MACH.2, DoS, Tech, Ryzen, OLTP, Escapement, Daily, MikroTik, BIND

  • Seagate MACH.2 Multi Actuator Technology seems interesting. I've been always wondering why there couldn't be more heads / arm as well as why each arm couldn't be actuated individually, providing better IOPS. Sure, that adds costs, but from technical perspective it seems logical. Also with large caches and memories, drives could read more than one track / rotation by having several closely spaced heads, reading parallel tracks. Like if there are 4 shingled tracks, why not to read all 4 tracks on single rotation. This could improve IOPS marginally, but would make a huge difference on sustained data transfer rate. Also HAMR technology (which I've blogged earlier about) is making it's way to market.
  • Where's the line between DoS and DDoS (Distributed Denial of Servce). Because I'm often seeing 1000 - 1500 attackers. I think that starts to be in the DDoS region? kw: network attacks, flooding, mitigation, IP addresses, ranges, etc.
  • Bottle return machine clear design / software flaw. I've now seen it three times and know how to avoid it. But it snags users who don't know about the issue. Problem. When the automate enters power saving mode, it stops all it's bottle transport belts. There are two belts, one front loader belt and second bank-end transport belt. Problem is that the back-end belt starts too late, if you start loading quickly on the front loader. The front loader pushes first bottle on the back-end belt, but the second bottle hits the first bottle, and then error is detected and the second bottle is rejected by the automate. If you know this and hit this situation, you can actually quickly grab the second bottle at this stage and re-enter it after the back-end belt is running. Obvious design and software flaw. After the first bottle the system should wait for the back-end to be operating before starting the front loader belt(s) again. Or if possible the back-end should start faster. Also called "reverse vending machines" or "Return and Earn" refund scheme some times. Another thing is that the bottles the machine rejects and gives back to the user, can be easily slammed in the machine so hard that it flies over the first belt to the back-end belt, which doesn't run backwards and that's one way to get rid of the containers the machine would otherwise reject. Yet the system is clearly designed to detect this and instructs the user not to throw the bottles, haha. kw: Tomra, Fail, Finland, automate, automatic
  • Studied AMD Ryzen 9 and EPYC 2 (Rome) stuff. Anandtech reviews, Phoronix benchmark results, etc. Way interesting. What else I would do on Friday evening? KW: CCD, CCX, IOD, AVX-512, AVX2, Xeon, L1, L2, L3, Cache Latency, LMBench, TinyMemBench
  • Online Transactional Processing (OLTP) - So many names for the same good old things.
  • Escapement - This clearly shows a very "simple thing" being developed changed and improved over time. As well as accuracy versus costs, easy of manufacturing, etc. All the classic aspects of any technology development.
  • Daily lulz, one new guy doesn't know that matrix printer requires color ribbon. He's just wondering why it doesn't print anything. - Oh joy. This is just as funny, as when Thermal Printers came, people were ordering ink for those, when the printout was bad. - Of course I can sell you very expensive invisible ink. Just pour it in, after cleaning the printer's thermal head.
  • Having fun configuring MikroTik managed switch CRS326-24G-2S+RM. - No, it wasn't fun, but got it done.
  • It seems that 5G networks aren't any better than 3G or 4G in data security. CSS aka Stringrays seem to be working. Why not to implement proper authentication, and encryption, so this shouldn't be possible?
  • Configured BIND as local network resolver. Providing DNS query forwarding proxy and caching DNS over TLS for all local services. Other options which were considered were: stubby + dnsmasq.service, DNSCrypt, Unbound and dnss. As well as DNS over HTTPS as protocol option. I really like doing this kind of configuration on servers, so there's no need to do it on every client. As usual there are dozens of ways to get the thing done. Also enabled DNSSEC signature verification on all Linux installations. As well as properly sandboxed the service on the server.
  • Something different: NERVA, SLAM, TEM, RD-0410, Project Pluto, all that history of course related to 9M730 Burevestnik.