* Posts by donk1

34 posts • joined 28 Mar 2013

All roads in US cable biz GTT's Brit network seem to lead to Menwith Hill

donk1

Re: As I only live a few miles from The Hill...

I thought that BT and Virgin Media were the only 2 providers which run cables to your house...

Off somewhere nice on holibobs? Not if you're flying British Airways: IT 'systems issue' smacks UK airports once again

donk1

Re: Anyone notice........

Remember the IT rule....none, one or many...

Microsoft hikes cost of licensing its software on rival public clouds, introduces Azure 'Dedicated' Hosts

donk1

I notice Oracle is not on the list.

All affected people (including on Azure) over to Oracle Cloud.

When that is added then over to Rackspace's Cloud then to...then to..all the way to Dave's Cloud aka Billy Bob's Cloud...aka...keep changing the name/owner every week!

"Well,shucks...sure we can move them there VM's to Suzie's Cloud for yer, yeeee-haw!"

Not that any of the smaller Cloud providers are cowboy's...perish the thought!

Y2K, Windows NT4 Server and Notes. It's a 1990s Who, Me? special

donk1

Re: Shutting down the wrong server

Only had to do this once...my reply (shouted across machine room)..."Who was the last person to make X mistake"...turns to the complainer..."ooh, someone now in your team!"...nuff said!

Toodle-oo Raijin and g'day Gadi, you beauty! Australia's fastest super 'puter will bench 38 PFLOPS later this year

donk1

Is that you Johnny 5?

donk1

If you have it, why is it not listed at top500.org?

Turning it off and on again IN SPAAACE! ISS animal-tracker kit needs oldest trick in the book

donk1

Re: Almost ready

https://www.youtube.com/watch?v=uL2gxb-TcLM

Zoltan!

Bubblewrap jumpsuits!

Tech rookie put decimal point in wrong place, cost insurer zillions

donk1

Re: As a work experience...

I still remember entering lots of license keys for a full text database in the early 90's.

The license keys came via fax!

Luckily we worked out that zeros had a slash as did Z's, there were no lower case I's and my collegue worked out there were no lower case L's!!

This is not, repeat, not an April Fools' Day joke: 5 UK broadband vendors agree to pay YOU daily rate for fscked internet

donk1

Re: About Time!

Are BT and Talk talk really seperate?

When I spoke to the BT engineer ~7 years back they said that Virgin Media was the only one with separate cables to the exchange.

[ Currently have BT and Virgin Media fibre with iPhone as backup!!]

Intel: Let's talk about SGX, baby. Let's talk about 2U and me. Let's talk about all the good things, and the bad...

donk1

Hmmmm..

The idea is to put your decryption code in the enclave and then then send encrypted text and a description of the operation you want to perform to the enclave.

The unencrypted data never leaves the enclave, not even the hypervisor sees the unencrypted data.

E.g. to search encrypted data in sql server

https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-enclaves?view=sqlallproducts-allversions

What I do not get is how you get the decryption keys into the enclave securely!

"The client driver sends the column encryption keys required for the operations to the secure enclave (over a secure channel)."

What secure channel which the hypervisor cannot see? Hmmm..

Artificial Intelligence: You know it isn't real, yeah?

donk1

Re: It's Just Pattern Recognition

I was able to walk across the road blindfolded between 3am and 4am hence I can walk across the road blindfolded anytime...go head! The stock market has been going up all year hence will always go up...hhmmm!

Scottish brewery recovers from ransomware attack

donk1

Re: Customer caught

Exactly, you need and off-site AIRGAPPED backup....tapes anyone?

These days people seem to want everything online and lost interest in AIRGAPPING!

Also Dave's rule 1 : Test your restores not your backups!

Foreshadow and Intel SGX software attestation: 'The whole trust model collapses'

donk1

Re: Intel only?

https://lwn.net/Articles/686808/

http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf

What if tech moguls brewed real ale?

donk1

Re: Served by the 228ml

"The Daily WTF happened last night".....after you drink it you need a (P)ersonal (I)njury (S)upport (S)ystem!

Microsoft and boffins cook up hardware-secured database

donk1

Sounds like "Always Encrypted with Enclaves http://smooth1.co.uk/sqlbits2018/sqlbits2018roundup.html#2

1. Is this protected against https://www.theregister.co.uk/2018/03/28/intel_shrugs_off_new_sidechannel_attacks_on_branch_prediction_units_and_sgx/ with "utilization of an appropriate side channel attack-resistant crypto implementation inside the enclave"

2. has it been rebuilt with https://www.theregister.co.uk/2018/03/01/us_researchers_apply_spectrestyle_tricks_to_break_intels_sgx/ " Enclave code will need to be rebuilt and redeployed using the updated development kit to be protected from malicious sysadmins."

3. As per my blog entry above "On first use the client driver and enclave negotiate a shared secret and then setup the secure tunnel" Surely to negotiate a shared secret there is a small initial window where you first have to trust the hypervisor?

Legal tech startup tries to haul 123-Reg to court over 24-hour backup claims

donk1

Re: A wise man once said...

"Do you test your backups?"

"No"

"What? You have to test your backups"

"...We test our restores!"

My Tibetan digital detox lasted one morning, how about yours?

donk1

Re: Entente Cordiale ???

Yes but you are summing an infinite series....endless!

UK.gov to plough £67m into gigabit broadband for all and sundry

donk1

Re: Why?

Downloading Software, I have 330Mb and get around that when downloading Microsoft SQL Server or Windows 10 related preview updates which seem to appear every few days.

Regards,

David.

Patch LOSE-day: Microsoft secures servers of the world. By disconnecting them

donk1

Re: Oh dear

Really?

https://docs.microsoft.com/en-us/sql/sql-server/failover-clusters/windows/always-on-failover-cluster-instances-sql-server

"In a production environment, we recommend that you use static IP addresses in conjunction the virtual IP address of a Failover Cluster Instance. We recommend against using DHCP in a production environment. In the event of down time, if the DHCP IP lease expires, extra time is required to re-register the new DHCP IP address associated with the DNS name. "

My PC is broken, said user typing in white on a white background

donk1

Windows+Ctrl+C - turn screen black and white or color !

Spectre haunts Intel's SGX defense: CPU flaws can be exploited to snoop on enclaves

donk1

Just checking Wikipedia https://en.wikipedia.org/wiki/Software_Guard_Extensions#cite_note-14 we see that

a) There was a Prime+Probe attack which used "certain CPU instructions in lieu of a fine-grained timer to exploit cache DRAM side-channels" and a coutermeasure was published

b) The LSDS group at Imperial College London showed a proof of concept that the Spectre speculative execution security vulnerability can be adapted to attack the secure enclave and the code is dated 2 months ago.

I wonder if the "compiler-based tool, DR.SGX" which was a coutermeasure for Prime+Probe could be extended to handle Spectre?

Amazon S3-izure cause: Half the web vanished because an AWS bod fat-fingered a command

donk1

6000 machines...so run 200 machines at a time for 30 times.

What is this obession with 10,100,2000,rest and doing a massive population in 5 steps?

Even if 2110 machines worked fine how long would it take to fix the last 3900 machines if enough of them broke?

For failures it is not the number of times you have done it before but the size of the failure domain and how long it takes to fix.

it should be possible to rollout automatically in small batches and even had multiple upgrades rolling out at the same time on an automatic schedule, ripple across the farm!

If it is automated and scheduled who cares how many batches of upgrades are run?

You would catch errors with less impact that way as the failed batch size would be smaller and it would be minimal extra work if designed correctly.

This is the next stage in cloud service design - being able to have slower rolling upgrades with smaller batches!

donk1
FAIL

Re: Makes me wonder how many others in the "playbook" have this capacity.

1st prompt

This will shutdown 1040 servers, please type 1040 to continue.

2nd prompt

This will reduce capacity enough to cause a service failure for the following 8 services

A

...

G

Please type "8 SERVICE FAILURES" to continue.

Intel adopts Orwellian irony with call for fast Meltdown-Spectre action after slow patch delivery

donk1

Re: What about homebrew computers?

Hi Intel,

I am CEO of a company which is about to become a "PC/server maker", how will we get the fixes?

David Williams

CEO

Blue Rose Quantum Consulting

Meltdown/Spectre week three: World still knee-deep in something nasty

donk1
Meh

Re: Ummm

http://smooth1.co.uk/security/CPU_issues.html#1.1.4.1

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 includes Windows 7/8.1

Also see https://portal.msrc.microsoft.com/en-us/security-guidance

donk1
Unhappy

Meltdown exploit - https://github.com/IAIK/meltdown

Videos of Meltdown in action - https://spectreattack.com/

Microsoft's SQL Server 2014 early code: First look

donk1

Re: But shoorli ... ?

True, I am covering almost all of these at SQL Saturday Exeter my "SQL Server 2014 (not Hekaton)" talk.

donk1

Re: Some questions

Hmm. went to event where I heard more nodes than that being used in the Microsoft cloud, of course at that scale you need to talk to Microsoft first..

donk1

Re: Nice summary of my main thoughts @SVV @Charlie Clark

(Transactions) or (integrity checks).

Integrity checks i expect are unique/primary/check/foreign key constraints. We used to disable them when doing data migrations until the end.

"You can't disable logging on mssql.".

Pity, you can on Informix!

donk1

Already there is 2012 SP1 CU2 - Backup to Azure via Powersheel, T-SQL and SMO only.

2014 adds backup and restore via SSMS.

David.

Google goes dark for 2 minutes, kills 40% of world's net traffic

donk1
Alert

Re: And the cry went out to IT

... I felt a tremor in the force!

Living in the middle of a big city? Your broadband may still be crap

donk1
Holmes

Here!

Welling - where i get Virgin Media 100MB AND BT up to 80 MB.

donk1
Happy

Re: NODNOL

I am se of london and get www.speedttest.net 80mb down 4.89 mb up from my virgin media connection,

Have not checked my other Fibre connection from BT yet...

David.

donk1
FAIL

Re: E14

Funny I gave up 2 BE lines in E14 when I moved out of Poplar, that was almost 2 years agoand then exchange was ful then!

David.

Biting the hand that feeds IT © 1998–2019