Skip to main content


Showing posts from February, 2009

Regulation E.

Spent the weekend digging into Regulation E., particularly Section 205.11. That’s the part where you try to convince your regional bank that you really didn’t authorize those charges, that you were not ‘card present’ in New York, and you didn’t have homeless people in your house rummaging through your stuff, borrowing your debit card, jetting to the east coast, buying cosmetics and jetting back. This isn’t unexpected. We’ve kept this debit card attached to a special checking account that we never have more than $400 in at any time, just for this reason. The theory is that transactions will start to fail before the damage gets too expensive. In practice, I’m not sure if the bank will honor the overdraft attempts or not. I’d be un-amused if they had some sort of ‘convenience’ feature that turned the fraud into overdrafts and then into 22% loans. That would be a bad day.This particular card was only used at a small number of merchants, mostly local and regional grocery chains, so my gues…

Your PaaS Provider Failed, What’s Plan B?

Update: It's only beta, so no harm done,  but here's another example: Contacts on Ovi beta database failed

-----------------------Original Post-------------------------
SAP has purchased Coghead’s intellectual property assets…SAP did not assume any of Coghead’s customer relationships or obligations and, at this point in time, SAP does not have plans to continue offering the Coghead service commercially…Infoweek:
"Customers can take the XML out that describes their application, but the reality is that only runs on Coghead, so customers will need to rewrite their app with something different,"Hoff:
“It's a friendly reminder that "whens you rolls da dice, you takes your chances." Prudent and pragmatic risk assessment and relevant business decisions still have to be made when you decide to place your bets on a startup.  Just because you move to the Cloud doesn't mean you stop employing pragmatic common sense. I hope these customers have a Plan B.&q…

Performance Benchmarks that Include Energy Efficiency Data

Signs of the times: Energy Benchmarking: Rich Miller at Datacenter Knowledge is reporting that TPC will update their performance benchmarks to include energy efficiency data. In the future, they’ll measure performance, price and energy in their benchmarks.Actual datacenter energy costs (rather than power supply nameplate ratings) are hard to generalize. The numbers that I can find are all over the map. Energy use depends on server load, server configuration, server efficiency, power distribution efficiency and cooling efficiency, none of which are easily calculated and rarely measured. As a rough estimate, it looks like for small servers the cost of power + cooling approaches the cost of purchasing the server hardware and amortizing it over 4 years. Figuring energy use into the price/performance calculations for systems should skew future purchases toward efficiency.Power Calculators: HP has a rack power calculator tool that provides useful estimates of power use for a given HP server…

Failed Backups – Unrecoverable Service

A small but high profile social bookmarking site recently suffered catastrophic, unrecoverable data loss. The site’s creator and owner Larry Halff posted a video blog is which he talks about the failure and lessons learned.
Citizen Garden Episode 11: Whither Ma.gnolia? from Larry Halff on Vimeo. Highlights from the vlog:Software RAID volume or database corruption was the original cause. The site was self hosted. Complex dependencies made moving the site to professional hosting difficult. The only backups were a copy to an attached firewire drive. There were no integrity checks or test restores. The site was hosted on Apple xServe’s and Mac Mini’s. It’s a great ‘lessons learned’ for small startups. My take is that the people who create cool things on the Internet aren’t necessarily the ones that should be hosting those cool things. Those are rather different skill sets. The corollary is probably that people who are good at hosting the cool things on the Internet are…

Small Banks Online – An Example

Here’s an example of the online presence for a small credit union (bank). It’s so advanced it’s featured on My guess is that maintaining a robust, secure online presence is difficult for small credit unions and banks. They might be as small as a single branch office and a few dozen employees. Outsourcing to service providers is pretty much the only option, and it is unlikely that they have the resources to perform a technical evaluation of their service providers. The service provider that this credit union (bank) uses seems to be used by many small credit unions, so there is no reason to name the specific credit union.The initial login requires a captcha that they call a ‘Security Code’. I’m not sure what the purpose of the captcha might be, other than slowing down bots a bit. They care enough about their clients to recommend a current browser. Wait – isn’t one of those browsers dead? Let me check. That must be a mistake. Look around a bit. There is another link with…

Not all Data Loss is Security Related

Matt invited me to guest author a post on his Standalone Sysadmin blog. One of the topics that I've had in the To-Blog pile is to dump out some thoughts on system backups. Head over to Matt's blog and read them.

Data loss events that result in data that is deleted, destroyed or corrupted are the DBA's and Sysadmins nightmare. Compare the results of these events:
A firewall or IPS has a hardware or software failure and throws away a few packets of good data. A router gets overloaded and tosses a few packets in the bit bucket. A SAN fabric has a hardware or software failure an throws away a few frames of data. The latter is going to be a far, far more serious problem. Databases and file systems are extremely intolerant of missing bits.

Here's an example:
The reason that we suffered data loss (about 2.5 days) is because the data transfer issues with the SAN switch caused data corruption in both the Oracle data files and the archive log files. We had tape backups …

Swatting – New Use for Internet Phones

This one is new to me. Call 911 from an Internet phone, faking the caller ID for a random address on the other side of the country. Then pretend to be the victim of a killer on a rampage and have the local SWAT team dispatched to an innocent persons house. …a new kind of telephone fraud that exploits a weakness in the way the 911 system handles calls from Internet-based phone services. The attacks — called "swatting" because armed police SWAT teams usually respond…Sounds useful. You can annoy your neighbors by having the police bust down their doors with a battering ram -  right from the comfort of your local coffee shop. With the help of online maps, you can probably make it pretty realistic  - ‘he’s in the back yard behind the big tree….wait…he’s coming toward the back door…’.…fake calls about a workplace shooting included realistic gunshot sounds and moaning in the background…Beats the heck out of using spoofed caller ID to sent bogus pizza deliveries to your ex-girlfrien…