Comments (0)

By admin, November 12, 2013 10:20 am

I couldn’t believe my 2TB LaCie Minimus (two of them, 2nd one is for backing up the 1st one) has been filled up so quickly in less than 2 years, probably due to all those 720P MKVs.

So I’ve decided to look around for something bigger in storage size. This time I was looking for at least 3TB to 4TB, and it turns out 4TB is the one to go for in terms of $ per 1TB, at least this is the case for LaCie Porsche Design P′9230 as it’s the same $ per 1TB for 3TB and 4TB.

Most importantly I wanted to have another Lacie because I can re-use the existing power supplies (ie, 3A plug) instead of adding two extra power supplies which I don’t have room for on the power bar.

Physical dimension is also important, as LaCie Minimus is currently the smallest external disk available and of course not not mention how cool it looks! The only draw back is LaCie Minimus only comes with 1 year warranty.

In fact, I’ve looked at other brands as well such as Seagate and Hitachi (Touro Pro, 7,200RPM), but the size is simply much larger than LaCie and they all look dull in terms of design and style.

Yes, I am well aware of the extra 20% premium I have to pay if I stick to LaCie, but consider all facts and limitations, plus I found out LaCie Porsche Design P′9230 comes with 2 years warranty, so the choice is very clear!

Somehow all LaCie disks are in fact Seagate, my Minimus 2TB is ST2000DL001 and Porsche Design P′9230 is ST4000DM000, both are 5,400 RPM.

People say the best is yet to come and yeah, the shop owner agreed to give me extra 2.5% off as I was buying two at the same time, so here we go, two gigantic 4TB disks sitting in front of my desktop and doing the data transfer now.

The only complain I have is why LaCie couldn’t make the Porsche Design P′9230 to be the same size as Minimus? It’s about 20% larger in dimension and it also uses plastic material with holes instead of metal in the bottom part (that’s why it’s hotter). I thought Seagate harddisk should be the same size, no matter if it’s 2TB or 4TB, or does the bigger brother requires more space to dissipate heat?

Of course, 400GB was wasted after format, leaving only 3.66TB usable, this somehow reminds me the same 3.66TB usable size in my Equallogic PS6000XV (600GB x 16). So think of having all the storage of a PS6000XV in a little LaCie Box, the idea is quite neat and funny.

Finally, there will be 6TB and 8TB to be released in 2014, well, reliability is always another issue of course.

Comments (0)

By admin, November 6, 2013 12:24 pm

從數據中心連線落手　逾億人私隱蕩然無存
美英聯手截取　Google雅虎用戶資料

美國國家安全局（NSA）竊聽和截取網上活動的伎倆，越揭越猖狂。命令科網公司交出資料，也滿足不了NSA想刺探一切的「老大哥」欲望，竟跟英國政府通訊總部（GCHQ）合作，索性秘密直接從Google和雅虎兩大科網公司的數據中心連線，肆意截取數以億計用戶資料。這行徑令用戶私隱蕩然無存，Google和雅虎對此大表震怒。

美國叛諜斯諾登（Edward Snowden）今年較早前向傳媒大爆NSA監控手段，當中的「稜鏡」（PRISM）計劃，是逼九大科網公司交出網上通訊資料，但要外國情報監視法院批出命令。NSA已有這走前門索資料的尚方寶劍，還不心足，另設走後門截取資料的「大力」（MUSCULAR）計劃。
美國《華盛頓郵報》前天（周三）引用斯諾登文件，指「大力」計劃是NSA和GCHQ聯手進行，分別向Google和雅虎的數據中心之間光纖電纜連線入手，在未公開的截取點，完全複製傳送的數據。
數據中心間傳資料沒加密

報道指，今年1月9日一份NSA內部報告，指NSA每日從兩家公司截取的數據送給總部分析，之前的30日就總共送了1.81億個紀錄到馬里蘭州總部，包括電郵收發兩方是誰的「元資料」，以至文字影音內容。簡報文件指這些紀錄為敵對國家動向提供重要線索。
Google和雅虎分散世界各地的數據中心，存放了無數用戶的通訊紀錄和資料，為加強運算速度和備份以防萬一，各地數據中心會互傳用戶資料，將資料同步，有時連整個電郵資料庫也傳送，如能中途截取，就可將即時通訊和過往紀錄都一覽無遺。
《華郵》指文件未說明NSA是如何截取數據中心連線通訊，一個可能是NSA技高一籌，能擊破科網公司私人聯網的嚴密保安，直接從連線截取資料，但知情者指兩公司都相信他們的內部網絡安全，所以數據中心間傳資料並沒有加密。

不過他們的私有海底光纖電纜駁上陸地網絡，是要經第三者營運的海纜登陸站，他們有時亦會向其他機構租用聯網設施，或者共用同一座數據中心，NSA和GCHQ有可能威逼利誘第三者在聯網裝上截取裝置。一份文件顯示截取是在美國境外進行，由一家沒公開名字的電訊服務供應商提供協助。
《華郵》指「稜鏡」計劃受法例約束，不能隨意蒐集美國公民資料，「大力」計劃則在海外進行，可假設使用海外連線的都是外國人，就算蒐集到美國公民資料也可當「誤中副車」，而且不用通知科網公司。NSA前首席分析員欣德勒說：「NSA大隊律師的工作，就是利用漏洞，在法律容許內蒐集最多資料。」電子私隱資訊中心則指「大力」計劃很可能是「非法監控」。
Google稱不知情　大表震怒

「大力」計劃曝光令兩公司難向用戶交代，Google法務總監德拉蒙德表示對計劃不知情，「對政府從我們的私有光纖網絡截取資料而震怒」，並說會加緊將數據中心間資料傳送加密。雅虎發言人指他們的數據中心都受到嚴密保護，沒有讓NSA和其他政府部門進入。
NSA發言人否認報道屬實，局長亞歷山大（Keith Alexander）稱NSA沒入侵Google和雅虎的伺服器，但沒說明有否截取傳送中資料。
美國《華盛頓郵報》/路透社

美國竊聽風波越鬧越大，意大利傳媒指NSA連梵蒂岡也不放過，在教廷樞機團召開前後曾竊聽有關選新教宗的事宜。澳洲報紙爆料，指美國利用駐亞太區的本國及澳洲大使館從事秘密電子刺探行動，中國和東南亞多國政府都非常憤怒，要求美國解畫。
意 大利雜誌《全景》周刊前天（周三）報道，NSA去年12月10日至今年1月8日期間，竊聽意大利多達4,600萬電話通話，包括梵蒂岡的通訊，據稱情報分 為四大類，包括領導意向、對財金系統的威脅、外交政策目標和人權，報道更擔心連3月選新教宗的閉門樞機團會議也可能被竊聽。NSA隨即否認竊聽梵蒂岡，批 評報道失實，梵蒂岡發言人隆巴爾迪神父說：「我們對這事全不知情，也沒有擔心過。」
一波未平，一波又起，澳洲Fairfax媒體昨天報道，美國利 用在駐耶加達、曼谷、河內、北京、吉隆坡等地的美國和澳洲大使館作為監聽站，截取亞洲各國的電話通訊和網絡資料。中國外交部發言人華春瑩說中方非常關注事 件，要求美國澄清和解釋。印尼提出強烈抗議，馬來西亞和泰國都非常關注事件。
美國白宮高層和NSA局長亞歷山大則分別跟德國情報官員和歐洲議員會面解釋，希望可消除對方疑慮，重建互信。美國還向聯合國保證，現在和以後也不會監控聯合國總部的通訊。
法新社/美聯社

美國叛諜斯諾登（圖）揭發NSA對全球的監控工程，有如一石激起千重浪，引起極大迴響，除了當局要向全球多國政府解畫外，國會議員都認為情報機構的所為太過份，呼籲立法收緊情報部門竊聽能力，但情報界人士認為難望短期內有改變。
已 退休的中情局秘密行動處副處長薩諾（John Sano）直言，政客批評得有道理，但「指出需要改變規則，跟實際創立機制以便有效改變規則、好讓國會監察，是完全兩回事」；尤其是目前監聽計劃都是自 911之後實施的反恐工具，證明相當有效，而且對美國的利益非常重要，令情報機關不願放棄，真正的改變很可能根本不會發生。
情報界與政界唯一共識，就是齊聲譴責斯諾登是出賣美國的叛徒、罪犯。司法部前日宣佈，已經向為美國政府做僱員背景審核、包括斯諾登背景審核的USIS公司，提出起訴，控告該公司審查不力。
美國廣播公司/路透社

Comments (0)

By admin, October 21, 2013 9:40 pm

Today I got a chance to play with Ubuntu Linux Distro.

1. The latest compatible release for ESX 4.1 is 10.04 64bits, on the download page, it says ubuntu-10.04.4-server-amd64, and there is no version for intel 64bits, it turns out the iso will also work on Intel platform.

I suspect you can of course install the latest Ubuntu 13, but you may not able to install Vmware Tools, which is very important.

2. The bare server iso does not come with a GUI, so the following steps will help you to install a nice GUI.

$ sudo apt-get update
$ sudo apt-get install ubuntu-desktop –no-install-recommends

3. I noticed the security is much better and fine tuned in Ubuntu than Redhat or CentOS, as root is diabled by default completely, every time you will need to issue command ’sudo’ to start with when changing something in system configuration.

If you want to enable root ssh, then edit /etc/ssh/sshd_config and change the line PermitRootLogin to yes.

4. Enabling snmp is similar to CentOS, by adding rocommunity community_string mrtg.yourhost.com to /etc/snmp/snmpd.conf, but you will also need to modify /etc/default/snmpd, the line SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf’

5. To configure Ubuntu firewall, you need to install gufw, the rest is a piece of cake, same as in CentOS. In fact, you can also use ufw to block DDOS IP address.

e.g.,
sudo ufw deny proto tcp from 12.34.56.78 to any port 22

6. After deploy a vm from Ubuntu template, I found eth0 has gone missing (reminds me w2k8 VMXNET 3 issue ), eventually I found this VMware KB. Or even easier, simply delete /etc/udev/rules.d/70-persistent-net.rules will do the trick.

7. ‘gksudo gedit /etc/hostname’ is the command to graphically edit any file, no more vi, which is very useful for many new Ubuntu or Linux users.

8. Finally regarding extending disk in Ubuntu, the method is similar, but with some twist.

9. There is a very good link for installing VMware Tools, one specific thing is you need to create a special directory ’sudo mkdir /usr/lib64′ in order to successfully install VMware Tools. Just make sure you download the latest VMware Tools (latest is 10.04) as the older one comes with ESX 4.1 (8.0.x) doesn’t work in latest Ubuntu 16.x. I also noticed VMware Tools status shows as “Unmanaged”!  That’s actually ok, as the tools is installed from an individual package instead of using the default attached CD-ROM (which the version doesn’t work anyway), so you can safely ignore it.

Update: Oct 23, 2013

It turns out even the latest release 12.04 worked perfectly on ESX4.1.

Update: Oct 28, 2015

Tested the latest 14.04 also worked perfectly on ESX4.1.

Update: Nov 14, 2016

Tested the latest 16.04 also worked perfectly on ESX4.1.

Comments (0)

By admin, September 23, 2013 10:39 am

Just read the following in the latest Veeam Community Forums Digest and it’s quite interesting.

In fact, I use a much simpler method in Windows environment, I simply set the particular services to restart by itself should there be any failure, it worked perfectly so far, no hassle at all.

You may remember after sorting through all of the vSphere 5.5 features a few weeks ago; I was most excited for the vSphere AppHA (Application High Availability). Well, I have to admit it turned into my biggest disappointment based on some hands-on experience.

The theory behind this feature sounded excellent: in addition to vSphere HA (high availability) that VMware provided for a few years now (VM monitoring, with automatic VM restart after VM or host failure), the same will now be possible at the application level (application monitoring, with automatic restart of services and/or VM in case of application failure). And because this will be built right into the platform, it’s going to be transparent and easy to use… or so I thought, based on years watching VMware dishing out incredible functionality that was always integrated, intuitive and “just worked”.

I assumed VMware will simply “enlighten” VMware Tools with the ability to detect known applications and monitor key metrics, and also make this framework extensible for custom applications (similar to pre-freeze / post-thaw scripts for application-specific snapshot logic). In case of application failure detected, VMware Tools would throw events into vCenter and first attempt “local” recovery by restarting services, and if that does not help, message vCenter to restart the VM. This architecture would make AppHA work out of box for every VM (including newly added), with zero hassle for admins: huge value that EVERY user would immediately benefit from.

Well, it appears that I assumed too much. In reality, the feature comes with incredible complexity, and is based on legacy architecture I would not expect leading virtualization vendor to release in 2013. First, this feature is not something built into the platform, but rather completely “glued” on top of it. Before you can even start using this feature, you will need to deploy two separate appliances… yes, one was not enough! The first appliance is Hyperic appliance (recent VMware acquisition), which is Microsoft SCOM like tool with ugly web interface (carrying maybe 10% of SCOM functionality), and sporting identical architecture (thus bringing 100% of SCOM complexity along). Second appliance is actual VMware AppHA appliance, which seems to orchestrate “stuff” between Hyperic server and vCenter Server.

And the “best” part? AppHA requires that you deploy special monitoring agents in every VM, so welcome back to the agent management fun we’ve made great strides to avoid (having to remember to install, upgrade, and babysit yet another agent in your VMs). And even worse, you will also need to ensure that every VM is accessible to Hyperic server over the network! Direct network connectivity to a VM from core infrastructure servers? What’s up with that, I thought cloud was all about complete isolation? In other words, just think about all the things you like about agent-free Veeam solutions, remember how you struggled with agent-based solutions before, and apply all that to vSphere AppHA. I totally expected they would simply reuse VMware Tools, because it is the necessary evil we have to live with… but unfortunately, this is not the case.

This is probably the first time ever that VMware delivers the feature that sounds good on paper, but has horrible implementation in reality. It feels very much like a “buy and glue on top” approach, rather than “innovate and build” acquisition. Are we seeing the change of VMware approach to R&D? I honestly hope this was more of an exception, rather than a rule, but this is still worrying and very annoying for me, hardened VMware fan. I will definitely be looking for VMware folks behind AppHA at VMworld Europe next month to discuss this, and understand what’s going on with this feature.

Comments (2)

By admin, July 14, 2013 10:17 pm

Well, it’s about time, battery normally last for 3 years, this is the first time I encountered such error and the 2nd time EQL went wrong, the first time was due to a failed disk.

event: 28.4.31
time: Sun Jul 14 21:43:29 2013
NVRAM battery failed. Power failure could result in loss of data.

Critical health conditions exist.
Correct immediately before they affect array operation.
NVRAM battery failed and must be replaced.

There are 1 outstanding health conditions. Correct these conditions before they affect array operation.

Active control module cache is now in write-through mode. Array performance is degraded.

Note the Write Latency shoots up right away because Write Back Mode is disabled although you can force to use Write Back mode.

Update: 7/15/2013

Comments (6)

By admin, June 28, 2013 3:25 pm

The EQL GM Java Applet stays as blank screen for about 2 minutes and then throws an exception as shown in the picture below, simply ignore the error then group manager login screen will appear agin. This problem doesn’t occur if I launch the EQL GM in web browser, strange!

Seemed quite a few having the same problem on Dell’s EQL forum after upgrading to Java 7 Update 25, Yes, we selected to upgrade because there is a serious security hole in Java 6.

This is the warning showing in Firefox Add-On Page.

The other problem is after I clean the Java Cache, my EQL Group Manager icon on desktop has also gone, does anyone know how to recreate such icon? I don’t want to re-install HIT for Windows again just for getting the icon back for sure.

Comments (0)

By admin, June 27, 2013 8:11 am

Just received an alert from Equallogic this morning regarding hard disk firmware update.

Dell has made improvements in the drive error handling routines of EqualLogic array firmware over the course of the last few years and has worked closely with its drive manufacturers to improve the error handling routines of the hard drives.

We have released the newest version of hard disk drive firmware, EC04, for the below listed 7200RPM based 1TB, and 2TB drives shipped on the PS4100E, PS6100E, PS6110E, and the PS6110E arrays

• Toshiba 7200 RPM NL-SAS MK1001TRKB (1 TB)
• Toshiba 7200 RPM NL-SAS MK2001TRKB (2 TB)

If you are using arrays with these drives, Dell strongly recommends that you update the hard disk drive firmware.

I recall I’ve received the same kind of alert at least 3-4 times regarding 7,200 RPM SATA/NL-SAS firmware update in the past 3 years and none for SAS. Worst many users reported frequent 7,200 RPM disks failure or false positive. In additional, past EQL’s firmware updates constantly indicate there were problems with error detection or false positive of the 7,200 RPM disks. So I think this does provide you a clear picture how reliable those slower disks can be. Now with disks moving into 4TB each, I don’t think it’s pleasant scenario to see one of these failed.

The good thing is Equallogic is always working closely with the disk vendor to improve its reliability over the years. That’s why we see Improved “hard drive monitoring intelligence with an advanced predictive reliability algorithm” has been built into it’s latest firmware again.

We have released recommended software updates for EqualLogic PS Series Arrays: Firmware versions 6.0.5 and 5.2.9, which include key maintenance fixes.
Notably, the v6.0.5 release includes recent improvements to hard drive monitoring intelligence with an advanced predictive reliability algorithm. This algorithm is designed to help preserve overall system reliability and long-term performance by proactively identifying drives which are at risk for failure, copying their data, and allowing you to safely replace them. In a small percentage of storage arrays, this process will occur shortly after the array firmware is updated. More details are included in the release notes. Version 6.0.5 also removes a false error warning that appeared on some arrays following drive replacement, and includes other fixes.

We recommend that you move to the v6 firmware stream and adopt v6.0.5. However, for customers staying on the 5.x code stream, we have released v5.2.9 which includes the drive reliability algorithm mentioned above and additional fixes.

Comments (0)

By admin, June 16, 2013 12:16 pm

Recently, I encountered some trojan asp scripts that cannot be removed, finally found it’s related to Windows folder name restriction, clever! but how did the hacker able to create those in the first place?

The other thing is I sensed more and more DDOS and Antispam mail is sending from the hidden PHP scripts these days, it’s becoming harder to catch them.

网站被放置了许多木马文件 nul.asp ，怎么也删除不了，提示 无法删除 nul; 参数不正确 ，正郁闷的时候找到了原因以及删除方法。

我的网站就是FCK文件夹下被放了两个nul.asp，于是在cmd dos下删除了它。

Microsoft Windows [版本 5.2.3790]
(C) 版权所有 1985-2003 Microsoft Corp.

C:\Documents and Settings\BEN>del \\.\D:\wwwroot\FCKeditor\editor\filemanager
\browser\default\images\icons\32\nul.asp

C:\Documents and Settings\BEN>del \\.\D:\wwwroot\FCKeditor\editor\css\images\
\nul.asp

C:\Documents and Settings\BEN>
网上查找的相关资料如下：
Windows 下不能够以下面这些字样来命名文件/文件夹，包括：“aux”“com1”“com2”“prn”“con”和“nul”等，因为这些名字都属于设备名称

，等价于一个 DOS 设备，如果我们把文件命名为这些名字，Windows 就会误以为发生重名，所以会提示“不能创建同名的文件”等等。
当然，有一些特殊的方法可以偷机取巧，建立以这些设备名为名的文件夹，比如我们在命令提示符下执行“md C:\aux\\”，就在 C 盘建了一个名叫

aux 的文件夹。此文件夹虽然可以访问，也可以建立子文件夹，但却无法删除，因为 Windows 不允许以这种方式删除设备。在系统看来，这个 aux

文件夹就是设备。
那么，如何删除这样的文件/文件夹呢？我们只要按照完整的 UNC 路径格式，就是网上邻居的路径格式，正确输入文件路径及文件名即可。比如要删

除 C 盘下的 aux 文件夹，可在命令提示符下执行：rd /s \\.\C:\aux，rd 是命令提示符删除文件夹的命令，/s 参数表示从所有子目录删除指定文

件。

再比如要删除 C 盘 temp 文件夹下的 nul.exe 文件，在命令提示符下执行：del \\.\C:\temp\nul.exe 即可。

还要找服务器上找黑客上传的途径才行，危险呃。。

Comments (0)

By admin, May 15, 2013 7:29 pm

Saw this interesting post today, almost dated a year ago.

Q: Why does EqualLogic not support having active/active controllers?

A: This is a very good question. EqualLogic runs the active and passive controllers connected by a thick I/O pipe that effectively maintains the passive controller as a mirror of the active controller, this allows for near instantaneous failover in the event of a RAID controller failure – there is no need for the controller having to seize ownership of the failed controllers disks. This is supported by write cache mirroring and the write cache is cached to flash memory.

Note: The process of controller failover uses MAC spoofing and needs portfast and rapid spanning tree enabled on switches.

Q: Does EqualLogic support a Thin Provisioned LUN Space Reclaimer?

A: Not yet, this is in the pipeline.

Also came across this reply in Dell’s Forum.

Some terminology might be helpful here. Equallogic embeds their controller/filer/and disk shelves into one unit. The controllers are active/passive meaning only one controller is ever usable. The filer itself is tied directly to the disks. Other vendors handle this in different ways. Dell has chosen with the Equallogic system to do this.

Some vendors implement “raid” across the filers themselves (HP LeftHand’s network raid). Other vendors offer active/active controllers, or NetApp metrocluster functionality. Dell Equallogic does not.

We operate three Equallogic arrays in production use, and have never suffered a controller failure. When we preform firmware updates the unit reboots twice, taking it offline for 15 seconds. We do this during ‘quiet’ activity hours on our VMware, SQL Server, and Exchange clusters. They seem to handle the 15 second downtime without issue.

We have not seen the Active/Passive controller layout of the Dell Equallogic as a negative. The failure of an entire Equallogic filer (both controllers and both power supplies) is extremely extremely rare. There are no shared components between the controllers, they are functionally separate filers. The unit is right-sized for our organization and provides enterprise functionality at a fraction of the cost of a similar product that wold allow Active/Active enterprise level controllers, or Metrocluster functionality.

In summary:
> Dell Equallogic does not allow Active/Active Controllers, or full ‘raid’ between discrete units.
> Dell does not offer ‘Metrocluster’ or ‘Network Raid’ functionality like DRDB.
> Reboots of the entire SAN take 15 seconds (yes, really, as a customer, not Dell marketing) and do not cause any issue for us.

Comments (0)

By admin, May 14, 2013 12:00 pm

With the increasing popularity of my blog, I found more and more brutal force attack on WP admin login page. Today, I discovered a niche tool that actually does a bit of protection from this kind of automatic bot attack, of course, it won’t stop an experience hacker from trying.

IP                  Tried to log in as
78.154.105.23 admin (4 lockouts)
190.239.130.92 administrator (1 lockout)
180.190.221.208 admin (1 lockout)
194.27.149.159 administrator (1 lockout)
49.144.211.220 administrator (2 lockouts)
187.162.153.237 admin (1 lockout), administrator (2 lockouts), support (1 lockout)
1.171.228.91 admin (1 lockout), administrator (1 lockout), support (1 lockout)
186.101.201.68 admin (1 lockout)
126.68.40.134 admin (1 lockout)
189.224.56.236 administrator (1 lockout)
190.56.253.177 admin (1 lockout)
202.65.140.153 admin (1 lockout)
181.112.134.55 administrator (1 lockout)
79.101.247.52 administrator (1 lockout)
182.234.71.109 admin (1 lockout), administrator (1 lockout)