* Posts by kosh

61 posts • joined 9 Apr 2011


systemd-free Devuan Linux hits version 1.0.0


Re: It's not infighting

That's usage share, not market share. Markets are measured in dollars. IIS is light years ahead of Nginx in that regard.

NB: There are revenues due to Apache, flowing to IBM and Oracle for their repackaging of it, but we don't have hard data.

UKCloud: We ARE cheaper than Microsoft or AWS online storage


They have two but their standard product doesn't actually do any cross-site replication. For that, you pay extra (!).

There's no triple-site replication like S3, and there is no durability SLA.

Hansford may be conning the gullible schmoes of the public sector, but the rest of us aren't fooled.

FreeBSD 11.0 lands, with security fixes to FreeBSD 11.0


Re: Why the torrent hate?

You're mistaking hate for indifference.

If you have such a lousy 'net connection, why aren't you using a download manager? It'll make life much more bearable. And use a local mirror. https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html

You'll find this a more productive solution than complaining on the Internet.

Hi, um, hello, US tech giants. Mind, um, mind adding backdoors to that crypto? – UK govt


Tech companies not required.

We don't actually need tech companies at all for messaging. Why harp on about Apple and WhatsApp? Just use a distributed/federated protocol, like XMPP with OTR or whatever you need. The tools already exist for strongly encrypted, decentralised anonymous communication.

VMware hyper-converge means we don't need no STEENKIN' OS...


Of course VMware would much rather you used their storage management and got all nicely locked into their volume formats at so forth.

Because why would you want to use anything native to your storage array? What do you mean, "some of your stuff isn't in VMDKs" ? I hope you don't use bare metal servers. Please call our sales staff immediately.

Acorn founder: SIXTH WAVE of tech will wash away Apple, Intel


I think it's great that he's found something to fall back on after professional cycling.

AppFog PaaS drops Rackspace IaaS


fact checking much

Engine Yard already deploys on the Terremark cloud as well as the Amazon cloud.

Amazon, eBay, banks snub anti-fraud DNS tech, sniff securo bods



This is crap. Not only have Paypal signed their domain, but they also defer email for you if your domain signatures don't validate.

Are Paypal not a "big e-commerce site"? I guess not if you're Secure64 pulling a marketing angle for credulous journalists. But they handle most of the payments for eBay, which is the big name trumpeted in this article. So, er ... oops.

Hint: querying PR flacks isn't "checking the facts".

Google+ dying on its arse – shock new poll


Wasn't federated

Needed to be a distributed federation (a la email or xmpp) to kill facebook. But then Google wouldn't control the data, and we can't have google without big data, can we?

On the bright side, this post prompted my monthly visit to G+.

On the downside, I find myself actively avoiding posting, since the death spiral means I'll just end up having to rescue the content later.

Boffins: SOPA breaks DNSSEC, and won’t work anyway


I use DNSSEC all the time, for distribution of my ssh keys.

If you visit https://dnssec.imperialviolet.org/ with Chrome then you have also just used a DNSSEC chain of trust to validate the hash of a SSL certificate.


This attack is prevented by DNSSEC chains of trust. Just because Verisign sign the root and .com, doesn't mean they can undetectably fake a response from further down the tree, because they don't have the keys for that.

They could sign a false delegation, in which case it would be instantly detectable because it wouldn't match any other published delegation data.

You could execute this attack on a single target, assuming you can sit inline with their IP transit and spoof DNS responses from the listed nameserver, but that isn't SOPA.

Finally, no-one owns the root key. You should take a look at the root signing ceremony. That's quite of list of people you'll have to compromise. Have fun working out how to hack it.

Mysterious sat-pic China desert markings - EXPLAINED


It's a map of central <major western industrial city>.

Why your tech CV sucks


Yeah, same.

Probably troll, though. I have met recruiters this arrogant, but they're not this eloquent.

There are two messages in this pieces:

1. Write your CV with the audience in mind.

2. Hire direct (as I do, using my network) - recruitment agents add no value.

However, it doesn't need this many words to deliver, and the attitude dulls the edge rather than driving it home.

‘Want to be more secure? Don’t be stupid’ redux


> "I know nothing about computer security or administration."

This means you are already ideally qualified to become a high-paid government IT security consultant.


Don't be silly

Those four things look like processes to me. What an absurd notion. Everyone knows that security is a product, not a process. Now buy this firewall. It'll put security in your network. Honest.

(At least) 4 web authentication authorities breached since June


You've missed the point in a rush to be negative.

I didn't suggest including certificates in DNS. The suggestion is to include a hash of an existing certificate in DNS, then sign the hash, to provide an additional avenue of verification.

Your point is also made by Marlinspike but he then goes to on to promote Convergence as the dynamic, personal-choice layer (using notaries) building atop multiple functional trust layers. And this DNSSEC mechanism is actually one of them, and he even suggests it in the Convergence talk.

You've also taken the client-side perspective. From a server operator point of view, clients using DNSSEC protects you against *everyone who isn't Verisign* from issuing certificates in your name. No wonder Google are interested (see DNSSEC stapled certs in latest versions of Chrome).

Finally, DNSSEC supports DLV if you don't trust the root. In other words, it already has look-aside notaries.


There is a solution pending, sort of.

We can't fix the burgeoning sprawl of CAs -that horse has already bolted.

However we can create a second validation of every certificate via DNSSEC, which means a counterfeit cert becomes detectable by failing a positive check. This is better and easier than the negative OCSP revocation checking that we currently do, or at least it will be when everyone's recursive resolver supports DNSSEC.

Unfortunately the IETF has two groups (DANE and PKIX) both working on this in parallel and there is not yet clarity over which DNS record to use or how. However, the DANE group has just published their scope RFC (http://www.rfc-editor.org/rfc/rfc6394.txt). So there is progress.

Facebook comes out swinging


Any legitimate trial form may be used in a Shadow Proclamation hearing.

Googler squeals: 'We don't get platforms'



Who amongst us hasn't used "Oops I hit reply-all by mistake" as a cover story for a good broadcast rant?

Gay-bashing cult plans picket of Steve Jobs funeral


It's just stats

With a sufficient large population, every normal distribution will exhibit outliers.

The only way to reduce their extremity is to reduce the overall deviation, also pronounced "dictatorship".

Advice: Just ignore the trolls and/or counterprotest. They're not going away.

FalconStor founder found dead

Thumb Down

Yes the man needed counselling and love, but it's a squalid proselytizer indeed that suggests someone's lifetime nadir is the right moment to indoctrinate them in a belief system. Have you considered joining Scientology?

VMware 'to work with just five storage companies'

Thumb Down

oh for heaven's sake

Having reinvented the operating system (without the rich capabilities) and having reinvented the routing protocol (with less scalability), VMware now want to reinvent the file system.

Get stuffed.

Oracle uncloaks 'speedier' MySQL installer for Windows



At the risk of replying to a fourteen-year-old troll, I have to say it's none of the above. Get into the 21st century, guys. The best available web stack is BNUP (BSD, unicorn, nginx, postgresql).


meanwhile ...

In the real world that doesn't need or want to bend over for larry, we're all quietly switching over to postgresql.

VMware, Cisco stretch virtual LANs across the heavens



Not only have I read the specification but by referring to it as "tunneling" I am quoting it. You can't split the difference between tunnels and encapsulation; the latter is simply the wire format of the former concept.

The truth of the matter is, a man was once faced with problem. A network that wasn't quite numbered how he liked it for a clean topological separation. "I know," he said, "I'll use a dynamic mesh of self-discovering tunnels". Now he had two problems.


and next...

Soon enough you need a distributed protocol for managing your tunnels. And no doubt that tunnel creates a FIB entry and an adjacency table entry. Thus reinventing the IGP.

It's so easy to advertise a host route, so why not just do that?



So it's a tunnel with an access list.

Seriously, guys, please stop reinventing the wheel just because you don't know how to use dynamic routing protocols.

I'm looking at you especially VMware. Your complicit partner Cisco should damn well know better.

IDC numbers show chink in NetApp wall


no longer recommending netapp

Having done so frequently in the past, I am not currently recommending NetApp to my consulting clients; for three reasons:

1. They've totally dropped the ball on delivering the shared-nothing cluster capability in OnTAP 8.x. It is way behind schedule and the release is looking half-baked. Whether the development group has run into insurmountable technical difficulties, lost some key talent, or suffered from BigCo processes (rather than being allowed to innovate like a startup) I cannot say but I fear a mix of all three.

2. The management UI has always been crap and despite repeated promises to develop a high-quality modular interface, it remains crap. I think they hired too many developers with a Java Enterprise background. Oops.

3. Even with VAAI the integration with VMware remains saddening. It's so easy to imagine array-assisted snapshot/clone integration for zero-copy backups & VM management. The prospect remains unfulfilled, unlike in Citrix/Xen land. VMware shares the blame for this but with the HQs twenty minutes apart I remain unimpressed by VAAI.

Alone I guess my recommendations haven't contributed more than a few $m to NetApp's net worth, but other like-minded infrastructure consultants may be expressing similar concerns.

Accenture and Telstra open cloud lab


Enterprise horrors.

I'm trying to think of two companies I'd less like to do business with again.

Telstra, who I have repeatedly seen bring their toxic internal culture to customer engagements from $5m to $50m. Accenture, the team that taught me the phrase "justifiable non-delivery".

I wouldn't touch this unholy marriage with a ten-foot barge pole.

Google+ bans real name under ‘Real Names’ policy


Falsehoods Programmers Believe About Names

Google are becoming the Enron of online services - arrogant enough to believe they are the smartest guys in the room, but actually not.


Accenture closes in on Aus government e-health tender



So it's going to another overpriced enterprise bigcorp catastrophe.

Accenture - the team that brought you the phrase "Justifiable non-delivery".

When are people going to learn that the consulting IT giants are only in it to do the minimum amount of work for the maximum amount of money?

Peaches Geldof explains Kubrick's 2001



and I thought *I* was being hard on Lester.



She has it pretty close to accurate and without sounding like an idiot pseud.

Perhaps Lester should stick to the Swedish masturbation stories - definitely more his level.

Network switches look different in the cloud


Layer 2 is a horrible solution.

Article is pandering to switch vendor marketing without any critical thinking.

Article is downright wrong.

Flat layer 2 networks have horrible scaling, security, managability and reliability characteristics, all of which get solved by layer 3 segmentation. Not by reinventing the layer 3 wheel at layer 2 (c.f TRILL and other half-arsed horrors)

Apple Mac OS X 10.7 Lion Part One

Thumb Down

Crap review

Not sure the reviewer is competent enough to write a technical review. I'm no OSX ninja but it took me all of five seconds to google how to do a reinstall of lion (hint: command-R whilst rebooting).

Thumb Down

wifi issues

There's a lot of chatter on the Apple support forums about severe wifi performance issues, and I can confirm them. Apple handled the iPhone 4's signal issues really, really badly. Wonder if they'll do better this time?

Oracle buys Ksplice



Just because your virtual OS is running as a VM doesn't mean you don't have to reboot it. A great many applications are still very stateful - you can't just pull a host out of a pool.

Moreover, if you are selling shell logins or zones then live kernel patching is a great thing to have.

Of course, rootkits have been doing this for donkeys

Apple annihilates Wall Street performance estimates



I am intrigued by your ideas and would like to subscribe to your newsletter.

Google's Facebook: It rocks, but who cares?


it's true

There's no chance that G+ could replace Facebook. That would be like Facebook replacing Myspace, or Orkut.

Unthinkable. Could never happen.

VMware whitewashes self in open source


The cloud vision

Let me get this right. VMware's vision of the future is to have a database, an app server, a message queue and so forth, all running on top of a "hypervisor" that mediates shared disk, memory, cpu resources?

Can anybody remember what the definition of "multi-tasking operating system" was?

D'oh, because we're reinventing the wheel.

Can virtualisation rejuvenate your old servers?



all of those benefits flow from using shared storage and a multi-tasking operating system. none of them are really attributable to virtualization.

Microsoft pounces as Mozilla shuns enterprise



Apple lack a long-tail support cycle too, which is a barrier to enterprise adoption.

Telstra, Optus expand filter list


As everyone who deals with them knows...

Telstra or Optus. Your choice: between hopeless and useless.

World braces for domain name EXPLOSION



ICANN is a laughing stock. Without efficient hierarchy, the DNS loses all relevance as a discovery & naming scheme. The only beneficiary here is ICANN; everyone else suffers from confusion, cost, and in the long term a grossly polluted namespace.

Upstairs, downstairs: IT goes into service


The failure of chargebacks

If a business owner can just finding cheaper hosting elsewhere, they will. The resulting feral IT is wholly uncoordinated with other systems.

The result: fragmented services that don't integrate or interoperate.

So don't take on pay-as-you-go scheme. You can still pinpoint inefficient users through cost reporting.

Apple iMac 27in


I buy Macs because

... They look good in my house

... I'm a UNIX hacker and this is the best desktop *nix by far

... I can afford them

... I can still use Windows apps if necessary. Bootcamp, Crossover, Fusion, Citrix, View depending on where I am.

I dream of being able to justify them in the enterprise, but Apple's entire operational strategy is geared against that (even with the chunky discounts and embedded support guy they offered me on the quiet). They remain harder to integrate and manage en masse vs PC clients, and there's no line of DC-grade servers.

LulzSec hacks EVE Online as rampage goes on


au contraire

How is that "bad at security"? Bad at security would've been leaving the vulnerable forum code running.

It's not wrong to be vulnerable - all systems are. What's wrong is allowing glaring problems to fester.

I'd hate to be CCP. Browsing the forums reveals they have some of the most awful, ungrateful, childish, self-serving customers. Add in that EVE is a haven for real-money-traded russian & chinese goldfarming, and I'm not surprised they get owned, and quickly how la.

A sysadmin's top ten tales of woe


Backups, db sync ...

modern data protection doesn't use backups or database sync, it takes single-instance archive snapshots.

El Reg guide to the Private Cloud


Cloud schmloud

It's an over-engineered mess. The cloud: a way to abstract DC resources and run multiple applications across an arbitrary cluster of hosts.

So, uh, like processes running on a kernel.

Virtualization solves a problem only Windows ever had: software co-existence. But not even DLL Hell is a problem anymore.

So why do the likes of BNP rate it a success?

1. The provisioning tools are really simple (this is why VMware beat Xen), and

2. It is really easy to describe to CIOs whose last hands-on was with COBOL.

As for chargebacks, the psychology and economics are disastrous. Shame on the register for even suggesting that internal markets are a solution, not a problem.

A cloud hangs over the sysadmin


Hiring policy

So we should hire for versatility and imagination, not certification.

This is as true now as it has been for the last forty years. The "cloud" is irrelevant. Indeed the so-called cloud is not a new computing model either. It's just bureau computing, rehashed with a better abstracted data model and horizontal rather than vertical scaling.



Biting the hand that feeds IT © 1998–2022