• Had a visit today from the smoke alarm maintenance guy, the most social interaction I have had since January.
  
  
  
• Your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should.
  
  DNS over Wikipedia.  (GitHub)
  
  
  
• How SEO ruined the internet.  (Superhighway 98)
  
  This is essentially a problem with measurement by proxy.  If you count coins rather than measuring the weight, people will clip them.  If you measure the weight, people will substitute cheaper metals.  (Though that doesn't work terribly well for gold.)
  
  The solution is the same for SEO firms as for counterfeiters.
  
  
  
• New York  has banned the use of Zoom in schools.  (Tech Crunch)
  
  Apparently New York forgot to tell New York that all the schools in New York are closed.
  
  
  
• Crafting Crafting Interpreters.  (Stuff Wtih Stuff)
  
  I should read this now that the whole thing is finished.
  
  
  
• How Tesla is making ventilators from car parts.  (Tech Crunch)
  
  Not only do they keep you breathing, they can follow the lane on the highway.
  
  
  
• The CanSecWest conference went ahead in Vancouver despite the threat of Wuhan Bat Soup Death Plague.  (Fast Company)
  
  Total physical presence: Six staff, three attendees, and one reporter.
  
  
  

Posted by: Rick C at Monday, April 06 2020 11:59 PM (Iwkd4)

Posted by: Rick C at Tuesday, April 07 2020 12:01 AM (Iwkd4)

Hide Comments | Add Comment

• How long does the battery on the new Ryzen-based Asus Zephyrus G14 really last?  (Tom's Hardware)
  
  For watching videos and browsing the web, 11 hours.
  
  For 3D rendering and gaming, about 2 hours and 20 minutes.
  
  That's not bad at all given its small size and high performance.
  
  
  
• Mars needs COBOL programmers.  (Tom's Hardware)
  
  So do New Jersey and Connecticut.
  
  
  
• Ha-ha, you fool! You fell victim to one of the classic blunders, the most famous of which is "Never get involved in a land war in Asia," but only slightly less well known is this: "Never roll your own crypto."  (Citizen Lab)
  
  Yes, you guessed it, it's our friends at Zoom again.
  
  
  
• Don't bind your critical server applications to 0.0.0.0.  (CSO Online)
  
  Seriously, cut that shit out.
  
  Also, firewall everything. 
  
  Sometimes there's a mistake in the firewall rules, sometimes there's a mistake in the port binding, so always do both.
  
  Our current cloud server configuration has two firewalls for every server - the one provided by the platform and our own UFW / iptables configuration.  Which is sometimes too secure; we had problems with out new GitLab server because it was unable to make certain API calls to itself.
  
  
  
• Stop reading this and update your Chrome.  (Forbes)
  
  Maybe I should have put that first?
  
  Nah.
  
  
  
• I set up Gluster on my test cluster today.  It seemed the easiest option compared to Lustre and Ceph.
  
  It is indeed easy, and it works.  Performance is slightly odd, with one node running measurably faster than the other. 
  
  (It does recommend against running with just two nodes, because it can't form a quorum during a network partition event.  Not just in the docs, but when you run the setup command with the parameter replica 2.)
  
  I need to look at the SSL config settings to make it nice and secure, but a nice thing with Gluster is you don't need dedicated servers or block devices or even partitions: Just assign it a directory on an existing filesystem that exists on all the servers, and it will handle the rest.
  
  So you can easily use it on top of ZFS, for example, and take advantage of features like transparent file compression and deduplication.  And in theory snapshots as well, though I'm not sure how to restore a Gluster filesystem from a ZFS snapshot.  There's a page in the docs on running Gluster on ZFS that mentions restoring from snapshots, but only provides one sentence on how to do it, which doesn't really explain anything.
  
  Update: Aha.  It was under the "Features" submenu in the Administrator's Guide.
  
  Good: Gluster supports snapshots.
  Bad: It uses LVM.
  
  Hmm.

• Corona-Chan: Spreading the Love offers nearly 600 pages of pulp fiction at the unbeatable price of $0.00.  (Amazon)
  
  
  
• LXD 4.0 LTS is out.  (Linux Containers)
  
  It brings a lot of new features, including support for running virtual machines.  If you're confused by that since the whole point of LXD is virtualisation, they mean fully isolated virtualisation, with a different kernel running on the virtual machine, compared to the regular mode of containerisation, where your apps run directly on the system kernel, but with tightly controlled resource access.
  
  This is great because I was looking at running LXD and KVM in parallel, and now I just need to add --vm to specific instances when spinning them up.
  
  
  
• Caddy 2.0 rc1 is out.  (GitHub)
  
  Caddy is a rather nice proxy server that I use both here and at my day job.  (It's also a general-purpose web server, but I don't use it much for that.)
  
  It's dead easy to install and configure, flexible, reliable, pretty fast (though not the fastest) and supports automatic HTTPS via Let's Encrypt.
  
  The main change in 2.0 is that it is optionally configurable via an API as well as the regular config files, so if you have a cluster with multiple Caddy instances you can have a central script that deploys live changes to proxy servers right across the cluster.
  
  (I need to read up on how it manages shared certificate pools, though I know it does that.)
  
  Another neat thing that they enabled just a couple of months ago is HTTPS for internal / intranet sites.  It deploys a local key authority that you add to your trusted list in your browser or OpenSSL config, and thereafter it can issue and manage certificates as needed.
  
  We use OpenVPN but having SSL as well keeps web browsers happy and helps prevent accidents.
  
  
  
• Redis 6.0 rc3 is out.  (GitHub)
  
  Getting close!  The big feature for me in Redis 6 is local caching - the client can keep cached data in local memory and receive notifications when it is invalidated.
  
  I've seen that some of our code at my day job that having a local Redis instance on the same server delivers user-noticeable performance improvements over a central instance on a different server.  This should solve that in many cases, without needing to modify your code or install extra Redis instances.
  
  
  
• Zoom: Okay, yes, we routed your secure communications through China.  Our bad.  (Tech Crunch)
  
  
  
• Zoom: Okay, yes, maybe it was a bad idea to let anyone jump into any call with a public link.  (Tech Crunch)
  
  
  
• Intel's 10980HK draws more power than AMD's 3950X.  (Notebook Check)
  
  30% more.
  
  The 10980HK is an 8 core laptop chip.  The 3950X is a 16 core desktop chip - admittedly running here in eco mode, though the performance loss is relatively small, just 5% in the sample benchmark.
  
  Intel's chief selling point for these processors is the slightly higher boost clocks, but those slightly higher boost clocks require enormous amounts of power, making the whole thing self-defeating.  Until they can get to 7nm though - their 10nm process is largely a bust - there's not much else they can do except slash prices.
  
  
  
• Don't drink lice medicine!  (Sydney Morning Herald)
  
  Common lice treatment Ivermectin has been found to kill the Coronavirus, at least in human cells growing in a petri dish.
  
  The fact that another anti-parasitic agent appears to be effective against this virus is intriguing.  The hypothesis is that these drugs don't target the virus directly - there's no clear mechanism for that - but instead change chemical pathways within host cells just enough that the virus can no longer replicate effectively.
  
  Rather like chemotherapy, the trick is to kill the disease without without also killing the patient.
  
  
  
• SK Hynix is planning to introduce DDR5-8400 modules.  (AnandTech)
  
  That would be a huge benefit to AMD's APUs, which are notably bandwidth-limited on regular DDR4.
  
  An interesting point in the article is that DDR5 supports on-chip ECC, so it protects from bit flipping of the memory itself.  If that's a standard feature on all DDR5 RAM that's a big advance, because ECC support outside of specific server CPUs and motherboards is patchy at best.  (For example, Ubuntu 18.04 doesn't support ECC on Thirdripper even if your hardware and BIOS support it.)
  
  This doesn't protect against bit flipping of data in transit across the memory bus - you still need extra chips and extra memory lines for that.  But it's probably enough for 95% of desktop and workstation tasks, and I'd be happy deploying a server for mee.nu on it.
  
  Supported capacities for DDR5 dies are 8Gb, 16Gb, 24Gb, 32Gb, and 64Gb.  That means unbuffered modules up to 128GB - potentially, though that would make for a very large die - and 24GB and 48GB modules thrown into the range.  24Gb dies could probably be produced right now, and make a convenient step before 32Gb.
  
  
  
• Nim 1.2 is out.  (Nim)
  
  Nim is to Python as Crystal is to Ruby: As close as possible to the parent language and still be compiled to really, really fast code.
  
  The advantage of Crystal is that it compiles directly - Crystal code goes in, portable x86-64 binary comes out.  Nim compiles to C++, and then compiles that.  That design can make for hard-to-find bugs, so I've avoided Nim even though the language is attractive, though I haven't heard of problems specific to Nim in this regard.
  
  The advantage of Nim is it's already at 1.2 and runs on Windows.  Crystal is working towards 1.0 and towards running on Windows.
  
  
  
• China is preparing for the next pandemic.  (Bloomberg)
  
  Sorry, China is preparing to cause the next pandemic.  And Bloomberg is here to explain why this is a good thing.  Can't have people forced to buy their monkey livers safely packaged and refrigerated at the supermarket to avoid tens of thousands of deaths and trillions of dollars in economic damage, oh no.
  
  
  
• SpaceX broke another Starship prototype during testing.  (Ars Technica)
  
  Hooray for testing!
  
  
  
• Twitter blamed Firefox for leaking direct message information.  (Mozilla Hacks)
  
  Took me a moment to understand that Twitter wasn't setting an appropriate cache header for private data, so if multiple people were using Firefox on a shared computer it could potentially expose direct messages.
  
  Which is not nothing, but is a fairly specific security problem.  Nobody sprayed Twitter DMs across the internet, not this time.
  
  
  
• A closer look at AMD's Epyc 3451.  (Serve the Home)
  
  This is a low-power 16 core chip based on Zen 1, and aimed at high-end embedded solutions, such as mid-range NAS and SAN hardware.  It does well compared to its direct competition, but with a maximum clock speed of 3.0GHz it's not going to outrun current Ryzen, Threadripper, or Epyc 7000 parts.
  
  
  
• Your computer no longer needs to miss out on all the Wuhan Bat Soup Death Plague fun.  (ZDNet)
  
  The COVID-19 malware will disable your task manager and then rewrite your MBR to prevent you rebooting, and then send all your passwords and private data off to a C&C server while wiping your disk.
  
  Nearly as delightful as the real thing.
  
  
  
• Hackers have destroyed 15,000 Elasticsearch servers in the last two weeks.  (ZDNet)
  
  Elasticsearch is great.  Simple, fast, reliable search....  Unless you have documents with a lot of different fields in which case it used to work fine on but if you upgrade will suddenly collapse in a heap but NEVER MIND THAT.
  
  Anyway.
  
  Years ago they decided that passwords were a key enterprise feature and shouldn't be in the open source release, and that a unified API where every single function is available to everyone was a great idea.
  
  This is the inevitable result.
  
  
  
• First Threadripper server is up and running at my day job.  Looking to order two or three more next week, and I'm going to see if I can swing one for us here.
  
  For my day job, this means that I will finally have 10Gb Ethernet everywhere, and all data and applications on ZFS on enterprise NVMe.  What that means is that backups go from being a chore to being trivially easy.
  
  The need for Ubuntu 19.10 to enable ECC support is annoying, though; it means I'll need to plan to upgrade all our servers in July once 20.04.1 comes out.
  
  20.04 is LTS but based on my experience with 18.04 I wouldn't recommend it until the .1 update lands.  19.10 has been out for a while and is stable, but is only supported by Ubuntu for 9 months from release.  LTS releases like 18.04 and 20.04 are supported for five years, but 18.04 doesn't give me ECC on this hardware and 20.04 isn't out.
  
  So I have to plan for a rolling upgrade of an LXD cluster in the near future, something I have never done before.  I'm setting up a little test lab using a virtual private cloud at Binary Lane, which is costing me about A$1 per day for a three-node LXD cluster, or about seven cents American.
  
  
  

• Everything we know about RDNA 2 and Big Navi.  (Tom's Hardware)
  
  Which is not nothing, because both the Xbox Xeriex X and the PS5 are based on RDNA 2 and they've announced detailed specs (in Sony's case, excruciatingly detailed).
  
  It looks like it will run at faster clock speeds than current RDNA cards (PS5 runs at up to 2250 MHz vs. 1900 MHz for the 5700XT), more shaders (the Xbox XXX has 52 CUs vs 40 on the 5700XT), and 50% better performance per watt.
  
  It is also believed to lift the 64 CU limit of the Vega architecture, though I haven't seen an official announcement of that.
  
  
  
• It's even worse than you thought.  (TechDirt)

  [W]e could not review original Woods Files for 4 of the 29 selected FISA applications because the FBI has not been able to locate them and, in 3 of these instances, did not know if they ever existed…

  All of the FISA warrant applications examined had significant errors, with an average of twenty errors each.
  
  
  
• Moving anime to 4K. (Netflix)
  
  Meanwhile to save bandwidth we've changed your preferences to 240p.
  
  
  
• Intel's Xeon Gold 6226R gets a full workout.  (Serve the Home)
  
  This is quite a capable and reasonably-priced chip...  For Intel.
  
  But it's the same price as the Threadripper 3960X which - so long as you don't need more than 256GB of RAM - crushes it like a bug.
  
  
  
• More on the Apple / Amazon peace talks.  (MacWorld)
  
  
• Zoom: Ah, yeah, maybe we should fix that.  (ZDNet)
  
  I mean, it's only leaking your IP address, username, host name, and password hash.  What's the big deal?
  
  
  
• Have you tried turning your airliner off and on again?  (The Register)
  
  Did Boeing outsource software development to Zoom or something?
  
  
  
• Ran a quick Python benchmark today across four selected servers.
  
  Just a single-threaded test of looping, counting, string manipulation and the like.
  
  Cloud server 1 (E5-2683 v3): 18.1s
  
  Cloud server 2 (E5-2690 v4): 14.9s
  
  E3-1230 v3: 7.7s
  
  Threadripper 3960X: 5.1s
  
  I'm not sure why the cloud server performance is so bad, but it's consistent and that is where all our stuff is running at my day job.  And our codebase is indeed mostly Python.  I expect people will notice when we get things migrated to the new servers.
  
  The E3-1230 did pretty well for itself, though it is a 4 core chip, not 24.  It's a physical server, no virtualisation overhead.
  
  
  
  

Video of the Day

Posted by: Rick C at Saturday, April 04 2020 12:39 AM (Iwkd4)

Posted by: Pixy Misa at Saturday, April 04 2020 01:41 AM (PiXy!)

Posted by: Rick C at Saturday, April 04 2020 04:45 AM (Iwkd4)

Hide Comments | Add Comment

• Intel announced its 10th generation Comet Lake H processors - their answer to AMD's Ryzen 4000 APUs.  (AnandTech)
  
  The top of the line is the i9-10980HK, an 8-core/16-thread part part with a base clock of 2.4GHz and a maximum boost clock in theory of 5.3GHz.  But that boost clock actually draws 135W of power for two cores, so it's complete nonsense for a laptop chip.
  
  AMD's 4900HS only boosts to 4.3GHz, but the base clock is 3.0GHz, and it's a 35W part.
  
  And the Intel part is still 14nm.
  
  More details in this video, but none of it is interesting.  It's a very minor update to their 9th generation H series, and AMD just demolished those chips.
  
  
  
  That video also discusses Nvidia's new mobile RTX 2070 Super, which has 11% more cores than the current 2070 but runs about 5% slower, so effective performance gains are going to be pretty small.
  
  
  
• Razer announced their new Blade 15 with these Comet Lake H chips.  (Tom's Hardware)
  Not with the i9, but with a 6 or 8 core i7, accompanied by an RTX 2070 or 2080.
  
  
  
• The FCC is proposing to open up 1200MHz of bandwidth in the 6GHz range.  (FCC)  (PDF)
  
  That will make for really fast WiFi, though it won't go through walls worth a damn.
  
  Also, wouldn't, technically, some of it have to be in the 5GHz range, or the 7GHz range, or possibly, both?
  
  
  
• You can now buy Amazon video on Apple products using your Amazon account.  (Six Colors)
  
  A true breakthrough in these trying times.
  
  
  
• Cloudflare has launched 1.1.1.1 for Families.  (Cloudflare)
  
  It's at 1.1.1.2 and 1.1.1.3.  Which actually kind of makes sense.
  
  
  
• My Bluetooth mouse is causing my Bluetooth keyboard to freeze up.  Or something.  Rather annoying.
  
  
  

Music Video of the Day

Musical Video of the Day

Anime Music Video of the Day

Posted by: Rick C at Friday, April 03 2020 12:55 AM (Iwkd4)

Posted by: Rick C at Friday, April 03 2020 12:59 AM (Iwkd4)

Posted by: Jay at Friday, April 03 2020 01:08 AM (vuQH5)

Hide Comments | Add Comment

• The Atlantic embraces fascism.  (The Atlantic)
  
  This would have made a great April Fool's piece if they'd just held onto it for one more day.  Well, in Australia it already was.
  
  Adrian Vermeule argues that the actual meaning of the Constitution has become an obstacle to conservative goals, and so we must now make it mean whatever we want it to mean.
  
  This demented fuckwit is a professor of constitutional law at Harvard Law School, but we've already seen that professors of constitutional law often have very little regard for the actual Constitution.
  
  Similar to the way ethicists are some of the worst monsters in history.
  
  
  

Tech News

• Samsung is ceasing production of LCDs - including their own QLED designs.  (AnandTech)
  
  From now on it's just OLED.  I believe that small OLED screens have already passed price parity with LCD, but that's certainly not true for larger ones.
  
  
  
• Xerox has decided it will hang on to it's $34 billion and forget about HP for now.  (Tech Crunch)
  
  Probably wise.
  
  
  
• On second thought let's not go there.  It is a silly place.  (Tech Crunch)
  
  Interest in Zoom has spiked with the advent of our Global Lockdown, though I don't know why.  The company has a terrible track record.  I'd sooner use almost anything else.
  
  Others have come to the same conclusion. (Six Colors)
  
  Indeed, things at Zoom seem to be a bit of a mess.  (Vice)
  
  
  
• Need a bit more power in your laptop than the Ryzen 4900HS can deliver?  The XMG APEX 15 is what you need unless it isn't.  (WCCFTech)
  
  I noted a while back - I think - that while the 12 core 65W Ryzen 3900 non-X is only available to OEMs, it doesn't matter because the standard 3900X, and indeed the 3800X and 3950X as well, can be configured to run at 65W.  Which is better because if you don't like the results you can configure it straight back to 105W.
  
  This laptop has done just that - well, the first part - with anything up to a Ryzen 9 3950X configured to 65W, an RTX 2060 or 2070, and up to 64GB of RAM.
  
  The result is not exactly svelte, but on the other hand it should be more than twice as fast as my current desktop.  Almost every option is configurable except the display, which is only 1080p.  Maxed out with a 3950X, RTX 2070, 64GB RAM and 8TB of SSD it comes to €4299.
  
  
  
• Astrophysicists.  (The Guardian)
  
  
  
• Speaking of AMD, we got our  first Threadripper 3960X server at my day job today.  Looks great, exactly as we specified.  Except for the tiny problem that I know how to verify if Linux is seeing ECC RAM...  And it isn't.
  
  Well, it's seeing an ECC-enabled CPU, an ECC-enabled motherboard, and 8 x 16GB ECC RAM modules, but it is not actually running with ECC enabled.
  
  The techs updated to the latest firmware, to no avail, and are going to try swapping to a different brand of memory.  If that fails we'll try Ubuntu 19.10 to see if we need a newer kernel to cope with the latest Threadripper CPU and chipset.
  
  And if that doesn't work, we'll swap it for an Epyc, which will be a bit slower but runs on a standard server motherboard that's been around for a couple of years now.

Posted by: The Brickmuppet at Thursday, April 02 2020 01:14 AM (5iiQK)

Posted by: Rick C at Thursday, April 02 2020 04:53 AM (Iwkd4)

Posted by: J Greely at Thursday, April 02 2020 03:23 PM (ZlYZd)

Posted by: ReallyBored at Saturday, April 04 2020 07:51 AM (ijRNj)

Posted by: Pixy Misa at Saturday, April 04 2020 10:35 AM (PiXy!)

Hide Comments | Add Comment