My server at home have a script that saves every file that arrives at a specified folder in dropbox to a usb disk and a local disk... And deletes it from dropbox! Ho... And writes a log in another dropbox folder so i can check remotely. Best solution for me. I can upload from anywhere and only limited by the size of my home storage.
Which sounds great until you come home and your house burns to the ground, destroying your camera, memory cards, and the "backed up" copies of your photos.
I just pay Amazon 10 cents/GB/month to keep my important data around. For under $25/month I have redundant copies of my data, and an EC2 server.
I used to think that if my house caught on fire, the first thing I'd grab is my backup hard drive, but now that everything important lives on S3, I'm more likely to grab my wife first. Or the dog. Still not sure.
None of this is a problem. There is a paint available that makes it very hard to photograph your license plate and as far as I can tell, this is a great thing.
This paint is designed to overexpose photos from cameras that use a flash to illuminate the license plate (i.e. most redlight cameras). It's doubtful that these cameras are using a powerful flash to illuminate each passing car or they wouldn't be so stealthy.
There's nothing I hate more than going to a mobile web site, getting a nagging popup telling me to download their app, and then finding out that the app gives me less functionality than the web site.
Just build a good mobile website. Modern mobile web browsers have become quite capable and there are fewer and fewer advantages to an app. And I really don't want to download an app for every webpage I frequent, that's what bookmarks are for.
Dude, you're doing all that...on an Atom? Doesn't it drag ass? if it were me I'd replace that sucky Atom with a cheap Phenom X4e, those support ECC and can be had for $62. Figure in $30 for an AM2+ board and $20 for a 2Gb RAM stick and for less than $115 you'd have a machine that would be a HELL of a lot faster than an Atom at multitasking.
It runs surprisingly well, I get around 15MB/second write speeds (and over 30MB/second read) which is more than I need for what I use it for. About the only time I notice it being slow is after I've ripped a movie from DVD and am copying it over to the fileserver. Most of the time I access it via Wifi so the disk is faster than the network. It's used only as a headless fileserver, no windowing system is installed so I don't need to worry about interactive performance.
I thought adding the webcams and zoneminder would push it over the edge, but even with doing motion detection on the 3 cams, the CPU hovers around 30% utilization, so I really have no complaints with the performance.
Not too bad for 35 watts of power (including the UPS). The TDP of the Phenom is 95W, and the motherboard is probably not all that power efficient either, so I'd probably at least double my power consumption if I went with a faster CPU. The Atom costs me around $50/year in electricity to run,so if I doubled the power consumption, it'd cost me around $100/year.
Yeah. And if there were grocery stores that allowed people to pay for food on the honor system, I bet most people would do that, too.
My grocery store hands me a scanner when I get there. As I shop, I scan each item and put it in my own bags. When I'm through, I simply swipe a credit card and leave. The convenience is amazing, and I wouldn't do anything to jeopardize that privilege, so I don't slip in un-scanned items, or scan cheaper items or anything like that. The honor system works very well for both of us. I go out of my way to shop at the store that gives me that option.
Not to mention the ubiquitous self-checkout lanes that seem to be in just about every grocery and home improvement store. It's trivially easy to slip stuff by - the sole employee that oversees 4 or 6 lanes can't keep an eye on everyone all the time, especially when they spend half their time helping people look up the code for some random vegetable.
So what am I supposed to do about all the kernel panics and absurdly slow IO and transfer speeds?
I thought ZFS ran in userland on Linux - how does it cause kernel panics?
In any case, I've been running zfs (raid-z) on a home Ubuntu based fileserver for over 2 years without a single kernel panic (record uptime was 9 months before I rebooted to apply updates).
This fileserver is used to stream movies, as well as act as a DVR for 3 home security cameras, and is the backup target for several Windows computers so it gets a fair bit of use.
You're right about slow I/O though.. it's not nearly as fast as hardware RAID would be, during heavy I/O the CPU power of the Atom processor is a limiting factor.
that should such a button ever come into existence, its largest affect would be upon the RIAA and MPAA themselves.
why do i pirate? because hollywood has a track record of terrible films. it used to be critics would help me decide if a movie were worth the $12 theatre admission but now that hollywood owns them all, its impossible to decide what film ill like and what film i wont. trailers are designed to hype the films premise by any means; whatever it takes for the dog to bite. I pirate because its more reasonable to delete the movie i hate, than to expect a refund after having sat through it at a theater. I also pirate the film because its a more usable format than a DVD or blu-ray, which require me to purchase needless accessory players and cables to do that which im perfectly capable of with a computer.
I think you're making up reasons to justify why you don't feel that you should have to pay for content that costs real money to make.
You don't need to download a pirated movie to avoid paying to see it at the theater. You can wait 6 months until the DVD comes out.
Likewise, you don't need to pay $25 for a new DVD, wait another few months until the used DVD's are available for purchase. (buying used puts less money in the movie industry's pocket, but still provides them with some revenue since many of the people selling used DVDs use the money to buy a new one)
I have hundreds of movies on my home computer that I can stream to any computer in the house (including the media PC near the TV), all ripped from DVD's. The original DVD's are in a DVD wallet downstairs.
I don't pirate movies for the same reason I don't steal other things. If I think a movie is overpriced or too crappy to own, then I don't watch it. Simple. There are lots of other ways I can spend my time so I don't feel compelled to download and watch a movie that's not worth a $5 purchase.
Your argument is kind of like saying "Starbucks muffins are overpriced (and taste like crap anyway), so I always steal some just before they close the store. It's not hurting anyone since they are going to throw them away anymore, and when I steal them, they don't come in a bag so they are more convenient for me to eat"
If my VMware cluster has problems, not having the vCenter server around makes it harder to get things working again
Not sure why it would - why not just use vSphere client to connect directly to the host/s? If you're running HA, you can try the SuSE/Postgresql based VMWare vCenter Server Appliance.
You can't, (or at least you couldn't at the time, not sure about vSphere 5), initiate any vmotions without vcenter, so when you have an esx host with intermittent storage connectivity problems that made your vCenter VM hang, you can't easily vmotion the remaining VM's off of that physical host without vCenter.
I've actually tested this at my work environment with a web server.
4 Identical servers, 3 Normal, 1 with a VM that consumed all the resources of that box.
the VM was 1/3rd of an identical server, more or less. If the web server was at 20% cpu, the VM would be 60-70% with the exact same traffic (load balanced between the servers, ignoring CPU as the load balanced parameter)
Response times were 2-3x higher as well.
That is what happens when all your network and disk IO has to go through the CPU.
10 gigabit would throttle a CPU. Why I believe they have a way to bypass the hypervisor to get to the direct hardware to get performance.
But in that situation, why have the VM?
Disclaimer: This was a number of years ago and things *may* have improved, but I think it is an aspect of abstracting the hardware that is causing the issue.
If the VM was 1/3 of a physical server, and the physical server was using 20% of the CPU, wouldn't you expect the VM to be at at least 60% utilization plus a bit for overhead? So your 60 - 70% range sounds like it's right where it should be.
Try using the paravirtual drivers, they do help you save a few percent of CPU overhead especially if you have heavy network requirements.
I don't understand why response times were 2x - 3x higher though. Even at 70% CPU, you should have seen around the same response time as a server at 20% CPU utilization unless your bottleneck was elsewhere (like disk I/O)
Maybe it's just me, but best practice seems to indicate vCenter SHOULD be on a physical appliance, based upon the added benefits. Cons seem to be the same count-wise between physical and virtual instances of vCenter.
Reading the actual pros\cons list, a virtual vCenter is not a good idea....
I prefer to keep vCenter as a physical server - if my physical vCenter server goes down, my VMWare cluster can run happily along until I can restore it to new hardware. However, If my VMware cluster has problems, not having the vCenter server around makes it harder to get things working again.
The question I have for Obama is this: Who is stimulating the economy? Me, the guy who has provided 14 people good paying jobs and serves over 200,000 people per year with a flourishing business? Or, the single fat colored mammy sitting at home pregnant with her fourth child waiting for her next welfare check?
And as far as asset virtualization goes, I'm sure B. Hussein Obama doesn't give a rat's ass. For my part, I give asset virtualization two thumbs up.
Fat colored? She's kind of a dull creamy yellow? Maybe she needs more sun?
That's why BB has an optional policy that will cause a phone to wipe itself if it can't contact the server for a set amount of time. Once contact is lost a timer starts on the phone itself so no server contact is required for a wipe to occur. This is of course a double edged sword that could get triggered if a user goes on vacation but simple planning can prevent that from being an issue.
Secure Wipe Delay After IT Policy Received IT policy rule (this is the one you mentioned - if it doesn't receive an IT policy update within X hours, it wipes)
Secure Wipe Delay After Lock IT policy rule (if the user doesn't unlock the device within X hours, it wipes)
The $99 fee is per OS though. So now RedHat has paid it for Fedora. What about Debian, Ubuntu, Slackware, FreeBSD, etc. I use my own variant of TinHat Linux on my server, so will I have access to secure mode? It is not clear if you will able to run in secure boot mode with those operating systems. Of course, you have the option of turning off secure boot, but this may be challenging to the not-so-technically-inclined and it introduces a level of security that may not be available to any vendor without paying the $100 to Microsoft. Personally, I don't see this sitting well with the EU, but the US won't care.
If my favorite Linux distribution is unable to come up with the $99, I will personally donate the entire $99 to the developers so they can sign the operating system (despite the fact that I'll be able to turn off secure boot myself). It's still cheaper than buying an MS license, and everyone else who uses the distribution can take advantage of it too.
Erm. Red Hat pay $99, once. Everybody else pays nothing, ever.
The $99 basically covers Microsoft's administration costs. In business terms, this is a very nominal fee - Red Hat have spent more cash than that just investigating this issue ($99 covers maybe 3-4 hours of someone's time).
It actually looks pretty reasonable.
$99 doesn't even cover a 15 minute meeting with their attorneys to begin looking into it.
If it's off-the-shelf it's not secure. You can't know that the chip factory isn't compromised, unless you inspect it
By the same logic, no product that you did not develop, including designing the CPU and any other chips, and fabricate yourself, down to the last individual resistor and diode, is secure. Which is patently absurd, since by this logic, any sort of secure device would be nigh-unaffordable, since you'd need to set up the entire fabrication chain to build just one prototype, requiring an absurd amount of capital. A notion highlighted by the recent story on how Chinese-fabbed US military chips apparently contain a backdoor on the hardware.
Absurd as it may be, it's true.
Well, maybe you can trust the resistors, but if you really have secret data to protect, you really can't trust even a CPU to be secure - there's no telling what's hidden in the microcode or what backdoors a software or hardware manufacturer has built in to the product "just for maintenance and testing purposes" (or at a government's request).
I know that Boeing is producing a secure phone, which is no doubt good — but probably too expensive for us
If a secure, off the shelf phone is too expensive for you, you probably don't have the resources to build a secure phone yourself. Even the experts have trouble getting security right, an amateur will unknowingly leave big gaping holes.
That said, Android ICS will do full filesystem encryption, make sure you use a secure passphrase and not a 4 digit PIN. Use SSL to talk to your email server to keep that traffic from being snooped. Don't use SMS's.
Do you really need to encrypt your phone calls? Stick with a CDMA provider (supposedly it's trivial to hack GSM, but I believe CDMA is still relatively safe) and your calls are safe from all but the most determined (and well funded) eavesdropper. Unless you're worried about the US Government doing the eavesdropping, they'll just tap the call on the Telco side, so you need end-to-end encryption to protect against that.
Skype reportedly encrypts skype-to-skype calls.
But really, unless you're doing top-secret government work, your phone is the least of your worries. If the information is valuable, it's much easier to pay an employee to leak it than to steal your phone and hope to find the data stored on the phone. And if you are doing top-secret government work, a home-brew solution isn't going to meet the federal standards you'll be required to meet.
No this concept can't work at scale - 130KW means around 10,000 sq ft of solar panels -- all to power 4 blade servers. If they were in a c3000 enclosure, they could put 8 blades in 6U - so could fit 56 blades in a 42U rack.
If they need 130KW and 10,000 sq feet of solar panels to power 4 blades, they'd need 14 times more panels to power a 56 blades in a full rack, or 140,000 sq feet of panels, all to power 6 sq feet of servers.
So a small 12,000 sq foot datacenter can hold around 1000 times more servers, so you'd need 140M sq feet of panels, or around 5 square miles of solar panels.
As a consultant who works on projects for govt, I hate Office 2007 and it's "collaboration" features which are pretty much non-existant.
You mean your clients haven't paid for the collaboration capabilities. With the right version of the suite, it offers both Groove-based collaboration and collaboration via SharePoint Server. In fact, all Office 365 really offers in this department is a hosted instance of SharePoint, but you still have to set it up how you want it. Funny thing about electronic collaboration tools, though -- if nobody else is going to use them, then there's no point in you using them, either.
What is this Sharepoint based collaboration? When our Sharepoint admin said we were going to get collaboration for Office Docs via Sharepoint, I assumed it was live sharing like Google Docs, where multiple people could edit documents simultaneously, but what it turned out to be is a version control system - one person can check out and edit the doc while others can only get a read-only copy until that person checks it in.
Our admin said this is way Office collaboration works. Maybe I've been spoiled by Google, but is it true that Office collaboration in Sharepoint is just a version control system?
When you need to concentrate, just close your door. Instant privacy and silence, and it's a clear sign to others that you're working on something and shouldn't be bothered.
Oh right, people don't get offices anymore because of the vast performance improvements from the open collaborative workspace where anyone can interrupt you at any time for any inane reason. They even interrupt you inadvertently when they are talking to coworkers
I am tangentially aware of a military system that does the same thing and the way its engineered is you record to a time stamped ring buffer constantly. Meanwhile you analyze your ring buffer for a shot signature. IF you find a shot signature, then you perform a somewhat more detailed analysis to figure out the exact timestamp of firing (more or less). Then you uplink a really short data burst to central, something like "I'm sensor 23542542 and at 10:41:02.239582 I detected a shot and the local airtemp 73F and local air pressure is 1.0001 bar". Presumably central has a database of sensor locations, but if not a GPS RX on the sensor to generate timestamps works pretty well to report your presumably static location (although the.mil version I've heard about mounts on a movable APC).
Well anyway central optimistically gets about 10 reports, then its mega-triangulation time to pinpoint a location and estimated accuracy of fix.
Now if you dump the ring buffer to disk or something for possible later analysis, and the ring buffer is a minute or two (or an hour?) long, that's how you inadvertently collect street conversations.
This seems the only reasonable way to do this... any other way?
Now if you dump the ring buffer to disk or something for possible later analysis, and the ring buffer is a minute or two (or an hour?) long, that's how you inadvertently collect street conversations.
This seems the only reasonable way to do this... any other way?
Sure, there's other ways that could be considered "reasonable". Since these are permanently mounted recorders, there's no reason why they have to record audio locally and discard old recordings. There's no reason why they can't have enough data bandwidth to let them stream the audio to central audio recorders that keep audio indefinitely (purportedly for further analysis or for "quality control" purposes). Likewise, storage is so cheap that even if data was stored locally and eventually overwritten, they could easily make the retention time days, weeks, or even years, so while it's technically true that recordings are eventually overwritten, they are able to be recovered for a long time.
>>>force you to turn them off, confiscate and erase the evidence
Yes they can FORCE you to do it. That's what government is best at: Use of force to suppress natural rights. BUT you can also prosecute the cops under the law for destruction of material evidence. He would be fined or demoted.
I think you meant to say that he will receive 2 weeks on administrative leave with pay (what most of us call "vacation") while the situation is investigated, then he'll be cleared and returned to duty.
What's so scary about running COBOL? If there are systems written in COBOL that are doing what they need to do, why is that scary? You could spend millions of dollars rewriting the system in something more kick ass (not sure what's considered kick ass enough for the US Government - Java?.Net? Ruby?) and then you end up with million dollar system that does the exact same thing as the system before, except for the inevitable bugs that creep into any large software project.
Or you can start from scratch, and write new specs for the system and build a system with new kick ass functionality, then you end up spending millions getting the stakeholders together to write the specs, then millions more actually writing the new kick ass software, and decade later, it's been deployed with all of the major bugs worked out (or worked around). Except that whatever kick ass software you chose to write it in is no longer kick ass, so you need to start over again with something more kick ass.
I worked at a company like that once - the new CEO decided that the old system written in C was no longer kick ass enough, so he decreed that it had to be written in something modern and kick ass -- in this case, it was Visual Basic that was deemed kick ass enough for it. So the company spent years specing and rewriting a system to be deployed across 1500 remote locations. In testing, they found that their VSAT communications system couldn't provide enough bandwidth and adequate latency to each location, so they embarked upon an expensive project to replace all of the VSAT connections with high bandwidth wired connections (this predated DSL and other cheap ways to get fast ethernet connections). In the meantime, the core developers of the original project saw the writing on the wall and left the company to start their own consulting company - they made a killing maintaining the original system while the company focused on building the replacement.
5 years later, this 2 year project still wasn't ready for deployment, the company got bought out before the project ever got off the ground, and I'm sure the CEO got a healthy bonus for his "vision".
Linux isn't really more secure since the weakest link is always the user. There's nothing inherent in Linux that makes a Linux user less likely than a Windows user to type in his password when he sees a website popup a window that says "Disk Corruption Detected. Please enter your password to automatically fix it".
Even if the linux kernel and root owned files are secure from the user, it doesn't matter since if I want to compromise a user I don't need to write to/bin/*, I just need to write to his ~/.profile (or whatever startup scripts he runs). If there was money to be made in hacking linux (like, say, if every investment banker ran Linux as his desktop), there would be plenty of malware targeting linux.
Linux is mostly security through obscurity - aside from a few remote exploits (ssh vulnerabilities, apache vulnerabilities, etc) that can be used to take over servers, there just hasn't been a concerted effort to target Desktop Linux with malware because there's not much payback in it.
I'm not arguing that iOS isn't a "walled garden", but there are apps out there that will allow you to tunnel VNC (or even RDP) over SSH. I use iSSH and it's freakin awesome. I've used several other SSH apps, but iSSH so far is the best IMHO.
$9.99?
That is a joke, right?
That's the price of a few Starbucks Lattes, and I spend a lot more time with ssh than I do drinking a latte.
But yeah, I agonize over whether or not I really want to pay $9.99 , $1.99, or even $0.99 for an app that I'll use every day, but think nothing of buying an $8 drink after work that I'll enjoy once. Since I'm paid by the hour, the few minutes I spend reading the reviews to decide if I really want to pay $1 for the app costs me more than just buying it and trying it out.
My server at home have a script that saves every file that arrives at a specified folder in dropbox to a usb disk and a local disk ... And deletes it from dropbox! Ho... And writes a log in another dropbox folder so i can check remotely. Best solution for me. I can upload from anywhere and only limited by the size of my home storage.
Which sounds great until you come home and your house burns to the ground, destroying your camera, memory cards, and the "backed up" copies of your photos.
I just pay Amazon 10 cents/GB/month to keep my important data around. For under $25/month I have redundant copies of my data, and an EC2 server.
I used to think that if my house caught on fire, the first thing I'd grab is my backup hard drive, but now that everything important lives on S3, I'm more likely to grab my wife first. Or the dog. Still not sure.
None of this is a problem. There is a paint available that makes it very hard to photograph your license plate and as far as I can tell, this is a great thing.
This paint is designed to overexpose photos from cameras that use a flash to illuminate the license plate (i.e. most redlight cameras). It's doubtful that these cameras are using a powerful flash to illuminate each passing car or they wouldn't be so stealthy.
There's nothing I hate more than going to a mobile web site, getting a nagging popup telling me to download their app, and then finding out that the app gives me less functionality than the web site.
Just build a good mobile website. Modern mobile web browsers have become quite capable and there are fewer and fewer advantages to an app. And I really don't want to download an app for every webpage I frequent, that's what bookmarks are for.
Dude, you're doing all that...on an Atom? Doesn't it drag ass? if it were me I'd replace that sucky Atom with a cheap Phenom X4e, those support ECC and can be had for $62. Figure in $30 for an AM2+ board and $20 for a 2Gb RAM stick and for less than $115 you'd have a machine that would be a HELL of a lot faster than an Atom at multitasking.
It runs surprisingly well, I get around 15MB/second write speeds (and over 30MB/second read) which is more than I need for what I use it for. About the only time I notice it being slow is after I've ripped a movie from DVD and am copying it over to the fileserver. Most of the time I access it via Wifi so the disk is faster than the network. It's used only as a headless fileserver, no windowing system is installed so I don't need to worry about interactive performance.
I thought adding the webcams and zoneminder would push it over the edge, but even with doing motion detection on the 3 cams, the CPU hovers around 30% utilization, so I really have no complaints with the performance.
Not too bad for 35 watts of power (including the UPS). The TDP of the Phenom is 95W, and the motherboard is probably not all that power efficient either, so I'd probably at least double my power consumption if I went with a faster CPU. The Atom costs me around $50/year in electricity to run,so if I doubled the power consumption, it'd cost me around $100/year.
Yeah. And if there were grocery stores that allowed people to pay for food on the honor system, I bet most people would do that, too.
My grocery store hands me a scanner when I get there. As I shop, I scan each item and put it in my own bags. When I'm through, I simply swipe a credit card and leave. The convenience is amazing, and I wouldn't do anything to jeopardize that privilege, so I don't slip in un-scanned items, or scan cheaper items or anything like that. The honor system works very well for both of us. I go out of my way to shop at the store that gives me that option.
Not to mention the ubiquitous self-checkout lanes that seem to be in just about every grocery and home improvement store. It's trivially easy to slip stuff by - the sole employee that oversees 4 or 6 lanes can't keep an eye on everyone all the time, especially when they spend half their time helping people look up the code for some random vegetable.
So what am I supposed to do about all the kernel panics and absurdly slow IO and transfer speeds?
I thought ZFS ran in userland on Linux - how does it cause kernel panics?
In any case, I've been running zfs (raid-z) on a home Ubuntu based fileserver for over 2 years without a single kernel panic (record uptime was 9 months before I rebooted to apply updates).
This fileserver is used to stream movies, as well as act as a DVR for 3 home security cameras, and is the backup target for several Windows computers so it gets a fair bit of use.
You're right about slow I/O though.. it's not nearly as fast as hardware RAID would be, during heavy I/O the CPU power of the Atom processor is a limiting factor.
that should such a button ever come into existence, its largest affect would be upon the RIAA and MPAA themselves.
why do i pirate? because hollywood has a track record of terrible films. it used to be critics would help me decide if a movie were worth the $12 theatre admission but now that hollywood owns them all, its impossible to decide what film ill like and what film i wont. trailers are designed to hype the films premise by any means; whatever it takes for the dog to bite. I pirate because its more reasonable to delete the movie i hate, than to expect a refund after having sat through it at a theater. I also pirate the film because its a more usable format than a DVD or blu-ray, which require me to purchase needless accessory players and cables to do that which im perfectly capable of with a computer.
I think you're making up reasons to justify why you don't feel that you should have to pay for content that costs real money to make.
You don't need to download a pirated movie to avoid paying to see it at the theater. You can wait 6 months until the DVD comes out.
Likewise, you don't need to pay $25 for a new DVD, wait another few months until the used DVD's are available for purchase. (buying used puts less money in the movie industry's pocket, but still provides them with some revenue since many of the people selling used DVDs use the money to buy a new one)
I have hundreds of movies on my home computer that I can stream to any computer in the house (including the media PC near the TV), all ripped from DVD's. The original DVD's are in a DVD wallet downstairs.
I don't pirate movies for the same reason I don't steal other things. If I think a movie is overpriced or too crappy to own, then I don't watch it. Simple. There are lots of other ways I can spend my time so I don't feel compelled to download and watch a movie that's not worth a $5 purchase.
Your argument is kind of like saying "Starbucks muffins are overpriced (and taste like crap anyway), so I always steal some just before they close the store. It's not hurting anyone since they are going to throw them away anymore, and when I steal them, they don't come in a bag so they are more convenient for me to eat"
If my VMware cluster has problems, not having the vCenter server around makes it harder to get things working again
Not sure why it would - why not just use vSphere client to connect directly to the host/s? If you're running HA, you can try the SuSE/Postgresql based VMWare vCenter Server Appliance.
You can't, (or at least you couldn't at the time, not sure about vSphere 5), initiate any vmotions without vcenter, so when you have an esx host with intermittent storage connectivity problems that made your vCenter VM hang, you can't easily vmotion the remaining VM's off of that physical host without vCenter.
I've actually tested this at my work environment with a web server.
4 Identical servers, 3 Normal, 1 with a VM that consumed all the resources of that box.
the VM was 1/3rd of an identical server, more or less. If the web server was at 20% cpu, the VM would be 60-70% with the exact same traffic (load balanced between the servers, ignoring CPU as the load balanced parameter)
Response times were 2-3x higher as well.
That is what happens when all your network and disk IO has to go through the CPU.
10 gigabit would throttle a CPU. Why I believe they have a way to bypass the hypervisor to get to the direct hardware to get performance.
But in that situation, why have the VM?
Disclaimer: This was a number of years ago and things *may* have improved, but I think it is an aspect of abstracting the hardware that is causing the issue.
If the VM was 1/3 of a physical server, and the physical server was using 20% of the CPU, wouldn't you expect the VM to be at at least 60% utilization plus a bit for overhead? So your 60 - 70% range sounds like it's right where it should be.
Try using the paravirtual drivers, they do help you save a few percent of CPU overhead especially if you have heavy network requirements.
I don't understand why response times were 2x - 3x higher though. Even at 70% CPU, you should have seen around the same response time as a server at 20% CPU utilization unless your bottleneck was elsewhere (like disk I/O)
Maybe it's just me, but best practice seems to indicate vCenter SHOULD be on a physical appliance, based upon the added benefits. Cons seem to be the same count-wise between physical and virtual instances of vCenter.
http://communities.vmware.com/docs/DOC-11197
Reading the actual pros\cons list, a virtual vCenter is not a good idea....
I prefer to keep vCenter as a physical server - if my physical vCenter server goes down, my VMWare cluster can run happily along until I can restore it to new hardware. However, If my VMware cluster has problems, not having the vCenter server around makes it harder to get things working again.
The question I have for Obama is this: Who is stimulating the economy? Me, the guy who has provided 14 people good paying jobs and serves over 200,000 people per year with a flourishing business? Or, the single fat colored mammy sitting at home pregnant with her fourth child waiting for her next welfare check?
And as far as asset virtualization goes, I'm sure B. Hussein Obama doesn't give a rat's ass. For my part, I give asset virtualization two thumbs up.
Fat colored? She's kind of a dull creamy yellow? Maybe she needs more sun?
That's why BB has an optional policy that will cause a phone to wipe itself if it can't contact the server for a set amount of time. Once contact is lost a timer starts on the phone itself so no server contact is required for a wipe to occur. This is of course a double edged sword that could get triggered if a user goes on vacation but simple planning can prevent that from being an issue.
I wasn't aware of that policy, and there are a few others (from http://docs.blackberry.com/en/admin/deliverables/4222/Secure_Wipe_Delay_After_IT_Policy_Received_204226_11.jsp)
The $99 fee is per OS though. So now RedHat has paid it for Fedora. What about Debian, Ubuntu, Slackware, FreeBSD, etc. I use my own variant of TinHat Linux on my server, so will I have access to secure mode? It is not clear if you will able to run in secure boot mode with those operating systems. Of course, you have the option of turning off secure boot, but this may be challenging to the not-so-technically-inclined and it introduces a level of security that may not be available to any vendor without paying the $100 to Microsoft. Personally, I don't see this sitting well with the EU, but the US won't care.
If my favorite Linux distribution is unable to come up with the $99, I will personally donate the entire $99 to the developers so they can sign the operating system (despite the fact that I'll be able to turn off secure boot myself). It's still cheaper than buying an MS license, and everyone else who uses the distribution can take advantage of it too.
Erm. Red Hat pay $99, once. Everybody else pays nothing, ever.
The $99 basically covers Microsoft's administration costs. In business terms, this is a very nominal fee - Red Hat have spent more cash than that just investigating this issue ($99 covers maybe 3-4 hours of someone's time).
It actually looks pretty reasonable.
$99 doesn't even cover a 15 minute meeting with their attorneys to begin looking into it.
If it's off-the-shelf it's not secure. You can't know that the chip factory isn't compromised, unless you inspect it
By the same logic, no product that you did not develop, including designing the CPU and any other chips, and fabricate yourself, down to the last individual resistor and diode, is secure. Which is patently absurd, since by this logic, any sort of secure device would be nigh-unaffordable, since you'd need to set up the entire fabrication chain to build just one prototype, requiring an absurd amount of capital.
A notion highlighted by the recent story on how Chinese-fabbed US military chips apparently contain a backdoor on the hardware.
Absurd as it may be, it's true.
Well, maybe you can trust the resistors, but if you really have secret data to protect, you really can't trust even a CPU to be secure - there's no telling what's hidden in the microcode or what backdoors a software or hardware manufacturer has built in to the product "just for maintenance and testing purposes" (or at a government's request).
I know that Boeing is producing a secure phone, which is no doubt good — but probably too expensive for us
If a secure, off the shelf phone is too expensive for you, you probably don't have the resources to build a secure phone yourself. Even the experts have trouble getting security right, an amateur will unknowingly leave big gaping holes.
That said, Android ICS will do full filesystem encryption, make sure you use a secure passphrase and not a 4 digit PIN. Use SSL to talk to your email server to keep that traffic from being snooped. Don't use SMS's.
Do you really need to encrypt your phone calls? Stick with a CDMA provider (supposedly it's trivial to hack GSM, but I believe CDMA is still relatively safe) and your calls are safe from all but the most determined (and well funded) eavesdropper. Unless you're worried about the US Government doing the eavesdropping, they'll just tap the call on the Telco side, so you need end-to-end encryption to protect against that.
Skype reportedly encrypts skype-to-skype calls.
But really, unless you're doing top-secret government work, your phone is the least of your worries. If the information is valuable, it's much easier to pay an employee to leak it than to steal your phone and hope to find the data stored on the phone. And if you are doing top-secret government work, a home-brew solution isn't going to meet the federal standards you'll be required to meet.
No this concept can't work at scale - 130KW means around 10,000 sq ft of solar panels -- all to power 4 blade servers. If they were in a c3000 enclosure, they could put 8 blades in 6U - so could fit 56 blades in a 42U rack.
If they need 130KW and 10,000 sq feet of solar panels to power 4 blades, they'd need 14 times more panels to power a 56 blades in a full rack, or 140,000 sq feet of panels, all to power 6 sq feet of servers.
So a small 12,000 sq foot datacenter can hold around 1000 times more servers, so you'd need 140M sq feet of panels, or around 5 square miles of solar panels.
That doesn't seem very scalable.
As a consultant who works on projects for govt, I hate Office 2007 and it's "collaboration" features which are pretty much non-existant.
You mean your clients haven't paid for the collaboration capabilities. With the right version of the suite, it offers both Groove-based collaboration and collaboration via SharePoint Server. In fact, all Office 365 really offers in this department is a hosted instance of SharePoint, but you still have to set it up how you want it. Funny thing about electronic collaboration tools, though -- if nobody else is going to use them, then there's no point in you using them, either.
What is this Sharepoint based collaboration? When our Sharepoint admin said we were going to get collaboration for Office Docs via Sharepoint, I assumed it was live sharing like Google Docs, where multiple people could edit documents simultaneously, but what it turned out to be is a version control system - one person can check out and edit the doc while others can only get a read-only copy until that person checks it in.
Our admin said this is way Office collaboration works. Maybe I've been spoiled by Google, but is it true that Office collaboration in Sharepoint is just a version control system?
When you need to concentrate, just close your door. Instant privacy and silence, and it's a clear sign to others that you're working on something and shouldn't be bothered.
Oh right, people don't get offices anymore because of the vast performance improvements from the open collaborative workspace where anyone can interrupt you at any time for any inane reason. They even interrupt you inadvertently when they are talking to coworkers
I am tangentially aware of a military system that does the same thing and the way its engineered is you record to a time stamped ring buffer constantly. Meanwhile you analyze your ring buffer for a shot signature. IF you find a shot signature, then you perform a somewhat more detailed analysis to figure out the exact timestamp of firing (more or less). Then you uplink a really short data burst to central, something like "I'm sensor 23542542 and at 10:41:02.239582 I detected a shot and the local airtemp 73F and local air pressure is 1.0001 bar". Presumably central has a database of sensor locations, but if not a GPS RX on the sensor to generate timestamps works pretty well to report your presumably static location (although the .mil version I've heard about mounts on a movable APC).
Well anyway central optimistically gets about 10 reports, then its mega-triangulation time to pinpoint a location and estimated accuracy of fix.
Now if you dump the ring buffer to disk or something for possible later analysis, and the ring buffer is a minute or two (or an hour?) long, that's how you inadvertently collect street conversations.
This seems the only reasonable way to do this... any other way?
Now if you dump the ring buffer to disk or something for possible later analysis, and the ring buffer is a minute or two (or an hour?) long, that's how you inadvertently collect street conversations.
This seems the only reasonable way to do this... any other way?
Sure, there's other ways that could be considered "reasonable". Since these are permanently mounted recorders, there's no reason why they have to record audio locally and discard old recordings. There's no reason why they can't have enough data bandwidth to let them stream the audio to central audio recorders that keep audio indefinitely (purportedly for further analysis or for "quality control" purposes). Likewise, storage is so cheap that even if data was stored locally and eventually overwritten, they could easily make the retention time days, weeks, or even years, so while it's technically true that recordings are eventually overwritten, they are able to be recovered for a long time.
>>>force you to turn them off, confiscate and erase the evidence
Yes they can FORCE you to do it. That's what government is best at: Use of force to suppress natural rights. BUT you can also prosecute the cops under the law for destruction of material evidence. He would be fined or demoted.
I think you meant to say that he will receive 2 weeks on administrative leave with pay (what most of us call "vacation") while the situation is investigated, then he'll be cleared and returned to duty.
I wish I had COBOL for Linux
Looks like it's still a work in progress, but: http://www.opencobol.org/
What's so scary about running COBOL? If there are systems written in COBOL that are doing what they need to do, why is that scary? You could spend millions of dollars rewriting the system in something more kick ass (not sure what's considered kick ass enough for the US Government - Java? .Net? Ruby?) and then you end up with million dollar system that does the exact same thing as the system before, except for the inevitable bugs that creep into any large software project.
Or you can start from scratch, and write new specs for the system and build a system with new kick ass functionality, then you end up spending millions getting the stakeholders together to write the specs, then millions more actually writing the new kick ass software, and decade later, it's been deployed with all of the major bugs worked out (or worked around). Except that whatever kick ass software you chose to write it in is no longer kick ass, so you need to start over again with something more kick ass.
I worked at a company like that once - the new CEO decided that the old system written in C was no longer kick ass enough, so he decreed that it had to be written in something modern and kick ass -- in this case, it was Visual Basic that was deemed kick ass enough for it. So the company spent years specing and rewriting a system to be deployed across 1500 remote locations. In testing, they found that their VSAT communications system couldn't provide enough bandwidth and adequate latency to each location, so they embarked upon an expensive project to replace all of the VSAT connections with high bandwidth wired connections (this predated DSL and other cheap ways to get fast ethernet connections). In the meantime, the core developers of the original project saw the writing on the wall and left the company to start their own consulting company - they made a killing maintaining the original system while the company focused on building the replacement.
5 years later, this 2 year project still wasn't ready for deployment, the company got bought out before the project ever got off the ground, and I'm sure the CEO got a healthy bonus for his "vision".
Linux isn't really more secure since the weakest link is always the user. There's nothing inherent in Linux that makes a Linux user less likely than a Windows user to type in his password when he sees a website popup a window that says "Disk Corruption Detected. Please enter your password to automatically fix it".
Even if the linux kernel and root owned files are secure from the user, it doesn't matter since if I want to compromise a user I don't need to write to /bin/*, I just need to write to his ~/.profile (or whatever startup scripts he runs). If there was money to be made in hacking linux (like, say, if every investment banker ran Linux as his desktop), there would be plenty of malware targeting linux.
Linux is mostly security through obscurity - aside from a few remote exploits (ssh vulnerabilities, apache vulnerabilities, etc) that can be used to take over servers, there just hasn't been a concerted effort to target Desktop Linux with malware because there's not much payback in it.
I'm not arguing that iOS isn't a "walled garden", but there are apps out there that will allow you to tunnel VNC (or even RDP) over SSH. I use iSSH and it's freakin awesome. I've used several other SSH apps, but iSSH so far is the best IMHO.
$9.99?
That is a joke, right?
That's the price of a few Starbucks Lattes, and I spend a lot more time with ssh than I do drinking a latte.
But yeah, I agonize over whether or not I really want to pay $9.99 , $1.99, or even $0.99 for an app that I'll use every day, but think nothing of buying an $8 drink after work that I'll enjoy once. Since I'm paid by the hour, the few minutes I spend reading the reviews to decide if I really want to pay $1 for the app costs me more than just buying it and trying it out.