* Posts by mikie

21 publicly visible posts • joined 18 Nov 2010

Wowee. Look at this server. Definitely keep critical data in there. Yup

mikie

Canary Tokens

yay honeypots with extra attack surface :)

Why not use canary tokens from Thinkst - they are free, their hardware honeypots are excellent and also proven through extensive use as well.

We really need to stop re-inventing the wheel over and over again.

Sigfox doesn't do IP and is therefore secure, says UK IoT network operator

mikie
FAIL

hahahaha

-we coded our own network stack

This is going to go so well and will be so horrible.

At least attacks on IP have been enumerated over the years.

I look forward to the Sigfox posts on full-disclosure.

Remote unauthenticated OS re-install is a feature, not a bug, says Cisco

mikie

Re: Not so smart...

They do know better!

Cisco switches are not bought by klooless home users. They are bought and installed by people who are allegedly IT professionals.

If IT "professionals" leave kit behind with open access from the internet and no control plane policing then they are not very professional.

IT as a profession is like medicine was 300 years ago. Too many idiots that really don't know what they are doing but who call themselves "IT professionals" and charge accordingly.

Snowden files confirm Shadow Brokers spilled NSA's Equation Group spy tools over the web

mikie
Stop

Re: Networking hardware vendors.

hahahahahahahaha

Infusion pumps are spectacularly rubbish in terms of security. All the medical stuff is utterly godawful and has been for years.

Car companies are having their "industry meets hackers" moment so will improve.

Medical suppliers haven't really had that yet, especially now that Barnaby Jack has gone.

Lincolnshire council shuts down all IT after alleged 0-day breach

mikie

0day

It wont be 0day

just not detected by our av-day

i suspect that they aren't the only public sector org with malware loose on their networks

has anyone checked again to see if the subdomains of nhs.uk are still doing drive-bys?

HOLD IT! Last minute gifts for one's nerd minions

mikie

coffee in the UK

HR Higgins (www.hrhiggins.co.uk) are excellent purveyors of the sacred bean in the UK

Men who sleep with lots of women lessen risk of prostate cancer

mikie
WTF?

Re: Strange correlations

My favourite one was:

too high cholesterol - more likely to have heart attack

too low cholesterol - more likely to suffer death through violence

that one stayed about in the literature for quite a while

Lies, damn pies and obesity statistics: We're NOT a nation of fatties

mikie

seems to be a hot topic

probably because of the number of us having to sit in front of a screen for our day jobs

anyhoo

BMI is p flawed if you are tall

Body Adipose Index might be more useful but needs further study to see if it lines up with predictions of morbidity.

but in the end it is very simple

calories in < calories out to lose weight

better to increase your output and find a way to break the "cycle of sitting"

I got an australian shepherd dog (laid back collie) that needs walked twice a day, that and not eating my "bliss point treat" in the weekend evenings got me from 112kg to 90kg and a 38" waist to a 34" in about 12 months.

I now combine it with some really simple core exercises that i can do in front of the TV at night and swimming lengths when the kids are getting their swimming lessons rather than sitting in the cafe.

I would really like a standing desk + a low speed treadmill.

The faecal transplant stuff is another expression of the "there must be a way of solving this that doesn't involve me actually doing anything"

Your gut flora changes significantly with any alteration in diet (why wouldnt it) and the only studies done in humans were based on torturing one guy in Japan.

-good treament for C. Diff. infection though

And finally

As the HSE statistics say the above in the OP then they (like many many many national statistics) are frighteningly wrong.

cf 100% self-reported handwashing compliance statistics in the NHS along with a concomitant explosion in nosocomial infection due in a large part to poor handwashing.

The pressure for people to underreport has increased with time as it becomes less acceptable to be overweight.

Better to look at something less open to bias like type 2 diabetes rates/alzheimer's/heart disease (increasing against a background of smoking numbers going down) etc

EVIL patent TROLLS poised to attack OpenStack, says Linux protection squad

mikie

Heard Keith speak

at a meeting at Glasgow last week where he was excellent.

I would be inclined to listen to anything that he says and take it p seriously.

If he is warning that openStack is potentially at risk then it kinda is.

He didn't strike me as me the type that would waste his time trying to drum up publicity, the OIN is a bit too busy being the only good guys in a patently (ha!) broken system for that.

Sir Maurice Wilkes centenary - 'Flash-Gordon' tech

mikie
Thumb Up

valves!

I built an audio workstation a decade ago using this:

http://global.aopen.com/products_detail.aspx?auno=53

best onboard audio I ever heard

Maggie Thatcher: The Iron Lady who saved us from drab Post Office mobes

mikie
Meh

is this the same

Maggie that withdrew research funding for the National Fibre-optic network from BT and Mercury in 1988 because of over-zealous neo-liberalist ideaology and an infatuation with telewest etc.

If so then tell me again why it is that she helped innovation

'We are screwed!' Fonts eat a bullet in Microsoft security patch

mikie
FAIL

font engine in kernel

wtf?

priv esc in win2012 using a font?

HP hardens switches to juggle myriad virty networks

mikie

OTV

would be the Cisco method of connecting distributed datacentres.

Also i thought that vMotion was a bit latency sensitive with <~10ms being the limit.

Bromium twists chip virty circuits to secure PCs and servers

mikie

sounds like

SELinux crossed with minix's treatment of userspace

Microsoft code not the security sieve sysadmins should be worried about

mikie
Happy

not necessarily

i agree if you wanted to use fedora for your desktop but you just wouldn't in an enterprise environment .I have been happily using CentOS 5 (5.0 to 5.7, gotta update to stay safe) for *years* on the desktop (the conf files haven't changed location in all that time and it has all "just worked"), now migrating to CentOS 6 (6.2) and based on what is happening in fedora I am really looking forward to RHEL/CentOS 7 when it comes out the door.

We use CentOS because we can support it, for those without internal support RedHat will provide that.

Compared to being stuck on XP with no hope of upgrading either because of a lack of Win7 drivers for old hardware or the boxen being "too slow" - forklift upgrade...in this economic climate - I'll take linux on the desktop today.

Other than games i don't see why anyone would want to stay with windows.

If you have business apps that need XP then use your current licences to run an XP virtual machine and then at least your host OS will be update-able after XP goes EOL. After all Vt-x has been around since 2005.

mikie
Linux

if only

there was an alternative system, like an OS that had all the software packages within a some form of ...oh let's call it "a repository" which would allow you to update your desktops and servers in a planned manner having first gone through some sort of change control process first. Maybe where you could find alternatives like xPDF/Evince or OpenJDK, maybe where the underlying OS would be supported for 10 years with security backports, didn't demand hardware refreshes every 3 years, didn't seem to have problems with cruft requiring reinstallation and had proper privilege separation.

If only...

VMware, Cisco stretch virtual LANs across the heavens

mikie

er

yes and no. The point of this (and it sounds like it involves LISP) is that you shouldn't have to change the IGP database or cause any churn of your routing protocol to move a host around your network when you can just tunnel then shift the traffic to the host address.

The big change is that for years we have been told that tunnels are not the way but now it seems they are :)

Network switching is having a light bulb moment

mikie

it's the virtualisation!

A single server probably doesn't need 10Gbps but a physical server with many virtual servers might, then try using vMotion to shift a loaded virtual server to another box with more capacity whilst it is running with traffic "tromboning" thru the original host until the switches all update their FIBs. That will be the driver for faster links.

Was slightly disappointed to see no mention of Juniper's Q-fabric in the article which uses a CLOS non-blocking network in the core to allow full capactiy for any TOR switch to another and which is apparently in production with some of their customers now.

Exciting times

Let's talk about OpenFlow

mikie
Thumb Up

actually

this has the possibility of creating a paradigm shift in networking technology especially in the data centre. There is a really good discussion about it in episode 40 of the (excellent) packetpushers podcast.

When tuning the server, don't forget the network

mikie

VMWare

uses mac-in-mac that kinda needs to be in layer 2.

Use of IS-IS (underlying protocol for TRILL) makes sense for this but the movement away from traditional 3 layer enterprise model is probably going to happen at somepoint, irrespective of whether it is TRILL or SPB or QFabric. Maybe we will all move towards controller based networking for guided wave as well as wireless in the next 5 years.

I do worry about massive fault domains though.

An interesting point about 40Gb/100Gb links is that they will have to use MPO and custom leads (OM4 IIRC) so if you are designing a DC now then don't over specify your fibre requirements just in case as none of it will work with the coming standards.

A young and pretty Linux server OS that takes a bit of work

mikie
WTF?

update-reboot-update

when did that start on CentOS

you can go from 5.0 to 5.5 current in one iteration of yum update & reboot

I don't think i have ever had to update then reboot and update and i have been running CentOS servers for years