Posts by Trevor_Pott

@CasaNegra

They did. Fortunately, Domain Admins could still turn the proxy settings off for thier user. End users couldn't. You're right though; Windows XP has no wget. If the Domain Admin couldn't change the proxy settings, I would have been Q_Qing into my coffee.

@Ken Hagan

Absolutely no idea. I was a subcontractor. Some dude out of the center of the universe asked me to look at this, as he had no other wetware in my city. He was managing wetware packets all over the country, and I get the feeling we weren't the only country involved in this particular change.

I am not even sure if the fellow that contracted me for the job was directly contracted by the company that owned the network. I got the distinct impression there were /at least/ two layers of contractors above me. Maybe as many as four.

Who installed the thing? Haven’t the foggiest. What I want to know is...why the sweet merciful mother of fnord this all couldn't have been done centrally? The client systems had Teamviewer installed, but the Fortinet box programmed by the follower of Cthulhu was blocking the Teamviewer client from calling home. (How hard is it to whitelist Teamviewer's servers, really?) This sort of thing should have been handelled from a central location, using a remote control app.

I mean, for the love of $deity, these were XP Pro Systems. On a domain! They have RDP capability built into the OS that is controllable via GPO! Why they needed a tech onsite to do a simple rename/readdress/reinstall of an Office ab is absolutely beyond me. Not htat I mind. In theory I'll get paid for this. It just makes me go "hmm..."

ALF:

Sounds like a corrupt TCP stack. NOt so common anymore, but it does happen.Remove IPv4 *and* IPv6 from all NICs. (Don't forget 1394!) Reboot. Re-add IPv4 and IPv6 to all NICs. Alternately, sometimes Start --> Command --> SFC /SCANNOW will solve it.

I feel you, sir.

Scope creep sucks.

USB Host mode

I have had a lot of people email me asking about getting a superphone to use an Ethernet port. (Some have outright accused me of lying; that it can't be done.) There are calls to detail the step-by-step procedure on how to get it done.

I'll be 100% honest with everyone here when I say "I don't remember how I did it." I have been hacking at the thing for so long, I cannot honestly remember which bit of code I slung to get it to work. I can give you a starting point, however. I started this journey here; http://forum.xda-developers.com/showthread.php?t=702742

Here is where you can get the bit of precious that lets you put your desire into USB host mode. This is where you get the ability to attach devices and make the thing run wild. I have a friend with an APad orphan M16. This unit comes with a USB Ethernet dongle that /works/ with its Android. I lifted the drivers from there and with some work got it to work on the Desire. (I required a custom modified USB cable that derived the power from a battery pack.)

The entire project is nowhere near finished and ready. I would not at this time be very interested in attaching my name to it. (El Reg commenttards are notoriously brutal when it comes to any project that isn’t absolutely perfect without any observable flaws. Even then, a dozen or so with start in with the “what’s the point.”) I’m just a sysadmin; not the kind of hardware or software hacker that does really neat things like write Cyanogenmod, cracks a PS3 or creates a one-click jailbreaker for some piece of iTat.

So I politely decline to do the write-up on my efforts; they are at a very early stage…and others within the Android community are much further along. I will leave the interested with some valuable resources that helped me along the way:

http://hackaday.com/2010/06/08/nexus-one-as-usb-host/

http://sven.killig.de/android/N1/2.2/usb_host/

http://groups.google.com/group/android-kernel/browse_thread/thread/c8471573d7553331/a307a4f8f443e9f8

I hope that helps some truly interested soul on his path to hardware hacking glory!

@Henry Wertz 1

You get used to it. After seventy some odd articles I've (finally) learned the truth: there's at least one in every comment thread. Some folks are just contrarian. What makes this particular gripe amusing to me is that I never set out to "coin a term" at all. I see a notable difference between smartphones and superphones in terms of the attack risk they represent. As a systems administrator defending my turf, they are two completely different animals.

Other parts of the internets have been calling these new gizmos "superphones," but it's largely been a marketing term. NO attempts to actually define it have taken place. I figured, "what the hell; I lack a better term for this new class of devices." At least I defined what I believed the term represented. I'll be happy to use a different term if anyone can come up with something better.

The issue I think the commenter takes is that he doesn't believe there is a separation between old-school smartphones and modern superphones. We will have to remain at odds on that, as I must respectfully disagree with him.

@Ammaross Danan

No, not all boards support CMOS reset. There are several available for the paranoid with the batteries soldered on. Specifically so you can't reset them..

Oddly...

I write about the whole superphone-as-cracking-tool not because I think it’s a theoretical exercise worth mental masturbation. I write about this because I have had seven separate incidents in the past month where I have been legitimately called upon to break into someone’s network/local computer and the only tools I had available were my HTC Desire, a MicroUSB cable and my MicroSD to USB adapter.

I threw the USB-to-Ethernet dohicky in there largely because right after I rooted my phone I putzed about with the USB port going “hmm, what can I make this blinking thing do?” I did get it to use a USB Ethernet NIC…with much effort. I have however not been able to get the bloody thing into promiscuous mode. Yet. I do not doubt for an instant that someone with a Nokia device and way more skill has already gotten light years past me on this.

So the risks of superphones aren’t theoretical for me. I’ve had to actually use them in practice.

For all the jokes about paranoia, there actually are out there creepy dudes who have their systems set up to reboot into an infinite DBAN loop based on either remote commands or unauthorised physical entry. I have actually met folks like that. Security is a balance; like hell I'd go that far at my day job. Working at a bank, however...it would be a serious consideration.

The part that hurts is that the paranoid blokes with the e-security fetish that I know are all sysadmins for post-secondary institutions. Faculty admins largely responsible for the client side and a few scattered local file storage systems. Creepy folk. I worry about the kind of mischief some of the sysadmins working in the office right next door could get up to if they so chose. These folks worry about three-letter agencies.

We’re talking people who with a straight face argue that everyone everywhere should be running line-of-business applications from within hidden partitions inside encrypted files residing on a fully encrypted drive whilst forcing encryption upon all web and email services. Forget passwords; they prefer minimum three-factor authentication using a password, physical token and biometrics. For a professor to update a schedule on a bloody secure intranet! That’s paranoid.

I think they’re way, WAY past supergluing the USB ports shut. ;)

You cannot fight a determined attacker with physical access.

...but you can make the bugger work for it.

@Cameron Colley

Complicated.

We have a backup administrative user. The password for which is written down on a piece of paper and kept in a saftey deposit box at the bank that the senior staff have access to if something Really Bad Happens. I believe it's also where critical things like insurance documents and other things required in case of Emergency are kept.

My personal safety deposit box contains my will, insurance information, etc. as well. (Along with whatever bits of precious I own.) Doesn't everyone do this? Banks are kind of paid to take the "physical security" bits off your hands...

CMOS reset.

Not all boards support it. Also; it can take a lot longer to get into a system and do this than you might want to expend. Furthermore, you can always pull out a USB stick and reboot a system you were working on in a flash if someone walks down the hall. Try explaining a disassembled PC away. ;)

I think that CMOS resets are still time consuming enough and awkward-looking enough to be dismissed as a possibility in most situations. The number of folks who know how to toss a Linux distro on their pen drive however are growing…

Indeed!

I find it truly terrifying how few people do this. It seems everyone forgets to set the system to “boot from hard drive only” and then password protect the BIOS. Even those few that password protect the BIOS still seem to leave the things configured to boot “CD-ROM, Removable, Disk, Network.”

I am not saying that a phone pwns everything. I am saying that they are now at least as useful as a netbook or most laptops at getting the job done. Proper security will of course minimise or even eliminate the threat...

...but they are a threat. Exactly as much as someone wandering around your office with an uninspected and uncontrolled Laptop would be.

I agree.

Wonderful bit of security. Pity noone uses it. Would solve a great many attacks. From phones, laptops, you name it!

Funny

My Desire cracks WEP just fine.

Alberta sucks

But at least we're not Ontario.

@jaitcH

No Chinook in Edmonton. Also, Chinooks don't cause rapid temperature changes. They cause a gradual increase that lasts hours before returning to normal.

@ Chris 244

Well, I do drive down to Vancouver once a year. Edmonton --> Prince George --> V-Town --> Cowtown and home again.

Takes a little over a week to do the circut, with only a could of days in V-town and a couple of days in Cowtown to get things done. I do agree however that Edmonton --> Seattle for a big of kit is madness. The fuel alone would be worth more than the gear!

I am not an Apple hater

I simply have requirements Apple refuses to meet. Such as the ability to actually cut down on the number of devices I use. I need to be able to use my tablet as removable storage. I need to be able to carry around more than 64GB of media. (I refuse to cart a laptop with me on vacation for no reason other than to have my library available to sync with iTunes!)

MicroSD cables are /everywhere/. iPad chargers are not. So in short: give me a standard MicroUSB interface, access to the filesystem of my device, and support for removable media, or give me death!

If Apple's iPad 2 has all these things, I'll be the very first person in line. I promise. I'll take pictures.

@JaitcH

My HTC Desire and Blackberry Curve have both preformed admirably from -40c up to 35c. Why can't a tablet do the same?

@Chris Gray1

Yeah, but have you noticed how it's all melting, only to re-freeze tonight? They sent the graders through Beaumaris yesterday, but there's still 15cm of solid black ice on the roads. I've no real yen to see all the snowbanks melt back onto the streets only to add another quarter metre of ice.

Wake me when the snow is not only gone, but the city is significantly less /brown/. As bad as winter is, spring is worse. An entire city covered in sand. Sand and rain and sleet and more sand.

T-180a

I wrecked it in 1.5 hours. Seriously, it didn't even make it through Stargate: Continuum. I was peeved...

Working on it.

Learning German properly takes time.

@Edlem

Until you have to RMA the blighter. Then you're boned. Archos and I are not on speaking terms. *spit*

@Dan 92

I have a Fujitsu P1510d. The articles about that however...well...that's what I'm goign to be heading to the pub to write in about two hours! ;)

Question:

Where did I say that the technology "Flash" was bad? Flash certainly can be content. I loves me my Flash TD as much as the next guy! The point was that having a website with awesome Flash (or HTML5) transitions, animations, menus and intros has ZERO value unless the site actually has content and/or useful functionality.

The article was emphatically not about "the technology "Flash" is bad." It was about the fallacy of the notion current popular amongst web developpers. Namely: form over function.

Seems however that there are many people who are /very/ touchy about the idea that Flash the technology is "bad." It makes me wonder what made them so wound up?

I drive a Scion XB

I think around here it's qualified as "a boxy go-cart with a plastic couch on the front." When >50% of folks in your province drive pickup trucks, (and a Ford F-150 is a "starter" truck,) then yes, a Camry is small. Most people have pickups or SUVs 'round here. People with sedans or smaller are driving small cars.

I drive my little Kleenex box around, with my head touching the roof (46" of headroom, and I still have to bend my neck.) I can tell you that thanks to her low ground clearance and general sub-compact sizing, I am generally terrified all the time whilst driving. everything around me is three times my size. Nobody can see me on the road, their are SITTING at about the same level as my SHOULDERS.

Let me tell you though; when you are toodling around in an F-350 with raised shocks and a big old cowcatcher on the front, you make your own parking spots in the winter. It’s a very Albertan thing to do.

"Discount?"

I am not sure car-parts.com sells anything. At elast to me. (I don't work for a car shop.) I would have to look further, but suspect they only really sell the "service" to car shops who want to register thier inventories online.

Thus: nothing. There's nothing to pay for if you are just a dude searching for a transmission. ;) Although, that brings up a point: I should totally go find out who actually runs that site and let them know I wrote an article. I usually do that after it's published, but I got distracted trying to find a shop here in the city that would actually /install/ the transmission...

@Ian Michael Gumby

Getting the cards in the server seems way cheaper. What I am ordering really isn't that farr off the retail price. Even the local supplier I use for retail gear has a decently low retail price: http://www.cdw.ca/shop/products/Supermicro-SuperServer-6016GT-TF-FM205-no-CPU/2251250.aspx. Remember that you have to add CPUs and RAM to that.

That said, my client has some decent connections, and got a reasonable discount off of what seems to be the Canadian retial price for this gear. Also to be noted is that I don't have any disks in any of these nodes: they load thier OS over the network. It's just board/chips/RAM/GPUs.

@John Smith 19

It's a big converted warehouse sitting on top of a massive concrete slab with a two-story 3500 sq ft basement underneath. Sadly, most of the building is offices and warehousing. The corner of the building I get to work in really isn't that big...but I can punch holes in the wall/roof/floor if I need. I just can’t move walls.

@Clint Sharp

I'm very sorry I didn't make that clearer. That is totally my bad. Even 48GB of RAM is probably excessive for these nodes...but I like to fill all the slots. I guess I forgot that not everyone would realise that the average video rendering box would not make use of 192GB of RAM. It's mostly about the number crunching. They typically crunch work units in the 4-8GB range, though they could get tasked with up to 36GB, depending on the job.

We're doing tests now to see if 10Gig NICs will really speed up overall farm performance, or if it is (as I suspect) going to be bottlenecked by the control software, not the network. Only tests will tell…

@AC

What about when it's +40c? Also, in my experience, servers don't appreciate you directly dumping air at -40c onto them either...

@Ian Michael Gumby

It only seems like a “great deal” if you assume maxed RAM. While the board supports 192GB of RAM, I'm only actually loading the systems out with 48GB. That's 12x 4GB modules, a pair of CPUs, the two GPU cards and the server. You can buy the barebones server with the 2x GPU modules retail for $5700 here in Canada. 48GB of RAM + CPUs aren't less than another grand, retail. Buy a few of them and a discount of $1000 off the retail really isn't that much.

How do you play Crysis

on a Tesla? No outputs! However...that would be one /sexy/ gaming machine if I had a DVI port...

It's an interesting compromise, this GPU processing thing.

If I made some ridiculous uber-machine with quad 12-core CPUs and 8 GPUs it would crunch numbers so fast I'd need a little lie-down. That said, what is the kind of time spend crunching numbers versus chatting with the control server looking for new jobs? Personally, I wish control software were a little bit more dynamic. I would love to have a couple real number-crunching beefcakes for the render jobs that can't quite be broken up as much. The rest could be farmed out to the smaller nodes.

Instead, you need to find a balance between speed of processing, power efficiency, cooling, ability to supply X number of watts to a single system and ability to actually get jobs from the control server. Given that the client uses Lightwave, I've found from testing that 2xCPU and 2xGPU seems to be about the right balance. At the end of the day, the control software just doesn’t seem to be good enough to deal with more.

Yet.

"Who the author [is]"

So...who is the author? Is it someone I should know? There was no "el reg bulletin: new datacenter articles are written by X." I am going to assume the on the article is the name of the author unless told differently. If the name is one I am supposed to recognise as "really big in the industry," then I am afraid they play well outside my pay grade. (Actually, that's evident by the Neat Stuff being discussed."

Also, unless you are Matthew Malthouse, I wasn't talking to you at all in this thread. Are you cyber-stalking my posts in other threads now? I have no idea why you posted "wimp" to this author. I found it bizarre, but figured "meh." Why you felt that my post to Matthew Malthouse was in way directed at you, I have absolutely no idea.

Are you feeling okay, dude?

Also, @Manek Dubash: I am very sorry to admit publicly to not recognising you name. Google came up with a few possibilities in the IT industry…but I must admit to not having heard it before. Please take that not as a slight against your experience, but rather an example of my not playing in quite the same fields as you. I also apologise that thread has somehow grown a “jake vs. Trevor” arm. Not remotely my intention. Keep the fantastic articles coming!

@Matthew Malthouse

I thought it was a great introductory article. It described the guy's basic structure, and left the field open for follow-up articles fleshing out individual elements. Now, I can’t speak for the author – I’ve never talked to him, so I don’t actually know under what constraints he is working – but I know they hold me to between 500 and 750 words.

The long multi-page articles are apparently not nearly as well read as the simple 500-750 word single-page ones. I think you’ll find that even the really experienced authors such as Lewis, Lester and Andrew write more single-page articles than they do multi-pagers. The multi-pagers they do write are hugely in depth and generally very concise. They have had years of writing experience to learn how to hold a reader’s attention long enough to click the button for the next page.

Consider cutting the author a little slack. I’ve read all of his articles so far and I’ve liked every one. He is doing a good job trying to take a very complex topic - “Datacenters In General” - and reduce it to something that individuals who aren’t familiar with it can grasp. He has only written a few articles for El Reg; perhaps he’s even new to being a writer in general. He’s just hitting his stride with his audience, and frankly he’s doing better than I did when I started!

Try ASKING the author for further elaboration on topic areas you prefer. El Reg’s commenttards are notoriously critical; being offensive, rude or demanding will probably just get you ignored by the author. Rightly so, in my opinion. Asking politely however will probably earn you a smile and a mental “hey, thanks for not being a douche.” If he has the leeway to do so within his contract, I’d bet that the “asking politely” bit would then manifest itself in the form of an article diving further in depth on whatever area you wanted more information on.

A great example of how to do it right is given by a couple of the commenters here: http://forums.theregister.co.uk/forum/1/2011/01/10/datacentre_cooling_and_power_constraints/

They asked very politely for further elucidation on specific areas and I am currently have three follow-up articles in draft open on my screen to accommodate them.

Anyways, for my comment to the author:

Manek Dubash: good article, sir! I however have some questions. Perhaps if you have time you could expand upon them for me, please and thank you:

1) You talk about fibre channel as the storage layer, but exclude other technologies such as iSCSI or ATAoE. Any particular reason?

2) Also: you talk about your core network as being “large, high-performance switches consisting of blades plugged into chassis, with each blade providing dozens of ports.” In my setups, I have preferred to go with large numbers of commodity switches that physically break up my subnets and/or physically provide redundant paths. I admit to not having had a datacenter under my care larger than 500 nodes, but I wonder at the reasoning specifically behind “bladed” switches. Is there something about “bladed” switches you feel is inherently superior to standalone stackable switches? (Other than space conservation?) Having not had room to play in a > 500 node datacenter, I am very curious about all the rationale.

Looking forward to the next article!

@ColonelClaw

I can do some of that. The client wants to preserve his anonymity throughout this process. (He doesn't want to give his competitors an edge in any way.) So as such, photographs are out. Design diagrams and floor plans are certainly doable, but only if you are willing to put up with my terrible Visio skills.

As to costs and specifications…some of that should be manageable. I have to ask the guy designing the liquid cooling rig what his thoughts on the whole deal are…but I’ll write up articles on what I can get away with. ;)

Useful info!

Humidity in Central Alberta is roughly 0% - 5% year round. As such, you are quite correct in that it is (in theory) possible to run the whole setup without chillers. Indeed, last year my chillers were only on for 3 weeks of the year. That said, I am unsure that I would ever build a datacenter without adequate chiller capacity. While we do get down to -40 in the winter, we can easily have days of +40 in the summer.

On average, the summer months are 25-30, but the spikes that go up to 40 are enough to drop any datacenter I personally know how to design. (Well, theoretically I could engineer a heat-pump system that would not be a chiller, but I am fairly certain the chillers are actually more power efficient.)

As to hardware meeting ASHRAE specs, I am not 100% sure of that. We whitebox our servers, just as we whitebox our datacenters (and everything else.) It is the reason people call me to do this stuff. Anyone can order a pre-canned (and usually very expensive) server (or even entire datacenter) from a tier 1. Not so many people take the time to look at the available off-the-shelf components from the whitebox world and ask the magical question “what if?” Hewlett Packard can deliver you a datacenter in a sea can that does everything the one I am building will do; tested to meet a dozen different standards and proof against almost anything except a nuclear strike.

I am called in when someone wants to build a datacenter into an awkward space and do it for something like half the cost of a datacenter-in-a-sea-can. (Alternately, if someone wants to make a computer system do something it was not designed to do, I can usually arrange to make it do perform that function anyways.) My partner in crime on most projects – and fellow sysadmin at my day job – is the polar opposite. He is so by-the-book he makes my teeth hurt. He tests everything, checks, re-checks and then does it all over again. Every time I approach a problem from an oblique angle, there he is measuring the angle, documenting and ensuring we have enough backups to survive World War III.

In this case, we are likely going to be using some modified Supermicro servers. (I have a guy working on the liquid cooling systems now.) The issue is the video cards. I just don’t know that I can dissipate the heat off the video cards using forced air at or above 25 degrees C. They crank out stupid wattage, and trying to design this tiny little shoebox datacenter to handle 500 units without chillers is hugely outside my comfort zone.

I will naturally try to design out the need for chillers as much as is humanly possible…but I think I would be a fool not to install enough chiller capacity to completely back up the outside air system as a just-in-case measure. Call it the backup cooling system. After all, what do you do if the primary and secondary fans on the outside air system fail simultaneously?