Posts by Category

Buttons

Pure New Zealand

This site is driven by Blosxom

T
his site was written in vi

SDF is driven by NetBSD

Subscribe to this sites RSS/XML feed

This site has a Tableless Stylesheet

Email me

Aug 31, 2006

Domino Worst Practices

A great site which helps Domino admins and developers learn from the mistakes of others.

A bit light on information for the moment but it looks like a great place to pick up some troubleshooting tips.

[/tech/domino] | [permalink] | [2006.08.31-21:59.00]

Aug 30, 2006

NetApp Seminar

Went to a small vendor seminar to showcase some NetApp technologies and came away with some interesting information -

* The probability of a write failure is pretty small (usually in the legalise small print) but this small possibility increases as disk space increases (which is why a generic RAID of small disks is more reliable than a RAID of really big disks). Those consumer grade 500Gb and 1Tb disks are looking slightly less attractive now. In a failure situation if a disk dies and you goto reconstruct the array you could conceivably end up with a second failure due to a tiny write error - then you're screwed.

* NetApp get around this by using a variation on RAID 6 DP (like RAID 5 but with two parity disks) - any performance hit (and its significant if you set this up using a normal controller) is offset by NetApps smart controller (thats why storage vendors charge a premium for data security). This problem and NetApps response is vividly illustrated in this post to the 'Toaster' (NetApp nickname) mailinglist.

* Fibre-channel is big with Unix shops and iSCSI is big with Windows shops. Surprisingly NFS over IP is still popular in Unix-land too.

* Snapshotting now encompasses databases and mailstores. The snapshot facility places a much much lower performance overhead than a similar EMC device (granted they would say that). Apparently companies are moving away from tape based backup to disk based - keeping tapes around purely for occassional snapshots and compliance reasons.

* NetApp do 'thin provisioning' - essentially you can lie about your storage capacity (present 1 physical TB as 2 virtual TB). This was apparently implemented based upon lies developers would tell their admins, dba's and storage managers - once everyone had added in their own comfort factor it was discovered that only about 40% of the capacity was utilised and the rest was wasted. Pooling storage in a NAS or SAN and over-subscribing it means you can shuffle the space around depending on your needs at that time. Apparently the key is the forecasting tools which will help you to predict when you'll run out of space. It also tends to work better in multi-terabyte shops rather than gigabyte shops.

* You can now stream snapshots between filers in different locations (for DR / BCP / Replication) over any IP link (one NZ client does this over dialup to a location half way around the world) - this is possible due to the small 4k block size used by NetApp for storage - at the device level it only replicates changed blocks rather than the entire changed file.

Its always nice to hear vendor 'war stories' - apparently after eBay had their extended site outage in 2001 they called in Oracle who looked into the database side and found no problem with the backend software, some more (extensive) digging pinpointed the fault in disk firmware code - when the disk faulted the error was propogated up through the application layers and eventually killed the site. After this Oracle came up with their HARD initiative (essentially a database designed and implemented for the extremely paranoid) which computes its own checksums on data as its written (so it provides an extra layer of redundancy over the storage layer).

Another interesting Oracle specific tale outlined their datacenter - which uses blades and NetApp appliances extensively (storing petabytes of data). The interesting thing is that they worked through the economics of using a Fibre Channel HBA infrastructure for their blades and went with NFS over IP instead - working out that 1 x blade + 2 FC HBA's (for redundancy) was much more expensive than 1 x blade + 2 built in teamed Gb NIC's (and they were willing to wear the performance penalty). NFS also allows them to manage a central pool of storage rather than carving out chunks for direct attached storage. Interesting.

Apparently a big leap of faith is for DBA's to allow the device to handle the and manage the storage rather than thinking about sindle-count. Once they get over that they can forget about the storage and focus on the database.

[/tech/storage] | [permalink] | [2006.08.30-21:59.00]

Aug 29, 2006

YouTube Music Video - Godflesh (Live)

Godflesh had a pretty seminal run through their 'Slavestate' EP, 'Pure' LP, 'Selfless' LP. After that they kind of spun their wheels a little - still good but no longer great.

The video is of Slateman performed live from their Slavestate EP - this marked the beginning of their cleaner industrial sound after they pretty much invented grindcore with their first album ('Streetcleaner').

With only a drum-machine, guitar and bass they create an awesome crushing yet strangely uplifting sound.

[/music] | [permalink] | [2006.08.29-22:14.00]

Aug 28, 2006

Library Thing

If you need a simple way to catalogue your book collection try LibraryThing. Its a bit like Rateyourmusic except a little more commerical - you can add 200 books for free or pay a nominal fee if you have more books in your collection (most people wouldn't).

[/books] | [permalink] | [2006.08.28-00:47.00]

Aug 27, 2006

Endpoint Security

Endpoint Security checking is going to be huge as more and more people start connecting into their corporate LAN's remotely (actually even in a wired LAN its pretty important given the proliferation of trojans, spyware and malicious hackers).

Essentially EP lets the network administrator define certain conditions that must be met before being able to participate on the corporate LAN. In some case the tools will even allow direct you towards a quarantined location which will explain why the connection was refused and assist you to rectify the problem. For example an EP tool can direct an authorised client that fails post-connection criteria to a web page with links to security patches, antivirus software and firewall tools - it can even offer up different LAN access profiles (eg webmail or terminal services but not a direct connection).

* Wikipedia on Endpoint Security

* Wikipedia on Checkpoint Integrity a centralised EP system

* Nice flowchart tool to design EP access control for Firepass

* Flash Demo of CheckPoints Interspect appliance - actually more of an IDS/IDP (Intrudion detection sensor / Intrusion detection and prevention) system which works hand in hand with end-point solutions

* McAfee have their Host Intrusion Protection (PDF) system which integrates into their ePO framework

* Juniper have a cool Flash Demo of their IDP product (unfortunately you need to register to see it)

* ISS (who've been bought out by IBM) have Proventia - it looks like they also bought Black Ice Defender (fyi - Checkpoint bought Zone Alarm)

Security seems to be a serious growth industry given the trail of acquisitions and mergers in the small group of companies listed above.

Endpoint solutions seem to rely heavily on application and system profiling - if the app hasn't been approved or doesn't comply with a known checksum it won't run. This means someone needs to keep a constant eye on what applications and patches are likely to be installed and approve them before the endpoint solution takes remedial action. Ideal for a restricted environment but trickier for a more open environment.

Simple options that can be implemented immediately (without spending on new tools) include:

* ensuring appropriate desktop access

* centrally managed anti-virus / patching / desktop policy restrictions

* mac address restrictions on dhcp / switch ports (depends on the mobility of the client)

[/tech/security] | [permalink] | [2006.08.27-21:58.00]

Aug 26, 2006

Monit + More

From the Debian Help site comes a short article about configuring Monit. The Monit site covers the tools features in more depth. As well as the usual monitoring it lets you setup conditional actions based on alerts.

Awesome - Weta releases Retro Rayguns. Its still odd that people would spend chunks of money on toy rayguns no matter how neat they are.

Privacy integrated into webmail - Freenigma.

Use SMS text message to control eight devices. Someone needs to commericalise this - something like a simpler X10 controller - plug an old mobile or phone into a power strip which you can signal via SMS to switch off and on connected devices.

Useful for kiosk applications and driving screen displays - Puppy Linux running on a $100 PC. The MicroClient Jr looks great - shame its only 166MHz. Also gets pricey when you add in some of the extras.

With security starting to get out of hand here is the ultimate t-shirt - I am not a terrorist. In arabic of course.

On a related note - this is a genius cartoon from Wondermark.

[/links/2006] | [permalink] | [2006.08.26-19:58.00]

Aug 22, 2006

Boy Racers

Another addition to my spleen-venting category -

There will be a special place in hell reserved for Boy Racers (Westies & Boguns too).

They used to be just a nuisance - now they're just down-right lethal.

Bastards.

[/spleen] | [permalink] | [2006.08.22-01:18.00]

YouTube Music Video - Curtis Mayfield (Live)

Curtis is a bit of an unsung genius when compared with his contempories like Stevie Wonder, James Brown, Marvin Gaye and Isaac Hayes. Curtis Mayfield added in elements of pop, psyhedelia, politics and social commentary to the traditional mix of soul/funk and r & b to his material.

No track better demonstrates this than his theme for the blaxploitation flick 'Superfly' - its a similar type of film to the classic 'Shaft' but the theme carries a much more positive message than the Isaac Hayes track which has become much more popular.

Thanks to the joys of YouTube - here is Curtis performing Superfly.

[/music] | [permalink] | [2006.08.22-00:27.00]

Aug 18, 2006

Smaps

There are a couple of good mapping tools on the web for New Zealand - Wises and the AA are the first two that come to mind.

I've found them a little clunky particularly with respect to finding specific locations in NZ.

These guys have kind of turned mapping on its head - Smaps is a new system which does a dynamic lookup on a location - the more information you enter the more refined the search.

Very cool.

[/tech/web] | [permalink] | [2006.08.18-00:58.00]

Aug 17, 2006

The network that runs better since the administrator quit + More

Sometimes true (but definitely not always) - The network that runs better since the administrator quit. IT people often have the tendency to meddle and tinker - not good in a production environment. Dev/Test and then UAT (even if it is just to the extent of discussing it with someone else before ticking the box that may cause problems for your client community) it before putting your tweaks into production.

Looks like a good read - Satan: A Biography.

Genius - Chaucer Blogs about his XBOX.

Wonderful flash animation - Creation battles Creator.

Mouse-over the articles - How right-wing readers view the New York Times.

EFI in Apples Intel PC's - How Apple’s Firmware Leapfrogs BIOS PCs. The good thing is you get more control - the bad thing is that it makes it trickier to install a standard Intel based OS that expects to deal with an old fashioned BIOS.

Two useful links for people who want to use legacy Mac applications in a Classic environment - Sheepshaver will run OS 9 and for more serious nostalgia MiniVmac - Run a MacOS 7 from a USB stick. I've had good experience with Basilisk too.

Interesting UI links - Mac UI Ain't All That: The Future & History of the User Interface.

I'm always on the hunt for the perfect application launcher on Windows - something like DragStrip or DragThing would be ideal - I'll give RocketDock a crack for now.

[/links/2006] | [permalink] | [2006.08.17-10:05.00]

Aug 13, 2006

AirTight Wireless Security

I've been looking at the cool stuff from AirTight.

With all the interest in wireless technologies (it seems only a few years ago that Apple demo'd the AirCard in a clamshell iBook) it seems security has been a bit of an after-thought. Fine for consumers but not quite ready for an organisation to truly trust.

AirTight's SpectraGuard product is pretty much the best-of-breed when it comes to locking down your WLAN. Using a combination of server and sensor arrays you can monitor all WLAN activity within your vacinity - in fact depending on the landscape and structure-density the sensors are so good you will pickup activity 1 to 2km's away. Within minutes of entering the AirTight system we were able to spot 50 Access Points and 600 Wireless PC's.

In terms of the management console you can see the wireless name, mac address, ssid, type of security, channel, protocol, vendor and location (the sensors can triangulate location and superimpose onto a map). For each object you can view extended properties, locate, quarantine, ban, authorise/deauthorise and troubleshoot (which uses ethereal/pcap).

You can also view suspect events (rogue ap's, suspected netstumbler activity, honeypots etc) and generate all sorts of security/audit reports.

From a security perspective you can lock down your own network to participating ssid's, vendors and protocol lists (immediately reducing your profile). You can also block/disrupt/interrupt/degrade wireless connections - only a few channels per sensor; you can't wipeout wireless connectivity blockwide unless you have a lot of sensors (its nice to know that you can actively fight back against war-drivers that park up outside your building and try launching probes/attacks on your WLAN).

The interface is nice, simple and intuitive with a sensible out-of-the-box configuration. Once configured you can quite happily leave it to do its thing (eg its not high-maintenance).

Once these things start to work with Bluetooth, wireless USB and RFID you'd be able to do some pretty interesting things. Its actually pretty amazing to think that these sorts of technologies are even available given the sorts of things I suspect they'll be capable of doing in the very near future.

Time to pull out the tin-foil hat.

[/tech/network] | [permalink] | [2006.08.13-20:56.00]

The Coming Conflagration + More

Something to look forward to perhaps - The Coming Conflagration. Fingers crossed that John is wrong.

Wonderful - a series of Infographics by the International Network Archive. Providing some interesting data on topics such as the global arms-race, movie, fast-food and transportation.

Genius - 3D maze using CSS and DOM. Now someone just needs to turn it into Doom.

One of those things everyone should know how to do - Rsync Incremental Snapshot Backups via SSH.

On a related note - Flash - useful for Sun Solaris systems - Using Flash Archive in the Solaris Operating System for Disaster Recovery. Handy for taking system snapshots.

Interesting - Basic Introduction to OpenBSD - possibly one of the most secure out of the box OS's available.

The first font to get the movie treatment - Helvitica: The Movie.

Thrill Power Overload - Dave Bishops Blog. Dave worked on 2000AD for quite awhile and is writing a historical overview of the comic on his blog. I didn't realise he was a Kiwi according to his Wikipedia profile . We're everywhere.

Excellent - Insecure.org has updated their list of the Top 100 Security Tools.

Interesting - ZoneCD: The Secure Way to Share Your Internet Connection. Some really good tips on securing wireless and also providing a safe/secure public wifi access facility.

[/links/2006] | [permalink] | [2006.08.13-20:52.00]

A very modern war . . . orders by PowerPoint

Definitely one of those WTF moments -

* PowerPoint Corrupts the Point Absolutely

[Army Lt. General David] McKiernan had another, smaller but nagging issue: He couldn’t get Franks to issue clear orders that stated explicitly what he wanted done, how he wanted to do it, and why. Rather, Franks passed along PowerPoint briefing slides that he had shown to Rumsfeld: "It’s quite frustrating the way this works, but the way we do things nowadays is combatant commanders brief their products in PowerPoint up in Washington to OSD and Secretary of Defense…In lieu of an order, or a frag [fragmentary order], or plan, you get a bunch of PowerPoint slides…[T]hat is frustrating, because nobody wants to plan against PowerPoint slides."

Only posted in the humour section because if you didn't laugh you'd have to cry.

[/humour] | [permalink] | [2006.08.13-09:59.00]

Aug 11, 2006

IBM buys FileNet for $1.6bn

A few news tidbits about IBM buying FileNet for a rather vast amount of $$$:

*ArsTechnica

*Ed Brill

The new versions of FileNet seem much better than the previous versions but you still can't help thinking its over complicated - you've got the FileNet components, BEA WebLogic, Verity, SQL, Apache, IIS and LDAP. A problem with any one companent can mean big problems for the system as a whole.

Don't get me wrong - FileNet does cool stuff - you get a web front-end and an Office integration component providing basic DMS services along with workflow and records management features.

I wonder where this leaves Domino Doc ?

It'll be interesting to see what IBM does with this . . .

[/tech/km] | [permalink] | [2006.08.11-19:29.00]

Aug 10, 2006

This week I have mostly been listening to . . .

My Shuffle/iTunes combination seems to be 'randomly' selecting the same stuff for me to listen to so I went and ripped a bunch of my older CD's to enhance my listening-experience.

So this week I've been listening to

Can, Godflesh, Neu!, Bomb The Bass, Sonic Youth, Wormhole, Tindersticks , Stereolab, Tricky, Henry Rollins (Spoken Word), Nick Drake, Ciccone Youth, Straitjacket Fits, Shonen Knife, Experimental Audio Research, Mercury Rev, Sleater Kinney, Chills, Queens of the Stone Age, Chemical Brothers, Screaming Trees, The 3D's, The Terminals

[/music] | [permalink] | [2006.08.10-04:23.00]

Aug 09, 2006

Keyboard Preferences

As a keyboard snob with an appreciation for buckling-spring mechanisms I thought I'd create a new Blosxom category to point to my (largely irrational) preference for clacking over squishing keys -

* The Model M Keyboard - definitive.

* Enduro Pro claims to be modelled on the classic IBM Type M (right down to the thumb-stick) - however the presence of a 'Windows' key does let it down in my eyes.

* Dans Data Article on the Model M - interesting reading.

* Matias Tactile Pro - remake of the classic Apple Extended keyboard. I actually really like the feel of the original Mac/Mac Plus keyboards but I suspect its almost impossible to get them to work with a modern PC/Mac due to their oddball phone-jack type interface.

[/tech/keyboards] | [permalink] | [2006.08.09-20:43.00]

Aug 07, 2006

New Mac Pro, Xserve & Leopard Preview

As a total Apple-fanboy I can't go without mentioning the cool stuff previewed at Apples World Wide Developer Conference this year.

Coverage of Steves Keynote -

* Engadget

* ArsTechnica

Engadget reported 600000 hits during the coverage - hard to imagine any other tech company getting this sort of exposure for anything.

The new hardware looks great - I'm not entirely certain if 'Leopard' will offer a compelling reason to upgrade the OS though. Shame they can't beat Vista out the door.

As usual I can't afford any of it but its nice to look :-)

[/tech/mac] | [permalink] | [2006.08.07-19:17.00]

YouTube Music Video - Boris (Live)

I'd never heard Boris before - only read the reviews and comparisons with other artists.

Luckily YouTube comes to the rescue.

Heres a 50min video of Boris playing live at the unitarian church in 2005.

The first 5min are just the warm up before the drone transforms into some serious riffing.

I'd say they are similar to a more rock Bardo Pond; eschewing BP's searing psychedelia for Earth-like power chords.

Heres a recent review of their 2005 album, Pink.

I definitely need to get some of their stuff.

[/music] | [permalink] | [2006.08.07-19:08.00]

Workfriendly Web Browser + More

Covert web-browsing - Workfriendly - Browse the interweb via something that looks like a Word window.

Two brilliant photos depicting a high concentration of genius - 1958: Jazz Musicians in Harlem (Basie, Gillespie, Mingus, Monk) and 1927: Physicists at Solvay (Einstein, Curie, Bohr, Shrodinger, Heisenberg).

Interesting Poor Mans Thumper. Shame they're not looking towards a linux/zfs combo with a smaller footprint. Nice idea though.

Long running experiments - Longest Running Scientific Experiments. One of them is a clock at Otago University in NZ which has been running without winding since 1864 and relies on temperature fluctuations in an airtight container.

Awhile back Mark Russinovich of the excellent Sysinternals (creators of the excellent Filemon, ProcessExplorer and many many more tools) site moved to Microsoft. He discusses his first week at Microsoft.

Joels Spolsky - the first in a series - Three Management Methods. Useful for any IT manager.

Spoof comic ads by Alan Moore.

[/links/2006] | [permalink] | [2006.08.07-18:56.00]

Aug 06, 2006

Trawling the halls of Sun in search of a Thumper

I can't believe the level of confidence required to trawl Suns campus and come away with a brand spanking new Thumper storage server. This sort of passion is to be commended :-)

[/tech/storage] | [permalink] | [2006.08.06-21:17.00]

The Machinist + More

Movies I've seen recently . . .

* The Machinist

One of those creepy slow descents into madness type of flicks. Christian Bale plays a machine-operator with insomnia who starts to lose all sense of reality. Recommended.

* The Woodsman

Another one of those slightly creepy movies. Kevin Bacon plays a reformed child-molestor trying to make a new life for himself outside jail. Recommended.

* Triplets of Belleville

Genius animation from France/Belgium - a mother tries to find out what happened to her cycling son who has mysteriously disappeared. Highly recommended.

* Dig

Follow the relative career paths of two related bands - the Brian Jonestown Massacre & the Dandy Warhols. The ego's and personalities on display from these two groups are both pretty astounding. Amusing.

* Lonesome Jim

One of my favourites of 2006 - caught at the tail end of the recent Film Festival. A disillusioned guy moves back home in his late 20's to try and sort out his life after failing to make a mark on the big city. Recommended.

* The Big Night

An oldy but a goody - a small Italian restaurant struggles to survive in 1950's USA because they won't compromise on their cuisine (you to can cringe when the person demands a side of spaghetti to go with her risotto). The pacing is a little slow but its a nice enough movie for a rainy day.

* Kolya

Another oldy - I missed this when it did the Festival circuit several years ago. Basically one of those 'buddy' movies in which an old mans life is enlightened by the initially unwelcome appearance of a young boy whom he has to look after.

* Clerks II

I was prepared for the worst but actually came away enjoying this - its still not as good as the original (or Mallrats / Chasing Amy / Dogma) but its much better than the last one (Jay & Silent Bob Strike Back). Recommended if you like Kevin Smith (and you're not easily offended).

[/film] | [permalink] | [2006.08.06-21:08.00]

Aug 02, 2006

NVidia Quadro Plex

Sweet Bejesus!

I'm not a graphics card nut but I came across this on Hack the Planet:

* NVidia Quadro Plex

A video card that comes in its own external enclusure. Up to 2Gb RAM and 4 GPU's.

Amazing stuff.

Soon video cards will come with their own embedded operating systems :-)

[/tech/chips] | [permalink] | [2006.08.02-04:03.00]