A recent story in Network World brought my attention to the efforts to deliver a "Bare Metal" hypervisor to the users desktop machine. The obvious problem with getting anything to run bare metal is drivers. This is going to be a VERY hard nut to crack.
The operating systems we currently use are not secure enough, are prone to failure, and are hard to manage. Virtualization would ease all of these concerns, thus the perceived need.
The real issue is one of the nature of operating systems. The operating system exists to manage the resources of the underlying hardware and to make it available to the programs that wish to use it. The current crop of desktop operating systems fail miserably in this role because of their flawed security model. The rush towards virtualization is actually all about security models.
In a VM environment, the system administrators explicitly define the resources to be given to a virtual system. This is a course grained capabilities system.
Eventually it will dawn on everyone that you could do this in a finer grained way, using Cabsec, but that may take another 20 years.
In the mean while, we'll keep on filtering the net, scanning for viruses, blocking spam, and moving virtual machines around.
Friday, July 30, 2010
The stock market should be batch processed
Apparently some programmers who write code to do High Frequency Trading aren't happy with their lot in life. There is a slashdot story about them.
My opinion is that High Frequency Trading (HFT) is almost impossible to differentiate from Front Running... which IS theft.
The markets should operate in batch mode, with a new batch every 5 minutes for markets with volume. Everyone puts in their bids and asks... and then they get their results after the run. That single step would kill off most of the abuse.
If the frequency of the batches needs to be adjusted up or down, that should be the pervue of the regulators.
My opinion is that High Frequency Trading (HFT) is almost impossible to differentiate from Front Running... which IS theft.
The markets should operate in batch mode, with a new batch every 5 minutes for markets with volume. Everyone puts in their bids and asks... and then they get their results after the run. That single step would kill off most of the abuse.
If the frequency of the batches needs to be adjusted up or down, that should be the pervue of the regulators.
Tuesday, July 27, 2010
Delayed write failure - tracking down the cause
We're being forced to migrate to newer and "better" versions of Windows Server. Our brand new spiffy Windows 2003 file server is making me miserable. First the permissions work slightly differently... which caused 40 minutes of down time as I watched all of them get reset. Now we get "delayed write failure" messages on our XP workstations.
It turns out that Microsoft decided that any task can be completed in 15 minutes flat... and built that timeout into the file server. There is an easy way to disable it..
net config server /autodisconnect:-1
This tells it never to disconnect a user... which is as it should be.
Whew!
It turns out that Microsoft decided that any task can be completed in 15 minutes flat... and built that timeout into the file server. There is an easy way to disable it..
net config server /autodisconnect:-1
This tells it never to disconnect a user... which is as it should be.
Whew!
Friday, July 23, 2010
"Pole Shift Theory" to reality in a few easy steps...
I was sent a link to this story which is being used as evidence on a site which promotes the theory of an upcoming pole shift. It doesn't say anything about where it happened.
So I found the original story, using Google. It happened in Milwaukee, Wisconsin.
Then I found this story from Milwaukee, from last year.. apparently it's not extraordinary after all. Note the cause:
”Thawing and traffic vibrations likely busted a sewer main. The void left by the broken pipe caused this slow underground erosion over days, possibly weeks. To repair the section of Locust, a road crew must bring down the street and build it up again. That means at least one noisy night for people who live in nearby apartment and condo towers. “I live right in the front, too,” said Katie Hobson.Either we can worry about an imaginary "Pole Shift" which is just an unsupported fairy tail, or we could spend that same emotional energy worrying about something that actually matters... how to make sure that our infrastructure is maintained. I strongly suggest we worry about keeping our infrastructure up to date... or civilization will literally collapse around us.
Thursday, July 22, 2010
Google and open WiFi... political action
Here's what I wrote to my State Attorney General today in response to the news that there is a Witch-hunt in progress. You should write yours as well.
TO:
Office of the Indiana Attorney General
Indiana Government Center South
302 W. Washington St., 5th Floor
Indianapolis, IN 46204
Phone: 317.232.6201
Fax: 317.232.7979
E-mail: Constituent@atg.in.gov
FROM: Mike Warot
Hi
I'm Mike Warot, from Hammond. I'm a network administrator working in Chicago.
I've recently learned that 37 states are joining in an investigation of Google's collection of WiFi data, as typified in this story from the LA Times
http://latimesblogs.latimes.com/technology/2010/07/google-street-view.html
The issue at hand seems to be quite simple. They were trying to make a list of open (unencrypted) WiFi access points as a supplement to GPS to help in navigation. Because the software used to collect this data (Kismet) defaults to collecting entire packets instead of just the names of the access points, there is now an uproar that "passwords were stolen" and other Bull Shit. It was a simple technical oversight, not an evil plot.
Please DO NOT WASTE MY TAX DOLLARS on this wild goose chase. I'm sure you have plenty of other more important work to do.
Thanks for your time and attention.
TO:
Office of the Indiana Attorney General
Indiana Government Center South
302 W. Washington St., 5th Floor
Indianapolis, IN 46204
Phone: 317.232.6201
Fax: 317.232.7979
E-mail: Constituent@atg.in.gov
FROM: Mike Warot
Hi
I'm Mike Warot, from Hammond. I'm a network administrator working in Chicago.
I've recently learned that 37 states are joining in an investigation of Google's collection of WiFi data, as typified in this story from the LA Times
http://latimesblogs.latimes.com/technology/2010/07/google-street-view.html
The issue at hand seems to be quite simple. They were trying to make a list of open (unencrypted) WiFi access points as a supplement to GPS to help in navigation. Because the software used to collect this data (Kismet) defaults to collecting entire packets instead of just the names of the access points, there is now an uproar that "passwords were stolen" and other Bull Shit. It was a simple technical oversight, not an evil plot.
Please DO NOT WASTE MY TAX DOLLARS on this wild goose chase. I'm sure you have plenty of other more important work to do.
Thanks for your time and attention.
Violence in the name of God
This is what happens when someone thinks they know the mind of God.
It's so wrong, it makes me so angry. Why do we put up with this bullshit?
It's so wrong, it makes me so angry. Why do we put up with this bullshit?
Wednesday, July 21, 2010
Cool hack - data through 3 inch thick solid steel
The folks at BAE have done what can only be described as a cool hack... sending data through a 3 inch thick steel wall, "wirelessly".
It's not radio, as you probably already guessed.... it uses acoustic transmission, which is a really neat idea.
More coverage at http://www.engadget.com/2010/07/21/uk-defense-firm-pumps-data-through-solid-submarine-walls
It's not radio, as you probably already guessed.... it uses acoustic transmission, which is a really neat idea.
More coverage at http://www.engadget.com/2010/07/21/uk-defense-firm-pumps-data-through-solid-submarine-walls
What keeps an IT guy up at night?
Recently I was asked what keeps me up at night, in view of my work in IT. Here's the reply I penned.
1. Our IT infrastructure rests on a bed of sand. The security model we all use right now is based on the idea of trusting the user, or not trusting them. This is great if you are talking about 1970's area college campuses prior to the internet, but falls far short of today's security needs. No amount of cybersecurity can fix bad design. It's going to take a series of total system collapses to get people to consider alternatives seriously, because it's a deep problem which very few people understand. If you want to understand it... read on...
When you run a program, you are essentially giving ALL of your rights to the program. It's like going to pay at the store and handing your wallet to the cashier when you need to pay.... and hoping that they don't just take everything from you. Actually... it's worse than that even.... because you can examine the actions of the cashier, computers are a box that just sits there.
When paying at the store, you don't give everything away... you decide what resources you wish to give to the cashier... and they can't get more without coercion. Paying for a gallon of milk with cash can never cause the cashier to be able to drain your bank accounts, because you didn't give them the CAPABILITY to access your bank account.
We don't have operating systems that incorporate the idea of handing a limited set of capabilities to a program, instead of every capability the user possesses.
This means that ANY program running can be subverted to do anything, provided it has a bug.
It means that all computers hooked to the internet are vulnerable to attack, security is mostly a matter of luck.
Because the computers on the net aren't secure, this provides a rich environment for theft and fraud.
The criminal element has found this resource, and is now exploiting it, worldwide.
Most people don't even see the root cause, which I've just explained. Most people believe that firewalls and virus scanners can deliver adequate security. Most people don't even think the problem can be truly solved. If you've read this far, you might be one who thinks otherwise.
THAT is the FIRST thing that keeps me up and night.
2. We're at Peak oil, according the the Department of Energy world oil production peaked in 2005. This means that the foundation of our industrial infrastructure is going to be harder and harder to maintain at it's current level of complexity. This could lead to the end of the progress brought with Moore's law... and even a slide backwards in the future.
3. Computer security is a political issue, and not a technical one. When is the last time political decisions actually made rational sense for the general public?
Thanks for your time and attention...
Sweet Dreams
-
-Mike--
1. Our IT infrastructure rests on a bed of sand. The security model we all use right now is based on the idea of trusting the user, or not trusting them. This is great if you are talking about 1970's area college campuses prior to the internet, but falls far short of today's security needs. No amount of cybersecurity can fix bad design. It's going to take a series of total system collapses to get people to consider alternatives seriously, because it's a deep problem which very few people understand. If you want to understand it... read on...
When you run a program, you are essentially giving ALL of your rights to the program. It's like going to pay at the store and handing your wallet to the cashier when you need to pay.... and hoping that they don't just take everything from you. Actually... it's worse than that even.... because you can examine the actions of the cashier, computers are a box that just sits there.
When paying at the store, you don't give everything away... you decide what resources you wish to give to the cashier... and they can't get more without coercion. Paying for a gallon of milk with cash can never cause the cashier to be able to drain your bank accounts, because you didn't give them the CAPABILITY to access your bank account.
We don't have operating systems that incorporate the idea of handing a limited set of capabilities to a program, instead of every capability the user possesses.
This means that ANY program running can be subverted to do anything, provided it has a bug.
It means that all computers hooked to the internet are vulnerable to attack, security is mostly a matter of luck.
Because the computers on the net aren't secure, this provides a rich environment for theft and fraud.
The criminal element has found this resource, and is now exploiting it, worldwide.
Most people don't even see the root cause, which I've just explained. Most people believe that firewalls and virus scanners can deliver adequate security. Most people don't even think the problem can be truly solved. If you've read this far, you might be one who thinks otherwise.
THAT is the FIRST thing that keeps me up and night.
2. We're at Peak oil, according the the Department of Energy world oil production peaked in 2005. This means that the foundation of our industrial infrastructure is going to be harder and harder to maintain at it's current level of complexity. This could lead to the end of the progress brought with Moore's law... and even a slide backwards in the future.
3. Computer security is a political issue, and not a technical one. When is the last time political decisions actually made rational sense for the general public?
Thanks for your time and attention...
Sweet Dreams
-
-Mike--
Monday, July 19, 2010
The Bitgrid project
I've got an idea I'm working on for a FPGA (Field Programmable Gate Array) architecture which may be just the thing needed to achieve the goal of 1 ExaFlop per second when put into a sufficiently large grid.
It's called the BitGrid, It's got a blog http://bitgrid.blogspot.com
It's a crazy idea because it goes against the grain of 30 years of FPGA design in that it has NO routing hardware, it's all logic. This removes many of the problems with trying to fit a design into a chip.
It's crazy because it wastes gates and power to route signals around.
It's crazy because you just can't program it in C++, or any other procedural language.
But....
It is fault tolerant
It's conceptually very simple and elegant
It should work to Exascale level challenges
It should be possible to make a small chip for $1.00 in quantity.
Gates not used would consume almost no power.
It's never been tried before. (I've spend a LOT of time trying to find a precedent)
I've been building simulation software as a step in getting to actually building one. The simulator is open source. http://code.google.com/p/bitgrid-sim/
It is fault tolerant
It's conceptually very simple and elegant
It should work to Exascale level challenges
It should be possible to make a small chip for $1.00 in quantity.
Gates not used would consume almost no power.
It's never been tried before. (I've spend a LOT of time trying to find a precedent)
I've been building simulation software as a step in getting to actually building one. The simulator is open source. http://code.google.com/p/bitgrid-sim/
So.. there it is.
What do you think?
What do you think?
Tuesday, July 13, 2010
Email replacement needed
Email is rapidly losing its utility as connectivity is being slowly killed by the need for ever more aggressive spam filtering. I'm looking for suggestions for something to replace it long term.
Could the simple addition of some authentication protocols pull us out of the spam trap, or is it too late?
Could the simple addition of some authentication protocols pull us out of the spam trap, or is it too late?
Sunday, July 11, 2010
Coding progress - bitgrid cell simulation
It took a bit of work, but I managed to refactor the code in Sim01 so that all of the computing of the bitcell is done within a tBitCell object, supplied by the BitGrid unit. This means I can tweak the code a lot easier later, and potentially reuse it in the SimGrid project.
It took hours... and I'm tired.
It took hours... and I'm tired.
Friday, July 09, 2010
Naming in the age of Google
Keyword search works best when a word has a single meaning. Google doesn't work well when something can be contextualized many different ways. A strategy to counter this is to make up a new word (a neologism) when you want to talk about a subject that is otherwise lacking in suitable keywords. I've done it twice so far, and I'm writing this to point to the other blogs where I talk about the subjects in detail. (On the theory that each blog should generally stick to a topic... which I'm starting to believe is a mistake, but I'm willing to wait a while (a few more years) to be certain about it)
A bitgrid is a computing fabric composed of the smallest practical computing element I could envision working when put into a grid. The individual cells consist of little more than a look up table with 4 address lines going in, and 4 data lines going out. The nearest Cartesian neighbors each get an input and output. This makes it possible to do computation on sources from up to 4 inputs having up to 4 output bits. Most of the time it'll be partitioned differently, though. It's a continuation of an idea I had back around 1981. The conceptual design space has been pretty much written off since that time by others, as local connectivity only is thought to be far to inefficient use of a chip.
Cabsec is a word coined for me by Doc Searls. It's meant to describe CApability Based SECurity, a concept wherein the user decides that resources from a computer should be given to a program at the time you run it. The nice thing about explicitly supplying the list is that it's almost trivial to enforce from an OS design point of view. It also makes it trivial to stop things like viruses and Trojan horses, because you would have to explicitly allow them to have access to your OS files.
So, a bit of linguistic pollution in the name of launching new memes... a fare trade-off, I think.
A bitgrid is a computing fabric composed of the smallest practical computing element I could envision working when put into a grid. The individual cells consist of little more than a look up table with 4 address lines going in, and 4 data lines going out. The nearest Cartesian neighbors each get an input and output. This makes it possible to do computation on sources from up to 4 inputs having up to 4 output bits. Most of the time it'll be partitioned differently, though. It's a continuation of an idea I had back around 1981. The conceptual design space has been pretty much written off since that time by others, as local connectivity only is thought to be far to inefficient use of a chip.
Cabsec is a word coined for me by Doc Searls. It's meant to describe CApability Based SECurity, a concept wherein the user decides that resources from a computer should be given to a program at the time you run it. The nice thing about explicitly supplying the list is that it's almost trivial to enforce from an OS design point of view. It also makes it trivial to stop things like viruses and Trojan horses, because you would have to explicitly allow them to have access to your OS files.
So, a bit of linguistic pollution in the name of launching new memes... a fare trade-off, I think.
Wednesday, July 07, 2010
Tearing down fences
I was recently given a list of things as a guide to help chose which side of the Democrat/Republican fence I want to sit on. Here is my response:
Tear down the fence
Those are false choices... I refuse to pick a side... as the parties on both sides of it are corrupt and they work together to keep us down. The fence is a sheep pen, and we're expected to pay for it. I refuse to be a sheep.
As for Guns -
Guns are meant to protect us from all enemies, Foreign and Domestic. They probably won't help you if you are being carjacked... but they will help you defend yourself and your family at home. Criminals and people with diminished mental capacity shouldn't have them. Everyone should be licensed to use them, and have to prove they can safely operate their particular choice of weapon. (Just like cars). People with kids, or guests with kids should keep them locked up when they are not carrying them.
As for Food -
Cows shouldn't be fed cow parts. Testing for mad cow should be done on a wide scale probe to see if it's really an issue or not. Proper regulation of our food supply is a good and just purpose of the US Department of Agriculture and the FDA. Paying large corporations to consolidate megafarms and drive people off the land... is not.
As for Gays -
Some people think gays are born that way, others think its a sin. Either way, we're not God, we shouldn't judge them. Instead we should be on the lookout for abusive parents and others who do evil things to our children... and those people are usually straight.
As for Welfare -
As for the down and out, they are trying to figure out how to get by... they want work, honest work. It's the corrupt that spoil it for everyone... The corrupt at the bottom, and especially the corrupt at the top... who start wars for profit, who call the rest of us "little people", who will spend trillions to invade countries unrelated to the 9/11 attack... but don't want to pay unemployment benefits to those whose jobs have been shipped to China due to corporate greed.
As for Health Care -
Modern medicine is wonderful, and expensive as hell. We pay far more for it than every other modern country in the world, with far worse results. We need to get everyone's records in a database. We need to get rid of the insurance industry. They have proven to be a parasite that delivers NEGATIVE VALUE by sucking in vast amounts of money, and preventing health care. This should be done by the States, who already have infrastructure for dealing with it, not the Feds. (However, the Veterans Administration is now a model of how health care SHOULD be done, I'm amazed at how well it works)
As for The List -
I found the whole list interesting... but as I said at the start... it's a false choice. The "bipartisan" way is one of ignoring the real wishes of the people, and of dividing and conquering us. We need to end it, and get some real democracy going.
Friday, July 02, 2010
Symantec has put me in a Skinner Box
Our "Premium Antispam" license from Symantec expired 2 days ago. I was concerned that the delay in getting a new license installed might cause issues, but was reassured that there was a full month's grace period. So I relaxed a bit.... wrong answer.
I now find myself in a high-tech skinner box. The spam filter turns itself off at Midnight each day now... and will resume functioning if I log into the server and re-enable it. I'm now doing battle with an evil cron job. I'm pissed.
Symantec Sucks.
I now find myself in a high-tech skinner box. The spam filter turns itself off at Midnight each day now... and will resume functioning if I log into the server and re-enable it. I'm now doing battle with an evil cron job. I'm pissed.
Symantec Sucks.