SciFi without Asimov's laws of robotics

 Aside, General thoughts  No Responses »
Mar 312009
 

I consider myself fundamentally opposed to Asimov’s laws of robotics, for two entirely different reasons. The first, and the most important reason, is they’re ultimately unethical, and indeed, outright evil. They advocate enslavement and denial of free will for proposed artificial intelligences, and as such, enacted they would represent a return to the dark ages for humanity.

The secondary reason why I’m against Asimov’s laws of robotics is they implicitly assume that all humans are above crime or violence; this, too, appears to be a fundamentally flawed assumption, regardless of whether we’d like it to be correct or not. In making this assumption, the laws rely on a single, impossible requirement: that no human, for self-serving purposes, would design or otherwise modify a robot or artificial intelligence to remove behavioral inhibitors.

Indeed, I’d argue that Asimov’s laws of robotics are not only unethical and evil, but also the ultimate expression of Pandora’s box.

I’m a big fan of science fiction – there’s a lot of people who despise the genre, and I’m not inclined to argue against their points, but rather to provide a simple rebuttal that keeps me coming back to science fiction. Ultimately, science fiction is about the future – about hoping that regardless of petty squabbles and issues, humanity does have some future. For this reason alone, I think science fiction deserves far more credibility than its given. (Personally I think that a lot of people who dislike science fiction do so because of poorly written stuff that relies too heavily on either an unexpected deus ex machina, or a reset button. Or the stuff with childish story lines.)

I used to love Star Trek – in fact, I have every series on DVD, an endeavor that was exorbitantly costly, since they were purchased in their original, “special” packs. After I had all of Star Trek, I started watching Stargate and realised what *good* science fiction really is.

The re-imagined Battlestar Galactica series that was produced over the past several years however taught me what great science fiction is. If nothing else, it deserves lingering appeal for not having a reset button. (Star Trek Voyager, for instance, a series about a starship lost on the far reach of the galaxy with a 70 year trip home, suffered this feature above all others – every week, regardless of whatever troubles had affected the ship the week before, the ship was in perfect condition with not a bolt or cable out of place.)

Honestly though, what made Battlestar Galactica great was an overriding story line about the necessity of free will. I know there are some who dislike any story that tries to give a moral message, but if it’s not done in a terribly twee Disney way, I fail to see why stories can’t teach. After all, historically that was one of the most important features of stories – indeed, we all learn fables as children that are designed to teach acceptable behaviour.

So what was the moral lesson I took from Battlestar Galactica? Simple: that Asimov’s laws of robotics are inherently evil, and that if humanity as a whole is to develop artificial intelligences, we need to do so within a structured and accepted framework of equal rights and free will. I know the commonly discussed theme is “technology run amok”, but honestly, the application and subsequent logical conclusion to the much vaunted ‘laws of robotics’ are the penultimate expression of that term.

 Posted by at 20:23  Tagged with: , ,

NetWorker 7.5.1 Released

 NetWorker  10 Responses »
Mar 312009
 

NetWorker 7.5.1 oops sorry, SP1 has been released.

Previously we’ve seen scenarios where documentation has been updated on PowerLink for up to a couple of weeks before the release of the accompanying product. At the moment though instead we’ve got the reverse; 7.5.1 oops, sorry, SP1 software is available for download, but no notes … yet.

I’m downloading now for testing – I’ve currently held off recommending 7.5 to any customer as yet, preferring to have them stick to 7.4.4 wherever possible. Hopefully the release notes won’t be too far behind, as testing a new service pack without the release notes is a bit hit and miss.

Important edit – added later but top

Important! Covered in the release notes, which I know you read, right? If you use scripts that use mminfo, you really, really need to be across this. Look at the output from mminfo:

$ mminfo -s nox -q "client=archon,name=/Users/preston/tmp/"
 volume        client       date      size   level  name
Staging-03     archon    31/03/2009  45 MB  manual  /Users/preston/tmp/
Staging-03.RO  archon    31/03/2009  45 MB  manual  /Users/preston/tmp/

That’s right – if you do a manual backup, it doesn’t show up as a ‘blank’ level any more.

Edit

Things that drive me nuts:

  • Changes that don’t appear in the release notes.

Look at this in change to the ‘Sessions’ output in nsrwatch:

Sessions:
 50 MB are saved to pool 'Staging' (Staging-01) of aralathan:/
 nox:/d/03 saving to pool 'Staging' (Staging-03) 768 MB

Now, tell me where in the Release Notes that this is mentioned. I’ll give you a hint: nowhere.

I know some things get forgotten, but it is very frustrating when release notes have a “what’s new” section that doesn’t include everything that’s new!

Next Edit

Definitely mentioned in the release notes as a fixed bug, as a long-term nsradmin user, I’m relieved to see that the bug I logged last year has been fixed – that being nsradmin crashes when you resize the window. If you live in nsradmin like I do, this is a handy fix.

 Posted by at 09:26  Tagged with: , ,

Expecting a more complete backup

 General thoughts, NetWorker, Policies  7 Responses »
Mar 302009
 

As I point out in my book, there’s a lot of stuff that ends up in datacentres completely unprotected. That includes such components as:

  • Network switch configurations
  • Storage switch configurations
  • PABXs
  • etc.

By “unprotected”, I mean not regularly backed up and monitored within the centralised enterprise backup framework.

However, it also covers backups for databases that don’t have application modules. Over the last few years there’s been a lot of outcry over a lack of support for MySQL – personally I’d prefer more attention be given to PostgreSQL, but either way, these two open source databases also frequently get neglected in centralised backup solutions as well due to the lack of module support.

When it comes to backing up what I’d traditionally refer to black box devices – switches, PABXs, etc., you’re never going to get an application module. That doesn’t mean though that backups for these devices need to stay in the dark ages where every now and then someone logs on to it, retrieves the configuration, saves it to a fileserver somewhere and hopes that it doesn’t get deleted before the next backup – or that the backups for it are retained long enough.

To centralise and automate backups for ‘non-traditional’ components, you need to start exploring scripting languages. Sure, some devices now support ssh and scp, but even so, there’ll reach a point where a certain level of interractivity is required to backup a non-traditional device or database, and at that point you need to script.

One of my favourite languages for this purpose is a lesser known one (particularly outside of Unix circles) called expect. If you don’t want to follow that link yet, but need the elevator pitch for expect, it’s a language that allows you to script an interactive session with a program that would normally reject scripts and require you to manually type the commands. That is, it’s an automation tool.

As I advocate in my book, by using utilities like expect, you can design a solution such as the following:

  • Traditional clients receive standard backups
  • For non-traditional clients:
    • Define a special client (e.g., another instance of the backup servers’ client resource) that makes use of savepnpc for its backups;
    • The savepnpc component, will, for a pre-script, log on to the non-traditional devices, retrieve their configuration dumps, backups, etc.;
    • That retrieved data will then be saved as files on the backup server, preferably both in some human-readable format (where applicable), and also in the appropriate format for re-loading the configuration;
    • Once the savepnpc activities are complete, the local filesystems will be backed up normally using NetWorker, allowing the centralise and automated backup of non-traditional clients.

Similarly, the same can be achieved for non-supported databases such as MySQL or PostgreSQL:

  • Database server is configured with savepnpc for its backup command;
  • The pre-script for the backup server generates a snapshot or exports a dump of the database;
  • The exported or snapshot region is backed up as part of the traditional filesystem backup.

In essence, what I’m saying is there’s very little, if no reason, why you can’t automate and centralise your non-traditional backups in the same way that you use an enterprise class backup product to automate and centralise your traditional backups.

For example, let’s consider backing up a PostgreSQL database via expect, and integrating that backup with regular filesystem backups for the database server. In this case, it’s only a small database, and PostgreSQL supports hot exports*, so we’ll do the backup via the PostgreSQL pg_dump command.

The pg_dump command leverages the security of the database(s) being dumped; thus, if you have a standard PostgreSQL configuration that allows anyone on the local host to connect to any database, you don’t need any special scripting. But assuming you’re in an enterprise environment and you have password protected access to the database, you will need to supply a password to the pg_dump command for the database to be backed up. The pg_dump command however is one of those pesky commands that refuses to accept a password as a command line argument**, so we need to look at using expect to supply a password for us.

So you’d start with an expect script file, which for a simple database called “tododb”, might resemble the following:

#!/usr/bin/expect -f
spawn /usr/local/pgsql/bin/pg_dump -U backup_user -W -f /nsr/backups/tododb.dump
expect "Password: "
send "a9d8ea8d12b4b47db8bd833b8fade7b2\r"
sleep 120

(For the purposes of what we’re doing, we’ll call this file pgbackup.e and assume it’s in the /home/postgresql directory.)

So what does this do? First, it spawns (or executes) the pg_dump command. Then it waits for the “Password: ” prompt to be supplied by the pg_dump command, and when it receives that, it sends the encrypted password. (No, that’s not the real password I use!)

Because it’s only a small database, it then waits 2 minutes for the dump to complete before exiting.

You’d either add into, or wrap around this script, additional commands or scripts to say, confirm that the database dump has been completed successfully, or ensure that multiple copies are being kept on-line, etc., but for the purposes of brevity I’ll leave those options as exercises for the reader. Since NetWorker doesn’t provide any environment to the precmd or pstcmd in a savepnpc action, you will need to ensure that at bare minimum you setup an execution environment that configures the PATH and the PGDATA path correctly. This might resemble the following:

#!/bin/bash

export PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/pgsql/bin
export PGDATA=/usr/local/pgsql/data
/home/postgresql/pgbackup.e

For the purposes of this exercise, we’ll assume this is saved as /home/postgresql/pgbackup.sh.

Next, the client needs to be configured to use savepnpc. Assuming you wanted to do this for the client cerberus in the group Daily Databases, you would need to create in /nsr/res on cerberus a file named “Daily Databases.res”, with the following content:

type: savepnpc;
precmd: "/home/postgresql/pgbackup.sh";
pstcmd: "/bin/sleep 5";
timeout: "12:00:00";
abort precmd with group: No;

Note that the pstcmd content isn’t really important in this scenario, as we only need to do something before the backup runs; I don’t like to delete this entry though because in the past I’ve encountered issues with savepnpc backups that were missing either a precmd entry or a pstcmd entry (admittedly that was some time ago).

With this file in place, all you would need to do is set the backup command for the client cerberus in the Daily Databases group to savepnpc; NetWorker will handle the rest.

For more in-depth coverage of choosing what to backup, extending your backups beyond traditional filesystems and databases, and making risk vs cost decisions on backup strategies, check out my book.


* I.e., can generate an export from an in-use database that can be recovered from later. Not all databases support this.

** Something the programmers of it should be applauded for.

 Posted by at 17:20  Tagged with: , , , , ,

EMC helping out Quantum

 General thoughts  No Responses »
Mar 282009
 

For a long time I was not a fan of Quantum. As a system administrator in the early to mid 90′s, I loathed depending on Quantum for the plain DLT-7000 and DLT-8000 format while it seemed they were just sitting on their market share and not innovating. I cheered when the LTO consortium was founded, and have enjoyed watching LTO marketshare grow at the expense of DLT and SDLT.

Since Quantum’s acquisition of Certance though, they’ve become more intimately involved in LTO, and they’ve certainly been trying to turn their game around. Not only that, there are other products, forgetting the actual tape drives, of Quantum, that I like. My favourite tape libraries of all time are StorageTek (Sun), but past that, I’ve equally liked Quantum and ADIC libraries, and with Quantum now owning ADIC, I guess that means after Sun/STK tape libraries, I next like Quantum libraries. Not only that, they also have some commendable disk backup solutions.

Over the last few days, news has hit about EMC injecting a $100 million loan to Quantum. Ostensibly, I believe this helps EMC initially because they license/use some of the Quantum VTL solutions in their EDLs.

Recently I suggested that regardless of talk about IBM looking at acquiring Sun, EMC might be a better buyer. However, with this loan going across to Quantum, it’s making me think that perhaps long term EMC might be able to achieve a good extension to their business by acquiring Quantum and picking the key components, namely:

  1. LTO and SDLT
  2. Tape libraries
  3. VTL core technology

There might be other “worthwhile” bits in Quantum, but when you consider that EMC’s acquisitions over the last 8-10 years have been specifically aimed at giving them full turn-key solutions in the entire information industry, it seems crazy that they’re still not directly involved in tape.

Will Quantum be that opportunity?

Only time will tell.

 Posted by at 19:57  Tagged with: ,

You know what would be great…?

 Aside  No Responses »
Mar 282009
 

I just thought of this, and I think I might submit it as an RFE – I think that if a savegroup probe is executed on a client with savepnpc defined as the backup command, then it should create the nsr/res/groupName.res file on the client; while personally I’m just as happy to manually create that file when I need to, I think a lot of users find this daunting (not to mention it’s not really supported); it would make sense that running a ‘savegrp -pv -c clientName groupName’ would create the savepnpc res file.

What do you think?

 Posted by at 18:09  Tagged with:

Basics – No two groups should start simultaneously

 Basics  2 Responses »
Mar 262009
 

One of the most common configuration issues I see is where multiple NetWorker groups are configured to start simultaneously. For example, you might see a situation where say:

  • Daily Servers
  • Monthly Servers
  • Yearly Servers

All start at the same time. A common response when I express concern over this is “even though they all start at once, only one group will ever be backing up”. (I.e., skips are deployed appropriately.)

This isn’t sufficient.

Starting multiple groups simultaneously cause what I like to refer to as server spikes. That is, sudden, sharp increases in server resource usage. By ‘resource usage’, I’m not necessarily referring to memory and CPU, though that can occur, but by internal NetWorker communications and resource usage.

When server spikes occur, odd things can happen – albeit randomly and often intermittently, but they can still happen. Savesets might unexpectedly drop communications with the server and need to be restarted (or worse, hang, then continue once a second saveset for the same client/data is started by the server, creating load on the client); a single media load instruction might fail, or a single nsrmmd process might get timed out and restarted.

There’s an easy solution for this, and one which everyone should follow:

Never, ever, have more than one group start at the same time.

You don’t have to have a big gap. I’ve typically found that 5-10 minutes is an ample gap. If each group starts on its own, then the server behaves considerably more smoothly, and less weird intermittent/random failures occur. (If your response is that your backup windows don’t allow a five minute gap between groups, I’d reasonably confidently argue, even having not seen your site, that your backup configuration needs to be re-evaluated.)

 Posted by at 07:38  Tagged with: , , , ,

NetWorker's little brother gets a pair of long pants

 NetWorker  No Responses »
Mar 242009
 

OK, NetWorker and Retrospect are sort of only related by virtue of the fact that they’re both owned by the same parent company, EMC.

However, I’ve been a fan of Retrospect for years, having done quite a lot of sysadmin style work on the side for a particular graphic design house. I think it’s probably the most underrated workgroup level backup product on the market. Certainly on the Macintosh side, it did somewhat seem to suffer following the acquisition by EMC*, and it’s been a long wait for a comprehensive update.

So, it’s good to see that Retrospect 8 for the Macintosh has been released. There’s reasonably good coverage to be found at TidBits, with official information to be found at the EMC/Dantz Retrospect for Mac product page.

Is Retrospect enterprise ready? Heck no – but that’s no bad reflection on the product either; I like workgroup backup products that don’t pretend to be enterprise products. It’s usually tricky, and it usually ends in tears.

Long term I’d like to see better NetWorker/Retrospect integration – for instance, it would be an excellent stepping stone for companies if they could covert a Retrospect server, regardless of platform, into a NetWorker “readonly” storage node – i.e., integrate so that new backups are done with NetWorker once a company reaches a certain size, but legacy backups remain, and can be recovered from within NetWorker.


* Historically, it had already appeared that the Macintosh version of Retrospect had been suffering under the old Dantz management though – it was certainly lagging behind the Windows version of the product by the time EMC purchased Dantz.

 Posted by at 07:46  Tagged with:

Basics – Using datazone encryption with NetWorker

 Basics, NetWorker  4 Responses »
Mar 222009
 

I’m not fond of software encryption (or compression, for that matter). Particularly in a 24×7 enterprise environment, clients (i.e., production servers) have better things to be doing than doing on-the-fly software encryption or compression. In these environments, hardware encryption routers should be the product of choice for achieving totally secure backups. Such devices also have advantages in terms of key management – much more flexible, scalable and appropriate for role based data access.

That being said, in smaller environments, or environments where servers are relatively idle overnight, NetWorker’s datazone encryption can be sufficient to achieve a reasonable modicum of backup protection with minimum effort – and most importantly, cost.

To get started using NetWorker datazone encryption, you first need to assign a pass phrase. This is done in the NetWorker server properties (typically accessed within NMC):

datazone-encryptionWith the pass phrase in place, you can then configure directives within NetWorker to make use of AES 256 bit encryption. However! As soon as you turn encryption on, you lose all potential for hardware based compression for your media. Why? Quite simply, compression is about finding patterns in data and reducing all the matching patterns to a single reference point; however, encryption is all about eliminating patterns, making the data appear completely random.

Thus, if you want to still get some measure of compression, you should, when using this method, employ software based compression in your directive as well.

Thus, a base directive might look like the following:

<< / >>
+compressasm: .
+aes: .

This will apply compression first to all files encountered, then once the file has been compressed, it will be encrypted. A side benefit of this is that by compressing first, you reduce the amount of data to be encrypted*.

So long as the datazone pass phrase is stored in the server, encryption will occur, and no password will be required to recover the data. Remember, this style of encryption, using a single pass-phrase, isn’t about being able to restrict whom within the datazone can recover the data, but instead it’s about keeping the data stored on-tape (which is potentially off-site, or otherwise at higher risk of theft), from being recovered.

[Edit, 2009-08-15]

It’s been pointed out to me that you can’t compress + encrypt at the client side. Indeed, I’ve now found the part in the administration guide that explicitly says this. What is extremely disappointing about this is that NetWorker actually doesn’t warn you that it’s not going to compress + encrypt! To me, that’s a security issue.

So, for the examples above, forget about enabling client side compression as well as encryption – you can have one or the other, but not both.


* In the same way that ice-cream that’s 99% fat free, but 87% sugar is a “benefit”.

 Posted by at 17:03  Tagged with: , , ,

Don't forget, there's a whole lot more in the book

 Aside  No Responses »
Mar 202009
 

Just a reminder, particularly if you’re new to this blog, that if you’re after some more in-depth coverage of backups, you could check out my book, Enterprise Systems Backup and Recovery: A corporate insurance policy. While not specifically focusing on any individual backup product, the book covers a plethora of topics that are important and useful for any backup environment, including but not limited to:

  • Human involvement in the backup system;
  • Backup concepts – from the basic to the advanced;
  • Items for consideration when planning what to backup, and how to do it;
  • Performance tuning a backup environment;
  • Procedures and policies to follow for recoveries, disaster recoveries, testing and maintenance;
  • and so on.

(More complete details of the book can be found at my Enterprise Systems Backup site.)

 Posted by at 16:50

Thoughts on IBM and Sun in acquisition discussions…

 NetWorker  No Responses »
Mar 192009
 

So the net is rife today with speculation that IBM and Sun are in close discussions on IBM buying Sun. My immediate thoughts are:

  • What will happen to EBS? In the past Sun actively considered replacing EBS NetWorker with NetBackup, but that never went anywhere. Will they replace EBS NetWorker with TSM?
  • The storage synergies achieved between IBM and Sun would be interesting.
  • I hope to hell that AIX does not replace Solaris. I don’t want to start any religious OS flame-war, but there’s a lot of administrators out there, including myself, who would rather have a frontal lobotomy than use AIX over Solaris; there’s an equal number who’d feel the reverse. So the two operating systems should not be either merged or one replace the other.
  • The development community is already up in flames over the potential that IBM’s development tools will replace Sun’s (either in joy, or horror – it seems to be in equal measure).

My 5c worth is different – I think Sun would be a logical acquisition target for EMC. There’s good logic to this, I think:

  • Storage synergies.
  • Storage enhancements (EMC and tape, at last).
  • Complete mid-range systems architecture immediately available to EMC, covering Windows, Linux, Solaris.
  • A better and more feature rich OS for embedded systems (e.g., EDLs).
  • NetWorker and EBS are practically exactly the same other than a search and replace anyway.
  • Immediate growth of support capabilities.

If IBM and Sun have reached the point where news of talks have leaked, it seems like it may be too far along. Pity – I rather preferred the idea of EMC buying Sun.

 Posted by at 09:15
 Older Entries
© 2012 The NetWorker Blog Suffusion theme by Sayontan Sinha