Where’s the BabyDragon? Blame the thief that is VCDX 133.

Way to try and build your own reputation by stealing mine there, Rene Van Den Bedem. If you’ve done a Google search for BabyDragon lately, you’ll see his blog and his ads and his referral links.
Yeah. Rene isn’t authorized or permitted to use the BabyDragon name. That name is copyrighted and it’s mine. It has been for longer than 6 years, too. And his design? Isn’t. It’s what you get when someone with no clue slaps hardware together at random till it works. It sure as hell isn’t a Dragon. But he’s sure as hell happy to steal someone else’s hard work and reputation to advance his own career.
Let me emphasize this because people clearly don’t get it: BabyDragon and the BabyDragon HCLs are copyright 2010-* to me. You are not entitled to call your random pile of shit a ‘BabyDragon.’

Shit like this is why the BabyDragon III didn’t get published and why the BabyDragon V isn’t going to be published for free. Because I’m done with people stealing my work, and done with liars like Rene. The only rule with BabyDragons has ever been “the name belongs to me, if you follow the BabyDragon HCL you’re free to blog about yours, all I ask is you link back to the origin. Which is me. If it’s not HCL, you can say it’s inspired by BabyDragon but it is NOT a BabyDragon.” That’s it. I have no problem with fair use, I have no problem with calling something on the HCL what it is. Most people have been respectful of that.
Apparently that’s too much to ask of someone like Rene. So consider that when conducting business with him and his employer. Can you trust someone who deliberately stole a name to self-promote? Can you trust someone who put together what is easily the worst whitebox I’ve seen in years? One that is so bad, I would not recommend that in ANY lab for ANY reason. Can you trust a company that didn’t even do the most basic of research on a candidate?

Because of people like him, the next set of BabyDragon guides will be in an eBook, if at all. And it will be DRM’d to hell and back. And I will have no choice but to waste an inordinate of time issuing DMCA take down notices because of people like him and the vExpert community’s tolerance for conduct like this.
Great job, guys. And you wonder why I don’t attend VMUGs and I’m not on Twitter any more. It’s because of people like this. You want “contributions” to the community, then the ‘community’ is going to need to start contributing a hell of a lot more than meaningless, insincere ‘attaboys.’ Especially considering the BabyDragon III and V have gone through more than $6,000 worth of parts. Out of my own pocket. What, you think I get this gear free? HA. And no, I’m NOT expecting to make it back. I AM expecting a modicum of respect.

Not that I expect the popular kids who get tens of thousands of dollars in free equipment every year to show the least bit of respect to anyone – because they don’t. I only have to worry about them stealing content. Which is why there hasn’t been any of that either. And don’t tell me they don’t steal from others – I’ve seen it. Because the community has decided that respecting hard work, forget copyright, is completely unnecessary if you’re popular enough. Really great ethics there – about what I’ve come to expect.

By the way, some of the things you’re missing out on or going to miss out on? Doing vMotions from front panel LCD control pads (getting ready to bring that back with new hardware), automated FreeBSD installs from PXE and templating, highly available home directories for automounting, integrating FreeBSD and AIX with IPA and Active Directory, various pieces of analysis on the latest stuff shoved off storage vendors docks, fully automating VIOS installs and upgrades from LPAR build, how to abuse HMC v8, and various hardware tricks for reducing noise and improving cooling. Just to name a few. Oh, and TaleCaster – the ultimate home media solution.

Maybe you all can get Rene to pay for it, since he thinks he’s entitled to the work of others anyway. And if not, hey, just go hit up Dell-EMC for a stack of new VRTXes for free because who cares about anyone else, right?

The BabyDragon III – and MORE – is coming… soon(ish)

I’ve obviously not been very active lately. There’s a variety of reasons for that, not least among them the fact that I am sick and tired of people taking advantage of my generosity – and people in general. But that’s a separate post. This one is about the BabyDragon III. And here you thought it was just a myth – it most certainly is not. The problem is the fact that components that meet my quality standards simply didn’t exist.

Stop and consider that a moment. I put up with the faulty BIOS issue on the BabyDragon II’s motherboard – but I wouldn’t endorse any of the new stuff. It really is that bad as a point of fact. So what’s changed? New stuff has finally hit the market. Including a certain key component for the DragonEgg. So let’s talk specifications and what exactly is coming…


BabyDragon III

CPU is of course upgraded to the Intel E3-1200v3 family. Duh! Typical memory configurations are greatly improved – 16GB low, 32GB typical. Ethernet isn’t much changed other than being updated to Intel i210. Disk is pure SATA3. All in all, it’s more of the same – a rock solid, low cost, guaranteed compatible and reliable home lab server that’s still whisper quiet.

BabyDragon IIIr

Oh dear, a submodel? A submodel. The BabyDragon IIIr is the Rack option (hence the R.) It’s not quiet, oh hell no. But it’s a proper 1U rack system for those of you who run racks. There will also be a 2U option.

BabyDragon IIIs / IIIsr

S is for Storage, T is for Terabytes. The IIIs and IIIsr are designed specifically for VSAN (and FreeNAS) setups, offering tons of disk ports for not much money. I bet you can guess which is the tower version and which is the rack version!

BabyDragon IIIa

The A is for “Advanced.” What it actually means is: this model packs an Intel Xeon E5-1600v3 or E5-2600v3. That isn’t a typo or misunderstanding. Full feature set, full speed, dual PCIe 3.0 16x (16/16), dual Intel i350 with NCSI – which is better than your single socket systems at the office. Oh, and the motherboard responsible only costs about $20-50 more. Oh, and there’s a LSI3008 8x SAS3 controller option too – but you’ll probably want the one with dual Intel X540 10GbaseT.

DragonEgg

Have you ever walked into the office and said “you know, I want a portable system for demos with enough power to run a couple Oracle RAC instances”? Nobody – and I do mean absolutely nobody – offers half the power of the DragonEgg at the sizes it comes in. That’s not an exaggeration. DragonEggs are very serious systems.

The CPU is Intel Xeon E5 family connected to the Intel C612 chipset. Memory is quad channel DDR4. Dual LAN by Intel i210/i217 plus dedicated IPMI. You want disk? Quad SATA3 with expander compatibility.

What makes the DragonEgg such a big deal? Because it’s ITX form factor. Not uATX, not ATX, but really truly ITX. With true quad channel DDR4 and enough disk ports to do something with it. Oh, and it’s the quietest full-speed E5 you’ll ever see.

RedDragon

Trust me, you want it. You can’t afford it, but you want it. Dual Intel Xeon E5-2600v3’s, dual Intel X540 10GbE,

Lab In a Box

It’s still… in progress. Here’s part the problem: network vendors are fucking assholes and employ almost nothing but assholes and liars. Trust absolutely none of them because they are either cheating on their spouse, running a kickback scheme, or – you get the idea. Also it’s a lot more complex than people seem to realize – to adequately meet the needs of folks going the VCDX route, it needs sufficient flexibility to handle things like VSAN and vCloud. That kept breaking FreeBSD or Linux compatibility. So I threw out Linux compatibility (deal with it; your religion utterly fails at writing reliable device drivers.) That managed to break Hyper-V stability. Oh, and the cost kept breaking the hard limit of $5k.

Let me reiterate that part: Lab In a Box ain’t shipping till the base pricetag is under $5k. That’s what I said it would cost, and that’s what it’s going to cost. And that’s the “everything is in there” price – two systems, managed gigabit Ethernet switch, and cabinet. Plus the ability to add more systems and storage. And at that price point, it has to be every bit as capable as a proper data center – just downsized.

However, it’s FINALLY getting close. The biggest hang ups have been stability and chassis costs, simple as that. Remember that before I’m putting any equipment in it, 6U plus a spare filter is $950+. Leaving $4,000 to build two 1U systems with at least 32GB, SSD, and 2TB of storage each. Except scratch that $4,000 because the switch is going to run at least $500. Sounds easy when you look at BabyDragon prices, doesn’t it? It’s not. A 1U PSU easily costs two to three times what you’ll spend on a better quality one for a BabyDragon.

However, progress has been made now that new parts are available and it may actually see the light of day before Q3. You may rejoice.

Dismantling More ‘badBIOS’ Hyperbole and Explaining How TAO Works

So, I just watched Jacob Applebaum’s presentation at CCC (I’m catching up) and frankly, I haven’t seen a more shameful display of zealotry and laziness in quite some time. That’s not security expertise – that’s mostly pitching policy using iffy examples, which just undermines the political arguments. Open source does not magically make things more secure – never has, never will. Just because you can ‘inspect’ code doesn’t magically fix other problems or prevent that code from being full of holes.

If you want to argue this with me, Rule #1 is ‘bring technical facts and knowledge.’ If you can’t do extensive modifications of a PC BIOS without breaking it and/or write a device driver, go get more knowledge. There’s a whole Internet out there to learn from. And unlike so many of the supposed ‘security experts’ I actually bothered to take the time to learn how the PC BIOS works back in the 90’s, instead of pulling conspiracy theories out of my butt that can and have been completely disproved by basic forensic analysis.

Continue reading ‘Dismantling More ‘badBIOS’ Hyperbole and Explaining How TAO Works’

The PC BIOS is Insecure As Hell. WHY?

There’s a whole cadre of people out there who are utterly convinced that modifying the PC BIOS in ways both good and evil is somehow new. It is not at all possible to be further from the truth – modifying the BIOS dates back to the original IBM PC. There were official IBM kits to upgrade the BIOS by replacing UEPROM (UV Erasable Programmable ROM) or PROM (Programmable ROM), and unofficial kits that you soldered into the system to alter behavior.

In other words, BIOS modifying has been around a very, very long time. So has BIOS upgrading. But in the old days, it required actual hardware access to either pull chips or expose the erasure window on the UEPROM. And it was fraught with risks – if you broke the window, the UEPROM was ruined. If you didn’t get the sticker back on right, you’d suddenly find your system broken as the BIOS was erased. So people started looking for ways to solve these problems. And as technology advanced, it became a textbook case in reducing security.

Continue reading ‘The PC BIOS is Insecure As Hell. WHY?’

The badBIOS Analysis Is Wrong.

NOTE2: Holy crap lots of comments and I find out that the comment setup isn’t threading them properly so it’s a BEAR to try and make sense of. I am truly and terribly sorry about that. Talk about counter-productive to a conversation! Trying to see if there’s some way to fix this.

NOTE: Approving comments as I get time. If I didn’t do it yet, I just haven’t gotten to it. If I don’t approve yours, it’s either because A) you made it clear you didn’t read or have no clue what you’re talking about, and therefore detract from the conversation or B) you’re trolling / blindly defending / blindly attacking to derail the conversation. In either case, rebutting basic ignorance of technology, complete lack of reading comprehension or someone just being an ass is a waste of everyone’s time. Including your own.

Look, I’m not known for pulling punches and I’m not about to start now. The fact is that everything I have read about #badBIOS is completely and utterly wrong; from the supposed “escaping air gap” to well.. everything. And I should know. I’ve dealt with malicious BIOS and firmware loads in the past. I’ve also dealt with BIOS development and modification for two decades. It’s a very important skill to have when you regularly build systems that are well outside manufacturer ‘recommended’ areas.

The whole of the analysis would be laughable if people weren’t actually taking it seriously and believing it because they’ve seen edge cases or very specific examples. And the result is that they’re looking in the wrong place.

Continue reading ‘The badBIOS Analysis Is Wrong.’

My Thoughts on the Whiptail Buy

As you’ve certainly heard by now, Cisco is buying Whiptail, who makes storage. This comes right on the heels of VMware essentially parking NSX on John Chambers front lawn, which comes after Cisco EOL’d the Nexus 1000v, and you get the idea. There’s been a lot of very transparent product-sniping going on with no signs of stopping.

This Is Not Good For Customers

Customers are not stupid. Customers are tired of the vendors parroting “increased competition! Good for customers!” No, it is not always good for customers. In the real world, most shops buy their IT equipment on a 36 to 48 month cycle. That applies to hardware and software – they expect their software to be supported for the duration, and they buy support contracts accordingly. 36 months at a time.

The Nexus 1000v is a powerful example of why this can be bad for customers. Cisco introduced the 1010 appliance in 2011 – and cancelled any further development on September 14, 2012. Just a smidge over 12 months later. That Cisco will continue to support it is absolutely irrelevant – customers expect and deserve software updates. Instead, they bought 24+ months of best effort support. This is for a product that was promoted as a cornerstone of VCE.

I’ve heard several arguments that “oh, we didn’t cancel/discontinue” and “oh but it’s in the 1100V which is better.” First of all, that’s not what Cisco says. (And again: that’s all I can go by from a customer perspective.) Secondly, the 1100 Cloud Services Platform requires the purchase of additional hardware and new licenses. It’s a hardware appliance.
EDIT: 
@TheJasonNash: @rootwyrm @jdooley_clt @theronconrey But that’s just it.  It’s not canned.  It still runs current VSM just as it did before.
@TheJasonNash: @rootwyrm @jdooley_clt @theronconrey The difference is that the 1100 has newer CPUs therefore more VSBs.  That’s it.
Will that continue to be the case? I don’t know and nobody can say. Again: it’s a question customers have to ask. What I see as a prospective customer is that a product was introduced and very quickly cancelled.

So how does Whiptail fit into this?

Could The Distrust Be More Obvious?

Cisco is buying a flash storage company – that’s all Whiptail does is flash. Right on the heels of EMC announcing new VNX family products which are available as all flash. Again: customers are not stupid. They can read between the lines. Does it have to be true? No – only possible and reasonable to believe. What customers are hearing here? Is that either Cisco wants to cut out EMC or doesn’t believe EMC has the chops.

And given everything else that’s going on, it’s a reasonable conclusion – either one of them. Especially with Cisco loudly and publicly denouncing NSX in company blogs and through unofficial channels. (Disclaimer: I have no opinion on NSX at this stage. Talk to me after I’ve used it, as with all products.) Then to less than a week later turn around and buy Whiptail? Everybody knows VMware and EMC are joined at the hip.

And this goes back to being bad for customers. Because it is now very reasonable for them to doubt the capabilities of EMC’s offerings – after all, Cisco just bought a storage company! Why would they do that unless there was something wrong with the E in VCE? Whether or not there actually is, the question has been raised – by the vendor. The customer now has to do their due diligence – adding to the workload and time – to figure out what it is or isn’t true.

Disclaimer: I have no information on VNX-F that you don’t. Does it have the chops? I don’t know. Do I doubt VNX-F’s capabilities? Absent the Whiptail buy I had no reason to. The point is that there are now reasons to doubt, introduced by Cisco.

So What Does This Mean For VCE?

I’m not going to pretend I have special knowledge about what’s going on, because I don’t, and because that’s not the point of this post. The point of this post is what it looks like from the customer perspective. What customers are seeing is suddenly Cisco is bashing VMware and buying a company that competes directly with their partner EMC.

Not only is it a company that directly competes with their partner, it’s a company that says the way their partner does storage is fundamentally wrong. Now if you’re not seeing that as a shot across the bow or potential breakup of the partnership, you’re not doing your proper due diligence. Especially when you consider that less than a week ago EMC announced the availability of the VNX-F in Milan. (At a very lavish event, no less.)

Customers are and should be very concerned by this move on Cisco’s part – because like it or not, it does directly affect them if they’re considering Vblock. Do I think this is going to tear apart VCE or that it’s doomed or such? Hardly. I don’t see any evidence or reason why it would. I can only prove that there is a possibility it will have a negative impact on sales. Not that it is having, has had, or will have. Just that it might.

What’s The Visible Risk?

Like it or not, there’s also a very visible risk to customers with regards to the vendor side of things. As it sits, when you buy a Vblock, you’re getting a packaged deal which involves three companies – VMware, Cisco and EMC = VCE. But as it is, Cisco already controls 66% of the hardware, as they dictate the server (UCS) and network element (Nexus/MDS).

With the purchase of Whiptail, Cisco now has the ability to exert 100% control over the hardware. Cisco servers, Cisco network, Cisco storage. (It also enables Cisco to completely dump MDS as they’ve been trying to for a while now.) Customers like the ‘single throat to choke’ approach, till they find out it often means paying a lot closer to list price on everything.

And why wouldn’t Cisco want 100% control of the hardware? Why would they not want to offer a solution which is comprised entirely of their hardware, so they could sell more of it? There’s no reason for them to not do that. They don’t compete in the hypervisor space, so they could just as easily turn VCE into VCC, Hyper-V+CC, Citrix+CC, Xen+CC and still be perfectly content. The only software they’re selling here is the software you have to buy (UCS management elements, Nexus licenses, etcetera) and that’s forced purchase with no alternatives.

People like to recite the mantra that “competition is good for customers.” And often it’s true. But this is one of those cases where customers should be extremely wary, because not all competition is actually competition. This is one of those cases – it may well be a vendor attempting to cut off competition by controlling as much of the stack as they can. (You may remember this from the IBM S/390, AS/400 and zSeries.)

What’s to stop Cisco from saying in 12 months that they’ll no longer support EMC attached to UCS/Nexus or won’t support VNX-F with UCS? Not a thing, really. Will they? I don’t know. But they might.

The Conclusion, For Customers.

There is no set in stone conclusion here, no absolute facts, no “ah-HA!” moment. There is, but it’s entirely “ah-HA! I should ask about THAT!” and the facts are all ‘with X it is possible to do Y’ rather than proof that Y is being done.  This very public series of tiffs is damaging to trust and confidence in vendors, which makes answering those questions even harder.

Is Cisco going to try and kick out EMC? I don’t know. Will they offer a full-stack that competes? Maybe. Will we see a “Vblock” running Hyper-V instead? Could happen. But these are only possibilities, not facts. The only absolute facts we know are as follows:

The real point is that repeated public spats like this, especially coupled to clearly strategic buys, does and should introduce serious doubt on the part of customers. There are now a lot of very hard questions to ask, in large part because the VCE alliance is clearly less in-step with each other than thought.

Cisco could be planning Whiptail as an adjunct to VNX-F or for an unrelated VDI or Unified Messaging bid for all we know. But now customers have to extend their investigation and research processes asking these questions, and wondering if the answers will be the same 12 months down the road. Confidence and trust have been eroded substantially now – and all the members of VCE are going to have a hard road to earn it back.

Since it seems unclear to the Internet…

One, I hate writer’s block. So this post may be slightly confusing. Two, I could, you know, blah blah “140”  but you know what? That’s a cop out sometimes, and this is one of those times. And the Internet at large seems to be rather… confused and/or not understanding my stance on discrimination. Not “discrimination” in the sense of “oh well X isn’t actually qualified for Y”, but discrimination in the sense of “X can’t have Y because Z” where Z is pretty much everything one Paul “I’m Not A Bigot” Graham uses an excuse.

So let me be absolutely crystal clear about my stance:

cooltext1167700837

Please feel free to place this same message on your blog, website, whatever. Just as long as it’s not your useless lying “equal opportunity” page. And stop claiming you aren’t lying about it, Silly-con Valley “bros.” You’re so full of it, there are farmers in Oklahoma who want to spread you on their fields. And stop pretending that Paul Graham isn’t a racist and bigot and doesn’t actively encourage discrimination, bias and bigotry.

No. Seriously. Stop. Because I have honestly reached the point where I’m going to go for the Educational Cinder Blocks and a trebuchet the next time I hear it.

Enough of the outright lying where privileged idle rich twits like PG conflate “qualification” with “discrimination.” It’s a complete and utter lie, the same as the claims that it’s a “meritocracy.” If it was an actual meritocracy, there wouldn’t be hundreds of failed startups. If it was an actual meritocracy, more than <1% – yes, less than 1% – of founders would be African American. Want to know how many non-white kids Paul Graham has given money to? Two. And HN tries to justify it because they “live in poverty” and “few tech founders come out of poverty”. And if that entire thread doesn’t make you sick, seriously, what the hell is wrong with you?

Continue reading ‘Since it seems unclear to the Internet…’

Availability in the Modern World, Part 1

So lately we’ve been talking about two of my favorite words, stability and resilience. And mostly how my stance is that you can’t have one without the other – because that’s been my experience, without exception. When you take away stability, the resilience goes away because multiple components fail in parallel. When you take away resilience, a single fault takes the whole thing out.

There’s an excellent discussion going on with myself, @jamesurquhart over here, some good stuff from @mthiele10 over here, and so on.

But the whole point of stability and resilience is availability. Because the fact is that availability is paramount to all, period, no exceptions. It doesn’t matter if you’re public facing like Netflix or it’s an internal application. If people can’t use it, it’s a doing nothing more than burning cash.

The idea that cloud somehow changes the equation is, in fact, completely false. Cloud doesn’t change these basic concepts – it changes how you achieve them. That’s all. Doesn’t matter if your solution is hosted or in house; if it’s down, it’s worthless. If it’s down regularly, it’s worthless. But to really understand things, first we need to understand availability and start debunking a lot of the traditional “enterprise” cruft that’s been wrong for as long as I’ve been in IT. (That’s a long time.)

Continue reading ‘Availability in the Modern World, Part 1’

Stability + Resilience, not Stability|Resilience

So @AndiMann @jamesurquhart @f3ew and I have been having a bit of a discussion on Twitter regarding resilience, change control, deployment cycles and such and I really can’t fit my thoughts on the matter into 140 characters. It is a bit of a complicated topic, but not as complicated as folks keep saying in various outlets.

First of all, the most important thing to recognize is that almost any company pushing it as an OR rather than an AND is trying to sell you hardware, software or services. Period. That’s just a truism and it’s unavoidable and something they don’t like me calling them out on. Especially when I point out that they’re trying to sell you these things whether or not you actually need them. But come on – we all already know they’re going to do that.

But that’s not what we’re here to look at as much as the AND versus OR argument. There’s a lot of folks who have gone completely overboard with this idea that if you don’t do continuous deployment, you’re doing it wrong. And the simple fact of the matter is that they’re wrong. IT is not a zero sum game, nor is it strictly OR operations. Most organizations don’t want or need continuous deployment. And many organizations (e.g. Google who likes to break their infrastructure at the expense of paying customers and products) are doing it completely wrong. Continue reading ‘Stability + Resilience, not Stability|Resilience’

Lies and the Larrys Who Tell Them

Another Oracle Open World keynote, another pack of lies from Larry Ellison. Bad enough that the still blind (dangit, why does my prescription have to suck so much?!) guy is actually writing a blog post about it. Before people start spreading more lies as truth. Mind, I’m not there, so this is an incomplete dismantling of the falsehoods. But there’s some real ugly ones.

And yeah, being a Sun guy for as long as I have been, well. I feel obligated to share the real facts of things, so folks aren’t reliant on spin, revisionism and unicorns.

Continue reading ‘Lies and the Larrys Who Tell Them’