I'd much prefer if I _wasn't_ on call, believe me. Despite the extra pay for being on call, I would _MUCH_ rather not be doing it.
However, the sad fact remains - it's a requirement of my continued employment. Now, I could always go look for another job (and I have considered it) but sadly unless I go quite a distance from my area of expertise and professional focus, I end up with somewhere else that _also_ does 'on call'.
Ahh, but if you're J Random Sysadmin, then you'll find it _far_ easier to blame the hacker, than it would be to get someone to listen to your professional opinion that you security 'needs work'.
And less prone to actually losing your budget. I have direct experience of a previous employer, where we were requesting a network kit upgrade for 5 years, and each year, it got dropped from the budget, because 'well, it seems OK'. We spent that long rebooting switches, and almost daily 'firefighting' to keep the rising tide away from our sandcastle.
And then one day, it all fell over, in a critical fashion. The usual recriminations vanished very quickly when we pulled out the 5 years of budget paperwork.
So, lets just imagine, that the SA there _knows_ security needs work. But as with all such things, it takes time and a serious effort to get a 'proper' secure system setup. I mean, you can't just turn off telnet on a few servers, and hope that's ok:).
And they get hacked. And it goes public. As said sysadmin, wouldn't you then take the opportuntity to implement that idea you've had for ages, to tighten up security, and make everything a little bit better, only this time you have managers practically forcing you to do what you wanted to do all along. Better yet, you can spend loads of moolah with impuginty, and pull it out of the 'emergency response' budget, and proceed to wave the 'ooh hacker' flag when anyone questions you over it.
There is a certain amount of that, true. I mean, you are paying, to a certain extent, for the fact that the vendor has gone to the effort of 'proving' their kit, and because it's worth a lot of sales to them, they'll actually defend the 'compliant-ness' of it aggressively.
But as with all such things, auditors seem to care less about what precautions are actually taken, and more that there are precautions, and that there's a paper trail.
I would be inclined to agree. I couldn't quite give you an exact price tag on how much 'implementing compliance' has cost us, but... it's pretty horrific how much effort has to be put in to doing that. Just in man-hours alone, before you even factor in the cost of the kit.
I sort of understand why they did it, but it's just the kind of knee-jerk reaction that's serving to even further increase the competitive advantage that places like China have. Not to mention making my cry and shudder in horror each time I think of it.
There's a reason for that. It's because a cluster is just not the same as a shared memory supercomputer.
it's all very well to dig up OpenMP, PVM, MOSIX and the like, but the fact remains that they're only suitable for certain classes of problem.
Processor cycles are cheap, but that's not why your supercomputer is expensive. The reason it's expensive is because of the internal communication needed to run a tightly coupled compute job. Myrinet, Infiniband, Scali etc. provide some rather impressive interconnect technologies, but they're still not on the same playing field as the shared memory supercomputer systems.
If you're looking to run a few hundred 'fairly atomic' compute jobs, then yes, your cluster works fine and number crunching it. But not all problems are like that.
Pfft, the amount of money I've seen wasted in a financial organisation who I have done work for, is... well embarassing really. Their spending on IT is pretty impressive, because they're looking for all manner of degrees of performance and resilience.
No, the real reason they won't go for one of these, is that the project manager signing the approvals doesn't understand why a shared memory supercomputer isn't the same as a big stack of server blades. And what he'd do with one if they got one.
I have to say though, something like EVE actually has a certain amount of bearing on real life. Leadership skills, tactical thinking, and organisation/logistics have real bearing on in game warfare.
I'd actually be tempted to suggest that 'have run an effective corp in EVE' is worthy to go on the CV/Resume. At least, if it didn't automatically get you disqualified for being 'yet another MMO junkie'
Centerras don't count as the original post, of a 'cheap solution'. They're not all that expensive by 'enterprise standards' but that's... well not quite the same as 'affordable for most people'.
Also, our data centre is under fairly intensive scrutiny and control of physical access. My employer and customer are well aware that physical access means all bets are off, so in order to get physical access you need escorting, and authorization in advance, including documentation of what you're changing, why, and which grid squares in the datacentre you need access to.
I and the rest of my team are admins on this Centerra don't get access to the datacentre. If we have a need to enter, then we can fill in the paperwork and do so, but... well, we're based 100 miles away. Most 'hands on' is done by someone else.
Now, combine that with the fact that each 'clip' (file) is stored 4 times, on 4 separate physical devices (2 of each, on 2 different sites) it would require... well quite a few people to be complicit to even be able to destroy (or tamper with) data, physically. And a hell of a lot more to do so without leaving great big footprints all over the place screaming to the world what you've done.
I think you'd need 2 people on each site (one to actually tamper, and one to 'not notice' as he was escorting), plus an admin person offsite to identify which drives need 'doing', on both sites, and to mess with the 'self healing' replication so that one site didn't just restore the other. (You'd have to be fairly quick on the drives too, as soon as one goes down, the healing starts to replicate to other 'spare' drives).
And then you'd need some other people to mess with the entry logs to site, CCTV footage, change authorization....
You'd have to be pretty damn serious to pull that off. I mean, it's not even a case of some pointy haired one seeing their career on the line, and demanding immediate sabotage.
Sort of, but not quite. A Centerra is a Content Addressed Storage thingy. Which basically means it's file identifiers are md5 sums. It's a multi node thingummy too, which replicates stuff about. Is it impossible to tamper with? Well, no, nothing is. But it's pretty hard. Simply because it has implicit 'tamper detection'.
The API is also geared up so you can choose what 'mode' you want it to operate in. In the most secure mode, the API and OS built in (it's Suse based) won't let you delete anything. Which, basically means you have to pull out the individual drives that 'clip' is stored on, to trash it. Data will be gone, which isn't great, but... well, pretty much impossible to prevent for any system. Modifying data retroactively though, is much much harder - recreating the right md5sum is a non trivial task. Impossible? Perhaps not, but... well, EMC have done quite well with 'selling' this product in a 'it will meet your compliance needs' which is considered good enough for our auditors.
We have 'financial organisation' regulations, for retention of emails, and a Centerra is what we settled on as the solution.
Computer hardware isn't so much an issue - although, if you don't have some kind of maintenance contract, you want at least 2 of everything, up to and including 'entire servers'.
Depending on how much you're doing 'in house' things like cagenuts, spare cable management thingies, and tools to deploy said items will save a lot of grief.
Serial cables, and consoles, if you're running unix hardware. Get a set that you _know_ works. All too often you only ever need these when things have gone a bit wrong, which is entirely the wrong time to be wondering whether that's the right cable.
Spare UPS battery modules - if your whole DC isn't on a clean UPS supply, then you'll need standalone units for all your servers. And they will have batteries going bad, and it will always be a nuisance when they do.
Little labling utility thing, like a Dymo. The key to a happy datacentre, is to label and label and label. Even put labels on top of other labels saying you think this label is wrong, but haven't had a chance to check it. Label everything you can think of, with what it's for, where it goes, and who's in charge of it. Servers need hostnames, IP addresses, and anything that I might need to know about it right there and then. Cables need where they're going, and what they're plugged into. Go nuts with your labels, if I can't tell something just by looking at it, and I might need to know it 'here and now' then it should have a label with that information on it.
There's no inherent reason why engineers can't make people happy. Making people happy is just another technical problem. If engineers can make devices that satisfy every other need, then there's no reason why they can't make a device which stimulates the "ultimate need" and simply make people happy.
I'm fairly sure that's why there's a sex toy industry...
You're asssuming that the transmission power of the router is the same as the transmission power of the dongle. This is not necessarily the case.
Not that I have figures for it or anything, but I'm fairly sure the power output of a mobile phone, isn't anywhere near the power of the base station. So could conceive of it being the case that this applies to wi-fi too.
Really? I rather like the idea of being the sysadmin with control of teh Uber Database of DOOOOM. If nothing else, because if we start with the assumption it's _going_ to happen, wouldn't you like to be the one who could 'ooops' it into oblivion?
So very true. If your CV (or resume) is badly written, then your odds of being called for interview go straight through the floor.
If your post on a forum is unreadable, it'll go unread.
If you're arrogant enough to 'demand' that the rest of the world make an effort to read inane 'txt spk' or worse 'l33t' drivel, then you receive what you deserve - everyone else assuming that you're both arrogant and lazy, and probably not worth reading as a result.
It should be noted, that this is NOT the same as not having English as a first language. I mean, leaving aside the stereotype that virtually all instances of 'really bad English' I've run into have come from native speakers. I find I can tell the difference. For one thing, the 'non native' writers are making an effort to make their writing intelligable, and any errors of syntax or grammar reflect a 'best effort'.
Those 'unlawful enemy combatants' that are held in Guantanamo, have been there for a LONG time, without a whiff of any legal basis for the detention. Let's leave aside the Geneva convention, because... well lets face it, there's quite a few countries that treat that as opt in legislation, to be used when most convenient.
The fact that there are people, in a detention camp, who have not been subject to an degree of 'fairness', is an ongoing blot on the conscience of the US, and the world as a whole.
So, how about we call YOU an 'unlawful enemy combatant' because we saw you with a teatowel near your head, and that's probably good enough. Unfair? Well, yes. Go sit in Gitmo, and suck it up, because that's what all the other guys there have had.
There's lots of nations on the planet that _don't_ assume that it's the right of every person to have a killing weapon in their possession. Where they figure that it's better to limit the availability of tools specifically designed to kill other people, than to allow their free use.
The primary qualification for whether someone should be permitted to own a lethal firearm, is that when asked 'do you want a gun?' the answer is 'no'. Anyone else is clearly mentally disturbed, and shouldn't be allowed on.
(I don't see an issue for guns, when used as 'tools' - I can well understand why a hunter might need a rifle or a shotgun. However I remain unconvinced that a pistol, or any form of automatic weapon has any reason other than showing off, and killing other people)
Even if you get hardware only decoders, the fundamental problem is that in order for DRM to work, you -have- to provide a way for the man on the street to decrypt. PGP is 'computationally infeasible' to crack, assuming you don't already have the key. DRM has to 'somehow' distribute the key.
Slashdot Mirror
You have cheap films. I think I paid £7.5 last time I went to see a film. Which is (at the current exchange rate) about $15.
However, the sad fact remains - it's a requirement of my continued employment. Now, I could always go look for another job (and I have considered it) but sadly unless I go quite a distance from my area of expertise and professional focus, I end up with somewhere else that _also_ does 'on call'.
The Nuremberg trials served to prove that 'just doing your job' wasn't sufficient justification.
And less prone to actually losing your budget. I have direct experience of a previous employer, where we were requesting a network kit upgrade for 5 years, and each year, it got dropped from the budget, because 'well, it seems OK'. We spent that long rebooting switches, and almost daily 'firefighting' to keep the rising tide away from our sandcastle.
And then one day, it all fell over, in a critical fashion. The usual recriminations vanished very quickly when we pulled out the 5 years of budget paperwork.
So, lets just imagine, that the SA there _knows_ security needs work. But as with all such things, it takes time and a serious effort to get a 'proper' secure system setup. I mean, you can't just turn off telnet on a few servers, and hope that's ok :).
And they get hacked. And it goes public. As said sysadmin, wouldn't you then take the opportuntity to implement that idea you've had for ages, to tighten up security, and make everything a little bit better, only this time you have managers practically forcing you to do what you wanted to do all along. Better yet, you can spend loads of moolah with impuginty, and pull it out of the 'emergency response' budget, and proceed to wave the 'ooh hacker' flag when anyone questions you over it.
But as with all such things, auditors seem to care less about what precautions are actually taken, and more that there are precautions, and that there's a paper trail.
I sort of understand why they did it, but it's just the kind of knee-jerk reaction that's serving to even further increase the competitive advantage that places like China have. Not to mention making my cry and shudder in horror each time I think of it.
it's all very well to dig up OpenMP, PVM, MOSIX and the like, but the fact remains that they're only suitable for certain classes of problem.
Processor cycles are cheap, but that's not why your supercomputer is expensive. The reason it's expensive is because of the internal communication needed to run a tightly coupled compute job. Myrinet, Infiniband, Scali etc. provide some rather impressive interconnect technologies, but they're still not on the same playing field as the shared memory supercomputer systems.
If you're looking to run a few hundred 'fairly atomic' compute jobs, then yes, your cluster works fine and number crunching it. But not all problems are like that.
No, the real reason they won't go for one of these, is that the project manager signing the approvals doesn't understand why a shared memory supercomputer isn't the same as a big stack of server blades. And what he'd do with one if they got one.
I'd actually be tempted to suggest that 'have run an effective corp in EVE' is worthy to go on the CV/Resume. At least, if it didn't automatically get you disqualified for being 'yet another MMO junkie'
Centerras don't count as the original post, of a 'cheap solution'. They're not all that expensive by 'enterprise standards' but that's ... well not quite the same as 'affordable for most people'.
Also, our data centre is under fairly intensive scrutiny and control of physical access. My employer and customer are well aware that physical access means all bets are off, so in order to get physical access you need escorting, and authorization in advance, including documentation of what you're changing, why, and which grid squares in the datacentre you need access to.
I and the rest of my team are admins on this Centerra don't get access to the datacentre. If we have a need to enter, then we can fill in the paperwork and do so, but ... well, we're based 100 miles away. Most 'hands on' is done by someone else.
Now, combine that with the fact that each 'clip' (file) is stored 4 times, on 4 separate physical devices (2 of each, on 2 different sites) it would require ... well quite a few people to be complicit to even be able to destroy (or tamper with) data, physically. And a hell of a lot more to do so without leaving great big footprints all over the place screaming to the world what you've done.
I think you'd need 2 people on each site (one to actually tamper, and one to 'not notice' as he was escorting), plus an admin person offsite to identify which drives need 'doing', on both sites, and to mess with the 'self healing' replication so that one site didn't just restore the other. (You'd have to be fairly quick on the drives too, as soon as one goes down, the healing starts to replicate to other 'spare' drives).
And then you'd need some other people to mess with the entry logs to site, CCTV footage, change authorization....
You'd have to be pretty damn serious to pull that off. I mean, it's not even a case of some pointy haired one seeing their career on the line, and demanding immediate sabotage.
The API is also geared up so you can choose what 'mode' you want it to operate in. In the most secure mode, the API and OS built in (it's Suse based) won't let you delete anything. Which, basically means you have to pull out the individual drives that 'clip' is stored on, to trash it. Data will be gone, which isn't great, but ... well, pretty much impossible to prevent for any system. Modifying data retroactively though, is much much harder - recreating the right md5sum is a non trivial task. Impossible? Perhaps not, but ... well, EMC have done quite well with 'selling' this product in a 'it will meet your compliance needs' which is considered good enough for our auditors.
We have 'financial organisation' regulations, for retention of emails, and a Centerra is what we settled on as the solution.
Computer hardware isn't so much an issue - although, if you don't have some kind of maintenance contract, you want at least 2 of everything, up to and including 'entire servers'.
Depending on how much you're doing 'in house' things like cagenuts, spare cable management thingies, and tools to deploy said items will save a lot of grief.
Serial cables, and consoles, if you're running unix hardware. Get a set that you _know_ works. All too often you only ever need these when things have gone a bit wrong, which is entirely the wrong time to be wondering whether that's the right cable.
Spare UPS battery modules - if your whole DC isn't on a clean UPS supply, then you'll need standalone units for all your servers. And they will have batteries going bad, and it will always be a nuisance when they do.
Little labling utility thing, like a Dymo. The key to a happy datacentre, is to label and label and label. Even put labels on top of other labels saying you think this label is wrong, but haven't had a chance to check it. Label everything you can think of, with what it's for, where it goes, and who's in charge of it. Servers need hostnames, IP addresses, and anything that I might need to know about it right there and then. Cables need where they're going, and what they're plugged into. Go nuts with your labels, if I can't tell something just by looking at it, and I might need to know it 'here and now' then it should have a label with that information on it.
Not that I have figures for it or anything, but I'm fairly sure the power output of a mobile phone, isn't anywhere near the power of the base station. So could conceive of it being the case that this applies to wi-fi too.
Really? I rather like the idea of being the sysadmin with control of teh Uber Database of DOOOOM. If nothing else, because if we start with the assumption it's _going_ to happen, wouldn't you like to be the one who could 'ooops' it into oblivion?
Can you ferment it and make brandywine-wine? And then distil it to make Brandywine-brandy?
*waves hand*. "There were only 3 Star Wars films."
How about outbound firewall and proxy configurations?
If your post on a forum is unreadable, it'll go unread.
If you're arrogant enough to 'demand' that the rest of the world make an effort to read inane 'txt spk' or worse 'l33t' drivel, then you receive what you deserve - everyone else assuming that you're both arrogant and lazy, and probably not worth reading as a result.
It should be noted, that this is NOT the same as not having English as a first language. I mean, leaving aside the stereotype that virtually all instances of 'really bad English' I've run into have come from native speakers. I find I can tell the difference. For one thing, the 'non native' writers are making an effort to make their writing intelligable, and any errors of syntax or grammar reflect a 'best effort'.
's no worse than posting your CV on monster.com.
Those 'unlawful enemy combatants' that are held in Guantanamo, have been there for a LONG time, without a whiff of any legal basis for the detention. Let's leave aside the Geneva convention, because ... well lets face it, there's quite a few countries that treat that as opt in legislation, to be used when most convenient.
The fact that there are people, in a detention camp, who have not been subject to an degree of 'fairness', is an ongoing blot on the conscience of the US, and the world as a whole.
So, how about we call YOU an 'unlawful enemy combatant' because we saw you with a teatowel near your head, and that's probably good enough. Unfair? Well, yes. Go sit in Gitmo, and suck it up, because that's what all the other guys there have had.
There's lots of nations on the planet that _don't_ assume that it's the right of every person to have a killing weapon in their possession. Where they figure that it's better to limit the availability of tools specifically designed to kill other people, than to allow their free use.
The primary qualification for whether someone should be permitted to own a lethal firearm, is that when asked 'do you want a gun?' the answer is 'no'. Anyone else is clearly mentally disturbed, and shouldn't be allowed on.
(I don't see an issue for guns, when used as 'tools' - I can well understand why a hunter might need a rifle or a shotgun. However I remain unconvinced that a pistol, or any form of automatic weapon has any reason other than showing off, and killing other people)
Even if you get hardware only decoders, the fundamental problem is that in order for DRM to work, you -have- to provide a way for the man on the street to decrypt. PGP is 'computationally infeasible' to crack, assuming you don't already have the key. DRM has to 'somehow' distribute the key.