Thursday 31 August 2006 at 09:59 am
Went to a small vendor seminar to showcase some NetApp technologies and came away with some interesting information -
* The probability of a write failure is pretty small (usually in the legalise small print) but this
small possibility increases as disk space increases (which is why a generic RAID of small disks is more reliable than a RAID of really big disks). Those consumer grade 500Gb and 1Tb disks are looking slightly less attractive now. In a failure situation if a disk dies and you goto reconstruct the array you could conceivably end up with a second failure due to a tiny write error - then you're screwed.
* NetApp get around this by using a variation on
RAID 6 DP (like RAID 5 but with two parity disks) - any performance hit (and its significant if you set this up using a normal controller) is offset by NetApps smart controller (thats why storage vendors charge a premium for data security). This problem and NetApps response is vividly illustrated in this
post to the 'Toaster' (NetApp nickname) mailinglist.
* Fibre-channel is big with Unix shops and iSCSI is big with Windows shops. Surprisingly NFS over IP is still popular in Unix-land too.
* Snapshotting now encompasses databases and mailstores. The snapshot facility places a much much lower performance overhead than a similar EMC device (granted they would say that). Apparently companies are moving away from tape based backup to disk based - keeping tapes around purely for occassional snapshots and compliance reasons.
* NetApp do '
thin provisioning' - essentially you can lie about your storage capacity (present 1 physical TB as 2 virtual TB). This was apparently implemented based upon lies developers would tell their admins, dba's and storage managers - once everyone had added in their own comfort factor it was discovered that only about 40% of the capacity was utilised and the rest was wasted. Pooling storage in a NAS or SAN and over-subscribing it means you can shuffle the space around depending on your needs at that time. Apparently the key is the forecasting tools which will help you to predict when you'll run out of space. It also tends to work better in multi-terabyte shops rather than gigabyte shops.
* You can now stream snapshots between filers in different locations (for DR / BCP / Replication) over any IP link (one NZ client does this over dialup to a location half way around the world) - this is possible due to the small 4k block size used by NetApp for storage - at the device level it only replicates changed blocks rather than the entire changed file.
Its always nice to hear vendor 'war stories' - apparently after eBay had their extended site outage in 2001 they called in Oracle who looked into the database side and found no problem with the backend software, some more (extensive) digging pinpointed the fault in disk firmware code - when the disk faulted the error was propogated up through the application layers and eventually killed the site. After this Oracle came up with their
HARD initiative (essentially a database designed and implemented for the extremely paranoid) which computes its own checksums on data as its written (so it provides an extra layer of redundancy over the storage layer).
Another interesting Oracle specific tale outlined their datacenter - which uses blades and NetApp appliances extensively (storing petabytes of data). The interesting thing is that they worked through the economics of using a Fibre Channel HBA infrastructure for their blades and went with NFS over IP instead - working out that 1 x blade + 2 FC HBA's (for redundancy) was much more expensive than 1 x blade + 2 built in teamed Gb NIC's (and they were willing to wear the performance penalty). NFS also allows them to manage a central pool of storage rather than carving out chunks for direct attached storage. Interesting.
Apparently a big leap of faith is for DBA's to allow the device to handle the and manage the storage rather than thinking about sindle-count. Once they get over that they can forget about the storage and focus on the database.
Wednesday 30 August 2006 at 10:14 am
Godflesh had a pretty seminal run through their 'Slavestate' EP, 'Pure' LP, 'Selfless' LP. After that they kind of spun their wheels a little - still good but no longer great.
The
video is of Slateman performed live from their Slavestate EP - this marked the beginning of their cleaner industrial sound after they pretty much invented grindcore with their first album ('Streetcleaner').
With only a drum-machine, guitar and bass they create an awesome crushing yet strangely uplifting sound.
Monday 28 August 2006 at 09:58 am
Endpoint Security checking is going to be huge as more and more people start connecting into their corporate LAN's remotely (actually even in a wired LAN its pretty important given the proliferation of trojans, spyware and malicious hackers).
Essentially EP lets the network administrator define certain conditions that must be met before being able to participate on the corporate LAN. In some case the tools will even allow direct you towards a quarantined location which will explain why the connection was refused and assist you to rectify the problem. For example an EP tool can direct an authorised client that fails post-connection criteria to a web page with links to security patches, antivirus software and firewall tools - it can even offer up different LAN access profiles (eg webmail or terminal services but not a direct connection).
* Wikipedia on
Endpoint Security
* Wikipedia on
Checkpoint Integrity a centralised EP system
* Nice flowchart tool to design EP access control for
Firepass
* Flash Demo of
CheckPoints Interspect appliance - actually more of an IDS/IDP (Intrudion detection sensor / Intrusion detection and prevention) system which works hand in hand with end-point solutions
* McAfee have their
Host Intrusion Protection (PDF) system which integrates into their ePO framework
* Juniper have a cool
Flash Demo of their IDP product (unfortunately you need to register to see it)
* ISS (who've been
bought out by IBM) have
Proventia - it looks like they also bought Black Ice Defender (fyi - Checkpoint bought Zone Alarm)
Security seems to be a serious growth industry given the trail of acquisitions and mergers in the small group of companies listed above.
Endpoint solutions seem to rely heavily on application and system profiling - if the app hasn't been approved or doesn't comply with a known checksum it won't run. This means someone needs to keep a constant eye on what applications and patches are likely to be installed and approve them before the endpoint solution takes remedial action. Ideal for a restricted environment but trickier for a more open environment.
Simple options that can be implemented immediately (without spending on new tools) include:
* ensuring appropriate desktop access
* centrally managed anti-virus / patching / desktop policy restrictions
* mac address restrictions on dhcp / switch ports (depends on the mobility of the client)
Sunday 27 August 2006 at 07:58 am
From the
Debian Help site comes a
short article about configuring Monit. The
Monit site covers the tools features in more depth. As well as the usual monitoring it lets you setup conditional actions based on alerts.
Awesome - Weta releases
Retro Rayguns. Its still odd that people would spend chunks of money on toy rayguns no matter how neat they are.
Privacy integrated into webmail -
Freenigma.
Use
SMS text message to control eight devices. Someone needs to commericalise this - something like a simpler X10 controller - plug an old mobile or phone into a power strip which you can signal via SMS to switch off and on connected devices.
Useful for kiosk applications and driving screen displays -
Puppy Linux running on a $100 PC. The
MicroClient Jr looks great - shame its only 166MHz. Also gets pricey when you add in some of the extras.
With security starting to get out of hand here is the ultimate t-shirt -
I am not a terrorist. In arabic of course.
On a related note - this is a genius cartoon from
Wondermark.
Tuesday 22 August 2006 at 1:18 pm
Another addition to my spleen-venting category -
There will be a special place in hell reserved for
Boy Racers (
Westies &
Boguns too).
They used to be just a nuisance - now they're just
down-right lethal.
Bastards.
Tuesday 22 August 2006 at 12:27 pm
Tuesday 22 August 2006 at 12:27 pm
Curtis is a bit of an unsung genius when compared with his contempories like Stevie Wonder, James Brown, Marvin Gaye and Isaac Hayes.
Curtis Mayfield added in elements of pop, psyhedelia, politics and social commentary to the traditional mix of soul/funk and r & b to his material.
No track better demonstrates this than his theme for the blaxploitation flick
'Superfly' - its a similar type of film to the classic
'Shaft' but the theme carries a much more positive message than the Isaac Hayes track which has become much more popular.
Thanks to the joys of YouTube - here is Curtis performing
Superfly.
Friday 18 August 2006 at 12:58 pm
There are a couple of good mapping tools on the web for New Zealand -
Wises and the
AA are the first two that come to mind.
I've found them a little clunky particularly with respect to finding specific locations in NZ.
These guys have kind of turned mapping on its head -
Smaps is a new system which does a dynamic lookup on a location - the more information you enter the more refined the search.
Very cool.
Thursday 17 August 2006 at 10:05 pm
Sometimes true (but definitely not always) -
The network that runs better since the administrator quit. IT people often have the tendency to meddle and tinker - not good in a production environment. Dev/Test and then UAT (even if it is just to the extent of discussing it with someone else before ticking the box that may cause problems for your client community) it before putting your tweaks into production.
Looks like a good read -
Satan: A Biography.
Genius -
Chaucer Blogs about his XBOX.
Wonderful flash animation -
Creation battles Creator.
Mouse-over the articles -
How right-wing readers view the New York Times.
EFI in Apples Intel PC's -
How Apple�s Firmware Leapfrogs BIOS PCs. The good thing is you get more control - the bad thing is that it makes it trickier to install a standard Intel based OS that expects to deal with an old fashioned BIOS.
Two useful links for people who want to use legacy Mac applications in a Classic environment -
Sheepshaver will run OS 9 and for more serious nostalgia
MiniVmac - Run a MacOS 7 from a USB stick. I've had good experience with
Basilisk too.
Interesting UI links -
Mac UI Ain't All That: The Future & History of the User Interface.
I'm always on the hunt for the perfect application launcher on Windows - something like
DragStrip or
DragThing would be ideal - I'll give
RocketDock a crack for now.
Monday 14 August 2006 at 08:56 am
I've been looking at the cool stuff from
AirTight.
With all the interest in wireless technologies (it seems only a few years ago that Apple demo'd the AirCard in a clamshell iBook) it seems security has been a bit of an after-thought. Fine for consumers but not quite ready for an organisation to truly trust.
AirTight's
SpectraGuard product is pretty much the best-of-breed when it comes to locking down your WLAN. Using a combination of server and sensor arrays you can monitor all WLAN activity within your vacinity - in fact depending on the landscape and structure-density the sensors are so good you will pickup activity 1 to 2km's away. Within minutes of entering the AirTight system we were able to spot 50 Access Points and 600 Wireless PC's.
In terms of the management console you can see the wireless name, mac address, ssid, type of security, channel, protocol, vendor and location (the sensors can triangulate location and superimpose onto a map). For each object you can view extended properties, locate, quarantine, ban, authorise/deauthorise and troubleshoot (which uses ethereal/pcap).
You can also view suspect events (rogue ap's, suspected netstumbler activity, honeypots etc) and generate all sorts of security/audit reports.
From a security perspective you can lock down your own network to participating ssid's, vendors and protocol lists (immediately reducing your profile). You can also block/disrupt/interrupt/degrade wireless connections - only a few channels per sensor; you can't wipeout wireless connectivity blockwide unless you have a lot of sensors (its nice to know that you can actively fight back against war-drivers that park up outside your building and try launching probes/attacks on your WLAN).
The interface is nice, simple and intuitive with a sensible out-of-the-box configuration. Once configured you can quite happily leave it to do its thing (eg its not high-maintenance).
Once these things start to work with Bluetooth, wireless USB and RFID you'd be able to do some pretty interesting things. Its actually pretty amazing to think that these sorts of technologies are even available given the sorts of things I suspect they'll be capable of doing in the very near future.
Time to pull out the tin-foil hat.
Monday 14 August 2006 at 08:52 am
Something to look forward to perhaps -
The Coming Conflagration. Fingers crossed that John is wrong.
Wonderful - a series of
Infographics by the International Network Archive. Providing some interesting data on topics such as the global arms-race, movie, fast-food and transportation.
Genius -
3D maze using CSS and DOM. Now someone just needs to turn it into Doom.
One of those things everyone should know how to do -
Rsync Incremental Snapshot Backups via SSH.
On a related note - Flash - useful for Sun Solaris systems -
Using Flash Archive in the Solaris Operating System for Disaster Recovery. Handy for taking system snapshots.
Interesting -
Basic Introduction to OpenBSD - possibly one of the most secure out of the box OS's available.
The first font to get the movie treatment -
Helvitica: The Movie.
Thrill Power Overload -
Dave Bishops Blog. Dave worked on
2000AD for quite awhile and is writing a historical overview of the comic on his blog. I didn't realise he was a Kiwi
according to his Wikipedia profile . We're everywhere.
Excellent - Insecure.org has updated their list of the
Top 100 Security Tools.
Interesting -
ZoneCD: The Secure Way to Share Your Internet Connection. Some really good tips on securing wireless and also providing a safe/secure public wifi access facility.
Saturday 12 August 2006 at 07:29 am
A few news tidbits about
IBM buying
FileNet for a rather vast amount of $$$:
*
ArsTechnica
*
Ed Brill
The new versions of FileNet seem much better than the previous versions but you still can't help thinking its over complicated - you've got the FileNet components, BEA WebLogic, Verity, SQL, Apache, IIS and LDAP. A problem with any one companent can mean big problems for the system as a whole.
Don't get me wrong - FileNet does cool stuff - you get a web front-end and an Office integration component providing basic DMS services along with workflow and records management features.
I wonder where this leaves Domino Doc ?
It'll be interesting to see what IBM does with this . . .
Thursday 10 August 2006 at 4:23 pm
My Shuffle/iTunes combination seems to be 'randomly' selecting the same stuff for me to listen to so I went and ripped a bunch of my older CD's to enhance my listening-experience.
So this week I've been listening to
Can,
Godflesh,
Neu!,
Bomb The Bass,
Sonic Youth, Wormhole,
Tindersticks ,
Stereolab, Tricky,
Henry Rollins (Spoken Word),
Nick Drake,
Ciccone Youth,
Straitjacket Fits,
Shonen Knife,
Experimental Audio Research,
Mercury Rev,
Sleater Kinney,
Chills,
Queens of the Stone Age,
Chemical Brothers,
Screaming Trees,
The 3D's,
The Terminals
Thursday 10 August 2006 at 08:43 am
As a keyboard snob with an appreciation for buckling-spring mechanisms I thought I'd create a new Blosxom category to point to my (largely irrational) preference for clacking over squishing keys -
*
The Model M Keyboard - definitive.
*
Enduro Pro claims to be modelled on the classic IBM Type M (right down to the thumb-stick) - however the presence of a 'Windows' key does let it down in my eyes.
*
Dans Data Article on the Model M - interesting reading.
*
Matias Tactile Pro - remake of the classic Apple Extended keyboard. I actually really like the feel of the original Mac/Mac Plus keyboards but I suspect its almost impossible to get them to work with a modern PC/Mac due to their oddball phone-jack type interface.
Tuesday 08 August 2006 at 07:17 am
As a total Apple-fanboy I can't go without mentioning the cool stuff previewed at Apples World Wide Developer Conference this year.
Coverage of Steves Keynote -
*
Engadget
*
ArsTechnica
Engadget reported 600000 hits during the coverage - hard to imagine any other tech company getting this sort of exposure for anything.
The new hardware looks great - I'm not entirely certain if 'Leopard' will offer a compelling reason to upgrade the OS though. Shame they can't beat Vista out the door.
As usual I can't afford any of it but its nice to look
Tuesday 08 August 2006 at 07:08 am
I'd never heard
Boris before - only read the reviews and comparisons with other artists.
Luckily
YouTube comes to the rescue.
Heres a 50min video of
Boris playing live at the unitarian church in 2005.
The first 5min are just the warm up before the drone transforms into some serious riffing.
I'd say they are similar to a more rock
Bardo Pond; eschewing BP's searing psychedelia for
Earth-like power chords.
Heres a recent review of their 2005 album,
Pink.
I definitely need to get some of their stuff.
Tuesday 08 August 2006 at 06:56 am
Covert web-browsing - Workfriendly -
Browse the interweb via something that looks like a Word window.
Two brilliant photos depicting a high concentration of genius -
1958: Jazz Musicians in Harlem (Basie, Gillespie, Mingus, Monk) and
1927: Physicists at Solvay (Einstein, Curie, Bohr, Shrodinger, Heisenberg).
Interesting
Poor Mans Thumper. Shame they're not looking towards a linux/zfs combo with a smaller footprint. Nice idea though.
Long running experiments -
Longest Running Scientific Experiments. One of them is a clock at Otago University in NZ which has been running without winding since 1864 and relies on temperature fluctuations in an airtight container.
Awhile back Mark Russinovich of the excellent Sysinternals (creators of the excellent Filemon, ProcessExplorer and many many more tools) site moved to Microsoft. He discusses
his first week at Microsoft.
Joels Spolsky - the first in a series -
Three Management Methods. Useful for any IT manager.
Spoof
comic ads by Alan Moore.
Monday 07 August 2006 at 09:17 am
I can't believe the level of confidence required to trawl Suns campus and come away with a brand spanking new
Thumper storage server. This sort of passion is to be commended
Wednesday 02 August 2006 at 4:03 pm
Sweet Bejesus!
I'm not a graphics card nut but I came across this on
Hack the Planet:
*
NVidia Quadro Plex
A video card that comes in its own external enclusure. Up to 2Gb RAM and 4 GPU's.
Amazing stuff.
Soon video cards will come with their own embedded operating systems
Tuesday 01 August 2006 at 11:13 am
Interesting -
Considering an offer to Manage an IT Team. I'm way to easy going to manage anyone but theres useful advice for anyone who is considering it. I think I rely to much on peoples own motivation to do whats required - you soon find out that some people just do the very bare minimum to get by; encouraging them to contribute to the team again is a real art.
Ed Brill (a Domino/Notes guy) discusses the requirements for
Exchange 2007. It looks like Microsoft are relying on Moores law to come to their rescue. You also wonder if the requirements are designed so as to discourage upgrades and encourage clean installs on a new box and migrate.
Just a little tongue in cheek -
Samsung Q1 UMPC vs Apple Newton. Someone needs to invent a
top trumps for PC geeks. 2.5 hours is pretty miserable battery life on the Q1 though (30 hours on the Newton is optimistic if you use the backlight, modem or network for any length of time); my old Psion 3a would last about a month on a pair of AA's.
I need to try this -
Fix underexposed pictures. I have plenty of non-digital pictures which I managed to botch and came out way to light - after scanning them in they lack vibrancy.
iTunes for your paperwork -
Kip. Looks like an interesting idea. They should make this into a more generic personal document management system.
Kind of true -
Death of the commandline. This is the kind of thing that spawned the GUI in the first place. You could look up the obscure command that you'll use once in a blue-moon or you could just use the GUI.
Speaks volumes for the mentality of troops in Iraq -
"I came over because I wanted to kill people". I'm also tempted to say an armed forces or police recruiting system should weed out rednecks and psychos but then I guess they'd be mixed in with the general population. At least if they're concentrated in a few places you can keep an eye on them.
Nasty but clever -
USB Social Engineering. So many clever ways to circumvent security. Definitely something to be said for locking down the desktop.
Simple but addictive Game Boy Advance carts from -
Bit Generation.
Commandline image manipulation via
feh. Nice name.
This looks really useful -
Gorilla Tape. Duct tape is really really useful but sometimes the stickability leaves a little to be desired.
My permalinks are broken which is annoying. Seem fine in cgi mode - just an incorrect file reference in static mode. Off to bug the Blosxom mailing list . . .
