* The probability of a write failure is pretty small (usually in the legalise small print) but this small possibility increases as disk space increases (which is why a generic RAID of small disks is more reliable than a RAID of really big disks). Those consumer grade 500Gb and 1Tb disks are looking slightly less attractive now. In a failure situation if a disk dies and you goto reconstruct the array you could conceivably end up with a second failure due to a tiny write error - then you're screwed.
* NetApp get around this by using a variation on RAID 6 DP (like RAID 5 but with two parity disks) - any performance hit (and its significant if you set this up using a normal controller) is offset by NetApps smart controller (thats why storage vendors charge a premium for data security). This problem and NetApps response is vividly illustrated in this post to the 'Toaster' (NetApp nickname) mailinglist.
* Fibre-channel is big with Unix shops and iSCSI is big with Windows shops. Surprisingly NFS over IP is still popular in Unix-land too.
* Snapshotting now encompasses databases and mailstores. The snapshot facility places a much much lower performance overhead than a similar EMC device (granted they would say that). Apparently companies are moving away from tape based backup to disk based - keeping tapes around purely for occassional snapshots and compliance reasons.
* NetApp do 'thin provisioning' - essentially you can lie about your storage capacity (present 1 physical TB as 2 virtual TB). This was apparently implemented based upon lies developers would tell their admins, dba's and storage managers - once everyone had added in their own comfort factor it was discovered that only about 40% of the capacity was utilised and the rest was wasted. Pooling storage in a NAS or SAN and over-subscribing it means you can shuffle the space around depending on your needs at that time. Apparently the key is the forecasting tools which will help you to predict when you'll run out of space. It also tends to work better in multi-terabyte shops rather than gigabyte shops.
* You can now stream snapshots between filers in different locations (for DR / BCP / Replication) over any IP link (one NZ client does this over dialup to a location half way around the world) - this is possible due to the small 4k block size used by NetApp for storage - at the device level it only replicates changed blocks rather than the entire changed file.
Its always nice to hear vendor 'war stories' - apparently after eBay had their extended site outage in 2001 they called in Oracle who looked into the database side and found no problem with the backend software, some more (extensive) digging pinpointed the fault in disk firmware code - when the disk faulted the error was propogated up through the application layers and eventually killed the site. After this Oracle came up with their HARD initiative (essentially a database designed and implemented for the extremely paranoid) which computes its own checksums on data as its written (so it provides an extra layer of redundancy over the storage layer).
Another interesting Oracle specific tale outlined their datacenter - which uses blades and NetApp appliances extensively (storing petabytes of data). The interesting thing is that they worked through the economics of using a Fibre Channel HBA infrastructure for their blades and went with NFS over IP instead - working out that 1 x blade + 2 FC HBA's (for redundancy) was much more expensive than 1 x blade + 2 built in teamed Gb NIC's (and they were willing to wear the performance penalty). NFS also allows them to manage a central pool of storage rather than carving out chunks for direct attached storage. Interesting.
Apparently a big leap of faith is for DBA's to allow the device to handle the and manage the storage rather than thinking about sindle-count. Once they get over that they can forget about the storage and focus on the database.
The video is of Slateman performed live from their Slavestate EP - this marked the beginning of their cleaner industrial sound after they pretty much invented grindcore with their first album ('Streetcleaner').
With only a drum-machine, guitar and bass they create an awesome crushing yet strangely uplifting sound.
Essentially EP lets the network administrator define certain conditions that must be met before being able to participate on the corporate LAN. In some case the tools will even allow direct you towards a quarantined location which will explain why the connection was refused and assist you to rectify the problem. For example an EP tool can direct an authorised client that fails post-connection criteria to a web page with links to security patches, antivirus software and firewall tools - it can even offer up different LAN access profiles (eg webmail or terminal services but not a direct connection).
* Wikipedia on Endpoint Security
* Wikipedia on Checkpoint Integrity a centralised EP system
* Nice flowchart tool to design EP access control for Firepass
* Flash Demo of CheckPoints Interspect appliance - actually more of an IDS/IDP (Intrudion detection sensor / Intrusion detection and prevention) system which works hand in hand with end-point solutions
* McAfee have their Host Intrusion Protection (PDF) system which integrates into their ePO framework
* Juniper have a cool Flash Demo of their IDP product (unfortunately you need to register to see it)
* ISS (who've been bought out by IBM) have Proventia - it looks like they also bought Black Ice Defender (fyi - Checkpoint bought Zone Alarm)
Security seems to be a serious growth industry given the trail of acquisitions and mergers in the small group of companies listed above.
Endpoint solutions seem to rely heavily on application and system profiling - if the app hasn't been approved or doesn't comply with a known checksum it won't run. This means someone needs to keep a constant eye on what applications and patches are likely to be installed and approve them before the endpoint solution takes remedial action. Ideal for a restricted environment but trickier for a more open environment.
Simple options that can be implemented immediately (without spending on new tools) include:
* ensuring appropriate desktop access
* centrally managed anti-virus / patching / desktop policy restrictions
* mac address restrictions on dhcp / switch ports (depends on the mobility of the client)
No track better demonstrates this than his theme for the blaxploitation flick 'Superfly' - its a similar type of film to the classic 'Shaft' but the theme carries a much more positive message than the Isaac Hayes track which has become much more popular.
Thanks to the joys of YouTube - here is Curtis performing Superfly.
I've found them a little clunky particularly with respect to finding specific locations in NZ.
These guys have kind of turned mapping on its head - Smaps is a new system which does a dynamic lookup on a location - the more information you enter the more refined the search.
Looks like a good read - Satan: A Biography.
Genius - Chaucer Blogs about his XBOX.
Wonderful flash animation - Creation battles Creator.
Mouse-over the articles - How right-wing readers view the New York Times.
EFI in Apples Intel PC's - How Apple�s Firmware Leapfrogs BIOS PCs. The good thing is you get more control - the bad thing is that it makes it trickier to install a standard Intel based OS that expects to deal with an old fashioned BIOS.
Two useful links for people who want to use legacy Mac applications in a Classic environment - Sheepshaver will run OS 9 and for more serious nostalgia MiniVmac - Run a MacOS 7 from a USB stick. I've had good experience with Basilisk too.
Interesting UI links - Mac UI Ain't All That: The Future & History of the User Interface.
I'm always on the hunt for the perfect application launcher on Windows - something like DragStrip or DragThing would be ideal - I'll give RocketDock a crack for now.
With all the interest in wireless technologies (it seems only a few years ago that Apple demo'd the AirCard in a clamshell iBook) it seems security has been a bit of an after-thought. Fine for consumers but not quite ready for an organisation to truly trust.
AirTight's SpectraGuard product is pretty much the best-of-breed when it comes to locking down your WLAN. Using a combination of server and sensor arrays you can monitor all WLAN activity within your vacinity - in fact depending on the landscape and structure-density the sensors are so good you will pickup activity 1 to 2km's away. Within minutes of entering the AirTight system we were able to spot 50 Access Points and 600 Wireless PC's.
In terms of the management console you can see the wireless name, mac address, ssid, type of security, channel, protocol, vendor and location (the sensors can triangulate location and superimpose onto a map). For each object you can view extended properties, locate, quarantine, ban, authorise/deauthorise and troubleshoot (which uses ethereal/pcap).
You can also view suspect events (rogue ap's, suspected netstumbler activity, honeypots etc) and generate all sorts of security/audit reports.
From a security perspective you can lock down your own network to participating ssid's, vendors and protocol lists (immediately reducing your profile). You can also block/disrupt/interrupt/degrade wireless connections - only a few channels per sensor; you can't wipeout wireless connectivity blockwide unless you have a lot of sensors (its nice to know that you can actively fight back against war-drivers that park up outside your building and try launching probes/attacks on your WLAN).
The interface is nice, simple and intuitive with a sensible out-of-the-box configuration. Once configured you can quite happily leave it to do its thing (eg its not high-maintenance).
Once these things start to work with Bluetooth, wireless USB and RFID you'd be able to do some pretty interesting things. Its actually pretty amazing to think that these sorts of technologies are even available given the sorts of things I suspect they'll be capable of doing in the very near future.
Time to pull out the tin-foil hat.
Wonderful - a series of Infographics by the International Network Archive. Providing some interesting data on topics such as the global arms-race, movie, fast-food and transportation.
Genius - 3D maze using CSS and DOM. Now someone just needs to turn it into Doom.
One of those things everyone should know how to do - Rsync Incremental Snapshot Backups via SSH.
On a related note - Flash - useful for Sun Solaris systems - Using Flash Archive in the Solaris Operating System for Disaster Recovery. Handy for taking system snapshots.
Interesting - Basic Introduction to OpenBSD - possibly one of the most secure out of the box OS's available.
The first font to get the movie treatment - Helvitica: The Movie.
Thrill Power Overload - Dave Bishops Blog. Dave worked on 2000AD for quite awhile and is writing a historical overview of the comic on his blog. I didn't realise he was a Kiwi according to his Wikipedia profile . We're everywhere.
Excellent - Insecure.org has updated their list of the Top 100 Security Tools.
Interesting - ZoneCD: The Secure Way to Share Your Internet Connection. Some really good tips on securing wireless and also providing a safe/secure public wifi access facility.
The new versions of FileNet seem much better than the previous versions but you still can't help thinking its over complicated - you've got the FileNet components, BEA WebLogic, Verity, SQL, Apache, IIS and LDAP. A problem with any one companent can mean big problems for the system as a whole.
Don't get me wrong - FileNet does cool stuff - you get a web front-end and an Office integration component providing basic DMS services along with workflow and records management features.
I wonder where this leaves Domino Doc ?
It'll be interesting to see what IBM does with this . . .
So this week I've been listening to
Can, Godflesh, Neu!, Bomb The Bass, Sonic Youth, Wormhole, Tindersticks , Stereolab, Tricky, Henry Rollins (Spoken Word), Nick Drake, Ciccone Youth, Straitjacket Fits, Shonen Knife, Experimental Audio Research, Mercury Rev, Sleater Kinney, Chills,
Queens of the Stone Age, Chemical Brothers, Screaming Trees, The 3D's, The Terminals
* The Model M Keyboard - definitive.
* Enduro Pro claims to be modelled on the classic IBM Type M (right down to the thumb-stick) - however the presence of a 'Windows' key does let it down in my eyes.
* Dans Data Article on the Model M - interesting reading.
* Matias Tactile Pro - remake of the classic Apple Extended keyboard. I actually really like the feel of the original Mac/Mac Plus keyboards but I suspect its almost impossible to get them to work with a modern PC/Mac due to their oddball phone-jack type interface.
Coverage of Steves Keynote -
Engadget reported 600000 hits during the coverage - hard to imagine any other tech company getting this sort of exposure for anything.
The new hardware looks great - I'm not entirely certain if 'Leopard' will offer a compelling reason to upgrade the OS though. Shame they can't beat Vista out the door.
As usual I can't afford any of it but its nice to look
Luckily YouTube comes to the rescue.
Heres a 50min video of Boris playing live at the unitarian church in 2005.
The first 5min are just the warm up before the drone transforms into some serious riffing.
I'd say they are similar to a more rock Bardo Pond; eschewing BP's searing psychedelia for Earth-like power chords.
Heres a recent review of their 2005 album, Pink.
I definitely need to get some of their stuff.
Two brilliant photos depicting a high concentration of genius - 1958: Jazz Musicians in Harlem (Basie, Gillespie, Mingus, Monk) and 1927: Physicists at Solvay (Einstein, Curie, Bohr, Shrodinger, Heisenberg).
Interesting Poor Mans Thumper. Shame they're not looking towards a linux/zfs combo with a smaller footprint. Nice idea though.
Long running experiments - Longest Running Scientific Experiments. One of them is a clock at Otago University in NZ which has been running without winding since 1864 and relies on temperature fluctuations in an airtight container.
Awhile back Mark Russinovich of the excellent Sysinternals (creators of the excellent Filemon, ProcessExplorer and many many more tools) site moved to Microsoft. He discusses his first week at Microsoft.
Joels Spolsky - the first in a series - Three Management Methods. Useful for any IT manager.
Spoof comic ads by Alan Moore.
I'm not a graphics card nut but I came across this on Hack the Planet:
* NVidia Quadro Plex
A video card that comes in its own external enclusure. Up to 2Gb RAM and 4 GPU's.
Soon video cards will come with their own embedded operating systems
Ed Brill (a Domino/Notes guy) discusses the requirements for Exchange 2007. It looks like Microsoft are relying on Moores law to come to their rescue. You also wonder if the requirements are designed so as to discourage upgrades and encourage clean installs on a new box and migrate.
Just a little tongue in cheek - Samsung Q1 UMPC vs Apple Newton. Someone needs to invent a top trumps for PC geeks. 2.5 hours is pretty miserable battery life on the Q1 though (30 hours on the Newton is optimistic if you use the backlight, modem or network for any length of time); my old Psion 3a would last about a month on a pair of AA's.
I need to try this - Fix underexposed pictures. I have plenty of non-digital pictures which I managed to botch and came out way to light - after scanning them in they lack vibrancy.
iTunes for your paperwork - Kip. Looks like an interesting idea. They should make this into a more generic personal document management system.
Kind of true - Death of the commandline. This is the kind of thing that spawned the GUI in the first place. You could look up the obscure command that you'll use once in a blue-moon or you could just use the GUI.
Speaks volumes for the mentality of troops in Iraq - "I came over because I wanted to kill people". I'm also tempted to say an armed forces or police recruiting system should weed out rednecks and psychos but then I guess they'd be mixed in with the general population. At least if they're concentrated in a few places you can keep an eye on them.
Nasty but clever - USB Social Engineering. So many clever ways to circumvent security. Definitely something to be said for locking down the desktop.
Simple but addictive Game Boy Advance carts from - Bit Generation.
Commandline image manipulation via feh. Nice name.
This looks really useful - Gorilla Tape. Duct tape is really really useful but sometimes the stickability leaves a little to be desired.
My permalinks are broken which is annoying. Seem fine in cgi mode - just an incorrect file reference in static mode. Off to bug the Blosxom mailing list . . .