Agile Notes

The metric iowait is approximately as cumbersome as the memory free in unix. From time to time there is a major issue with the servers not coping with the demands and the applications see high iowaits. I always stumble when I try to explain that the metric doesn't necessarily tell you the truth. It seems like everyone knows that iowait is the time spent by the CPU waiting for IO to complete and that sounds bad. Back in the days it was bad, there was one CPU and it couldn't do anything until the IO completed. But now a days we have more core's i.e. other processes can continue on core's that aren't blocked by the single IO-wait. To add further insult the increase of CPU-performance has outperformed the improvements of disk performance. SSD disks are still fairly expensive, at least for larger disks event though they do stand for a gigantic leap in performance improvements. This means that we have to factors (CPU speed and multi-cores) that mitigate the issue o...

It took it's time or I didn't even notice :-) before I got a visitor. And when it finaly happened it was not as exciting as I had hoped. So where did the attempts origin from? A typical week you would see something like this: 1.93.24.0/24 | CN | DXTNET Beijing Dian-Xin-Tong Network Technologies Co., Ltd.  1.93.0.0/16 | CN | CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network  1.93.0.0/16 | CN | CNIX-AP China Networks Inter-Exchange  120.194.0.0/16 | CN | CMNET-V4HENAN-AS-AP Henan Mobile Communications Co.,Ltd  120.236.0.0/16 | CN | CMNET-GUANGDONG-AP China Mobile communications corporation  122.154.0.0/16 | TH | CAT-AP The Communication Authoity of Thailand, CAT  182.73.0.0/16 | IN | BBIL-AP BHARTI Airtel Ltd.  222.33.0.0/16 | CN | CTTNET China TieTong Telecommunications Corporation  88.198.0.0/16 | DE | HETZNER-AS Hetzner Online AG  91.236.116.0/24 | NL | P...

After christmas I learned that we had a suspected break-in in one of our production sites. The incident occured just before christmas and I was dumb found to find out about it after the holidays and even more so when the incident had been closed with a non conclusive result. I don't know if it just me; because in my book the suspicion alone is a "stop the world operations event". You are not content with and you just don't leave it in an inconclusive state... The reason we suspected it was that /var and /root and /sbin was gone from one of the machines. Yes - there are more non obvious ways to hide you're doings but this did remove any potential traces and did cause some havoc. Althoug I must confess that I would expect more from any one capable of penetrating us; either in the capacity of destruction or the sutelty of their presence. After Christmas I learned that we had a suspected break-in in one of our production sites. The incident occurred just before C...