Feel Smug in...
Oh; I'm All ready smug!
Told you so.
:p
My Gaming PC stayed on 7.
I bet the ability to turn off CEIP will be next to go.
Posts by JEF_UK
26 publicly visible posts • joined 1 Sep 2015
Windows 10 Pro Anniversary Update tweaked to stop you disabling app promos
Sick of storage vendors? Me too. Let's build the darn stuff ourselves
Monday 16th May 2016 19:23 GMT
Re: No one said it was easy but...
So the VM host process can write to two SANS simultaneously? That would be a cool feature and simplify things.
A quick google finds this for VMware:
https://www.vmware.com/pdf/esx_san_cfg_technote.pdf
page 13
"Mirroring
Protection against LUN failure allows applications to survive storage access faults. Mirroring can accomplish that protection. Mirroring designates a second non‐addressable LUN that captures all write operations to the primary LUN. Mirroring provides fault tolerance at the LUN level. LUN mirroring can be implemented at the server, SAN switch, or storage array level."
Everyday is a school day
Monday 16th May 2016 15:12 GMT
No one said it was easy but...
ZFS depends on how you arrange the disks and what your use case is. A single process writing tiny files to a good disk subsystem with good amounts of RAM and a sensible application of compression(yes/no) or de-dupe(yes/no) will suck.
Give it a different task with multiple processes and large reads/Writes and it can shine as It can then leverage all the spindles and break down the writes in to segments and span them.
Its too easy to think "I'll add de-dupe, compression and an L2ARC to make it faster" when in reality you don't have the RAM to store the de-dupe or the meta data. That results in limiting the RAM to not caching but to holding the map for the SSD/de-dupe.
Re article:
About 3 years ago I built a Debian+ZFS+SCST SAN and export LUNS over fibre channel to my VM host and desktop and iSCSI for my living room PVR. All for home.
I've considered a few HA versions of it for it's replacement.
I would need to set-up replication of the files system below SCST and be able to "shoot the other node in the head" I could use CEPH for the replication between nodes with direct infini-band connections.
Then one node would be the primary and one a slave. Using NPIV on the switch to hide this from the clients.
At home I would probably not to duplicate all my disks so would use a shelf with two controllers connected to both fie system heads and import with the F (force) command if a node when down.
As for backup I have another HP micro server with big disks that runs Bacula but to backup the data on my VMs not the SAN.
To do this commercial ask your self.
1. Am I trying to save money?
____To do this well will require good kit and more than one.
2. How long can a recovery of a file system node take/ what is my down time limit.
____Build your solution around this time limit. 0 down time can be done but only with sufficient replicas. Have spares. Use good resilient hardware (dual PSUs hot swap fans) Keep spares. Have a care agreement. That all will impact 1.
Britain is sending a huge nuclear waste shipment to America. Why?
Nvidia's Tesla P100 has 15 billion transistors, 21TFLOPS
Tuesday 5th April 2016 21:22 GMT
Re: how big a psu would one of these need?
Tesla product line is like a quadro with no display output, for the data center.
The Titan is a big geforce, for gaming.
Expect power envelopes to be similar to the last generation, HBM saves power. That means more can be dissipated by the GPU/Core.
I'm Hopping for some Geforce pascal news
edit: apparently the TDP is 300W for the P100
Windows 7's grip on the enterprise desktop is loosening
X-ray scanners, CCTV cams, hefty machinery ... let's play: VNC Roulette!
Clear April 12: Windows, Samba to splat curious 'crucial' Badlock bug
How Microsoft copied malware techniques to make Get Windows 10 the world's PC pest
Thursday 17th March 2016 20:10 GMT
Tip of the Ice burg
There are also a host of other updates that worry me, which introduce some extra telemetry points. Of course in a business with group policy the telemetry/CIEP can be disabled but I've skipped the updates.Then I'm not sure if its the patches mentions or others that create additional scheduled "phone home" tasks.
Personally I don’t like any of that.
Amazon crafts two more voice-controlled gizmos in its Echo chamber
Thursday 3rd March 2016 20:18 GMT
Creepy Tech
I kind of think any "thing" that’s listening to me is creepy....
Unrelated
I have at home some OM2Ps; they are cloud managed Wi-Fi and are OK enough. They have creepy also, they VPN back to base so they can be fixed.
They run on a separate VLAN, with the TV and Blue-ray, and ALCs prohibit them communicating with my desktops etc.
CREEPY....
Baby Ubuntus toddle forth into the big scary world of beta
Thursday 3rd March 2016 19:51 GMT
I’ve found the Intel wireless in my vostro 1500 (aka old) works fine with Intel's firmware added.
Nvidia legacy driver was needed to support my GPU. I did not realise that first time and installed the new one, GRR.
Since I came to Debian from Servers with no GUI I was not hard to grep the faulting module, apt-get purge it and then get the correct one.
I'm going to say I was quite impressed with how much worked on my laptop out the box. Yes OK it's old.
My HP Pro 400 was easy to add, juts add the IP to the printer software and select driver from the list. Yes OK its an expensive printer and works well.
What bugs me? CPU power management and scaling.
Its a PITA to set up and you cannot do it with out being technical.
Institute of Directors: Make broadband speeds 1000x faster than today's puny 2020 target
Reminder: How to get a grip on your files, data that Windows 10 phones home to Microsoft
Wednesday 24th February 2016 10:53 GMT
Windows 7 now just as bad!
Un-used, idle Windows 7 with all new telemetry talks back 4 times per hour.
NOT F**** ACCEPTABLE!
Snort Logs following some of the vortex and settings IPs
Date Pri Proto Class Source SPort Destination DPort SID Description
02/24/16
10:41:45 2 TCP Potentially Bad Traffic 10.10.3.1 5969 191.232.139.253 443 136:1 . (spp_reputation) packets blacklisted
02/24/16
10:41:42 2 TCP Potentially Bad Traffic 10.10.3.1 5968 191.232.139.254 443 136:1 . (spp_reputation) packets blacklisted
02/24/16
10:11:39 2 TCP Potentially Bad Traffic 10.10.3.1 5964 191.232.139.253 443 136:1 . (spp_reputation) packets blacklisted
02/24/16
10:11:36 2 TCP Potentially Bad Traffic 10.10.3.1 5963 191.232.139.254 443 136:1 . (spp_reputation) packets blacklisted
02/24/16
09:26:44 2 TCP Potentially Bad Traffic 10.10.3.1 5934 191.232.139.253 443 136:1 . (spp_reputation) packets blacklisted
02/24/16
09:26:41 2 TCP Potentially Bad Traffic 10.10.3.1 5933 65.55.44.109 443 136:1 . (spp_reputation) packets blacklisted
02/24/16
08:41:43 2 TCP Potentially Bad Traffic 10.10.3.1 5674 191.232.139.253 443 136:1 . (spp_reputation) packets blacklisted
02/24/16
08:41:41 2 TCP Potentially Bad Traffic 10.10.3.1 5673 191.232.139.254 443 136:1 . (spp_reputation) packets blacklisted
02/24/16
08:11:43 2 TCP Potentially Bad Traffic 10.10.3.1 5634 191.232.139.253 443 136:1 . (spp_reputation) packets blacklisted
SNIP
02:11:37 2 TCP Potentially Bad Traffic 10.10.3.1 5471 65.55.44.109 443 136:1 . (spp_reputation) packets blacklisted
02/24/16
01:41:34 2 TCP Potentially Bad Traffic 10.10.3.1 5280 191.232.139.253 443 136:1 . (spp_reputation) packets blacklisted
02/24/16
01:41:32 2 TCP Potentially Bad Traffic 10.10.3.1 5279 191.232.139.254 443 136:1 . (spp_reputation) packets blacklisted
02/24/16
00:56:39 2 TCP Potentially Bad Traffic 10.10.3.1 5209 191.232.139.253 443 136:1 . (spp_reputation) packets blacklisted
Patch ASAP: Tons of Linux apps can be hijacked by evil DNS servers, man-in-the-middle miscreants
Thursday 18th February 2016 13:14 GMT
Question:
Question:
Can vulnerable systems which query a patched system by exploited remotely?
https://www.debian.org/security/2016/dsa-3481
"While it is only necessary to ensure that all processes are not using the old glibc anymore, it is recommended to reboot the machines after applying the security upgrade."
I don't want to reboot one system just yet.
US government's $6bn super firewall doesn't even monitor web traffic
Monday 1st February 2016 22:28 GMT 
SNORT?
Isn't there a CAPEX rule that says
"Is there a COTS solution?"
Hasn't this been done?
I mean; "Really" done?
I mean; Have I been hallucinating?
Perhaps this http://archive.oreilly.com/pub/h/1393 page does not exist and I've not made my own rules?
It's a bit harder to have a good fully working SSL bump to get all HTML but really just buy some pfSense boxes and be done with it.
Pay for the support too. They will need it.
still have change for a Mars base...
It's 50/50 FAIL/WTF
How to help a user who can't find the Start button or the keyboard?
Friday 22nd January 2016 11:37 GMT
Clue-less
I've had similar calls at my last job which usually started with me yelling at my "team" to answer the F-ing phones, I pick up the phone and deal with an irate customer, in one extreme case about there "internet" not working on the PC but OK on "eye-patch".
I ask why they are calling from a mobile, with bad signal....
Turns out the ipad has 3G and they canceled there phone line.
There is no excuse for being this utterly clueless in 2015.
No escape: Microsoft injects 'Get Windows 10' nagware into biz PCs
Thursday 14th January 2016 09:41 GMT
I'm monitoring a patched win 7 machine in my malware environment.
This is windows 7 not 10, is not being used; Just sitting idle.
Domain name--------------------------number of lookup
settings-win.data.microsoft.com ______ 76
vortex-win.data.microsoft.com ________62
telecommand.telemetry.microsoft.com __ 4
It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.
Facebook wants a kinder, gentler end for SHA-1
Cryptowall 4.0: Update makes world's worst ransomware worse still
Monday 9th November 2015 11:21 GMT
Backups? Check them!
Where I worked I saw similar/v3? on two networks at companies. ( + many home users)
Any suspect PC was formatted server in to ours ( in same town.) blast away "Data" partition;
Restore backup; Server back on site at 8 am next day.
I get paid and paid again to implement what I had advised.
Some one will say "you cant take a server out how can anyone work!"
Eh.... no one could work?
One company had not had any backup 2 months prior when i started their IT support.They swapped the USB disk... both were dead.
How do you prevent this? Policies!
I'm blocking PE files at the perimeter to most desktops. I'm SSL bumping EXCLUDING the bank(s) used. scanning all with inline AV. Email goes through "cloud" spam/virus service, on box AV before getting to an exchange server with suitable AV and policy's. User gets a email (normally they don't understand) and call up
"You revived an attachment from 'blod@place.com' the attachment was rejected, they have been contacted automatically but you are advised to contact this person.
The original email is attached."
Email servers can exclude zip and EVERY vector I'v seen has been in a zip. Yeah its a bit of a pain what IS worse?
Also only PCs I have seen any crypto ransom-ware on run "not an AV" MSE. That's a swear word.
Licence to snoop: Ipso facto, crypto embargo? Draft Investigatory Powers bill lands
Thursday 5th November 2015 01:11 GMT 
DNS Encryption / Won't someone think of the children / My own logs
Withdrawn and reposted because grammar is the difference between knowing your shit and knowing you're shit!
If you encrypt DNS (DNSCrypt) but don't VPN "they" can still log IP source and destination running through the {compromised} network.
As a result you visit a website called 'totally-nice-nothing-bad-here.net' to look nice pictures of spring; or do something agreeable capitalist; which is hosted on the same server/IP as 'dirty-goat-fielder.xxx'.
They log the IP and arrest you?
But OpenDNS/Cisco will cooperate with the authorities and get you off?
Or you're a nasty young-goat-fiddler and deserve it?
Personaly
I'm not sure I care but I'm going to dam make sure I can keep my own logs.
I'm already blocking lots of junk by sink-holing DNS on my own server.
I'm already running SSL_Bump interception and proxy; Snort with IDS/IPS Capabilities and ICAP/AV
I'm already able to log all DNS requests.
Now I need to ensure I can prove logs are not doctored. ZFS and snap shots? I've 24 TB
Windows 10 growth stalls during October
Monday 2nd November 2015 13:56 GMT 
stats :(
Having Sink-Holed DNS and Fire-Walled most tracking junk on the internet at the perimeter I don't show on their statistics (lies for short) I would expect many other techies know more than me.
(real) Techies use Linux
Therefore Linux usage is in fact much higher than all windows combined.
posting from a Windows 7 PC
AdBlock blocker biz bought
Sunday 4th October 2015 06:56 GMT
I paid for AB!
I paid for Add Block, I've oped out of acceptable.
I have a 30GB limit on my joke "broadband"( 2Mbs^-1) so I'm intolerant of junk. Even here and your probably one of the places I might consider white-listing.
I've been building up DNS list for the things that got through AB for a while, Been using OpenDNS (now Cisco ( ugh?* ) for years as I expect most of you use the reliable 8.8.8.8 for more than just a ping test...
https://xkcd.com/1361/
*as the ugh implies it may be time to look and see if the openNIC DNS servers can do what I want https://www.opennicproject.org/ I.E. Block things at the DNS level.
Alternative is to create my own. I've ran a DNS server for <2000 domains as part of our Linux hosting.
Create zone&entry in zones.master for DNS record/zone I want to block and point it at a blocked message page so I don't have to wait for time outs.
Then use root hints for anything 'I'm not_"Authoritative" ;)' for.
Next when they are wise to that I guess we start to see add servers lined by IP, then I have to use either routes or ACLs and wait for the time outs.
Biting the hand that feeds IT
