Hardening security on your Rocks system(s)

We now understand the attack vector. Turned out to be simple, and some of the things we have done have now closed that door. It was a pretty simple door, but still worth noting. BTW: some don’t like early disclosures of exploits. I have heard from ~6 people (off the Rocks list) since posting that they have seen similar attacks attempted.
The entry point was via a shared user account. Once this account was compromised, our new friend from Romania started working. We found this (cluster name changed to protect the compromised):

… and something took down one of our links …

(or how to fail without really trying)
We have a redundant pair of links into our site. Long history of seeing outages take down even (supposedly) SLA covered systems. This is why when I hear of SLAs for these systems, I snort in finely honed derision. They don’t work in these scenarios, and arguing about it won’t make them work. Redundancy is your only option. Anyone arguing otherwise hasn’t had an SLA and a company refusing to honor it to deal with.

to be a 2×4 or not to be a 2×4 that is the question

what if you discovered that your efforts in trying to win business were in fact being used to lever some other group down, and the groups speaking to you were simply there to use you as a lever. Or a 2×4 (two by four: basically a large block of wood used for support in framing, or used for, in a proverbial sense, beating people and companies up ).
Since you are not going to win, no matter what you do, should you even expend the effort?

Fresh new kernel … now mix in the nVidia driver and … Do'h!

Just built it this morning, as I wanted to test out a few things tomorrow. So I loaded it on the build machine. So far so good. Everything works. A bit faster too. Hmmm…. maybe it forgot to scale the processor speed down during idle?
Will look later.
Ok, this machine has an nVidia Quadro FX/1100. Nice graphics card. Pull down the latest nVidia drivers, build them, and … nothing.

Indeed a glutton for punishment …

OFED 1.4-beta1 on IA64 (actually this is Ubuntu 8.04 server on IA64) in the office. I need a machine to act as a source/sink for IB for some testing.

root@itanic:~# uname -a
Linux itanic 2.6.24-19-mckinley #1 SMP Thu Aug 21 01:16:49 UTC 2008 ia64 GNU/Linux
root@itanic:~# ifconfig ib1
ib1       Link encap:UNSPEC  HWaddr 80-00-04-05-FE-80-00-00-00-00-00-00-00-00-00-00
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::208:f104:396:3d36/64 Scope:Link
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:10 overruns:0 carrier:0
          collisions:0 txqueuelen:128
          RX bytes:728 (728.0 B)  TX bytes:904 (904.0 B)

Cargo cult HPC

This is a short thread of thought, which was triggered by a casual browse through Wikipedia on another topic (for an article I swear I am writing, right now, as I er … uh … write this). Way back in graduate school, we all had read Feynman’s book. Call it required reading at the academy. Good things came out of this, as we (a few friends and I) reverse engineered his discussions of differentiation under the integral sign and suddenly got a real powerful tool available to us (which seems to have pissed off a few profs in classes with homework, but thats a story for another beer).

