Computing – Page 52 – More Zonkyness

Can ARM Servers Work ?

Jul 022011

One of the many obsessions in the IT industry going around at the moment is the possibility of low-energy ARM-based servers. ARM-based processors are currently very popular in the smartphone and slate markets because they eat much less energy than Intel-based processors. What is less commonly realised is that ARM-based processors have also long been used in general purpose desktop computers.

ARM processors were originally designed and built by a home computer company called Acorn as a replacement for the 6502 processor in their immensely successful BBC Micro. The replacement micros were collectively known as the Acorn Archimedes and were probably the most powerful home computer before the crash of the home computer market, and the eventual dominance of the IBM PC compatibles.

And of course a general purpose computer running a well-designed operating system is just a short step away from being a capable server.

So of course it is possible for someone to release a server based around the ARM processor and for it to be useful as a server. Whether it is successful enough to carve itself a respectable niche in the server market as a whole is pretty much down to the vagaries of the market.

Some of the criticisms I have seen around the possibilities for ARM servers :-

But ARM Cores Are Just So Slow

Actually they’re not. Sure they are slower than the big ticket Xeons from Intel, but they are quite possibly fast enough. Except for specialist jobs, modern servers are rarely starved of CPU; in fact that is one of the reasons why virtualisation is so popular – we can make use of all that wasted CPU resource. Modern servers are more typically constrained (especially when running many virtual servers) by I/O and memory.

And the smaller size of the ARM core allows for a much larger number of cores than x86-based servers. And for most modern server loads (with virtual machines), many cores is just as good as fewer but faster cores.

In the case of I/O, the ARM processor is just as capable as an Intel processor because it isn’t the processor that implements links to the outside world (that is a bit simplistic, but correct in this context). In the case of memory, ARM has an apparent problem in that it is currently a 32-bit architecture which means a single process can only address up to 4Gbytes of memory.

Now that does not mean an ARM server is limited to 4Gbytes of memory … the capacity of an ARM server in terms of memory is determined by the capabilities of the memory management unit. I am not aware of any ARM MMUs that have a greater than 32-bit addressing capability, but one could relatively easily be added to an ARM core.

Of course that is not quite as good as a 64-bit ARM core, but that is coming. And except for a certain number of server applications, 64-bit is over rated outside of the x86 world – Solaris on SPARC is still delivered with many binaries being 32-bit because changing to 64-bit does not give any significant advantages.

But It Is Incompatible With x86 Software

Yes. And ?

This is a clear indication that someone has not been around long enough to remember earlier server landscapes when servers were based on VAX, Alpha, SPARC, Power, Itanium, and more different processor architectures. The key point to remember is that servers are not desktops; they usually run very different software whether the server is running Windows, Linux, or some variety of Unix.

There are server applications where x86 binary compatibility is required. Usually applications provided by incompetent third party vendors. But most jobs that servers do are done by the included software, although in the case of Linux and Unix, the width of “included” software is somewhat wider than with Windows. Indeed for every third party application that requires an x86 processor, there are probably as a minimum half a dozen other server jobs that do not require x86 servers – DNS, DHCP, Directory services, file servers, printer servers, etc.

If you buy an ARM-based server, it will come with an operating system capable of running many server tasks which can be used to offload server tasks from more expensive x86 hardware (either in terms of the upfront cost, or in terms of the ongoing power costs). Or indeed, will be sufficient to provision thin clients to the point where they can use the cloud.

PC Malware Handling

Security, Working Notes No Responses »

Jun 182011

This is a series of notes on dealing with PC malware (viruses, worms and the like) gathered because I’m looking into it and published as a way of reminding myself about this stuff. Bear in mind that I’m not an expert but neither am I a complete dunce – I’m normally a Unix or Linux person but I’ve been keeping half an eye on Windows infections for years.

Some links to tools are contained within. However you should be aware that tool recommendations change over time; you will need to check how outdated this document is before following any recommendations blindly.

At present this blog entry is a work in progress … lots of testing needs to be done before being confident this is right.

Cleanup Process

This is not :-

How to approach this forensically – if you’re dealing with an investigation, it’s a whole other ball game and you probably need professional assistance to avoid corrupting evidence.
A technical guide as to which tools to use.

1. For The Ultra Cautious Or When Handling Real Important Data

The process of removal can be destructive, and in the worst cases you can end up cleaning the malware and ending up with a brick. So make an image of the hard disk as it is. Two basic ways this can be done :-

Removing the hard disk from the infected machine, attaching to an appropriate machine (USB->SATA, USB->IDE converters are handy here), and making an image of the disk.
Booting off a “rescue” CD on the infected machine, and imaging the hard disk to a network share of some kind. This is the preferred option.

This will be slow. So be it. Cleaning an infected PC is not going to be a quick job whatever you do. The best you can hope for is that there are many periods where you can leave it churning away and get on with something else.

2. Boot A Rescue CD

There are those who tell you that there is no need to boot off a known uninfected disk to clean an infected machine; their anti-malware/virus product can clean an infected machine “live”. There are others who claim that the only way to be sure is to boot off that disk and clean the machine that way. Both are wrong.

If you are paranoid (and in the presence of malware paranoia is fully justifiable), you will do both.

3. Boot Infected Machine and Clean

As suggested previously after booting off a rescue disk and cleaning, boot the infected machine and clean again.

Tools

The following is a list of rescue CD’s that have been suggested :-

UBD4Win. Has to be “built” with the assistance of an XP installation; somewhat tedious but it isn’t the end of the world. However it does need preparing in advance – building a rescue CD with the assistance of an infected machine isn’t the most sensible idea!
Knoppix. Graphical, pretty, feature packed, but seems to be lacking in anti-malware tools (for instance the only AV tool included is Clam).
Trinity Rescue Disk. Menu interface. Virus definitions update over the net; choice of Clam, F-Prot, Bitdefender, Vexira, AVast (need to obtain license key). Various other utilities.
F-Secure Rescue CD.

Some of the above are Windows based; some are Linux based. The choice of which to use should be based on results not whether they tickle your prejudices (or mine!).

The following is a list of “live” tools to be installed that have been suggested :-

Malwarebytes.
AntiVir.

Asides

Nothing to do with the main subject. Merely some notes worth mentioning.

It seems that at least some malware can detect it is running within a virtual environment. In some cases it ceases to do anything, and in others may try to “break out”. This indicates that analysing malware within a virtual environment may not give sensible results, and in some cases may be dangerous! That is not to say that using a virtual environment is no longer of any use, but you may need to take special case such as running the virtual environment under Linux and/or ESX rather than Windows. And be careful about negative results.

Where Are The Multi-User Slates ?

Computing, Security No Responses »

Jun 152011

.. or to give them the more popular name, tablets.

What is the one thing all slates (whatever the usual choice of operating system) are missing? Support for multiple users.

Whilst there have been and are slates based on desktop operating systems, the only ones that have gained any level of popularity are based around operating systems for mobile phones – principally iOS and Android. And for some reason, these do not have support for multiple users which is sort of understandable for mobile phones but it is definitely a weakness for slates.

Imagine if you will, that you have bought a slate and setup the details for your work email, and are busily exchanging emails with someone who insists on being called “Bubbles” and you are engaged in a bit of harmless flirtation. Now you plonk your slate down on the coffee table, and your partner picks it up to play with; of course they end up looking at your latest email from “Bubbles”.

Or in the morning, you rescue your slate from the resident teenager wandering around the house under an angry cloud. You’re in a hurry and don’t check the slate until you wire it up to a projector to show those figures you were working on last night. And this is when you discover (to the amusement of the collective senior managers) that your pet teenager has replaced the default background image with an image of their favourite teenage idol in a scantily clad pose.

Now both of those examples were extreme and intentionally a bit humorous, but the problem is genuine. Even if you are single and excessively possessive about your slate, having a user called “work” and another called “play” allows you to hide one activity from the other. Not a bad idea to keep the games hidden from your boss!

Add a “demo” user and you can hand your slate to a fellow worker or friend to let them have a look at your slate without the risk of them discovering something they shouldn’t.

The mistake the manufacturers have made is assuming that a slate is a single user device. In practice, everyone wants a go and unless you have really big pockets and carry it around everywhere with you, people will pick it up and use it. The ‘net is full of stories about geeks who bought a slate, and wound up with their partner using it more than they do. And not always through choice!

It appears that I’m not the only one who thinks this would be a really good feature.

My R Cheat Sheet

Working Notes No Responses »

May 172011

This is going to be grossly insufficient for anyone trying to learn R (a wonderfully powerful statistical package … although the “stats” part of that may be my inner statistician). This is merely a set of commands I tend to use myself on the rather too rare occasions when I need R.

R is started with “R” at the command-line … of course (although “r” does something quite different).

Loading Data

If you have a file formatted like :-

number1 number2
number3 number4

Then this can be read into a “variable” with :-

> Data <- read.table("filename.dat")

If it is convenient to add column names into the file to give presentable names later on, then do so and tell R that there are headers :-

> Data <- read.table("filename.dat", header=TRUE)

Whilst R has plenty of control about how to read data … far more than I need at least, it may be easiest to munge your input data into the above format if you are more comfortable with the command-line. You can see how R has imported your data with :-

> names(Data)
[1]: "header1" "header2"

Later when it comes to doing something with the actual data, you can access the relevant “vector” with Data$header1. But hopefully you will choose more meaningful names!

Stats Summary

To produce a summary of a vector :-

> summary(vector)
   Min. 1st Qu.  Median    Mean 3rd Qu.    Max. 
   1249    6938   18900   16210   24100   30840

Graphs

This section needs a lot of expansion. But to graph two variables … essentially one being a value at a particular time and the other being the time :-

plot(v1, v2, xlab="Horizontal label", ylab="Vertical label", main="Title")

This will draw the graph onto the default device – which is normally the main X11 display. If you want to change the output, you need to choose an alternate device. For a PNG file :-

png("filename.png")
(Redo the plot you're happy with)
dev.off()

Windows: Turning Off IPv6

Computing, Working Notes No Responses »

May 142011

This is a note for my own future sanity (like when I start using IPv6 and want this enabled again) given that this information is widely available around the network. If you do not know why you would want to turn off IPv6 when you are almost certainly not using it, then you probably want to do it anyway.

Hint: You may have a globally reachable IPv6 address on your machine that bypasses your firewall. And if that doesn’t worry you, it should!

Anyway, to turn it off run regedit in your preferred manner, and create the following DWORD attribute :-

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\DisabledComponents

Set the value to FF (in hexadecimal). And reboot your machine.

So far this has worked with :-

Windows Server 2008R2
Windows 7 (Ultimate)

Older Entries Newer Entries