* Posts by Nate Amsden

1969 posts • joined 19 Jun 2007

Guys, geez... finally 5Gs: AT&T grows super-fast mobile net city rollout

Nate Amsden
Silver badge

waste of time

5G sounds like it may be useful for things like fixed wireless communications. AT&T struggles to get their 4G LTE stuff working most of the time. I can recall two situations in the past 5 years where I got above 20Mbit on LTE. Most of the time it is below 5Mbit. One was in a San Jose hotel (another time I was at another San Jose hotel and the LTE was sub 1Mbit). The other time was at a Las Vegas convention center where they obviously had LTE repeaters or whatever you call them in the room.

Too bad fixing coverage doesn't sound flashy like 5G.

It's not my phone either have tried at least 3 different phones side by side the coverage is quite similar. I have seen many times where I have "good" LTE signal strength(as measured by an app that looks at the numbers), but not enough bandwidth to resolve any DNS entries.

(AT&T customer since about 2010 or so, I switched from Sprint in order to use Palm/HP Pre GSM phones at the time currently have Galaxy note 3s and Sony XZ1 on their network). When I was on Sprint of course it was far worse at the time anyway, their Wimax 4G was slower than their 3G (I had a Sprint mifi hotspot at the time and despite unlimited 4G Wimax it was so slow I configured the device to stay on 3G even though it was no longer unlimited). Changing to (then) AT&T's HSPA+ it was easily 4-6X faster than Sprint. I'm sure Sprint has improved a bit since that time, bad performance wasn't the only reason I left 'em.

1
0

Windows Server 2019 Essentials incoming – but cheapo product's days are numbered

Nate Amsden
Silver badge

Re: Is Cloud computing Smart Meters for IT ?

"demand management" has been an issue with cloud since day 1. With the crappier public IaaS clouds such as MS, Amazon, google it's even worse as you can't provision into pools of resources(as in being able to over subscribe CPU/memory/disk -- which in itself is demand management as well but it can simplify things quite a bit depending on your workload). Conversely if you want to have much better resource utilization then you have to pick a cloud provider that provides that, though the costs typically go up even more in that situation.

SaaS clouds in theory should abstract that aspect of management away if managed correctly, but as big SaaS clouds like Google and MS have shown time and time again it's far from a mature process.

Who needs quality when you can just slowly numb your customers into a lower level of service without them realizing it.

1
0

Web cache poisoning just got real: How to fling evil code at victims

Nate Amsden
Silver badge

Re: So non-core services offered by a SaaS supplier likely to be less secure thatn core

Sort of ironically in many cases a website is not an IP, but a combination of IP+host name. Sort of a side effect rather than "by design" I credit name based virtual hosting on my load balancers from protecting many of the websites from casual drive by scanners. There may be dozens of different websites behind that IP(and in some cases those sites are meant for "internal" use and have no external published DNS), but without specifying the right host: header at most you will hit only one of them(per IP).

1
0

Bitcoin backer sues AT&T for $240m over stolen cryptocurrency

Nate Amsden
Silver badge

Re: So much for the "what you have" 2nd factor...

You seem to be focusing too much on hacking your account via their website because you use fancy 2FA, and not mentioning hacking the account via social engineering through the phone lines or in person.

For example I have a pass code on one of my bank accounts, if I call in they are supposed to ask me for the pass code before they can do anything. Though there is a way around that pass code if you provide enough personal information about yourself to verify you are who you say you are.. I can imagine without this the companies would be bombarded with complaints from users who do forget their shit. Can be a tough balancing act.

In the case of a bank account, or even a bitcoin site with millions of dollars of your own funds.. I have to believe there are ways around fancy 2FA in the event such tokens are lost/stolen/something. I mean I can't imagine an organization saying "sorry we can't authorize you because you lost your token(s) so your $24M gone forever".

Had this money been stolen from a FDIC insured account (knowing there are limits to the $/account that are insured) would FDIC and/or the bank cover the losses (at least to the limit of the insured value)? Or is FDIC only used for things like in person bank robberies?

1
0

Google bod wants cookies to crumble and be remade into something more secure

Nate Amsden
Silver badge

Re: Zero understanding of cookies

how are cookies not stored on the server side ? Any cookie associated with a site would be transmitted to the site and the site can store that data if it wishes(but it probably already has that data in other forms, e.g. session info, items in your shopping cart). Back when I worked for an ad targeting company many years ago we collected probably 40TB of log data per day, most of that was cookie stuff from the tracking pixels.

It's pretty trivial to configure most web servers to log the contents of the cookies.

Of course I could be misunderstanding what you are saying as well.

0
4

Oracle: Run, don't walk, to patch this critical Database takeover bug

Nate Amsden
Silver badge

could disable java

Though it is enabled by default, I remember disabling it on my last installs since the app that I use oracle with (vCenter) doesn't need it.

SQL> select comp_name from dba_registry;

COMP_NAME

--------------------------------------------------------------------------------

Oracle Enterprise Manager

Oracle XML Database

Oracle Text

Oracle Workspace Manager

Oracle Database Catalog Views

Oracle Database Packages and Types

6 rows selected.

You can probably do it on the fly(as in don't have to reinstall) as well assuming you don't need it:

http://fast-dba.blogspot.com/2014/04/how-to-remove-unwanted-components-from.html

2
0

Phased out: IT architect plugs hole in clean-freak admin's wiring design

Nate Amsden
Silver badge

I deployed some new pdus recently(as in 0U rackmount pdus not large scale datacenter pdus). They are pretty neat as they alternate the phase on every outlet (and the outlets are color coded). pretty convenient, though the locations on the outlets could use some improvement, assuming related to the extra hardware to do the alternate outlet thing, 36 outlets on the 208v 30a 3phase though probably a good 2 and a half feet of no outlets on the bottom part of the pdu.

1
0

Extreme Networks? Extreme Share Price Crash, more like

Nate Amsden
Silver badge

loyal customer for ~19 years

Been a small but loyal customer of Extreme's for about 19 years now(always felt a bit bad seeing Extreme hardly ever mentioned on El reg, though now more so since they acquired the Brocade data center assets for whatever reason), though technically I guess they wouldn't count me as a paying customer until about 2004, purchases before that were made off of ebay. Not super excited myself about their recent acquisitions I did like their "one platform" (XOS) story(much like HP 3PAR's one platform small to big story) that they had before that(my first XOS was BlackDiamond 10k in 2004). I went to a conference of theirs earlier this year and didn't like what I heard, mostly "ignore what we've been saying for the past 8+ years we like this new stuff better". Though I had been ignoring what they had been saying for the past 8+ years anyway since it was about M-LAG which sounds nice though I never had a real interest in that approach either.

But whatever, as long as XOS keeps chugging along, there hasn't been a feature they have added that I've cared about in a long long time, my network architectures haven't changed since 2005(ESRP + virtual routers), so as long as that stuff keeps going, hopefully stable since it is mature I'll be happy and ignore the other messaging about their new brocade data center kit(never been a fan of Trill anyway myself). Also not sold on FCoE either, am happy with isolated fibre channel networks for storage.

People have been telling me Extreme is going out of business since at least 2004 (back then it was Foundry Networks who was spouting that, ironically enough look where Foundry is now), then when Extreme turned down the Juniper acquisition, then several other things along the way.. somehow they manage to keep going though.

The pitch is they will be able to better grow these multiple businesses now that they are a billion $ company, rather than the several smaller ones that struggled before. Seems like a tall order, I hope they didn't take on too much debt and other bad things as a result of this stuff.

Their new security and intelligence story really reminded me of their same story back in 2005 with the Black Diamond 10k(with FPGAs I assume, though they called them "Programmable ASICs" at the time) and their Sentriant technology along with ClearFlow. Now of course things are better technology wise but found that amusing all of the stuff they were touting at this conference I was at I literally heard them tout 13 years ago. It sounds cool for sure, my org's got no budgets for that stuff though so doesn't matter anyway.

I tell people if you want to make a career out of networking then go the Cisco/Juniper route(much more complicated), but if networking is only one of the things you do, chose something else. Other than ESRP, the ease of use of the Extreme platform is what has kept me happy. Certainly have had issues here and there over the years, but at least not the constant headaches of dealing with a Cisco (or Cisco like) CLI interface. Extreme believes CLIs will go away entirely in favor of fancy SDN. Maybe they will some day.. companies have been promising such things for a long time and so far hasn't happened. Not holding my breath.

4
0

For all the excitement, Pie may be Android's most minimal makeover yet – thankfully

Nate Amsden
Silver badge

can you get updates only yet?

I'm still on my first Android phone which is a galaxy note 3 running Android 4.4 (I refuse to let it upgrade to 5), before that I was on webos. I have a note 4(android 5) as well(and another note 3 on android 5) which I'm typing this on (wifi only).

My Q is can you opt for JUST security updates in modern android. No feature upgrades. I see the July 2018 security bulletin still supports android 6, do the patches are there for older OSs. I haven't noticed a single headline feature addition to android since 5 came out (including 5) that looked interesting to me only annoying UI changes. The most frustrating of which other than the material design is the removal of the mute option from the pop up menu from pressing the power button which happened in android 5. I use this feature constantly, would be even better if there was a physical switch to mute like I had on webos, or the ability to mute the ring tone instantly by a quick tap of the power button.

I'm assuming not, but curious anyway.

3
5

Sitting pretty in IPv4 land? Look, you're gonna have to talk to IPv6 at some stage

Nate Amsden
Silver badge

Re: Overly Gloom and Doom 90's Predictions

So a better solution to "breaking" a few things with NAT, is to break *everything* with IPv6 right?(because back then what really supported IPv6) Then they can be forced to update everything because everything is broken, then everyone will be happy. Yeah I can see why that didn't happen.

I've been doing networking stuff since the late 90s(not really my primary role), these days load balancers, firewalls, vpn, layer 3 switching, though no dynamic routing protocols etc, and even I have zero interest in ipv6(along with a lot of others I'm sure). In fact I don't recall ever even having a conversation/chat with anyone outside of toy(home tunnel) deployments who was excited about IPv6.

I go out of my way where I can to disable IPv6 on systems because it can still cause issues(perhaps mainly when there is no IPv6 network), one example that came up again recently is BIND by default will query IPv6 name servers unless IPv6 is explicitly disabled on the service itself (having it disabled at the operating system is not sufficient), which results in many query timeouts.

I do remember being "excited" I suppose that the big core switches I purchased in 2004 supported IPv6 in hardware, though other than a bullet point on a spec sheet my interest stopped there.

IPv6, much like SDN still seems to me firmly only beneficial in the service provider/large enterprise space at this time. For most folks I think running out of IPs isn't a critical issue.

It was much more so an issue back before SNI -- I was at one company about 13 years ago where we had a couple hundred SSL certs(many different domains too) that had to be exposed externally -- so of course each required it's own IP. Getting those IPs wasn't difficult at the time but these days such a setup could easily be consolidated even as far down to a single ip address with SNI.

For the stuff I do (managing production e-commerce infrastructure), if the time comes where we NEED inbound IPv6 then my strategy would be as the article suggests - though I would just have our CDN do the conversion for us. If the time comes where we NEED outbound IPv6 for something then I imagine my strategy would be to do IPv4->v6 NAT (never looked into it before). Though if either of those situations appear in the next 5 years I'll be quite shocked.

2
3

'Prodigy' chip moonshot gets hand from Arm CPU guru Prof Steve Furber

Nate Amsden
Silver badge

reminds me of itanium

"[..]Power efficiencies are gained by moving out-of-order execution capability to software, Danilak said. “All the register rename, checkpointing, seeking, retiring, which is consuming majority of the power, is basically gone, replaced with simple hardware. All the smartness of out-of-order execution was put to compiler."

and then from wikipedia

https://en.wikipedia.org/wiki/Itanium

"[..]With EPIC, the compiler determines in advance which instructions can be executed at the same time, so the microprocessor simply executes the instructions and does not need elaborate mechanisms to determine which instructions to execute in parallel. The goal of this approach is twofold: to enable deeper inspection of the code at compile time to identify additional opportunities for parallel execution, and to simplify processor design and reduce energy consumption by eliminating the need for runtime scheduling circuitry. "

18
0

How to (slowly) steal secrets over the network from chip security holes: NetSpectre summoned

Nate Amsden
Silver badge

Re: Yup

if a nation state is after you this is the least of your worries.

8
1

Windows 10 IoT Core Services unleashed to public preview

Nate Amsden
Silver badge

Re: February 30th?

When you want 10 years of support? When you don't want systemd?

(Debian user since 1998 - wondering when support for Debian 7 will run out and I will have to do another round of upgrades, probably going to the Deuvian(sp))

0
0

Xen 4.11 debuts new ‘PVH’ guest type, for the sake of security

Nate Amsden
Silver badge

high availability is nice though not really required for a bunch of workloads. I mean I ran vSphere from about 2006 to about 2010 with nothing other than standard edition (no HA, no vmotion, nothing). Ran everything from Oracle DB servers to web and app servers, etc(all of the VMs if I recall right were linux). First couple years(first company) didn't even have vcenter. For a while in 2009 at least I was able to buy vsphere essentials packs and get the hosts managed by vcenter standard edition (vmware closed that license hole a couple years later)

I did have SAN storage though so if I needed to move a VM to another host I could do it(VM had to be powered off of course).

Back in 2008 before I left that one company my (new) manager at the time wanted to switch to Xen. He didn't even like paying the lowball standard vsphere pricing we were paying I think it was $3k for a 2 socket server for standard edition(excluding support I think). We got into a big argument about it at one point. After I left the company he directed my remaining teammates to start working on Xen (CentOS 5.x I think at the time which among CentOS 4.x and RHEL and Fedora we used as guest OSs). They spent about a month trying to get it to work and gave up and went back to Vmware. The core issue they were having at the time was the need to run both 32 and 64-bit CentOS guest OSs, and one of those(assuming 32-bit it was a long time ago) simply wouldn't even boot(mailing lists etc provided no solution). Didn't talk to that manager again for years but have since made up he apologized to me which was nice, and said yes (at least at the time)Xen sucked and vmware was better.

For the past 7 years or so at the current org everything is enterprise+, though I think the only real features of e+ that I use are VDS, DRS and host profiles. I'm probably a mix of a customer vmware would love and hate -- been using their stuff for 19 years now, very loyal customer(because of consistently good experiences) but at the same time not excited about any of their stuff other than the basics. vSphere 4.0 was the last product I was super excited about.

1
1

AAAAAAAAAA! You'll scream when you see how easy it is to pwn unpatched HPE servers

Nate Amsden
Silver badge

Never having used a Microserver am not sure if it's iLO capabilities are the same. But on Proliant DL systems anyway you can configure iLO to use either the dedicated port or share with onboard NIC. The default is dedicated.

0
0

Another data-leaking Spectre CPU flaw among Intel's dirty dozen of security bug alerts today

Nate Amsden
Silver badge

Re: So what? CPU Errata exist since the first products hit the market...

I think it's mostly an excuse to get page views. There are legit situations where these bugs can be considered dangerous(much more so if you are in an organization that is a tempting target) but those are pretty few and far between vs the more common security exploits as the article notes.

The page views things isn't specific to intel though it's to many of these recent security things where people are making up code names and dedicated websites for them, or in the case of AMD trying to manipulate the stock price. So far overblown.

I don't believe AMD is spinning this at all myself but certainly vocal AMD fans are trying (to no avail from what I can see -- don't get me wrong I do like AMD I was pretty hard core fan of theirs for Opteron 6000 but then they burned many bridges with those server chips and Epyc isn't yet enough to get me excited again -- mainly on power usage).

I'll change my tune if these intel bugs provide a way to crash the processor(I keep thinking back to the f00f bug).

Doing some searching seems there may be such a bug coming soon

https://en.wikipedia.org/wiki/Halt_and_Catch_Fire#Intel_x86

3
20

HPE primes storage networking pipes for NVMe-oF data deluge

Nate Amsden
Silver badge

more than HPC

The quote from the network expert seems specific to HPC, of which I think traditionally HPC hasn't used FC anyway, obviously the enterprises use it more.

And small department SAN? Shit I think most small department SANs could get by on 4Gbps FC. I know my mix of 4/8Gbps/16Gbps(switch side only I have no 16G HBAs) still has years of capacity built into it even at 8Gbps speeds. Of course I have no fancy NVMe stuff, just regular flash storage. Even for my newest servers I have no need to go beyond 8Gbps.

4
0

Time to dump dual-stack networks and get on the IPv6 train – with LW4o6

Nate Amsden
Silver badge

Re: So just like the network my phone uses?

My phone is using CGN on at&t. According to android(4.4) my ip is 10.146.31.141. I have had wifi disabled for the past couple of years so they can't upgrade my phone.

Perhaps att has an ipv6 network for mobile too not sure. Checking my wife's android 8 phone it is on the same ipv4 CGN that i am on. So clearly not device specific.

With CGN i have never had an issue connecting to anything. Though I have never needed to connect into my phone from remote too. So in a nutshell CGN works fine no need for ipv6 for me anyway.

0
1

Tintri terminates 200 staff, cash set to run dry in a couple of days

Nate Amsden
Silver badge

Re: Soo...

There was a report..here on el reg I think not long after the IPO the company may of stiffed the top sales folks which caused some sort of sales exodus and it spiraled down from there.

Their tech always seemed pretty cool to me I had several discussions with them over the years though not enough to get me away from 3PAR. My last talk with them I think earlier this year was surprised that they hadn't yet had the ability to reclaim deleted space from VMs and stuff(3PAR calls in thin reclamation and was introduced in 2010). Also was hoping Tintri would give more generic support for NFS for file serving purposes(on top of the other stuff) but they never got round to doing that as far as I know.

Their per VM approach which vmware tried to clone with VVOLs did seem pretty cool, though at the end of the day not a problem that has really ever affected my workloads. As someone who has access to all aspects of the infrastructure I could trace down and kill things pretty easily if they were causing problems. 3PAR has had vvols for years now though I've yet to use them, at this point probably will play around with them next year.

1
0

Micron: Hot DRAM, we're still shifting piles of kit, but somebody's missing our XPoint

Nate Amsden
Silver badge

Re: MLC and TLC are crap already.. QLC will be the worst really...

I assume you have a pretty extreme use case. The oldest SSDs(HPE 3PAR) at the organization I am at are Feb 2014. Their stats claim they have 95% of their life left. zero failures. Roughly 1000 VMs run on top of that array.

In general enterprise SSDs are so reliable these days that many vendors are offering 3-5 year(or perhaps more) unconditional warranties(MLC with any access pattern) on them. Back in ~2012 time frame HP came out and said that there was less than 5% of all deployed SSDs (on 3PAR anyway) had failed.

On the consumer side things are a bit murkier, with many brands and models seemingly being quite crappy. I steered clear of consumer SSD until the Samsung 850 Pro came out, have deployed Samsung 8xx and 9xx Pro/EVO across my own personal lineup of stuff(my main laptop has 1 850 pro and two 860 pros), with no issues.

I have one Intel SSD (the one with the Skull on it), didn't have anywhere else to put it so I tossed it into my PS4, runs fine though can't say I see any significant speed bump at least with the games I was playing at the time GTA 5 and Fallout 4 (about the only games I have played on PS4). (revised comment to reflect right year)

So my somewhat limited experience the past ~4-5 years says SSDs(all are MLC) are quite reliable, but there are certainly crappy ones out there like anything else.

SSDs aren't cheap though of course, last I saw(here on el reg) the raw cost/TB was still around 10X more than 7200 RPM(industry average numbers).

4
1

PayPal reminds users: TLS 1.2 and HTTP/1.1 are no longer optional

Nate Amsden
Silver badge

TLS 1.1 is fine for PCI ?

Having been going through PCI audits for a few years now unless something changed very recently TLS 1.1 is still perfectly fine for PCI. I did a few web searches and could not find anything mentioning TLS 1.1, only a dislike for 1.0 (though again I have yet to see any serious issues with TLS 1.0 itself, I have seen people point to specific weaknesses here and there but they were all(that I have seen anyway) easily mitigated while maintaining TLS 1.0(since I did so myself on my org's load balancers 2-3 years ago back when we could not upgrade past TLS 1.0(an issue that was resolved since, 1.1 and 1.2 are enabled these days and 1.0 disabled where possible/required).

Using SSLlabs test site is always real handy for validating configuration, it's so easy to misconfigure SSL setup, even the ordering if the ciphers is important. I've yet to know anyone personally who knows SSL well enough to be able to configure that kind of thing on their own. For my Citrix Netscalers I think I used this guide (https://www.antonvanpelt.com/make-your-netscaler-ssl-vips-more-secure-updated/), or something that looked real similar.

Had an issue not long ago where we upgraded some of our Linux systems and one of them had to connect to a 3rd party service. The upgraded openssl refused to connect to the 3rd party after the OS upgrade(with no obvious way to force it to connect). Ran an SSLlabs test on the site and it had a rating of "F" at the time. The vendor fixed their site after a few weeks, in the mean time we ran that job on an older OS. I believe that was a situation where I tested both wget and curl against the site, I think wget refused to connect but curl was open to talking to the site(maybe because it was using gnutls and openssl, whereas wget I think was linked to openssl only).

SSL-level logging is also terrible across the board in my experience. Very difficult to tell what protocols and ciphers are actually being used(and used by who/what). Developers I have worked with in the past 18 years are just as lost when it comes to SSL.

1
0

Microsoft: Blobs can be WORMs in the new, regs-compliant Azure

Nate Amsden
Silver badge

not as secure as optical media?

https://en.wikipedia.org/wiki/Write_once_read_many

"Write once read many (WORM) describes a data storage device in which information, once written, cannot be modified. This write protection affords the assurance that the data cannot be tampered with once it is written to the device."

Last I looked at amazon's offering(month or three ago) theirs was not really WORM. It sounds like Azure is going the same route, where the WORM aspect is just a policy. Adjust the policy and you can then write to the data again?(didn't see any indication that this was not easily achievable by an admin)

On the SAN side I know 3PAR has a feature called Virtual Lock which has a better approach:

"Virtual Lock Software gives users the ability to protect data volumes and volume copies from intentional or unintentional deletions. During the user-specified retention period, volumes and copies can be read but are protected against deletion, even by an administrator with the highest level user privileges."

(if you wanted to protect against any writes to the data you would create a read only snapshot and lock that)

emphasis on the fact that the admin cannot change the policy once set. If you lock the data for 2 years it is set for 2 years. More difficult to achieve perhaps on from a service provider perspective where you may be paying per month for the service I don't know.

I'm sure there are other systems that have similar capabilities I am just personally most familiar with 3par.

2
0

Microsoft says Windows 10 April update is fit for business rollout

Nate Amsden
Silver badge

good news

At this rate by 2021 they may have a decent replacement for win7.

44
6

So net neutrality has officially expired. Now what do we do?

Nate Amsden
Silver badge

next youtube or netflix

Whoever might be next there has to worry about youtube and netflix, and facebook before they have to worry about net neutrality. Just a couple of weeks ago there was news that Vevo was shutting down caving into Youtube(I personally don't really stream anything(~1,700 disc collection though), and don't use facebook either. I use youtube for a few minutes a month for the occasional clip from some movie or tv show).

Second to fighting the giants may be fighting the regulators who seem to be bent on trying to force platforms to exclude certain kinds of content on the sites, which just makes it more difficult/expensive to come up with the software(or human resources) to cope with controlling the content on the sites. Obviously even youtube and facebook struggle with this with the resources they have available.

3
0

Deck the halls with HALs: AI steals the show at Infosec Europe

Nate Amsden
Silver badge

Re: One box to server them all - To stop phishing attacks

Oh my that sounds absolutely terrible. The likes of facebook are already trying to get people walled into their gardens, don't need yet another garden.

Just because you know the source doesn't mean that source wasn't compromised and sending out bad messages, or hijacked DNS to send requests for a site to another location or taking over BGP routes to redirect traffic, or a legit message sending a user to a legit website that just happened to be compromised.

Phishing has never been an issue in my life. I find it amusing that so many people still seem to fall for it. But as long as people can be convinced they are sending $10,000 via wire transfer to a Nigerian prince who will then send back $1 million, so convinced that they get angry when the wire transfer service refuses to process the transaction -- there will be 1000x more that will fall for other social engineering attacks.

(I have been running email servers since 1996 -- though I haven't had to support corporate email since 2001, only personal email and data center applications since)

1
0
Nate Amsden
Silver badge

ML and AI just seem like an extension of "big data" and analytics. Is ML and AI even feasible without a fairly significant data set? Probably not a coincidence that the main leaders in this space(publicly at least) are the ones with the most amount of data.

2
0

Have to use SMB 1.0? Windows 10 April 2018 Update says NO

Nate Amsden
Silver badge

pop up a warning?

I haven't heard of this so assume it hasn't happened. But if not it would of been nice for MS to pop up a warning message when connecting to SMB1 shares to alert the user. More props if they pop up a warning for SMB1 capable servers even if the clients are able to connect via a newer version of the protocol.

I'd wager ~98% of the users out there have no idea what SMB version they might be using(or even how to tell). I count myself among those. My usage of SMB is quite small though I do have a samba system at home, just doing a quick check on Samba and SMB v1 I came across this article for how to turn SMB v1 off:

https://www.cyberciti.biz/faq/how-to-configure-samba-to-use-smbv2-and-disable-smbv1-on-linux-or-unix/

I checked the config (fairly default config) on my system and there is no mention of the "min protocol" setting(don't know what the default is for Samba 4.2), so maybe SMB v1 is enabled, or maybe not. The only clients that access it are windows 7, and there too I really have no idea what protocol version they use to connect.

(small disclaimer linux has been my main OS of choice desktop/server for 20 years now, though I have used windows from 3.0 -> 7(client) windows, and I do manage a dozen or so windows server VMs(win2k8 and 2k12) as well, so not totally green)

Same goes for enterprise stuff, I have SMB on an EMC Isilon cluster(code is fairly current) but no idea what version of SMB it runs(a quick search shows one person wanting to disable SMB v1 on Isilon 2 years ago, and another person suggesting a specific code version that introduced the option to disable SMBv1)

9
2

Oddly enough, when a Tesla accelerates at a barrier, someone dies: Autopilot report lands

Nate Amsden
Silver badge

Didn't need to stop if it had stayed in the lane. No crossing solid lines. Should be pretty simple.

10
3

Monday: Intel touts 28-core desktop CPU. Tuesday: AMD turns Threadripper up to 32

Nate Amsden
Silver badge

Re: where's the innovation?

I wasn't expecting myself, I was commenting on the article:

"[..]what matters is that someone is putting pressure on monopoly giant Intel, forcing it to innovate in the desktop "

2
2
Nate Amsden
Silver badge

where's the innovation?

Both of em are just tweaking at most server cpus to run on workstations. I have a dual socket HP opteron workstation maybe from 2009. Bought it refurb from HP maybe 2012. Upgraded the cpus from 4 core to 6 core about two years ago(12 total cores), after finally finding cpus that were a decent price. The cpus were specifically for HP blades. I just discarded the blade heatsinks and reused what the workstation already had. Nothin new here. I don't use it for much anymore but it's still a pretty solid system.

I've seen people claim the new Ryzen chips has forced intel to compete more. I don't really see that either myself. Ryzen fell far short of my own personal expectations on power usage anyway (not that intel is much better now). Sad to see seemingly everyone running into manufacturing walls relative to the past.

Where AMD forced intel to innovate was when intel came out with the core series architecture.

5
41

Cisco turns to AMD Epyc for the first time in new UCS model

Nate Amsden
Silver badge

Re: hot chips

The way you type makes me think you have absolutely no idea how much a 8 socket single system costs, not to mention there are very few such systems on the market anymore (as far as I can tell neither HP (Proliant anyway) nor Dell sell them anymore). Though HP may have 8 socket superdome for HPUX still and of course SGI systems(owned by HP now). HP's last Proliant 8 socket as far as I can tell was 980 which was 7-8 years ago.

1
0
Nate Amsden
Silver badge

Re: Is it called the Anti-trust edition?

If Cisco really cared about that they would of been releasing Opteron 6000 series systems back in ~2010. Speaking of which have to find out at some point if HP is going to continue supporting my DL385G7s (Opteron 6200s) past October of this year or not.

1
0

Don't read this, Oracle... It's the rise of the open-source data strategies

Nate Amsden
Silver badge

Re: "remove the bureaucracy inherent in acquiring Oracle’s database"

The bureaucracy inherent in acquiring Oracle's database is almost nothing. You can download any version you wanted from their website(checked again now just to be sure - http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html) without anything.

They purposely make it easy to lure people into using it so then they can come back with audits.

Last time I seriously dealt with Oracle DB licensing was about 10 years ago, and at the time it was pretty easy. As a new hire I tried to advice the company how to deploy Oracle properly when they were undergoing an audit. My manager decided to ignore me, they paid their fines to get back to a normal stance and kept going. Until the 2nd audit came around when I once again told them what they needed to do, and they did it(I guess I did it as I did most of the work) that time, still had to pay fines but they were legit fines they were terrible/lazy about managing their licenses. I found it ironic I knew more about Oracle licensing than the Oracle reps did at the time (specifically around leveraging Oracle standard edition on multi core processors). I also did things like install single socket(quad core) vmware hosts(which vmware did not "support" at the time), to get more Oracle instances up (even though Oracle did not "support" vmware, I think they still may not). For production it was all bare metal and optimized with fast dual core cpus or quad core depending on EE or SE licensing.

That particular company when they started had Oracle SE "One", the tiny DB. Then they hired an Oracle DB consulting firm to help them manage the systems(this was before I was hired), the first thing the consulting firm did was to install Oracle EE everywhere. Company was hit hard for that filing support cases against EE when they were not licensed for it. Later on the 2nd audit got hit again because that DB consulting firm had monitoring that used partitions in oracle, another expensive add on. No other apps or anything was using partitioning but company got hit with the bill for using an unlicensed feature. The monitoring software was then updated to not require partitioning.

Previous to that company was a place that had massive abuse of Oracle licensing we had probably a dozen or more hosts, and were only paying for a couple(everything on EE). For some reason either Oracle didn't bother to audit, or when they did audit we got by somehow (I wasn't responsible for those systems). Eventually the company got correct in their licensing but took a few years.

I think Microsoft is similar, though at least with MS you can't(as far as I know) download their biggest products for free and be able to use them without a license key/file etc.

I have used Oracle DB for the past several years just as a back end database for VMware vCenter, very low utilization. Plan to move to vSphere 6 this year and to the vCenter appliance clustering along with it (Postgres I guess), so won't have Oracle anymore after that. They ping me every so often to try to get more sales but that doesn't go anywhere, and they haven't expressed any interest in an audit(for what I licensed I know I am way over licensed vs what is actually used). Oracle actually sent me an email recently reminding me my support is expiring on Feb 8 2020 (so why email now??) and the renewal fee is $3.15 (no idea where that number came from). They have been emailing me for a year saying my support is expiring in 2020 and I should renew. I mean I can understand emailing a few months before expiration but more than a year? Never seen that before.

It really would be nice if Oracle Enterprise Manager's features were available in Standard edition. I loved OEM at least the performance management stuff being able to see what queries are doing. I recall 10 years ago again it was possible (not "legally") to enable those features in Standard edition, then when the audit came I could just wipe out the data stores for OEM and replace them with regular ones, then reverse it again later(didn't care about data retention). Though with 11G that doesn't seem to be possible anymore(at least not in the same way it was then). My Oracle is really rusty these days though(I have never been a DBA).

4
0
Nate Amsden
Silver badge

did this article forget Oracle owns MySQL?

At least the official version? Sure MariaDB seems to be the more popular variant of that DB, but it's not as if you can't get MySQL directly from Oracle.

If customers don't want to pay for support it doesn't really matter what you make. The company I am with used to pay for Percona MySQL support(we use Percona across almost everything though there is a push to go to Maria). Percona's pricing was very attractive at one time I think it was basically $15k/year for unlimited support unlimited instances. We filed maybe a few cases a year, not much at all. Then one year it jumped to something like $120k/year for the same stuff(actually think it was less but not certain this was 2-3 years ago) so it was decided to drop their support and stick to internal staff only. Today I don't see pricing on Percona's site so not sure what it is now.

We tried RDS years ago when we first launched the app stack, it was just terrible. I'm sure it is probably fine for pretty generic setups, but the lack of control was just maddening. Getting data out of the thing was quite a mess too, when we finally moved out of amazon cloud in 2012 we had to do mysqldump to get the data out to import to real mysql servers, a process that wasn't quick.

Last I recall Amazon themselves were huge users of Oracle internally having a site license(s) -- licenses that made it cheap/easy to deploy everywhere. I have a friend who has been an Oracle DBA manager at amazon for 12 years now, haven't talked to him in a few years though.

3
0

Internet engineers tear into United Nations' plan to move us all to IPv6

Nate Amsden
Silver badge

Re: Mapping plan

1.4 million routes doesn't really sound like much to me for 2022. Other than the big service providers who really needs to carry the full bgp table anyway? Most folks that use BGP will probably only need a tiny fraction of it, or for the rest of us just uplink to a good service provider(in my case Internap) and let them do the routing.

I have a document here for a high end core switch from May 2004 where a vendor was using a IXIA traffic test tool against a couple of different products, once of which was capable of 1.2 million routes, though on a per port basis it was 230k. But still that was 14 years ago, and it was a switch, not even a "router"(which typically have a lot more memory).

Most companies have had to upgrade their hardware anyway just for increases in throughput.

Today I see routers at least claiming over 2M IPv4 routes and 2M IPv6 routes in hardware(vs 230k on that switch from 14 years ago) on modern equipment just on a quick search I'm sure there are others that can scale higher.

16
3

Hitch a ride on Storship Enterprise's weekly voyage of discovery

Nate Amsden
Silver badge

gdpr and location

Afaik gdpr has nothing to do with where your data is stored. Has to do with whether or not you serve European customers. Now if you do serve Europeans and have no staff over there then you can probably ignore gdpr as long as you don't mind them blocking you. Not the polite thing to do but they really can't do anything else (like russia trying to stop telegram)

I personally pulled all of the apps and data from the org I work at from Europe about 2 months ago(nothing to do with gdpr - pulled all hardware too) but we are still covered by gdpr since we have a few offices and employees there, pay taxes etc. All European data and apps live in our u.s. based colo along with everything else.

0
0

Activists hate them! One weird trick Facebook uses to fool people into accepting GDPR terms

Nate Amsden
Silver badge

Wonder what would happen

if Google and Facebook just decided to shut down stuff in Europe entirely for say 30 days.. that would be really interesting to see. Just leave a message on their websites that say something like "whoops give us some more time to make things GDPR compliant, in the meantime we can't let you use our services".

Are there european social networks that would explode over night? European web search engines? European Youtube? And what would happen when/if google/facebook turned stuff back on would the traffic come flooding back to them?

(I have never used facebook and my usage of google is quite minimal, I switched to bing as my search engine when I changed to Palemoon browser(Nov 24 2017), seems to do the job fine, though I still use google on firefox/android(minimal google usage there) -- I do use google maps though as bing maps really doesn't show much useful info, or maybe it's a browser compatibility issue with bing). My usage of youtube is quite minimal as well(I don't use any streaming services).

My switching to bing was really just an experiment, would I notice much by not using google, and I just haven't been bothered to change it away from bing since, I know there are other alternatives as well. I haven't had any cases where I felt I needed to go to google search to find something(that I could not find on bing search).

4
17

Who had ICANN suing a German registrar over GDPR and Whois? Congrats, it's happening

Nate Amsden
Silver badge

mis worded?

The organization that registers .de domains has to have personal info. They restrict who can register .de domains to people that live in germany. I had a .de vanity domain about 17 years ago, had it for probably 2 years then the .de folks took it back(I didn't know the "rules" at the time). Just checked again and the rule is the admin contact must be an address in germany.

3
2

Remember that $5,000 you spent on Tesla's Autopilot and then sued when it didn't deliver? We have good news...

Nate Amsden
Silver badge

right thing to do

is to refund all of the extra money paid up front by those folks(if they so desire it anyway). Perhaps that means turning off some software functionality on those cars if they have some sort of super enhanced beta software that isn't distributed to the rest of the tesla cars. The claims I have noticed mentioned by Musk/Tesla seem to revolve around the software only. Though I admit I don't track them very closely.

9
1

As Tesla hits speed bump after speed bump, Elon Musk loses his mind in anti-media rant

Nate Amsden
Silver badge

not sure what news musk sees

I see news on car accidents every day. As does anyone who watches local news.

Course it doesn't make tech news sites since there isn't a tech angle to it.

I don't use twitter either so I guess if not for el reg his rants would be as unknown to me as local car accidents are to him.

13
1

New Facebook political ad rules: Now you must prove your ID before undermining democracy

Nate Amsden
Silver badge

what is a political ad?

I don't use facebook or instagram, but short of an ad going for or against a particular candidate(or perhaps a specific ballot measure) I wonder how they determine whether or not an ad is political. I suppose if they have politics related ad targeting that would be a sign as well, though that's independent of the ad content.

7
0

Microsoft and boffins cook up hardware-secured database

Nate Amsden
Silver badge

banks and fraud detection

If this level of security is so important it would be interesting to know specifically what approaches a bank might take with today's technology to accomplish the same thing(assuming they even protect at that level).

Besides, even if you make the database ultra super protected, those queries have to come from somewhere, most likely an application of sorts, and applications I'd wager are generally compromised on a 100:1 ratio to databases.

1
0

Hold on. Here's an idea. Let's force AI bots to identify themselves as automatons, says Cali

Nate Amsden
Silver badge

Most of the junk calls i get are bots. They all seem to reply with the same response to my questioning whether they are a computer or not. They claim they are a person with a computer helping them. I hangup at that point.

7
0

Summoners of web tsunamis have moved to layer 7, says Cloudflare

Nate Amsden
Silver badge

old news, but good news?

https://en.wikipedia.org/wiki/Slowloris_%28computer_security%29

(just what I could remember off the top of my head)

anyway the good news is that there should be significantly less collateral damage caused by application layer attacks since you don't have to flood all of the pipes to kill the service.

I was at one place that I would consider "high traffic" (several years ago anyway), they processed a few billion requests per day. They were ad tracking pixels so the performance was high, when I was there the dual socket servers could sustain 3,000 requests per second in tomcat. Anyway before I started AOL had added their pixel to AIM, and AIM wasn't good about closing connections for some reason, so they got millions of requests which was exhausting the capacity of their systems just on open connections. They later tuned their load balancers to force terminate connections after something like 2 seconds(average request was maybe under 100ms), which fixed that issue.

At another company I was at their app was so bad sometimes even 1 request per second would tip it over(certain kind of requests I don't remember what kind). The executives would freak out and claim DDOS and want to manually block each inbound IP (and the IPs kept changing, at a low rate of speed). I just laughed, I mean come on that is just pathetic. They expressed no real interest in fixing the app just blocking the bad requests. That company died off several years ago. I don't even think that situation was even an attack, because if your app can't handle more than a few requests per second you have bigger problems.

I've never personally been on the receiving end of what I would call a DDoS, though have been collateral damage(including the Dyn incident a couple of years ago).

1
0

Dell EMC's PowerMax migration: Let's just swaaap out this jet engine mid-flight

Nate Amsden
Silver badge

Re: Technology marches forward

Customers have been able to migrate from vmax to 3par non disruptively for years as well.

I am very curious to know the architectural change that requires data migration.

0
0
Nate Amsden
Silver badge

Re: seriously? and they charge for this?

Because many workloads don't run in a hypervisor

3
0

Whois privacy shambles becomes last-minute mad data scramble

Nate Amsden
Silver badge

why is this even an issue

https://en.wikipedia.org/wiki/Domain_privacy

the approach has been there for years already. Though would be nice if the service was a standard(free) option with all domains, rather than a premium charge(as it seems to be with register.com whom I use or godaddy who my employer uses). Workaround to that would be just bake the service charge of the privacy service into the overall cost of the domain.

3
3

Samsung ready to fling Exynos at anyone who wants a phone chip

Nate Amsden
Silver badge

What differences did Samsung and Qualcomm have?

I don't recall ever reading anything about such differences, the article mentions differences but doesn't say what they were and provides no links to articles.

In a search I see this:

https://www.qualcomm.com/news/releases/2018/01/31/qualcomm-and-samsung-amend-long-term-cross-license-agreement

Which I assume is what was implied but even that doesn't say anything other than they expanded their cross licensing stuff.

Might this have to do with Samsung using Qualcomm chips in the U.S. for what I had always assumed was for CDMA patents or whatever from Qualcomm(but obviously that is not Samsung specific)? Or was there something else? I have read people say the CDMA patents in question are going to expire soon as well(don't recall how soon).

All this time I was assuming Samsung had long made their chips available to anyone that wanted them.

I saw a link to an Anandtech review of the Samsung S9/S9+ phones earlier in the year and found it interesting their claim that the Exynos version of the phone had significantly worse battery life vs the Snapdragon.

0
0

Pentagon on military data-nomming JEDI cloud mind trick: There can be only one (vendor)

Nate Amsden
Silver badge

compromise

Go ahead award it to one top level cloud vendor, just be sure that the vendor distributes the downstream hardware and software across at least 3 different top tier vendors(and not token deployments of said vendors):

- Data centers: Equinix, Switch, QTS ?

- Hypervisors: VMware, Citrix, (pick some KVM/Openstack supplier perhaps Red hat?)

- Servers: HP, Dell, Cisco ?

- Storage: HP, Dell, Hitchai or IBM ?

- Networking: Cisco, Juniper HP or Extreme/Brocade ?

That cloud can then put their API stuff on top of that stack and go from there.

Not so easy I am sure(I have been working in IT/Operations for 24 years), but at the same time would simultaneously address the outsider's want for more competition and the Pentagon wanting a single vendor. Also is good for the industry in obviously diversifying where the money goes for such a big contract. We are talking about long term stuff here after all.

1
0

Kaspersky Lab's move from Russia to Switzerland fails to save it from Dutch oven

Nate Amsden
Silver badge

Re: Having come up against Kaspersky's DRM...

"Kaspersky could have taken the decision to finally put their customers first and stop ignoring state malware"

Maybe I mis remember but I thought the whole thing that kicked this all off was Kaspersky catching NSA malware that some contractor wasn't supposed to bring home and automatically uploaded it to their cloud for analysis like they claim they do for pretty much all malware?

At the same time I do find it interesting that while Kaspersky is planning on opening up to outside audits and stuff the exact opposite has been happening in the U.S. security companies I recall an el reg article or two mentioning several companies at least say they will no longer allow other governments to inspect their code(which makes sense as those countries certainly can use the opportunity to find security issues with the code).

To me at the end of the day code inspection doesn't matter unless you're able to make sure the code you inspected is actually the code that is being installed(along with any updates). Also makes sense for any country that is highly concerned about security to use only locally sourced equipment/code which they can better maintain oversight of. Smaller countries are certainly at a disadvantage.

On my own systems anyway anti virus(currently kaspersky on my home windows systems and Sophos on my windows work VM and nothing on my linux systems(linux is my main system)) hasn't picked up anything new since the 90s(that I recall anyway). Obviously I am careful about what I download.

I believe Kaspersky is honest in they are not co-operating with the government, but also find it quite easily likely that there are government agents as employees(that the company isn't aware are agents) at the company that do stuff (I think the same is true for many/most/all big U.S. security companies too).

20
0

Forums

Biting the hand that feeds IT © 1998–2018