? Western Digital moves on cloud storage space

Nate Amsden
Silver badge

seems WD is going crazy with diversifying

Though I'd wager that this cloud service will be gone within 2 years?

Getting into a business that is a race to the bottom(this particular player seems to be pricing already at the bottom) isn't fun.. So many such(cloud storage) companies have already gone bust or widdled back their offerings trying to pin their hopes on business class service.

0
0

Sysadmins told to update their software or risk killing the internet

Nate Amsden
Silver badge

Re: BIND >9.7

The article isn't quite clear to me - seems as if this is specific to DNSSEC ? if I just grep for the word key in my bind 9.8 config there are 0 matches(and I have never ever worked with DNSSEC - yes have run authoritative DNS since 1996(for personal stuff, company I work for uses dynect for external DNS hosting) as well as caching DNS for internal stuff)

I read an interesting(perhaps amusing?) post by someone earlier this year that talked about how bad DNSSEC(it went into quite a bit of technical detail why DNSSEC was basically worthless) was and to just not bother with it. Can't find the link at the moment, it was good. Not that I needed convincing to (not) use DNSSEC.

edit: I think this is the link:

https://sockpuppet.org/blog/2015/01/15/against-dnssec/

1
0

Verizon kicks out hot new Unlimited* plans

Nate Amsden
Silver badge

need a new word

Unlimited just seems to get people upset. I remember back in the 90s how upset I was when I was on dialup on "unlimited" plans and ISPs would cut me off(because I was on 24/7 basically). All I was asking for is some clarification what the allowed usage was. At the time, the ISPs that I was using(all local ISPs) had no policies they were just arbitrary decisions "oops this person using too much kill that account". I was happy to pay more or get multiple ISPs if needed. Finally found an ISP at the time that actually told me what they allowed and I stuck with them until I moved out of the state.

So for me anyway I don't get upset with unlimited, as long as those terms are clearly spelled out, and Verizon seems to be doing so. I use AT&T and switched to their unlimited plan a few months ago (was on a 5GB plan before that). AT&T will throttle video as well but you can opt out (I did). I checked my mobile usage for the past 2 months under 2GB each month (I haven't turned wifi on since I got unlimited since it prevents AT&T from upgrading my Note 3 to Android 5 - last time I said that someone didn't believe me but the update screen specifically says wifi is required, and I have intercepted the update in the past by killing wifi and it stopped).

AT&T will throttle as well(like T-mo and Verizon) after some number, maybe 15GB or 20GB or something I forget.

Anyway I got unlimited mainly because I didn't want to worry about overage charges. Which as long as I stay in the U.S. (and maybe Canada but haven't been there in a long time) I'm good. Last year I went to Asia and even though I did my best to constrain usage (turned off data on my phone entirely most of the time) and had an international plan (800MB/month of data allowed phone calls were still $$), still managed to get bills in the $250-500 range for the 3 months I was away. (normal was $150/mo at the time, now is $99 with unlimited).

Seems some folks just want to have unlimited LTE speed, be able to download 10GB/day if their speeds permit it, and only pay $50/mo or something. While that would be nice, I just don't believe it's really scalable at that level of cost.

Shit 99% of the time I'd love to have a steady 5Mbps, carriers and stuff are talking about 5G and new CPUs fancy screens etc, and folks still haven't got good coverage on 4G yet, several busy places I go in a city of 200k and my data reception is basically 0(as in even DNS times out).

3
1

Official: Windows for Workstations returns in Fall Creators Update

Nate Amsden
Silver badge

Re: 4 CPU's - That's a lot!

Windows kernel can handle a lot more too. And I'm sure you realize it is 4 socket not 4 cpu.

Though hard for me to imagine if you needed ao many sockets and TBs of memory just get the server version of the OS. The cost of the software will be a rounding error on such a system anyway.

Just checked redhat workstation and it seems to top out at 2 sockets. That would be perhaps the closest comparable product in the linux world.

(Linux user on server+desktop+laptop mostly debian since 1996)

25
3

IBM Cloud turns TLS 1.0 off and then turns it on again

Nate Amsden
Silver badge

Re: TLS 1.0

Lotsa folks. Even cybersource who is a credit card processor isn't turning tls 1.0 off in production until feb 2018.(which is pretty close to the limit for pci I believe )

I just went through disabling tls 1.0 on a few production services for pci not long ago. Ran into issues immediately and had to turn it back on in a few cases, fortunately none of those cases impact pci for us.

Though i have yet to see a serious threat against 1.0. Sure it is not as strong as 1.1 and 1.2 but the press make it out to being completely cracked which last I heard was far from the case.

I really dislike how this works though. Services should be able to accept tls 1.0 in order to give a human readable error. Getting a low level ssl error is almost always a pain to diagnose(even for technical users like myself). The ciphers are even more confusing. Seems everyone has different varitions on names for the same ciphers. Had to spend a bunch of time experimenting with ssllabs testing and retesting until I found a cipher setup that was rated right.

A big chunk of the issue is it's very difficult to determine what clients are actually connecting with. For me most of my SSL is terminated on Netscalers and there is no logging of that stuff. Even with apache last I recall you had to enable debug mode to get that info. It wasn't available as a logging option for access log. And a webserver is pretty basic imagine all of the more complex apps and clients that speak different protocols.

3
0

It's official: Outages are only the second-worst thing about Comcast

Nate Amsden
Silver badge

No complaints

Back in the '00s I was in the Seattle area with AT&T Broadband, then Comcast bought that(?) and I became a Comcast customer at that point. I used 1Mbps DSL for many years(with 8 static IPs), but the ISPs kept getting bought and sold, at one point my DSL ISP said they were changing my IPs so I said screw it, I cancelled DSL and put in Comcast. I put my servers(email+web+DNS+etc) in a local colo.

Was a Comcast customer for 2-3-4 years, really had no issues. Small outage here and there, my bill was not cheap being that I had a ton of premium channels.

Anyway, in 2011 I moved to the bay area, and got a local cable company(served the city I was in only). Cost and service was comparable (for all of those folks saying cities should invest in municipal services for TV/internet) to Comcast. My only real complaint was I wanted faster upload speed(fastest was about 3Mbps, my download speeds were ~20-30Mbps though they had faster download plans).

Moved to the central valley in California a year ago, back to Comcast territory. Again costs were about the same but internet speed up by 10X (download now ~200Mbps and upload now ~20Mbps). I have had more outages out here, maybe I have noticed 3 or 4 brief outages in the past year (nothing more than a few hours tops??). Since my job is managing remote servers I need internet access, so in the event comcast goes down I use the hotspot on my phone.

Comcast really did screw up the installation of services at my current home. Took their contractors at least 3 or 4 trips. Apparently nobody in this city of 200k people uses Tivo and they lacked the hardware and kept sending people on site without cable cards. They also sold me on a triple play package(only for cost, didn't need the phone) and I told them I wanted to buy my own modem, they told me the website to find compatible modems and turns out the modem I bought wasn't compatible with any voice service. So they ended up having to re-do my order on the fly to a double play (for the same price, originally double play costed more for some reason).

Took more troubleshooting on my old Tivo Series 3 it didn't get several hundred channels, they came on site(and charged me that fee), no resolution. Eventually I learned that those channels were encoded with MPEG4 and Tivo series 3 doesn't support that so the channel remains black (even though the signal strength is very strong, and shows no errors). Annoyed that the series 3 is not as useful as it once was, but it still gets some channels. Series 4 works fine with MPEG4.

I think costs wise people blame comcast because that's who they pay. They don't see the costs of the content(Disney, and other content providers always pushing for more $$) driving the costs up. Other than the occasional big dispute between a cable/satellite and a content provider where they put banners on the channels saying the content may get cut off if they don't come to agreement by some date. I know that's not the whole picture but I bet it's a decent chunk of it. People argue for being able to subscribe to individual channels(no bundling) but many don't realize that will drive the cost even higher in many cases.

I caved in a few months ago and decided to cancel most of my premium channels, I hadn't watched much premium tv in more than a decade. Still have showtime as that is part of my "package". (and no I don't stream media either).

I have no doubt broadband etc costs are more expensive in the U.S. than in many other places (as is several other aspects of life here). And have no doubt that comcast probably does screw up regularly given the size of their customer base.

1
4

Excelero hooks up with Broadcom to tag team NVMe over fabrics

Nate Amsden
Silver badge

exceptionally low latency

Trying hard to think of what wouldn't benefit from low latency.. is there any such application that would benefit from high latency?

(leaving out any compromises that may be required to achieve such low latency that is)

Hey Lior!

0
0

Forums

Biting the hand that feeds IT © 1998–2018