Everyone who uses UPS Worldship runs as an admin. I know, we've had to put up with that -- and I wish I could say it was one of the factors in our switching to FedEx.
Our laptop users must run as admins so they can install whatever print drivers are required when they're on the road at different customer sites. Unless we're missing something really big, there is no "allow user to install printer drivers" security option in XP.
And as far as Linux being as vulnerable to a stupid user, wow you need some more exposure to it. While it may be possible to issue a "rm -rf/" as root, the ways the average user can bork things up -- web browsing allowing malicious code to execute, likelihood of damage via virus, allowing a user to uninstall something that breaks another app -- these just aren't issues with Linux.
Unfortunately enterprise settings for FireFox are a bit of a PIA to implement.
One of the settings you must have to compete with IE in an enterprise environment is auto-login (network.automatic-ntlm-auth.trusted-uris and related keys). Basically what we did was use Group Policy to launch a custom app at login. The Mozilla profile for the current user is in a random folder and the js file you need to edit is in that folder -- but even though it's randomized, if you know the parent folder's name you can easily find the child folder's name and go from there. The app scans the existing JS file line-by-line, and keeps track of certain settings which may or may not be present in the file. If the settings aren't there, we write them to the file. It's a bit more complicated than it could be.
So why don't we override everyone's JS file? Different users need different settings and nuking this file is the equivalent of losing all your settings. There are quite a few possible settings and defaults are NOT included in this file... so a change to FireFox's defaults can cause issues too. It goes without saying that this JS file is locked by the browser if it's loaded and changes can't be saved.
Like I said, a PIA. I could add/update a registry setting much easier.
... While we all agree that IE6 is pain we should not put the blame on Microsoft...
IE's been a major fail for so many reasons, it's difficult to understand why you would not blame the company responsible, in this case Microsoft. I develop for a living as well and if IE suddenly disappeared tomorrow (6, 7, 8, whatever, all of it) I would be beside myself with joy.
I don't think that at this point IE can be fixed. They used such poor, incomplete or incorrect parsing of standards for so long that they wasted whatever goodwill was generated in the first years. A site designed for any other browser is not likely to work in IE without workarounds... ugly workarounds as you know. IE8 just brings the level of crapware to a newer version -- now we have four versions of IE to support? (IE 6, IE7, IE8, IE8 in "IE7 compatibility mode" which is NOT the same as IE7).
Although I mostly agree with you (that eSATA is the current best way to go for raw speed), I don't think USB2 is fast enough considering the alternatives. As an example, my Lacie Big Disk 1TB using FireWire 800 is significantly faster than either my Maxtor One-Touch using USB2 or Lacie Brick using FireWire 400. Yes I know the Big Disk uses 2 drives in an array, but the difference is startling -- I backup my XP VM (30.5 GB as of today) in about 14 minutes on the Big Disk. It's actually much quicker than the internal drive on my 15" MacBook Pro (granted it's 3 years old). That's a little better than 2GB per minute (37MB/s). I feel like I get far less than half that on the USB2 Brick. The CPU usage is also significantly higher when using the USB2 interface than either of the FireWire interfaces. I tend to start a file copy then walk away when using USB2.
<complain>I just wish it didn't spin up, spin down, spin up, spin down, spin up etc all the time... it only stays spun up when I'm copying or accessing a significant number of files. Its fans are a bit noisy too.</complain>
And eSATA... I've been drooling over it but haven't upgraded yet... no eSATA ports on the laptop and my aircard is in the PC Express slot whenever I'm home.
"... and puts three projects at the top tier in quality of the 280 open source projects: Samba, tor, OpenPAM, and Ruby."
Our chief weapon is surprise...surprise and fear...fear and surprise....
Our two weapons are fear and surprise... and ruthless efficiency....
Our three weapons are fear, surprise, and ruthless efficiency...
and an almost fanatical devotion to the Pope....
Our four... no...
Amongst our weapons... Amongst our weaponry...
are such elements as fear, surprise...
I'll come in again.
Excerpt: Antivirus software must be installed on all domain controllers in the enterprise. Ideally, try to install such software on all other server and client systems that have to interact with the domain controllers. It is optimal to catch the virus at the earliest point, such as at the firewall or at the client system where the virus is first introduced. This prevents the virus from ever reaching the infrastructure systems that the clients depend on.
Excerpt: Because domain controllers provide an important service to clients, the risk of disruption of their activities from malicious code from a virus must be minimized. Antivirus software is the generally accepted way to lessen the risk of virus infection. Install and configure antivirus software so that the risk to the domain controller is reduced as much as possible and so that performance is affected as little as possible. The following list contains recommendations to help you configure and install antivirus software on a Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or on a Windows 2000 domain controller:
I can't believe you'd defend *not* running AV on Windows servers, that's such a terrible idea it's appalling. It shows a lack of understanding, experience and adherence to best practices from all major vendors (yes including Microsoft).
I don't care if you have a "virus" problem or "worm" problem, whether it was DNS poisoning or an infected install, when it happens you'll be more concerned with how to rebuild your servers so you minimize the downtime, then clean up the mess caused by the infestation. It's too late at that point.
You need AV on all machines, running all the time, period. It's not "magic" it's best practice.
Security 101: You should never assume you're safe because you're inside the network.
Sheesh. Perhaps with some additional exposure / training you will understand why running around with your pants down is a bad idea. And if not, Taco Bell is always hiring.
Ugh. A relatively new VM solution for the enterprise? No thanks. I'll stick with the "boring" tried and true methods not because they aren't interesting but because my employers know they can depend on me to use whatever works -- and that's why they pay me well. I would be jeopardizing my reputation by using something such as this without incredibly detailed testing.
Besides, Xen and VMWare work so well why would I lock myself into any solution which requires Windows for the host OS? I don't want my host OS big and fat, needing a virus scanner etc. I want the tiny footprint of the other options.
I have many indexes larger than 50GB on SQL Server 2000 SP4. My backup is over 600GB for *one* DB when using built-in backup (which is why I use SQL Backup). This is small. You do know how to use Profiler or the execution plan right?
Of course that won't solve a bad design but at least it will get it in the right direction.
Hardware? HP BL460c , dual Nehalems. Windows Server 2003. 8 GB of RAM (yes I know it won't use it -- we buy 8GB on all blades in preparation for our virtualization project.). No I haven't enabled PAE. Commit charge is 2.5 GB on that server right now, with a peak to 4.1GB (I had a nasty query to do and got a recursor). Largest view is over 2 billion records, summarized at the "part" level, and with which I can summarize by day, manufacturer etc in seconds. Physical partitioning (where a table uses check constraints and is segmented into several physical files) works well in 2000. Replication of anything except a small DB is another story.
Sounds like your DBA just doesn't know what he's doing.
I have several SQL 2000 servers, the largest DB on one of them is around 1TB. We have custom software built especially for SQL 2000, and I'm waiting for some time to get familiar with SQL 2008 before I switch anything over. I have real work to do (application development, reporting etc) and an upgrade better provide some huge benefits for me to get interested in it.
Locking issues are either bad DB design, improper indexing, or bad application code. Period.
Anytime you have someone reporting news and there's an obvious conflict of interest, you need to take it with a large chunk of salt. This reporter stands to financially gain from this article (by the fact that it attempts to harm a competitor of her employer).
Although my job no longer involves troubleshooting virus incidents (and instead involves setting policy to avoid them in the first place), I feel bad for the people who have to deal with this mess. A few years back, our company was hit by Nimda, Melissa, and "I Love You" viruses when using Symantec AV. Since that time we've done 3 things that have prevented any infestations within the last 3 years:
We centralized Trend Micro AV, which seems to do a good job for laptop / VPN users.
We contracted an appliance, monitored by a security team, which does 24/7 blacklisting as well as stateful packet inspection. It's not that expensive when you have a few hundred employees.
We went with Trend for the Exchange AV as well. Some days we have more than 100K spam/virus emails stopped by the combination of the appliance + Trend for Exchange.
YMMV. I have Excel 2002 on my machine and I prefer OpenOffice. I mostly do simplistic charts/graphs and drop in 1K-20K row datasets for analysis though. Text-to-columns in OO works well for me.
OTOH, Excel likes to mangle leading zeros -- unless I'm very careful and also password-protect data, when I send out a spreadsheet for manual completion invariably I get a copy back that's had the leading zeros dropped. Otherwise so long as you turn off Clippy and customize it a bit, Excel is probably the best of the Microsoft Office software.
Oh, except for 2007. Training people on that has been a royal PIA. What were they thinking?
Wow you sound ignorant. For a "security engineer" you need more training, or more exposure to the real world.
HINT: The real world doesn't run Vista or Windows 7 in a business environment. The ones who run Windows tend to run XP, which is a sieve security-wise. The latest unpatchable exploits are just another demonstration of the lack of security focus at Microsoft, which if you've been around long at all you must recognize as a pattern.
As for the "shill" comment -- considering your comment history, one has to wonder if you are being paid for your comments, as they fly in the face of reality as we know it. Of course the possibility is that you're some Best Buy or Office Depot employee playing "security engineer" on the weekends. In either event, I pity you.
Could it be because Windows XP Home (still a very widely distributed version among Windows-using households) only allows 5 simultaneous connections and Apple wanted to keep things simple? This way if iTunes on OSX supports more that's great, and if it doesn't there's no harm done.
Apple is all about making things work with a minimum of fuss. Nowadays people have several computers at home and the average Joe won't be able to understand why it doesn't just work if you aren't upfront about it. http://support.microsoft.com/kb/314882
I know -- bad form to reply to myself etc etc. but it occurred to me that you may not be familiar with how this SAN applies storage.
Your RAID 5 partition allocated to this server (think of it like a slice of the whole pie) is smaller than the total SAN storage. In a "normal" single-server storage environment you probably allocate all space among the local drives. Each hardware RAID partition usually goes on separate drives, so that if you have 7 drives and need 2 partitions one of which is RAID-5, at least 3 of the drives must be used to create the RAID-5. In this SAN, it stripes across *all* drives even though it obviously doesn't take up the whole drive of each. Your other slices do the same thing. A RAID-1 partition is striped on the same drives which are striped as RAID-5, similar to how Linux software RAID works (without the performance penalties). So your data has more spindles which increase as you add drives, also each spindle has less data to deal with for your slice (unless you grow your slice).
You group drives together -- primary storage with your fast drives and secondary with your big slow drives for instance. If all the SAN storage for that group isn't allocated (for instance we have like 2.5 TB out of 3.5TB allocated) and a drive fails, the total SAN storage for that group is reduced by the amount of whatever drive(s) failed yet you still have a spare -- until there isn't any more total unused storage for it to sacrifice. Like a "super" RAID5.
When a drive dies, HP gets a message from the system, and we get an email that a drive died (which drive, capacity, model etc). It ships out from HP that same day and we go down to the colo and replace it. (That's a colo issue -- outside techs have to be escorted and replacing a drive is simple so we just drive there and don't request an HP tech). So management-wise it's a snap.
I haven't yet tested SAN-to-SAN replication (we're in this recession or something, funding is tough to get) but that's a whole other level of benefits.
The management overhead using local vs consolidated storage is significant. We've been able to reduce worries and speed disk access with the SAN. That was a win for the techs and management.
There's not a direct comparison with RAID on an individual server and RAID on the EVA4400. Yes it's still a RAID5 (safety is most important to us) but the leveling aspect of the SAN provides additional performance. If I want to increase performance I add drives to the SAN and give them to that slice I've allocated for this server. No rebuilding necessary. When you're talking TB of storage that's sweet. Look into it if you've got the budget -- around 60k gets you 16 x 146GB drives and another 8 x 400GB drives for your second tier storage.
We moved from the battery-backed 5i controller on the DL380's (7x 15K drives in an MSA30) to the BL460c's and the EVA4400 (using basically the same 15K drives, but with 16 of them -- Exchange, a.8TB SQL server and a few fileservers also access this space).
The disk speed increase was enormous -- it really blew us away. What used to take between 3 and 4 hours can be done in about 8 minutes now.
IMHO using physical drives is much safer than using the SSD's and to scale up all we do is add additional shelves & drives. If you have more than a handful of servers, get a SAN. Easier management than having to play with each individual machine, I don't have the time or patience for that.
I have a 15-year-old daughter with a texting plan. Her constant texting -- when we're at the movie theater, when we're at the grocery store, when we're watching TV on the sofa, when we're driving somewhere -- drives me crazy too. I can't have a clear conversation with her when that damn thing is going off constantly. Suggesting she turn it off is taken as if I'm asking her to amputate her leg (and as the noncustodial parent with an uncaring ex I can't really force the issue).
I was always brought up that you don't answer the phone when you have company, unless there's some unavoidable event. It makes the person you're with feel like a third wheel if you bring out the phone and maddeningly punch buttons while they're trying to maintain eye contact with you and have a conversation. That's usually the opposite from your intended reaction in having them over in the first place.
Slashdot Mirror
Everyone who uses UPS Worldship runs as an admin. I know, we've had to put up with that -- and I wish I could say it was one of the factors in our switching to FedEx.
/" as root, the ways the average user can bork things up -- web browsing allowing malicious code to execute, likelihood of damage via virus, allowing a user to uninstall something that breaks another app -- these just aren't issues with Linux.
Our laptop users must run as admins so they can install whatever print drivers are required when they're on the road at different customer sites. Unless we're missing something really big, there is no "allow user to install printer drivers" security option in XP.
And as far as Linux being as vulnerable to a stupid user, wow you need some more exposure to it. While it may be possible to issue a "rm -rf
Unfortunately enterprise settings for FireFox are a bit of a PIA to implement.
One of the settings you must have to compete with IE in an enterprise environment is auto-login (network.automatic-ntlm-auth.trusted-uris and related keys). Basically what we did was use Group Policy to launch a custom app at login. The Mozilla profile for the current user is in a random folder and the js file you need to edit is in that folder -- but even though it's randomized, if you know the parent folder's name you can easily find the child folder's name and go from there. The app scans the existing JS file line-by-line, and keeps track of certain settings which may or may not be present in the file. If the settings aren't there, we write them to the file. It's a bit more complicated than it could be.
So why don't we override everyone's JS file? Different users need different settings and nuking this file is the equivalent of losing all your settings. There are quite a few possible settings and defaults are NOT included in this file... so a change to FireFox's defaults can cause issues too. It goes without saying that this JS file is locked by the browser if it's loaded and changes can't be saved.
Like I said, a PIA. I could add/update a registry setting much easier.
... While we all agree that IE6 is pain we should not put the blame on Microsoft...
IE's been a major fail for so many reasons, it's difficult to understand why you would not blame the company responsible, in this case Microsoft. I develop for a living as well and if IE suddenly disappeared tomorrow (6, 7, 8, whatever, all of it) I would be beside myself with joy.
I don't think that at this point IE can be fixed. They used such poor, incomplete or incorrect parsing of standards for so long that they wasted whatever goodwill was generated in the first years. A site designed for any other browser is not likely to work in IE without workarounds... ugly workarounds as you know. IE8 just brings the level of crapware to a newer version -- now we have four versions of IE to support? (IE 6, IE7, IE8, IE8 in "IE7 compatibility mode" which is NOT the same as IE7).
It's Microsoft's fault, totally.
What do you mean? Don't chicks dig people who design cranes? You could always use that as a pickup line or something...
Although I mostly agree with you (that eSATA is the current best way to go for raw speed), I don't think USB2 is fast enough considering the alternatives. As an example, my Lacie Big Disk 1TB using FireWire 800 is significantly faster than either my Maxtor One-Touch using USB2 or Lacie Brick using FireWire 400. Yes I know the Big Disk uses 2 drives in an array, but the difference is startling -- I backup my XP VM (30.5 GB as of today) in about 14 minutes on the Big Disk. It's actually much quicker than the internal drive on my 15" MacBook Pro (granted it's 3 years old). That's a little better than 2GB per minute (37MB/s). I feel like I get far less than half that on the USB2 Brick. The CPU usage is also significantly higher when using the USB2 interface than either of the FireWire interfaces. I tend to start a file copy then walk away when using USB2.
<complain>I just wish it didn't spin up, spin down, spin up, spin down, spin up etc all the time... it only stays spun up when I'm copying or accessing a significant number of files. Its fans are a bit noisy too.</complain>
And eSATA... I've been drooling over it but haven't upgraded yet... no eSATA ports on the laptop and my aircard is in the PC Express slot whenever I'm home.
"... and puts three projects at the top tier in quality of the 280 open source projects: Samba, tor, OpenPAM, and Ruby."
Our chief weapon is surprise...surprise and fear...fear and surprise....
Our two weapons are fear and surprise... and ruthless efficiency....
Our three weapons are fear, surprise, and ruthless efficiency...
and an almost fanatical devotion to the Pope....
Our four... no...
Amongst our weapons... Amongst our weaponry...
are such elements as fear, surprise...
I'll come in again.
Excerpt:
Antivirus software must be installed on all domain controllers in the enterprise. Ideally, try to install such software on all other server and client systems that have to interact with the domain controllers. It is optimal to catch the virus at the earliest point, such as at the firewall or at the client system where the virus is first introduced. This prevents the virus from ever reaching the infrastructure systems that the clients depend on.
Oh, here's the Microsoft recommendation for AV for modern servers. http://support.microsoft.com/kb/822158
Excerpt:
Because domain controllers provide an important service to clients, the risk of disruption of their activities from malicious code from a virus must be minimized. Antivirus software is the generally accepted way to lessen the risk of virus infection. Install and configure antivirus software so that the risk to the domain controller is reduced as much as possible and so that performance is affected as little as possible. The following list contains recommendations to help you configure and install antivirus software on a Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or on a Windows 2000 domain controller:
I can't believe you'd defend *not* running AV on Windows servers, that's such a terrible idea it's appalling. It shows a lack of understanding, experience and adherence to best practices from all major vendors (yes including Microsoft).
I don't care if you have a "virus" problem or "worm" problem, whether it was DNS poisoning or an infected install, when it happens you'll be more concerned with how to rebuild your servers so you minimize the downtime, then clean up the mess caused by the infestation. It's too late at that point.
You need AV on all machines, running all the time, period. It's not "magic" it's best practice.
Security 101: You should never assume you're safe because you're inside the network.
Sheesh. Perhaps with some additional exposure / training you will understand why running around with your pants down is a bad idea. And if not, Taco Bell is always hiring.
Ugh. A relatively new VM solution for the enterprise? No thanks. I'll stick with the "boring" tried and true methods not because they aren't interesting but because my employers know they can depend on me to use whatever works -- and that's why they pay me well. I would be jeopardizing my reputation by using something such as this without incredibly detailed testing.
Besides, Xen and VMWare work so well why would I lock myself into any solution which requires Windows for the host OS? I don't want my host OS big and fat, needing a virus scanner etc. I want the tiny footprint of the other options.
I have many indexes larger than 50GB on SQL Server 2000 SP4. My backup is over 600GB for *one* DB when using built-in backup (which is why I use SQL Backup). This is small. You do know how to use Profiler or the execution plan right?
Of course that won't solve a bad design but at least it will get it in the right direction.
Hardware? HP BL460c , dual Nehalems. Windows Server 2003. 8 GB of RAM (yes I know it won't use it -- we buy 8GB on all blades in preparation for our virtualization project.). No I haven't enabled PAE. Commit charge is 2.5 GB on that server right now, with a peak to 4.1GB (I had a nasty query to do and got a recursor). Largest view is over 2 billion records, summarized at the "part" level, and with which I can summarize by day, manufacturer etc in seconds. Physical partitioning (where a table uses check constraints and is segmented into several physical files) works well in 2000. Replication of anything except a small DB is another story.
If you're having to call Microsoft for SQL Server support you're either bleeding edge or bleeding incompetent -- your pick.
Sounds like your DBA just doesn't know what he's doing.
I have several SQL 2000 servers, the largest DB on one of them is around 1TB. We have custom software built especially for SQL 2000, and I'm waiting for some time to get familiar with SQL 2008 before I switch anything over. I have real work to do (application development, reporting etc) and an upgrade better provide some huge benefits for me to get interested in it.
Locking issues are either bad DB design, improper indexing, or bad application code. Period.
Mod parent and GP up.
Anytime you have someone reporting news and there's an obvious conflict of interest, you need to take it with a large chunk of salt. This reporter stands to financially gain from this article (by the fact that it attempts to harm a competitor of her employer).
BOO! (but funny though)
Although my job no longer involves troubleshooting virus incidents (and instead involves setting policy to avoid them in the first place), I feel bad for the people who have to deal with this mess. A few years back, our company was hit by Nimda, Melissa, and "I Love You" viruses when using Symantec AV. Since that time we've done 3 things that have prevented any infestations within the last 3 years:
YMMV. I have Excel 2002 on my machine and I prefer OpenOffice. I mostly do simplistic charts/graphs and drop in 1K-20K row datasets for analysis though. Text-to-columns in OO works well for me.
OTOH, Excel likes to mangle leading zeros -- unless I'm very careful and also password-protect data, when I send out a spreadsheet for manual completion invariably I get a copy back that's had the leading zeros dropped. Otherwise so long as you turn off Clippy and customize it a bit, Excel is probably the best of the Microsoft Office software.
Oh, except for 2007. Training people on that has been a royal PIA. What were they thinking?
Wow you sound ignorant. For a "security engineer" you need more training, or more exposure to the real world.
HINT: The real world doesn't run Vista or Windows 7 in a business environment. The ones who run Windows tend to run XP, which is a sieve security-wise. The latest unpatchable exploits are just another demonstration of the lack of security focus at Microsoft, which if you've been around long at all you must recognize as a pattern.
As for the "shill" comment -- considering your comment history, one has to wonder if you are being paid for your comments, as they fly in the face of reality as we know it. Of course the possibility is that you're some Best Buy or Office Depot employee playing "security engineer" on the weekends. In either event, I pity you.
Could it be because Windows XP Home (still a very widely distributed version among Windows-using households) only allows 5 simultaneous connections and Apple wanted to keep things simple? This way if iTunes on OSX supports more that's great, and if it doesn't there's no harm done.
Apple is all about making things work with a minimum of fuss. Nowadays people have several computers at home and the average Joe won't be able to understand why it doesn't just work if you aren't upfront about it. http://support.microsoft.com/kb/314882
LOL iOwned.
greeeattt gam i plyd it just now wheeee!!
I know -- bad form to reply to myself etc etc. but it occurred to me that you may not be familiar with how this SAN applies storage.
Your RAID 5 partition allocated to this server (think of it like a slice of the whole pie) is smaller than the total SAN storage. In a "normal" single-server storage environment you probably allocate all space among the local drives. Each hardware RAID partition usually goes on separate drives, so that if you have 7 drives and need 2 partitions one of which is RAID-5, at least 3 of the drives must be used to create the RAID-5. In this SAN, it stripes across *all* drives even though it obviously doesn't take up the whole drive of each. Your other slices do the same thing. A RAID-1 partition is striped on the same drives which are striped as RAID-5, similar to how Linux software RAID works (without the performance penalties). So your data has more spindles which increase as you add drives, also each spindle has less data to deal with for your slice (unless you grow your slice).
You group drives together -- primary storage with your fast drives and secondary with your big slow drives for instance. If all the SAN storage for that group isn't allocated (for instance we have like 2.5 TB out of 3.5TB allocated) and a drive fails, the total SAN storage for that group is reduced by the amount of whatever drive(s) failed yet you still have a spare -- until there isn't any more total unused storage for it to sacrifice. Like a "super" RAID5.
When a drive dies, HP gets a message from the system, and we get an email that a drive died (which drive, capacity, model etc). It ships out from HP that same day and we go down to the colo and replace it. (That's a colo issue -- outside techs have to be escorted and replacing a drive is simple so we just drive there and don't request an HP tech). So management-wise it's a snap.
I haven't yet tested SAN-to-SAN replication (we're in this recession or something, funding is tough to get) but that's a whole other level of benefits.
The management overhead using local vs consolidated storage is significant. We've been able to reduce worries and speed disk access with the SAN. That was a win for the techs and management.
There's not a direct comparison with RAID on an individual server and RAID on the EVA4400. Yes it's still a RAID5 (safety is most important to us) but the leveling aspect of the SAN provides additional performance. If I want to increase performance I add drives to the SAN and give them to that slice I've allocated for this server. No rebuilding necessary. When you're talking TB of storage that's sweet. Look into it if you've got the budget -- around 60k gets you 16 x 146GB drives and another 8 x 400GB drives for your second tier storage.
We moved from the battery-backed 5i controller on the DL380's (7x 15K drives in an MSA30) to the BL460c's and the EVA4400 (using basically the same 15K drives, but with 16 of them -- Exchange, a .8TB SQL server and a few fileservers also access this space).
The disk speed increase was enormous -- it really blew us away. What used to take between 3 and 4 hours can be done in about 8 minutes now.
IMHO using physical drives is much safer than using the SSD's and to scale up all we do is add additional shelves & drives. If you have more than a handful of servers, get a SAN. Easier management than having to play with each individual machine, I don't have the time or patience for that.
Mod parent up.
I have a 15-year-old daughter with a texting plan. Her constant texting -- when we're at the movie theater, when we're at the grocery store, when we're watching TV on the sofa, when we're driving somewhere -- drives me crazy too. I can't have a clear conversation with her when that damn thing is going off constantly. Suggesting she turn it off is taken as if I'm asking her to amputate her leg (and as the noncustodial parent with an uncaring ex I can't really force the issue).
I was always brought up that you don't answer the phone when you have company, unless there's some unavoidable event. It makes the person you're with feel like a third wheel if you bring out the phone and maddeningly punch buttons while they're trying to maintain eye contact with you and have a conversation. That's usually the opposite from your intended reaction in having them over in the first place.