|
|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
| (slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix | |||||||
| News | Recommended Links | Dell DRAC | PERC controller | Dell PowerEdge R620 | PowerEdge C6220 II |
| M1000e Enclosure | Dell M620 blade | Admin Horror Stories | Humor | Etc |
|
|
|
|
HP servers are generally priced higher then Dell servers. The same is true for CISCO. Cost of the support is also higher, and quality and reliability is equal or lower. HP servers are more complex and more proprietary. CISCO servers are "strange" and not very polished, despite attempt to CISCO to position itself as new IBM (attempting to capitalize of its dominant position in networking and "nobody was fired for buying IBM" mentality of IT management)
Both Dell and Hp servers can work a decade. Repairs are very rare and for one and two socket servers it is more economically to have a spare server than to pay for hardware support. In my experience less then one in a hundred servers requires repair in the first five years on service. My feeling is that Dell server produce less troubles if used with Suse then HP servers.
My impression is that Dell servers that cost the same amount of money are faster (can be configured with better CPU, more/faster memory, faster/larger drives or combination thereof ) and use more cutting edge technology. See for example old report R710-DL380-database which, while commissioned by Dell, is still an interesting read.
We compared the database performance, hardware cost, and power utilization of two servers in similar common enterprise configurations. On our tests of Microsoft® SQL Server® 2008 database orders per minute (OPM), the Dell Dell™ PowerEdge™ R710 delivered multiple advantages over the HP ProLiant DL380 G6.
Dell M620 blades are of higher quality then either HP blades or, especially, CISCO blades. Enclosure is better engineered and unlike CISCO (and like HP) can hold up to 16 blades. Mechanical engineering of Dell enclososure and blade cases is definitely the best of alternatives.
Dell blades have regular USB port on the front panel, which make administration easier. Dell DRAC is vastly superior to alternatives in functionality.
|
|
||||
| Bulletin | Latest | Past week | Past month |
|
 |
 |
 |
Nov 07, 2017 | www.zdnet.com
Matthew Garrett, the well-known Linux and security developer who works for Google, explained recently that, "Intel chipsets for some years have included a Management Engine [ME] , a small microprocessor that runs independently of the main CPU and operating system. Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT [Active Management Technology] is another piece of software running on the ME."In May, we found out that AMT had a major security flaw , which had been in there for nine -- count 'em -- nine years.
"Fixing this requires a system firmware update in order to provide new ME firmware (including an updated copy of the AMT code)," Garrett wrote. "Many of the affected machines are no longer receiving firmware updates from their manufacturers, and so will probably never get a fix," he said. "Anyone who ever enables AMT on one of these devices will be vulnerable."
Quick! How many of you patched your PC or server's chip firmware? Right. Darn few of you. That's bad. It's not every processor, but if you or your hardware vendor has "explicitly enabled AMT", your machine is still vulnerable to attack.
The Electronic Frontier Foundation (EFF) has called for Intel to provide a way for users to disable ME . Russian researchers have found a way to disable ME after the hardware has initialized, and the main processor has started. That doesn't really help much. ME is already running by then.
But Minnich found that what's going on within the chip is even more troubling. At a presentation at Embedded Linux Conference Europe , he reported that systems using Intel chips that have AMT, are running MINIX.
If you learned about operating systems in the late '80s and early '90s, you knew MINIX as Andrew S Tanenbaum's educational Unix-like operating system. It was used to teach operating system principles. Today, it's best known as the OS that inspired Linus Torvalds to create Linux.
So, what's it doing in Intel chips? A lot. These processors are running a closed-source variation of the open-source MINIX 3. We don't know exactly what version or how it's been modified since we don't have the source code. We do know that with it there:
- Neither Linux nor any other operating system have final control of the x86 platform
- Between the operating system and the hardware are at least 2 ½ OS kernels (MINIX and UEFI)
- These are proprietary and (perhaps not surprisingly) exploit-friendly
- And the exploits can persist, i.e. be written to FLASH, and you can't fix that
In addition, thanks to Minnich and his fellow researchers' work, MINIX is running on three separate x86 cores on modern chips. There, it's running:
- TCP/IP networking stacks (4 and 6)
- File systems
- Drivers (disk, net, USB, mouse)
- Web servers
MINIX also has access to your passwords. It can also reimage your computer's firmware even if it's powered off. Let me repeat that. If your computer is "off" but still plugged in, MINIX can still potentially change your computer's fundamental settings.
And, for even more fun, it "can implement self-modifying code that can persist across power cycles". So, if an exploit happens here, even if you unplug your server in one last desperate attempt to save it, the attack will still be there waiting for you when you plug it back in.
How? MINIX can do all this because it runs at a fundamentally lower level.
x86-based computers run their software at different privilege levels or "rings" . Your programs run at ring three, and they have the least access to the hardware. The lower the number your program runs at, the more access they have to the hardware. Rings two and one don't tend to be used . Operating systems run on ring zero. Bare-metal hypervisors, such as Xen , run on ring -1. Unified Extensible Firmware Interface (UEFI) runs on ring -2. MINIX? It runs on ring -3.
You can't see it. You can't control it. It's just humming away there, running your computer. The result, according to Minnich is "there are big giant holes that people can drive exploits through." He continued, "Are you scared yet? If you're not scared yet, maybe I didn't explain it very well, because I sure am scared."
... ... ...
