TechOpsGuys.com Diggin' technology every day

December 7, 2011

Protect yourself this holiday season with this tech tip from all of us

Filed under: Random Thought — Nate @ 11:29 pm

Well, I guess it’s just from me, since there isn’t an us anymore (picture of the evil monkey from family guy comes to mind, pointing at the former techopsguys)

I was having some talks about this with some co-workers today, it started when buy.com sent me an email from their collections department saying that I owed them money on something that I ordered on August 12th 2011. I got the item a long time ago, and buy.com is one of those places that charges you the same time the item ships. Well I guess this order must’ve slipped through their system somehow (probably along with a bunch of others too). It was an order for a carrying case for a laptop.

I’ve been a happy and loyal customer of buy.com for almost a decade now, my email from them goes back to December 24th 2001. buy.com and outpost.com (now Frys.com) were two of my main shopping sites early on. I still do a bunch of business with buy.com, but haven’t bought from frys.com since they were bought I think.

This was the first such collections email I had received so I thought maybe it was a scam, or a spam or something but the email address I use is not easy to guess and they had all of the right information. So I went to the site and gave them an updated credit card for them to use. You may remember my email system strips out things like links that point to spoofed sites.

The reason the transaction failed is well they weren’t supposed to wait four months before attempting to charge the card. I have been using temporary credit cards generated from Bank of America’s ShopSafe program for many years now, and my standard is to keep the expiry date of the temporary cards to the minimum of two months. So when buy.com’s systems failed and they went back to charge an old order of course it failed since the card was expired.

(Think 4 months is bad? One company I worked for had to literally cut their largest customer a $1M check to sort out an accounting problem(the large customer was and is a publicly traded company so this came up during their quarterly review for earnings) due to their billing system not properly billing customers for something like six months and they weren’t able to go back and charge them too much time had passed)

Anyways my point is Bank of America is not the only bank out there that has this ability I know others do (though can’t think of any off the top of my head I’m sure they exist). What is sort of shocking to me though is over the years as the holidays come and go there are news casts and stuff that try to give tips for how best to protect yourself with online shopping. Usually the tips are good but I’ve never — ever seen anyone mention taking advantage of temporary credit card numbers to better protect your online purchases. I use them even with merchants I trust like buy.com. I think it’s a good habit to be in. I booked my recent hotels and airline tickets with them. Not only have I not heard the media report on this technology but I very rarely come across anyone that even knows such stuff exists (or if they have heard of it, they have never used it).

There’s really only one place that I haven’t been able to use temporary credit card numbers online — that is wingstop. Damn place wants to see the card you used in person when you go to pick your grub up, and I don’t know about you but I haven’t owned a printer in seven years.

These temporary cards can be more labor intensive if your ordering through marketplace sites like buy.com, because the cards only allow one merchant to charge them, so if you have an order with stuff from 5 different merchants you have to split it up into 5 different orders, or use a regular credit card (I of course go ahead and split it up since there is no savings for shipping or anything).

The temporary credit cards also work well for recurring payments. I use one for my co-location bill for this blog. The bill is $100/mo, I think my temporary card for that has a limit of $120/mo, and it allows up to $120/mo each month for as long as I want. It doesn’t allow more than $120/mo though. I can even arbitrarily increase the limit (but I can’t decrease it). I can even arbitrarily extend the expiry date (but I can’t decrease that either). It’s really handy.

When I signed up for a premium subscription to LinkedIn, they sent me an email saying they’ve automatically opted me in to auto renew when my subscription is due next year and that I need to do something special to get out of it. Joke’s on them though, the credit card used to sign up will not only be long expired by then but I have the ability to go into the Shop Safe system and pro-actively delete the credit card whenever I want!

Having a hard time getting someone to stop renewing auto payments? Next time use a temporary credit card!

Now they aren’t perfect. For example there is really no way to tell what charges map to what credit card numbers, and customer service really has little knowledge of this program. Not only that but I think when it comes to fraud, there is no distinction between Shop safe numbers and regular card numbers. If a shop safe number is compromised I DON’T CARE. Chances are it has less than $10 in credit left on it, assuming it is not expired and assuming I haven’t gone in and nuked it anyways! But the bank doesn’t have a way to distinguish it (I don’t think), so if a merchant reports the card # I used was stolen then they flag the account like they otherwise would.

With Shop safe (or a similar program) I’m so much better protected in the online world than I am in the real world. Not that I have much to worry about anyways, it’s not as if I’m liable for fraudulent transactions on my card(I did have a few about a year ago though my card was canceled before I knew what was going on and while the bank said they were going to send me something that disclosed what was bought that never happened, I just signed some paper saying purchases from those merchants was not me).

But I like to be a safe shopper anyways, whenever I can.

So spread the word if you can – use temporary credit card numbers for online shopping for about the most safe shopping experience around!

If you know what other banks offer this capability leave a comment!

Happy Holidays from techopsguys^H

(that makes 100 blog posts for 2011 ! woohoo! I don’t think I’ll come close to the 132 I did last year at this rate)

I started more formally collecting stats on the traffic on the site if your curious check this site out(updates each Sunday). The number one search term for December for my site? Of all things? The HP Touchpad ? I think I have one, maybe two posts on that (plan to have a follow up once HP makes their big decision). OK looks like 4 posts.

I had one crazy IP from Rackspace hosting hitting this site about once every two seconds, 280,000 hits over the span of about 6 weeks, I blocked them at Apache with a message asking them to fix their bot or justify their traffic to me and I’d unblock it but got no reply. They continued for a few more weeks after I blocked them. Really strange!

My data goes back to the middle of August 2011.

Impending rolling outages in EC2

Filed under: Datacenter — Tags: — Nate @ 8:55 pm

I don’t write too much about EC2, despite how absolutely terrible it is, I will be writing about it in more depth soon(months most likely, it’s complicated). Nothing is more frustrating than working with stuff in EC2.

I have told some folks recently that my private rants about EC2 and associated services makes me feel like those folks in 2005-7 screaming about the implosion of the housing market yet for the most part nobody was listening because that’s not what they wanted to hear.

Same goes for EC2.

Anyways, I wanted to mention this, which talks about impending rolling outages across the Amazon infrastructure (within the next week or two).

Oh wait these are not outages, these are “scheduled maintenance events”.

That you can’t opt out of. You can postpone them a bit, but you can’t avoid them entirely, short of getting the hell outta there (which is a project I am working on – finally! Going to Atlanta next week, more than 4 months later than I was originally expecting)

Yeah, good design there. Better design? Take a look at what the folks over at a provider in the UK called UltraSpeed does, it’s clear they are passionate about what they do, and things like 15 minute SLA for restoring a failed server show they take pride in their work(look ma! No hard disks in the servers! Automated off site backups to another country!). Or Terremark – fire in the data center? No problem.

I have little doubt this is in response to critical security flaws which can only be addressed by rebooting the tens or hundreds of thousands of VMs across their infrastructure in a short time before it gets exploited, assuming it’s not being exploited already.

I fully expect that perhaps by the end of this month there will be some security group out there that discloses the vulnerability that Amazon is frantically trying to address now.

Red Hat Bringing back UML ?

Filed under: Virtualization — Tags: , — Nate @ 11:05 am

User mode linux was kind of popular many years ago especially with the cheap virtual hosting crowd, but interest seemed to die off a while ago, with what seems to be a semi-official page for user mode linux not being updated since the Fedora Core 5 days which was around 2006.

Red hat apparently just released RHEL 6.2, and among the features, is something that looks remarkably similar to UML –

Linux Containers
•    Linux containers provide a flexible approach to application runtime containment on bare-metal without the need to fully virtualize the workload. This release provides application level containers to separate and control the application resource usage policies via cgroup and namespaces. This release introduces basic management of container life-cycle by allowing for creation, editing and deletion of containers via the libvirt API and the virt-manager GUI.
•     Linux Containers provides a means to run applications in a container, a deployment model familiar to UNIX administrators. Also provides container life-cycle management for these containerized applications through a graphical user interface (GUI) and user space utility (libvirt).
•     Linux Containers is in Technology Preview at this time.

Which seems to be basically an attempt at a clone of Solaris containers. Seems like a strange approach for Red Hat to take given the investment in KVM. I struggle to think of a good use case for Linux containers over KVM.

Red hat also has enhanced KVM quite a bit, this update sort of caught my eye

Virtual CPU timeslice sharing for multiprocessor guests is a new feature in Red Hat Enterprise Linux 6.2. Scheduler changes within the kernel now allow for virtual CPUs inside a guest to make more efficient use of the timeslice allocated to the guest, before processor time is yielded back to the host. This change is especially beneficial to large SMP systems that have traditionally experienced guest performance lag due to inherent lock holder preemption  issues. In summary, this new feature eliminates resource consuming system overhead so that a guest can use more of the CPU resources assigned to them much more efficiently.

No informations on specifics as far as what constitutes a “large” system or how many virtual CPUs were provisioned for a given physical CPU etc. But it’s interesting to see, I mean it’s one of those technical details in hypervisors that you just can’t get an indication from by viewing a spec sheet or a manual or something. Such things are rarely talked about in presentations as well. I remember being at a VMware presentation a few years ago where they mentioned they could of enabled 8-way SMP on ESX 3.x, it was apparently an undocumented feature, but chose not to because the scheduler overhead didn’t make it worth while.

Red Hat also integrated the beta of their RHEV 3 platform, I’m hopeful this new platform develops into something that can better compete with vSphere. Though their website is really devoid of information at this point which is unfortunate.

They also make an erroneous claim that RHEV 3 crushes the competition by running more VMs than anyone else and site a SPECvirt benchmark as the proof. While the results are impressive they aren’t really up front with the fact that the hardware more than anything else drove the performance with 80 x 2.4Ghz CPU cores, 2TB of memory and more than 500 spindles. If you look at the results on a more level playing field the performance of RHEV 3 and vSphere is more in line. RHEV still wins, but not by a crushing amount. I really wish these VM benchmarks gave some indication as to how much disk I/O was going on. It is interesting to see all the tuning measures that are disclosed, gives some good information on settings to go investigate maybe they have broader applications than synthetic benchmarking.

Of course performance is only a part of what is needed in a hypervisor, hopefully RHEV 3 will be as functional as it is fast.

There is a Enterprise Hypervisor Comparison released recently by VMGuru.nl, which does a pretty good job at comparing the major hypervisors, though does not include KVM. I’d like to see more of these comparisons from other angles, if you know of more guides let me know.

One thing that stands out a lot is OS support, it’s strange to me how VMware can support so many operating systems but other hypervisors don’t. Is this simply a matter of choice? Or is the VM technology VMware has so much better that it allows them to support the broader number of guest operating systems with little/no effort on their part? Or both ? I mean Hyper-V not supporting Windows NT ? How hard can it be to support that old thing? Nobody other than VMware supporting Solaris ?

I’ve talked off and on about KVM, as I watch and wait for it to mature more. I haven’t used KVM yet myself. I will target RHEV 3, when it is released, to try and see where it stands.

I’m kind of excited. Kind of because breaking up with VMware after 12 years is not going to be easy for me 🙂

Powered by WordPress