* Posts by thebertster

6 publicly visible posts • joined 26 Jul 2012

Lenovo: We SWEAR we're done with bloatware, adware and scumware

thebertster

Call me a horrendous cynic, but I don't think you could call it a "clean operating system install" if they're still pre-installing "software required to make the hardware work well", "security software" and "Lenovo applications".

That could include the standard Symantec/McAfee "anti-virus" trial along with hundreds of pop-up nag screens begging you to pay, "intelligent connection manager" software that completely breaks normal operation of the Windows wireless LAN stack, update software that reinstalls all things you've deliberately uninstalled etc. etc. That's still a heck of a lot of bloatware in my book.

MEPs want 'unbiased search', whatever that is – they're not sure either

thebertster

Where can I sign up for an e-mail account?

Just an observation in response to @oninoshiko:

Right now, if I actually search Google for the phrase you suggested in your comment, Microsoft and Hushmail are the top results (depending on whether you spell "e-mail" with a hyphen or not). GMail (well Google account signup) is fourth or fifth. That's in the actual search results. The right-hand ads sidebar has GMail at the top...but that is not the search result.

Bing gives the same results (Microsoft top of the search list, Google top in the ads list and third in the actual search results).

Yahoo! pretty much the same.

DuckDuckGo also has Microsoft at the top, but in the guise of a "for dummies" guide to creating an e-mail account. The actual Microsoft sign-up page is third and the Google account sign-up page is the 22nd result (which makes me wonder if there is a negative bias going on with those guys).

So that's convinced me. Microsoft is clearly the best place to sign up for an e-mail account!

I'm convinced. I'm going to sign up for a Microsoft account; four search engines can't be wrong. MEPs on the other hand can be VERY wrong.

Walking in a WiFi wonderland

thebertster

Re: Virtualisation

Much more than just VLANs. The network uses Shortest Path Bridging (Avaya's marketing team call it FabricConnect) to provide a backbone with no blocked links anywhere, traffic balanced across available shortest paths and failover and failback on the order of tens of milliseconds. VLANs are only implemented at the very edge of the network to provide access.

There is some pretty funky stuff going on here; the IP multicast video feeds can be picked up anywhere on the fabric without any traditional multicast routing protocol (i.e. PIM) - FabricConnect handles multicast natively with traffic taking the shortest part from a source to receivers (in fact, unicast forwarding is basically treated as just a special case of multicast with one sender and one receiver). No rendezvous points, no unicast encapsulation, no duplication of traffic. Streams set up and tear down almost instantly.

In addition to the IPTV feeds, the fabric can also handle many-to-one multicast (which PIM is very bad at doing in a scalable way) for things like CCTV feeds. When you see a hundred CCTV feeds flick on in a fraction of a second, it's very impressive compared with a PIM network where the feeds come in one at a time over tens of seconds because of the inefficiency of the protocol.

I've deployed a few SPB networks now - it's almost boring how simple it is to configure and how well it works.

Aha, I see you switched on your mobile Wi-Fi. YOU FOOL!

thebertster

Re: NOT only Open Networks

WPA/WPA2-Enterprise is vulnerable to this kind of attack if the client is not properly configured. Assuming you are using a sensible EAP type (e.g. EAP-TLS, PEAP-EAP-TLS, PEAP-EAP-MSCHAPv2) you will have some form of mutual authentication. A bogus RADIUS server can very easily accept any connection, however the client should only connect to the network once it has confirmed that the SSL certificate that the RADIUS server has provided is signed by the expected certificate authority. In an Enterprise, this would normally by an Enterprise CA, but it could be signed by a public trusted CA so the client can and should also validate that the common name in the RADIUS server's certificate matches what it expects.

The problem is that a lot of people who are unclear on how SSL/TLS works (or are lazy) go and disable this validation in the connection settings for the SSID because it's easier than all that tedious faffing about with CA certificates and heck, we just want to get the device connected, right? It's scary how many "idiot's guides to WPA Enterprise" actually tell you to turn that check off!

For laptops that are members of an AD domain, the administrator can force the correct settings via Group Policy (and prevent the user from modifying them). For mobile devices, it is not so easy to enforce.

Combine this with the PNL implementation issues or hiding the SSID (yes, people still do this!) and your client will sit there sending probes out advertising "please can I connect to this SSID, please, pretty please" - practically a hacker's charter.

To what extent is this actually going on in the real world...very difficult to quantify.

Ethernet switch pitch less of a b*tch as 2012 comes to a close

thebertster
Go

It's all about the east-west

For the first time in a long time, there is starting to be a bit of buzz about the Ethernet switching market. Whatever your views on Ethernet as a technology (there are few other examples in IT of something as long-lived as Ethernet has been), we are starting to see some genuine innovation driving radical re-thinks of how Ethernet fits in a modern Enterprise.

It's definitely right to point out that the drive to 10 gig is not just about more bandwidth. Reduced latency is a massive benefit, especially for the transactional east-west traffic flows which we are increasingly seeing within data centre environments (due to application "fan out" from single user request to peer systems to pull in data from disparate sources relevant to that user request, amongst other trends). This change in traffic flows should be driving some redesign in data centre topologies; the tiered "top-of-rack" to "end-of-row" to "core" topology that some switch vendors continue to advocate (as it drives sales of the cash cow modular switch systems) stymies these kind of east-west traffic flows.

In the data centre, new tin is a by-product both of the drive to greater 10 gig densities and higher and a change in best-practice as far as data centre design goes. Fabric technologies such as Shortest Path Bridging (SPB) or FabricPath should be driving re-thinks in design, away from end-of-rack aggregation to meshes of interconnected, lower-cost top-of-rack systems that optimise the forwarding of layer-2 and layer-3 traffic between racks, rows and even data centres. This becomes even more relevant as the server guys push the network guys to support things like VXLAN - SPB in particular is suited to providing the scalable multicast environment that VXLAN requires; one of the many reasons why Avaya, Alcatel-Lucent, Huawei and others have gone down this route rather than the proprietary alternatives.

Moderately interesting times :)

Alcatel Lucent axes 5,000 staff, takes right shoeing from rivals

thebertster
Headmaster

Re: Anyone else noticed....

While the optical side of Nortel was sold to Ciena, the Enterprise data part which is the bulk of the heritage of the Synoptics/Wellfleet/Bay equipment (Chassis-based and stackable Ethernet Routing and Switching) was part of the (still profitable in and of itself at the time) NES business unit bought by Avaya who are actually investing in this part of the business and coming up with some pretty nice products again after years of being starved of R&D funds due to the financial situation of the wider Nortel. There's still a sizable and loyal install base and the product quality and innovation is back on track...so maybe we shouldn't completely write it off yet!