2015-12-11

Idea: RedFish aggregators, and running them on OpenSwitch

Once upon a time, when you needed to "do stuff" to take care of a computer, you had to go there in person.  By "do stuff", that means things like: turning it off and on, looking to see if the AC was working, were the tape or disk motors broken, were any of the red warning lights on, had the UPS tripped, and so forth.   But, for many and obvious reasons, it was useful to do all this kind of stuff from a distance.

This led to the creation of "IPMI", which was built into most computers that were designed to be used in racks and datacenters.  With IMPI, a team of sysadmins could remotely turn computers on and off, check temperature, fans, power, network carrier, installed cards and devices, and read off model numbers, part numbers, and serial numbers.

IPMI is currently being improved/replaced with a thing called "RedFish".  RedFish does all the same sort of things, but it is designed in a way that is called "RESTful", which means it works the same way that web applications work, which makes it a lot easier to write tools that speak it.  Another cool thing about RedFish is that it accidentally also looks like a complete database of a "computer like thing", and does it in a way that "things" can be inside "things" and connected to other "things" all within how the protocol works.

And then I had an idea...

Write a web application that scans the local network looking for RedFish servers, and then itself acts like a RedFish server that integrates all these other smaller RedFish servers.

You can even stack this, making it so at a higher level, one of these "RedFish aggregators" discovers and integrates the lower level ones, and so on up.   Eventually you would have a top level one that would give you all the data and all the control over an entire datacenter or even larger set of data centers.

It wouldn't even be that terribly hard to write a small demonstration implementation.  It would be a challenge to make it fast and efficient, and to properly handle caches and avoid accidental recursion loops, but it doesn't look like a really difficult one.


To use something like this for real, the logical place to put it would be in the network switches.   But that used to be difficult, because production level network switches have been very closed and proprietary.  However, that's changing.   There is a new open source project spinning up right now, called "OpenSwitch".  If I was to push this RedFish aggregator so that it would be real world useful, I would make it a be a module that runs in the reference OpenSwitch box.


How hard could it be?

2015-06-07

About media leakers

I wonder about media leakers.

I'm not talking about whistleblowers, who reveal coverups by governments and corporations that are keeping secrets of bad or illegal actions.

I'm talking about people who "confidentially source" to the media details of business negotiations, media productions, and gossip of private heartache.   Things that are private and confidential for a reason, will be revealed when they are properly baked, and that do nobody any good for being revealed early, except maybe for a burst of clickstream traffic for the "news" source that "scooped" it.

I know a fair number of secrets.  Some of them are close friends' private heartaches, which are theirs to reveal, if ever.  And some of them are business negotiation secrets incidental to my job, and a few of them part of my job to know.   I actually go out of my way to avoid learning things I shouldn't need to know at my employer, just so as to firewall myself from even the appearance of impropriety.

Any of them, if I "confidentially sourced" them to the tech press, would do nothing but cost money that is not mine for no honest gain to anybody, possibly prevent good things that I would like to have happen from happening, and would betray my own principles I try to hold myself to

So, why do other people do it?

2015-05-25

A temporary mistake

I don't care about business models, I care about applications, and at true billion user trillion device scale the only scaling pattern that succeeds is user visible federation.

Email, the DNS, the HTML/HTTP hyperlink, XMPP, and the blockchain have no rent seeking gatekeeper business model, and do not require billion dollar data centers.

The past 15 year drive to unitary silo'ed apps with a rent-seeking gatekeeper has been a mistake that has diverted too much engineering effort towards just keeping them running instead delivering user-desired features and value, and has been driven by the corrupting need of VCs for their mythical billion dollar exits, and the telco encouraged temporary exhaustion of global address space and thus a temporary breaking of the end to end principle.

This is temporary, unsustainable, and not scalable to 10 billion users.


2015-04-13

If your bank calls you, hang up and call them back

Important public service announcement: if you ever get a call from your bank or your payment card's security department, hang up on them, and call back via the number printed on your payment card.

I just got a call from a blocked number claiming to be my bank's security department, alerting me that my card was locked, and to press 0 to transfer to an agent for assistance. I hung up on them, and then called the number printed on my card. My bank's *actual* security department let me know they are fully aware of this ongoing phishing attempt, and thanked me for knowing not to fall for it.


2015-04-12

Editors betraying their own authors

Some editors from Tor Books have been lobbying online to the electors for the World Science Fiction Society Hugo Awards to vote against some works published by Tor.

I wonder if anyone has told the marketing department at Tor about this, or has told the owners over at Holtzbrinck? Come to think of it, this is probably a violation of publishing contract that Tor signed with those authors. I'm sure some agents are realizing that, and are starting to write threatening emails...

This gets funnier, and funnier, and funnier...


2015-02-19

Regarding Lenovo preinstalling SSL-breaking MITM on their machines

One of my fears day-to-day is that my own employer will make a similar mistake. This could have so easily been my employer, instead of Lenovo. And I have no standing or ability in my employer to prevent it, especially not pro-actively. Nobody does, in any of the Windows OEMs.

The OEM gets paid for every instance that gets shipped, and for every instance that gets run, and for every demo preload that gets upgraded to a paying user.

And when something like this happens, the tech and infosec savvy people in an OEM company will run headlong into the people who have bonuses and promotions riding on "cultivating" the "relationships" with the "partners" that wrote the shit. Ripping the software out, backing out the damage, and apologizing will negatively impact their salary, so they will go to the mat and break out all the corporate political long knives to stonewall the issue.

I hate everything about OEM preloads. I tell people that when they do buy a retail Windows machine, they should immediately take it to a Microsoft Store and purchase a "Signature Editions" Windows reload. The staff there will take the new machine, scrub off the OEM install, install a fresh clean lean un-crapified Windows, and then put the old valid license key back on the machine. (Since they are Microsoft, they can generate and load valid license keys at will.)

Or if you can't stomach paying Microsoft $99 to give you the machine you thought you had already bought, at least download a copy of "PC Decrapifier" and immediately run it on your new machine the very first time you turn it on.