Posts

it’s better not to know, how thick the wall is. you may have too short run. anonymous

quite recently i described my own new workstation. it has dual Xeon processors, and today i decided to upgrade memory from 128GB to 256GB (yeah, i use to run a lot of VMs). so below you can see the outcome - 256GB RAM, 2 physical CPUs, 16 cores, 32 threads: great advantage of having such beast at your disposal is that you simply can run everything thrown at it. it’s quiet, it’s effective and it also doubles as great gaming station....

…gave me food for thought. i counted 18 books in different places around my house, that i was trying to read at the same time. today in the morning i decided it doesn’t make any sense, and it’s exactly the opposite approach i should take. so, books landed in stack, into nice queue. i’ll be reading two books at the same time from today onwards - starting with ’essentialism’ and Pratchetts ‘Raising Steam’....

…i’m reading right now an interesting book - Essentialism. it beatifully demonstrates how to decide where it is worth to invest your time and energy. and it gives you great framework for doing just that. another theory, you’ll say? well, 37signals, builders of the great web apps announced they’ll… drop all other projects and focus on only one - Basecamp. that’s how you put theory to practice. by the way - i highly recommend all of the 37signals books, they’re great source of proven advices how to build your own business and how to choose paths in life....

…or who needs them anyway today? there’s interesting article written down by one of Google employees, that perfectly describes how ineffective today standard bodies are, and how less and less influence they have on the market. cisco decided to spearhead new solutions without waiting for multi-year discussions, true to the ‘good description and working code’ motto. if we wouldn’t be doing that, there would be no PVLANs, FabricPath (TRILL) but also protocols like LDP or HSRP/VRRP/GLBP....

…supports BGP and it’s already out. do you like BGP on your firewalls? i don’t. should we have the tool in hand, just in case? well, sometimes it’s handy. but going back again - do you like BGP on your firewalls? ;)

in 2002 it was calculated that to reach closest star (Proxima Centauri), multigenerational crew would need to start with at least 150 to 180 men and women. latest simulations show however, that to guarantee gen variance you’d need to take between 10000 and 40000 people onboard. it would be interesting to see how those plans will end up - we will stay on Earth until Sun burns out, we’ll kill each other or maybe we’ll start finally intergalactic travels?...

all memory and CPU related features in IPv6 world is major challenge even for modern hardware. unfortunately this is emphasized with lack of best practices followed by developers writing code. i just noticed there’s Microsoft Windows problem with IPv6 RA. it seems that actual problem is not limited only to RA, but actually - to the whole networking stack when working with link-local addresses. under Microsoft Windows code is allocating memory pretty recklessly....

let me quote book i’m reading now: A quick hypothesis: say one million monkeys speculate on the stock market. They buy and sell stocks like crazy and, of course, completely at random. What happens? After one week, about half of the monkeys will have made a profit and the other half a loss. The ones that made a profit stay; the ones that made a loss you send home. In the second week, one half of the monkeys will still be riding high, while the other half will have made a loss and are sent home....

it will be unique opportunity in Poland and in this part of Europe. with group of my dear friends and design masters - Piotr Jabłoński, Sebastian Pasternacki and Piotr Matusiak i’ll be delivering bootcamp-type of training for CCDE. we’re starting on 5th of may - and you can find more details here.

…workstation requires two! ;) i had some time over Christmas to finally build myself following beast: Asus Z9PE-D8 WS (BIOS 5304, original 3304 had some interesting bugs Xeon E5 2660 (Sandy Bridge EP/EX) - 16 cores, 32 HT Corsair H80i for CPU cooling 64GB RAMu (8x 8GB DDR3 1600 ECC) OWC 480GB PCIe - has two 240GB blades in RAID0 Corsair Obsidian 900D 2x Seagate 4TB HDD [6x Samsung 2TB] LSI 9261-8i to drive those mechanical disks in RAID5 Creative SB ZX AMD Radeon 7970 connected to three Dell U2412 monitors Intel x520 NIC connected to Catalyst 2960S and to other workstation - Xeon 5670, 48GB RAMu, OWC 240GB as boot and two 2TB RAID0 disks as RAID0 for ESXi 5....

don’t start your php upgrade at 2:40 in the morning. as you’ll stay awake until 5am :)

Jennifer Lawrence phenomenon (i can’t quite get Hunger Games popularity, but i love Silver Linings Playbook. how you should do proper conference badges (oh yeah, we’re learning!), Department of Defense outsources to private company management of their own images and movies archive for 10 years, RSA accepted 10M$ of bribe from NSA to promote weaker encryption algorithm and last but not least - DARPA vision of autonomic SkyNet network from eightees....

it seems that GPUs can be reasonably well tasked to handle additional work that x86 CPUs simply can’t. i’m talking about network monitoring and NetFlow processing - good reading when travelling or before sleep.

Christmas are coming, and traditionally that means good time of the year to push people to buy things they don’t need. in Poland, companies generally don’t care what Customer wants. and don’t listed in the process of ignoring him/her. why are companies selling services choose not to listen? they don’t care? i was talking about this paradox during Cisco Connect, but in reality i was just repeating what everyone sane enough to think shouts left and right - we want customized offer, not something off the shelf....

you spend a lot of time preparing OVA to save time in future and enable cloning. then, during importing to remote ESXi you get following error message: Failed to deploy OVF package: The task was canceled by a user.. i didnt’ cancel anything! it’s frustrating, and it seems its a small problem on import format side, not on user side. OVA is simple ZIP file that can be unpacked, so you should do so....

…so I decided to use youtube to find my favorite Monty Python series, Program will resume soon (quite specific Polish series - BTW, never published on DVD!). i was also able to find archive of our old polish IT magazines - Bajtek, Top Secret and Secret Service. my own archive, collected over years and protected from everyone fell prey one day to suprise ‘cleaning’ organized in the basement where it was stored....

i just got hold of interesting document. let me quote it: As remarked in this table the Windows version of TrueCrypt 7.0a deviates from the Linux version in that it fills the last 65024 bytes of the header with random values whereas the Linux version fills this with encrypted zero bytes. From the point of view of a security analysis the behavior of the Windows version is problematic. By an analysis of the decrypted header data it can’t be distinguished whether these are indeed random values or a second encryption of the master and XTS key with a back door password....

after reading ridiculous, made up story of british SAS, hiding under alias “Andy McNab”, trying to tell his version of Rambo&Commando-style fictious account of Iraq operation i couldn’t find story that was so exaggerated and made-up. in reality, his total ineffectual commanding style and bravado led to death one of his own team members, and injuries as well as captivity for rest of them. that was independently verified by Michael Asher and Peter Ratcliffe....

on the upcoming thursday, 10th of october at 7pm i’ll do a short talk with Maciej Broniarz from Warsaw University about security from not-so-typical point of view. please register and see you in Leon Koźmiński Academy hall.

…are better at building TCP stacks than we are. i came across the track of an interesting project - RemyCC, providing greater efficiency and at the same time a better division and lower delays (on average). it is worth to look.

for a moment, let’s assume those are rumblings of man worn out by pulling couple of all-nighters in one row. we have to assume that security intelligence services will want to listen to everything and everywhere. that includes NSA sniffing all traffic in major interconnection points at largest service providers. and, obviously - we don’t like it. why we can’t get back to original idea, that all point to point communication should be protected by IPsec (ALL COMMUNICATION)....

Maciej Broniarz invited us to take part in new security focused conference. Aegis (just like Aegis - American integrated naval weapons system) will take place on 2nd and 3rd July at University of Warsaw. i hope that most of you will decide to take part of it, as judging from agenda. together with Maciej we’d like to also have a panel on DDoS attacks, and then we’ll deliver session together - ‘security by duct tape’....

…a book by Steve Davies is a very interesting coverage of USA pilots testing Russian Soviet-era MiG 15s, 17s, 19s, 21s and 23s at Tonopah range. the same that was used to test Lockheed F-117 and launch to simulated sorties with F-4, F-14, F-15, F-16 and F-18s coming in from Nellis AFB as part of Top Gun training. there’s next book on the same topic waiting for me in stack. recently, i was digging through a lot of air combat material, mainly because of getting hold of Osprey Combat Aircraft series....

you could meet me sometimes during late night hours on Call of Duty Modern Warfare 2 multiplayer servers. now, i decided to change environment a bit and return to love of my life - flight simulators. i dusted off CD with Microprose Falcon 4.0 and i’m downloading BMS patches while reading about Allied Force (CD is already on my way from one of the Amazon warehouses). i’m still using Saitek Fly 5 but if i’ll be able to find more time to fly - there are couple of better sticks out there....

…you have to get back to good old CLI. i’m trying to export VM from very remote VMware vSphere 5.1 to OVA. unfortunately, packing 40GB is not apparently easy, as the whole process fails at different stages with error called by VMware simply timeout (yeah, kudos for brevity). so you have to enable SSH and then copy whole directory with SCP. for optimal transfer from remote location it make sense to use additional parameters: -C and -o CompressionLevel=9 to get locally fully functional and packed OVA: scp -C -o CompressionLevel=9 xyz@zdalne_IP:/vmfs/volumes/very-long-uuid-string/vm_name/\* ....

next thursday, april 11th, i’ll be visiting Warsaw University on invitation from Maciej Broniarz to have a chat about security from service provider point of view. note it will be mechnism and best practice related talk, not vendor pitch. i’ll mention blackholing as well ;) i may have some gadgets and freebies to give away - so please prepare good questions and see you there!

last CloudFlare DDoS demonstrated, that 300Gbps is no longer some magic barrier for attackers. given such throughput, you can easily drop country like Poland from Internet. of course, immediately such concepts like ‘critical infrastructure’, country financial stability come to mind. i’ll be one of the panelists of RIPE 66 meeting dedicated to BCP 38. it’s one of the things (implementing BCP38!) that you just have to do, to make sure internet is safer....

i’ve just stumbled upon this gem - it’s hard to find these days such well aggregated and summarized information.